Vassilis Prevelakis

A policy-based communications architecture for vehicles

Despite the fact that numerous studies have indicated that vehicular networks are vulnerable to external and internal attacks, very little effort has been expended in safeguarding communications both between elements within the vehicle and between the vehicle and the outside world. In this paper we present a mechanism that allows communications policy (essentially who can talk with whom and the security parameters of the channel) to be defined during the design of the software component and then adapted as the component undergoes integration first within subsystems and so on all the way to the final integration in the operational vehicle. We provide a mechanism that can maintain the integrity of the policy throughout the development effort and, finally, enforce the policy during the operation of the component in the production vehicle.

Implementation and performance evaluation of embedded IPsec in microkernel OS

The rapid development of the embedded systems and the wide use of them in many sensitive fields require safeguarding their communications. Internet Protocol Security (IPsec) is widely used to solve network security problems by providing confidentiality and integrity for the communications in the network, but it introduces communication overhead. This overhead becomes a critical factor with embedded systems because of their low computing power and limited resources. In this research, we studied the overhead of using embedded IPsec in constrained resource systems, which run microkernel operating system (OS), in terms of the network latency and throughput. To conduct our experiment first, we ran the test with an unmodified network stack, and then we ran the same test with the modified network stack which contains the IPsec implementation. Later, we compared the results obtained from these two sets of experiments to examine the overhead. Our research demonstrated that the overhead imposed by IPsec protocols is small and well within the capabilities of even low cost microcontrollers such as the one used in the Raspberry Pi computer.

On the Development of Automated Forensic Analysis Methods for Mobile Devices

We live in a connected world where mobile devices are used by humans as valuable tools. The use of mobile devices leaves traces that can be treasured assets for a forensic analyst. Our aim is to investigate methods and exercise techniques that will merge all these valuable information in a way that will be efficient for a forensic analyst, producing graphical representations of the underlying data structures. We are using a framework able to collect and merge data from various sources and employ algorithms from a wide range of interdisciplinary areas to automate post-incident forensic analysis on mobile devices.

Prediction of abnormal temporal behavior in real-time systems

Ensuring security in real-time and safety-critical systems is becoming extremely challenging, in particular due to the increasingly connectivity of these systems, such as in emerging autonomous vehicles that are subject to new and higher number of security attacks. The main characteristics of real-time systems is that they have strict timing constraints. These constraints must be met in order to ensure the correctness of the system. In this paper, we use the temporal properties derived from the timing analysis of the system required for safety, in order to detect the misbehavior of the system and improve its corresponding security features. For this, we define temporal boundaries which are used to detect the temporal off-nominal behavior of running applications. Moreover, we present a prediction scheme which uses the designated configuration in real-time systems.

Secure APIs for Applications in Microkernel-based Systems.

The Internet evolved from a collection of computers to today’s agglomeration of all sort of devices (e.g. printers, phones, coffee makers, cameras and so on) a large part of which contain security vulnerabilities. The current wide scale attacks are, in most cases, simple replays of the original Morris Worm of the mid-80s. The effects of these attacks are equally devastating because they affect huge numbers of connected devices. The reason for this lack of progress is that software developers will keep writing vulnerable software due to problems associated with the way software is designed and implemented and market realities. So in order to contain the problem we need effective control of network communications and more specifically, we need to vet all network connections made by an application on the premise that if we can prevent an attacker from reaching his victim, the attack cannot take place. This paper presents a comprehensive network security framework, including a well-defined applications programming interface (API) that allows fine-grained and flexible control of network connections. In this way, we can finally instantiate the principles of dynamic network control and protect vulnerable applications from network attacks.

LS-ARP: A lightweight and secure ARP

The Address Resolution Protocol (ARP) provides the link between layer 3 IPv4 addresses and layer 2 (MAC) addresses. ARP has no facilities for authenticating the communicating parties and is therefore vulnerable to spoofing attacks. Observing that in modern networks the use of the DHCP server to allocate both static and dynamic addresses is more or less taken for granted, we propose to use the DHCP server to vouch for the mapping between IP and MAC addresses. Using our proposed enhancement to ARP (a) does not affect the reliability of the network (i.e. use of this enhancement will not cause the network to become less reliable), (b) the computational overhead is less than 1% of the existing protocol overhead, and (c) dynamic addresses are fully taken into account, with the validity of the mapping expiring at the same time as the DHCP lease.

Chaining trusted links by deploying secured physical identities

Efficient trust management between nodes in a huge network is an essential requirement in modern networks. This work shows few generic primitive protocols for creating a trusted link between nodes by deploying unclonable physical tokens as Secret Unknown Ciphers. The proposed algorithms are making use of the clone-resistant physical identity of each participating node. Several generic node authentication protocols are presented. An intermediate node is shown to be usable as a mediator to build trust without having influence on the resulting security chain. The physical clone-resistant identities are using our early concept of Secret Unknown Cipher (SUC) technique. The main target of this work is to show the particular and efficient trust-chaining in large networks when SUC techniques are involved.

Using Ciphers for Failure-Recovery in ITS Systems

Combining Error-Correction Coding ECC and cryptography was proposed in the recent decade making use of bit-quality parameters to improve the error correction capability. Most of such techniques combine authentication crypto-functions jointly with ECC codes to improve system reliability, while fewer proposals involve ciphering functions with ECC to improve reliability. In this work, we propose practical and pragmatic low-cost approaches for making use of existing ciphering functions for reliability improvement. The presented techniques show that ciphering functions (as deterministic, non-linear bijective functions) can serve to achieve error correction enhancement and hence allow error recovery and scalable security trade-offs with or without additional ECC components. We demonstrate two best-effort error-correcting strategies. It is further shown, that the targeted reliability improvement is scalable to attain practical usability. The first proposed technique is pure-cipher-based error correction procedure deploying hard decision, best-effort operations to improve the system-survivability without changing system configuration. The second strategy is making use of ECC in combination with the ciphering function to enhance system-survivability. The correction procedures are based on simple experimental search-and-modify the corrupted ciphertext until predefined criteria become valid. This procedure may, however, turn out to become equivalent to a successful integrity/authenticity attack that may reduce the system security level, however in a scalable and predictable non-significant fashion.

Increasing the Trustworthiness of Embedded Applications

Embedded systems, by their nature, often run unattended with opportunistic rather then scheduled software upgrades and, perhaps most significantly, have long operational lifetimes, and, hence, provide excellent targets for massive and remote exploitation. Thus, such systems mandate higher assurances of trust and cyber-security compared to those presently available in State-of-the-Art ICT systems. In this poster we present some techniques we utilize in the SHARCS project to ensure a higher level of security for embedded systems.In recent years, low-end embedded devices have been used increasingly in various scenarios, ranging from consumer electronics to industrial equipment. However, this evolution made embedded devices profitable targets for software piracy and software manipulation. Aggravating this situation, low-end embedded devices typically lack secure hardware to effectively protect against such attacks. In this work, we present a novel software protection scheme, which is particularly suited for already deployed low-end embedded devices without secure hardware. Our approach combines techniques based on self-checksumming code with Physically Unclonable Functions (PUFs) to establish a hardwareassisted software protection. In this way, we can tie the execution of a software instance to a specific device and protect its program code against manipulations. We show that our software protection scheme offers a high level of security against static adversaries and demonstrate that dynamic adversaries require considerable resources to perform a successful attack. To explore the feasibility of our solution, we implemented the protection scheme on an ARM-based low-end commodity microcontroller. A further performance evaluation shows that the implemented solution exhibits a fair overhead of ten percent.

Secure hardware-software architectures for robust computing systems

The Horizon 2020 SHARCS project is a framework for designing, building and demonstrating secure-by-design applications and services, that achieve end-to-end security for their users. In this paper we present the basic elements of SHARCS that will provide a powerful foundation for designing and developing trustworthy, secure-by-design applications and services for the Future Internet.