Seppo Virtanen

End-to-end security scheme for mobility enabled healthcare Internet of Things

We propose an end-to-end security scheme for mobility enabled healthcare Internet of Things (IoT). The proposed scheme consists of (i) a secure and efficient end-user authentication and authorization architecture based on the certificate based DTLS handshake, (ii) secure end-to-end communication based on session resumption, and (iii) robust mobility based on interconnected smart gateways. The smart gateways act as an intermediate processing layer (called fog layer) between IoT devices and sensors (device layer) and cloud services (cloud layer). In our scheme, the fog layer facilitates ubiquitous mobility without requiring any reconfiguration at the device layer. The scheme is demonstrated by simulation and a full hardware/software prototype. Based on our analysis, our scheme has the most extensive set of security features in comparison to related approaches found in literature. Energy-performance evaluation results show that compared to existing approaches, our scheme reduces the communication overhead by 26% and the communication latency between smart gateways and end users by 16%. In addition, our scheme is approximately 97% faster than certificate based and 10% faster than symmetric key based DTLS. Compared to our scheme, certificate based DTLS consumes about 2.2 times more RAM and 2.9 times more ROM resources. On the other hand, the RAM and ROM requirements of our scheme are almost as low as in symmetric key-based DTLS. Analysis of our implementation revealed that the handover latency caused by mobility is low and the handover process does not incur any processing or communication overhead on the sensors.

SEA: A Secure and Efficient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways☆

In this paper, a secure and efficient authentication and authorization architecture for IoT-based healthcare is developed. Security and privacy of patients’ medical data are crucial for the accepta ...

An Elliptic Curve-based Mutual Authentication Scheme for RFID Implant Systems☆

Abstract In this paper, a secure mutual authentication scheme for an RFID implant system is developed. An insecure communication channel between a tag and a reader makes the RFID implant system vulnerable to attacks and endangers the users safety and privacy. The proposed scheme relies on elliptic curve cryptography and the D-Quark lightweight hash design. Compared to the available public-key cryptosystems, elliptic curve-based cryptosystems are the best choice due to their small key sizes as well as their efficiency in computations. The D-Quark lightweight hash design is tailored for resource constrained pervasive devices, cost, and performance. The security analysis of the proposed authentication scheme revealed that it is secure against the relevant threat models and provides a higher security level than related work found in the literature. The computational performance comparison shows that our work has 48% less communication overhead compared to existing similar schemes. It also requires 24% less total memory than the other approaches. The required computational time of our scheme is generally similar to other existing schemes. Hence, the presented scheme is a well-suited choice for providing security for the resource-constrained RFID implant systems.

A software defined approach for common baseband processing

We present a novel software defined approach for designing and implementing common baseband processing tasks. Our focus is on exploring the algorithmic and architectural design spaces of 3G and 4G systems to identify the computational and geometric structures shared by diverse coding schemes, services and hardware platforms, and the efficient and flexible integration of these structures on innovative extensible hardware. With an existing protocol processor design framework as our starting point, we add flexibility to the physical layer of the radio application domain by defining a methodology and a hardware platform for designing programmable open wireless architecture-enabled device instances. The proposed methodology executes in two phases: (a) initial design, which is done to a single standard using our design principles and methods, and (b) extension phase where the system upgrade is done component by component. The approach standardizes control structures, component abstractions, implementation of the architecture itself as well as methods for interactive optimization. Thus, in both design phases there is only a need to consider changes in component functionality and connectivity. We demonstrate the approach by initially targeting digital television, and then extending the system with minimal effort to support GSM. The costs of the GSM extension in the system were an area increase of 2.4%, a power increase of 2.7% and four days in hardware design and verification.

The TACO protocol processor simulation environment

Network hardware design is becoming increasingly challenging because more and more demands are put on network bandwidth and throughput requirements, and on the speed with which new devices can be put on the market. Using current standard techniques (general purpose microprocessors, ASICs) these goals are difficult to reach simultaneously. One solution to this problem that has recently attracted interest is the design of programmable processors with network-optimized hardware, that is, network or protocol processors. In this paper a simulation framework for a family of TTA protocol processor architectures is proposed. The protocol processors consist of a number of buses with functional units that encapsulate protocol specific operations. The TACO protocol processor simulator is a C++ framework based on SystemC. Functional units are created as C++ classes, which makes it easy to experiment with different configurations of the processor to see its performance.

Session Resumption-Based End-to-End Security for Healthcare Internet-of-Things

In this paper, a session resumption-based end-to-end security scheme for healthcare Internet of things (IoT) is pro-posed. The proposed scheme is realized by employing certificate-based DTLS handshake between end-users and smart gateways as well as utilizing DTLS session resumption technique. Smart gateways enable the sensors to no longer need to authenticate and authorize remote end-users by handing over the necessary security context. Session resumption technique enables end-users and medical sensors to directly communicate without the need for establishing the communication from the initial handshake. Session resumption technique has an abbreviated form of DTLS handshake and neither requires certificate-related nor public-key funtionalities. This alleviates some burden of medical sensors tono longer need to perform expensive operations. The energy-performance evaluations of the proposed scheme are evaluated by developing a remote patient monitoring prototype based on healthcare IoT. The energy-performance evaluation results show that our scheme is about 97% and 10% faster than certificate-based and symmetric key-based DTLS, respectively. Also, the certificate-based DTLS consumes about 2.2X more RAM and 2.9X more ROM resources required by our scheme. While, our scheme and symmetric key-based DTLS have almost similar RAM and ROM requirements. The security analysis reveals that the proposed scheme fulfills the requirements of end-to-end security and provides higher security level than related approaches found in the literature. Thus, the presented scheme is a well-suited solution to provide end-to-end security for healthcare IoT.

Current Challenges in Embedded Communication Systems

This article defines and analyses key challenges met in future embedded systems in networked multimedia and communication applications. Self-awareness, interoperability and embedded security are used to characterize different aspects of designing and implementing next generation embedded systems. The dynamic nature of applications and implementations as well as possible technological faults and variations need to be considered in system verification and modeling. A new design layer needs to be added to current NoC platforms in order to build procedures that take into account dynamic system reconfigurations, fault-tolerance aspects and flexible portability. Increased modularity and networked implementations create a need for trust management mechanisms between system components and technology for analyzing validity and correctness of received application and system configuration information.

Increasing the self-study effort of higher education engineering students with an online learning platform

This article presents a study on motivating engineering students towards more active independent work and higher course effort using an online learning platform, weekly groupwork and weekly progress reporting. In the past five years, the average final grades of the students in a traditionally implemented computer networks and information security lecture course have been decreasing. An experiment on increasing student effort was made in a new information security course, relying on reducing the amount of lectures and moving a corresponding amount of course work into a computer-based learning environment to be performed independently and in a group. The results of the experiment were extremely promising, showing higher student effort and better grades. The experiment was repeated in another new course and the preliminary results also indicate a similar increase in student effort. The conclusion is that similar strategies should also be employed in existing courses and future new courses.

A system-level framework for designing and evaluating protocol processor architectures

To meet the tightening requirements on network hardware, the design of programmable processors with network-optimised hardware, that is, network or protocol processors, has attracted interest. In this paper, we address evaluation of different architectural configurations for such processors, and reuse of previously designed components in later design projects. The proposed system-level framework enables easy and fast experimentation with different protocol processor hardware architecture configurations to estimate their performance characteristics at early stages in the design process. We conclude the paper with examples of designing processors using the framework.

Convergence of Hardware and Software in Platforms for Radio Technologies

Technologies used in wireless broadband systems are typically data-driven and require a very high processing speed. In this article we discuss technological issues that could be utilized in designing converged hardware/software platforms for future radio technologies in both civilian and military communications. We focus on current and future radio applications as well as hardware and software technologies, and discuss issues in integrating these technologies into converged single-processor radio platforms that can switch dynamically from one radio standard to another with intelligent application software, and that can also be taken advantage of as parts of complex systems and networks-on-chips