Establishing Cyber Resilience in Embedded Systems for Securing Next-Generation Critical Infrastructure

The mass integration and deployment of intelligent technologies within critical commercial, industrial and public environments have a significant impact on business operations and society as a whole. Though integration of these critical intelligent technologies pose serious embedded security challenges for technology manufacturers which are required to be systematically approached, in-line with international security regulations.This paper establish security foundation for such intelligent technologies by deriving embedded security requirements to realise the core security functions laid out by international security authorities, and proposing microarchitectural characteristics to establish cyber resilience in embedded systems. To bridge the research gap between embedded and operational security domains, a detailed review of existing embedded security methods, microarchitectures and design practises is presented. The existing embedded security methods have been found ad-hoc, passive and strongly rely on building and maintaining trust. To the best of our knowledge to date, no existing embedded security microarchitecture or defence mechanism provides continuity of data stream or security once trust has broken. This functionality is critical for embedded technologies deployed in critical infrastructure to enhance and maintain security, and to gain evidence of the security breach to effectively evaluate, improve and deploy active response and mitigation strategies. To this end, the paper proposes three microarchitectural characteristics that shall be designed and integrated into embedded architectures to establish, maintain and improve cyber resilience in embedded systems for next-generation critical infrastructure.

[1]  Yulong Zhang,et al.  Downgrade Attack on TrustZone , 2017, ArXiv.

[2]  Jiafu Wan,et al.  M2M Communications for Smart City: An Event-Based Architecture , 2012, 2012 IEEE 12th International Conference on Computer and Information Technology.

[3]  Guy Gogniat,et al.  ARMHEx: A hardware extension for DIFT on ARM-based SoCs , 2017, 2017 27th International Conference on Field Programmable Logic and Applications (FPL).

[4]  Matthew Norman,et al.  Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain , 2018, ArXiv.

[5]  Carl A. Waldspurger,et al.  Speculative Buffer Overflows: Attacks and Defenses , 2018, ArXiv.

[6]  Artemios G. Voyiatzis,et al.  Security challenges in embedded systems , 2013, ACM Trans. Embed. Comput. Syst..

[7]  Sakir Sezer,et al.  STRIDE-based threat modeling for cyber-physical systems , 2017, 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe).

[8]  Lilian Bossuet,et al.  The Security of ARM TrustZone in a FPGA-Based SoC , 2019, IEEE Transactions on Computers.

[9]  Sakir Sezer,et al.  Pro-Active Policing and Policy Enforcement Architecture for Securing MPSoCs , 2018, 2018 31st IEEE International System-on-Chip Conference (SOCC).

[10]  Abdelmadjid Bouabdallah,et al.  Trusted Execution Environment: What It is, and What It is Not , 2015, TrustCom 2015.

[11]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[12]  Michael Hamburg,et al.  Meltdown , 2018, meltdownattack.com.

[13]  Roberto Maria Avanzi,et al.  The QARMA Block Cipher Family. Almost MDS Matrices Over Rings With Zero Divisors, Nearly Symmetric Even-Mansour Constructions With Non-Involutory Central Rounds, and Search Heuristics for Low-Latency S-Boxes , 2017, IACR Trans. Symmetric Cryptol..

[14]  Sakir Sezer,et al.  Enforcing Policy-Based Security Models for Embedded SoCs within the Internet of Things , 2018, 2018 IEEE Conference on Dependable and Secure Computing (DSC).

[15]  Sakir Sezer,et al.  Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures , 2018, 2018 31st IEEE International System-on-Chip Conference (SOCC).

[16]  Srivaths Ravi,et al.  SECA: security-enhanced communication architecture , 2005, CASES '05.

[17]  Nick Feamster,et al.  Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic , 2017, ArXiv.

[18]  Dan Meng,et al.  Security-first architecture: deploying physically isolated active security processors for safeguarding the future of computing , 2018, Cybersecurity.

[19]  Sakir Sezer,et al.  Embedded Policing and Policy Enforcement Approach for Future Secure IoT Technologies , 2018, IoT 2018.

[20]  Ingrid Verbauwhede,et al.  Atlas: Application Confidentiality in Compromised Embedded Systems , 2019, IEEE Transactions on Dependable and Secure Computing.

[21]  Jaydip Sen,et al.  Embedded security for Internet of Things , 2011, 2011 2nd National Conference on Emerging Trends and Applications in Computer Science.

[22]  Eric Peeters,et al.  System-on-Chip Platform Security Assurance: Architecture and Validation , 2018, Proceedings of the IEEE.

[23]  Levente Buttyán,et al.  Embedded systems security: Threats, vulnerabilities, and attack taxonomy , 2015, 2015 13th Annual Conference on Privacy, Security and Trust (PST).

[24]  Karl Andersson,et al.  Security, Privacy and Trust for Smart Mobile- Internet of Things (M-IoT): A Survey , 2019, IEEE Access.