Marcel Eckert

Wireless sensor/actuator device configuration by NFC

In the area of building automation, many sensor or actuator devices are tiny embedded systems which are installed throughout the building. The sensors gather information about the current environment (e.g., the temperature, number of people in a room, etc.) and the actuators interact with the environment (e.g., controlling lights, heating, or door access). A central unit controls these devices (wirelessly or by wire), therefore all devices need at least a unique id throughout the system, and in many cases some more configuration or authentication data. New or replaced devices have to be registered with the central unit in order to enable correct control. Thus, the person installing a new device has to prepare it in terms of at least setting an id before it can be connected to the network. This can be tedious work, especially for untrained workers. This paper proposes adding an NFC module as an enhancement for standard devices. The devices can then be configured on site using a standard smart phone running an appropriate application. This eliminates the need to pre-configure devices using a programmer tool. The presented application enables (first-time or re-) configuration of wireless embedded devices. The prototype features an ATmega 328P micro-controller from Atmel and a M24SR02-Y NFC chip from STMicroelectronics.

A threat-model for building and home automation

Security and privacy are very important assets within building and home automation because the System Control Unit (SCU) stores and processes a huge amount of data about the inhabitants or employees of the building. This data is necessary for managing the building and increasing the convenience of persons within. But this data can also be used to create a movement profile, monitor working times, and draw conclusions about peoples health situation. Modern smart home implementations also control many actuators within the building including doors, windows, locks, and fire extinguisher. These increase security and safety, but unauthorized control can reduce the security and can even be harmful to persons. Therefore, identifying the different security and privacy threats is very important and helps system engineers and system managers to develop and deploy secure systems. This work presents an abstract model of a building automation system and some attack trees which simplify threat identification. Attack trees are common in secure software development and secure system deployment. An example smart home deployment is evaluated using the proposed model and attack trees to show the feasibility.

Hardware Based Security Enhanced Direct Memory Access

This paper presents an approach to prevent memory attacks enabled by DMA. DMA is a technique that is frequently used to release processors from simple memory transfers. DMA transfers are usually performed during idle times of the bus. A disadvantage of DMA transfers is that they are primarily unsupervised by anti malware agents. After the completion of a DMA activity the transfered data can be scanned for malicious codes. At this time the malicious structures are already in the memory and processor time is necessary to perform a malware scan. The approach presented in this paper enhances the DMA by a watchdog mechanisms that scans the data passing by and interrupts the processor after the detection of a malicious data or instruction sequence. Configurable hardware based on FPGAs is used to overcome the problem of frequently changing malware and malware signatures.

Operating System Concepts for Reconfigurable Computing

One of the key future challenges for reconfigurable computing is to enable higher design productivity and a more easy way to use reconfigurable computing systems for users that are unfamiliar with the underlying concepts. One way of doing this is to provide standardization and abstraction, usually supported and enforced by an operating system. This article gives historical review and a summary on ideas and key concepts to include reconfigurable computing aspects in operating systems. The article also presents an overview on published and available operating systems targeting the area of reconfigurable computing. The purpose of this article is to identify and summarize common patterns among those systems that can be seen as de facto standard. Furthermore, open problems, not covered by these already available systems, are identified.

Architectural requirements for constructing hardware supported sandboxes

Malicious stealth software can detect being executed in a virtual machine and thus behave differently. If the system virtualization however is moved to the hardware level, the malware is fooled and can be identified and monitored. This paper gives an overview of requirements for a hardware supported virtualization facility implemented on an FPGA. These requirements are examined along the lines of the basic parts of a typical computer architecture: the processor, memory, and devices. A proof-of-concept demonstrator was implemented on several Xilinx Evaluation boards.

Generic operating-system support for FPGAs

Field Programmable Gate Arrays (FPGAs) are by now common in industrial applications and research. The industry utilizes FPGAs for prototyping, small scale hardware productions, and telecommunication hardware. The deployment of FPGAs in research is often High Performance Computing (HPC) centric. But FPGAs are not used in General Purpose Computing (GPC) very often because of many factors, including missing Operating System (OS) support. This paper presents the idea of integrating FPGAs in OSs for standard personal computers, such as Linux, Mac OS X and Microsoft Windows. The goal of this integration is improving the acceptance of hardware acceleration for applications within software companies through separating hardware and software completely, and an easy hard- and software Application Programming Interface (API). Another goal is to improve the acceptance of FPGAs at the end-user by reducing the connection complexity of FPGAs and standard personal computers. The user should use them just by plug and play. To achieve these goals the paper introduces OS support for identifying and configuring FPGAs without vendor specific tools, and for bidirectional communication between the host computer and components configured inside the FPGA.

Low-Latency FIR Filter Structures Targeting FPGA Platforms

Finite Impulse Response (FIR) filters are one of the basic building blocks in Digital Signal Processing. The computational complexity of their filtering process is determined by the length of their impulse responses. In high-order systems, the effective group-delay and phase response of the implemented filter may restrictively deviate from the designed one, due to the processing latency that adds on top of the group delay. This deviation may break causality or phase margin constraints within the system, decreasing the performance or correct functioning of it. A good example of systems under such constraints are feedforward and feedback active noise control digital implementations [2, 5]. Varied approaches can be used to decrease the overall complexity, if coefficients are known and have certain patterns [3, 6], a digit-serial architecture is used [4], or if frequency-domain filtering is applied [2]. Nevertheless, reducing the computational complexity (and with it probably increasing the implementation effort) is not the only way towards reducing the processing latency. In the present work, a time-domain sample-by-sample convolution based on precalculations of the output is proposed, which reduces the processing latency to the time required to calculate one multiplication and one addition. This is achieved by changing the chronological order of the calculations, under the constraint that the time to calculate the precalculations also have to fit within a sampling period. The implementation of it can be done based on a one-step or on an iterative precalculation process. To achieve higher order filters with less amount of calculation resources, the multiplications and additions needed for the precalculations are grouped into parallel lanes (in some extent similar to [7]) that sequentially solve partial results using the same calculation units. Although performing the same task, the one-step and iterative precalculations have different memory and logic requirements. Thus, an evaluation and comparison of both are presented in this work. In the following section, the precalculation strategy is explained. In Section 3, the one-step and iterative precalculations are described together with the grouping and parallelization strategy for reducing the needed computational resources.

Wireless sensor/actuator device configuration by NFC with secure key exchange

Modern building automation systems are networks of sensors (heat, power, light, humidity, air presure, etc.), actuators (air conditioners, door openers, window openers, lamps, switches, alarms, etc.) and control units. The network technology is typically hybrid. Cables, communication via power lines and wireless technologies are used in one logical network. Large buildings (like office or public buildings) or even plants require the installation of a large amount of such devices. All devices need to be personalized after their installation, i.e., they need a unique ID in order to be locatable and logically addressable. In security critical environments they need to obtain initial secret keys to enable secure communication methods. The initialization is usally done after the installation of the device. This can be done with special wired initialization equipment or wirelessly by radio or, as it is assumend in this paper, by Near Field Communication (NFC). As NFC itself is a publically readable protocol, it needs a secure public key exchange method to provide devices with initial keys. This paper shows how to initialize new or replaced devices using an Android app with NFC and focusses on the public key exchange mechanism by Diffie-Hellman to prepare the device for encryption.

Comparison and evaluation of cache parameters for softcores on FPGAs

Using caches is a common technique to enhance the computational performance of a processor which would otherwise be limited by the timing of a systems main memory. Softcores instantiated inside an FPGA also require caches to achieve a suitable computational performance whenever they use large amounts of memory provided by FPGA external memory resources like DDR-memory. However, the internal structures of an FPGA limit the freedom in designing caches for theses softcores. Therefore, this paper examines the impact of several cache parameters like the total cache size and the degree of associativity on the resource usage, system clock frequency and resulting computational performance of a softcore base system inside an FPGA. As a result, design guidelines/rules for parameterizing softcore-caches within an FPGA are deduced.

CloudSynth — Outsourcing hardware synthesis into the cloud

Synthesizing hardware from a Hardware Description Language (HDL) for Field Programmable Gate Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs) is very important today because many companies produce ASICs or use FPGAs for prototyping or High Performance Computing (HPC). Although, the synthesis, mapping and routing processes are well understood and good covered by research, some challenges in the operation of these processes exist, such as easy design space exploration, commercial license management, and different software version support which are not focus of research yet. This paper addresses these challenges by proposing the outsourcing of the whole hardware synthesis process into the cloud. A complete cloud-based synthesis service is presented consisting out of a command line client to deploy a synthesis process into the cloud, a remote web-service to schedule synthesis jobs within a cluster of servers or virtual machines, and a control webservice on each of these machines to start and stop the synthesis process. This service is evaluated against the standard local synthesis flow.