Analytical Review of Cybersecurity for Embedded Systems

To identify the key factors and create the landscape of cybersecurity for embedded systems (CSES), an analytical review of the existing research on CSES has been conducted. The common properties of embedded systems, such as mobility, small size, low cost, independence, and limited power consumption when compared to traditional computer systems, have caused many challenges in CSES. The conflict between cybersecurity requirements and the computing capabilities of embedded systems makes it critical to implement sophisticated security countermeasures against cyber-attacks in an embedded system with limited resources, without draining those resources. In this study, twelve factors influencing CSES have been identified: (1) the components; (2) the characteristics; (3) the implementation; (4) the technical domain; (5) the security requirements; (6) the security problems; (7) the connectivity protocols; (8) the attack surfaces; (9) the impact of the cyber-attacks; (10) the security challenges of the ESs; (11) the security solutions; and (12) the players (manufacturers, legislators, operators, and users). A Multiple Layers Feedback Framework of Embedded System Cybersecurity (MuLFESC) with nine layers of protection is proposed, with new metrics of risk assessment. This will enable cybersecurity practitioners to conduct an assessment of their systems with regard to twelve identified cybersecurity aspects. In MuLFESC, the feedback from the system-components layer to the system-operations layer could help implement “Security by Design” in the design stage at the bottom layer. The study provides a clear landscape of CSES and, therefore, could help to find better comprehensive solutions for CSES.

[1]  Wolfgang Rosenstiel,et al.  Attack Surface Modeling and Assessment for Penetration Testing of IoT System Designs , 2018, 2018 21st Euromicro Conference on Digital System Design (DSD).

[2]  Yuan Xue,et al.  Taxonomy for description of cross-domain attacks on CPS , 2013, HiCoNS '13.

[3]  Elias Levy Crossover: Online Pests Plaguing the Offline World , 2003, IEEE Secur. Priv..

[4]  Kamal Dahbur,et al.  A survey of risks, threats and vulnerabilities in cloud computing , 2011, ISWSA '11.

[5]  Gheorghe Sebestyen,et al.  Hardware virtualization based security solution for embedded systems , 2014, 2014 IEEE International Conference on Automation, Quality and Testing, Robotics.

[6]  Wilhelm Hasselbring,et al.  Toward trustworthy software systems , 2006, Computer.

[7]  Egidijus Kazanavičius,et al.  An Energy Efficient Protocol For The Internet Of Things , 2015 .

[8]  Sufian Hameed,et al.  Understanding Security Requirements and Challenges in Internet of Things (IoT): A Review , 2019, J. Comput. Networks Commun..

[9]  Sri Parameswaran,et al.  Side channel attacks in embedded systems: A tale of hostilities and deterrence , 2015, Sixteenth International Symposium on Quality Electronic Design.

[10]  Yves Le Traon,et al.  Automatically securing permission-based software by reducing the attack surface: an application to Android , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[11]  M. Pirani,et al.  A systems and control perspective of CPS security , 2019, Annu. Rev. Control..

[12]  Jaydip Sen,et al.  Embedded security for Internet of Things , 2011, 2011 2nd National Conference on Emerging Trends and Applications in Computer Science.

[13]  Shahriar B. Shokouhi,et al.  Secure hardware key based on Physically Unclonable Functions and artificial Neural Network , 2016, 2016 8th International Symposium on Telecommunications (IST).

[14]  Sebastian Fischmeister,et al.  Non-intrusive runtime monitoring through power consumption to enforce safety and security properties in embedded systems , 2018, Formal Methods Syst. Des..

[15]  Rasim M. Alguliyev,et al.  Cyber-physical systems and their security issues , 2018, Comput. Ind..

[16]  Eric Thayer Adversarial Testing to Increase the Overall Security of Embedded Systems: A Review of the Process , 2017, IEEE Control Systems.

[17]  Zhihua Xia,et al.  Enhancing Security of FPGA-Based Embedded Systems with Combinational Logic Binding , 2017, Journal of Computer Science and Technology.

[18]  Peter Marwedel Embedded System Hardware , 2011 .

[19]  Haytham Elmiligi,et al.  Multi-dimensional analysis of embedded systems security , 2016, Microprocess. Microsystems.

[20]  C. Manifavas,et al.  Software Security, Privacy, and Dependability: Metrics and Measurement , 2016, IEEE Software.

[21]  Kibet Langat,et al.  Cyber security challenges for IoT-based smart grid networks , 2019, Int. J. Crit. Infrastructure Prot..

[22]  Xinming Huang,et al.  Security of Autonomous Systems Employing Embedded Computing and Sensors , 2013, IEEE Micro.

[23]  Yu Peng,et al.  Review on cyber-physical systems , 2017, IEEE/CAA Journal of Automatica Sinica.

[24]  Levente Buttyán,et al.  Embedded systems security: Threats, vulnerabilities, and attack taxonomy , 2015, 2015 13th Annual Conference on Privacy, Security and Trust (PST).

[25]  Tom M. van Engers,et al.  Facilitating the Legislation Process Using a Shared Conceptual Model , 2001, IEEE Intell. Syst..

[26]  Yacine Challal,et al.  On security issues in embedded systems: challenges and solutions , 2008, Int. J. Inf. Comput. Secur..

[27]  Patrick Schaumont,et al.  Securing embedded systems , 2006, IEEE Security & Privacy.

[28]  Ashish B. Sasankar,et al.  Security in Embedded Systems : Vulnerabilities , Pigeonholing of Attacks and Countermeasures , 2016 .

[29]  Scott A. DeLoach,et al.  Metrics of Security , 2014, Cyber Defense and Situational Awareness.

[30]  Tilman Wolf,et al.  Embedded systems security—an overview , 2008, Des. Autom. Embed. Syst..

[31]  Apostolos P. Fournaris,et al.  Secure embedded system hardware design - A flexible security and trust enhanced approach , 2014, Comput. Electr. Eng..

[32]  Qijun Gu,et al.  Iso/iec 27001 , 2011, Encyclopedia of Cryptography and Security.

[33]  Ioannis Papaefstathiou,et al.  Embedded Systems Security: A Survey of EU Research Efforts , 2015, Secur. Commun. Networks.

[34]  Linda Wilbanks Whats Your IT Risk Approach? , 2018, IT Professional.

[35]  Himanshu Neema,et al.  Evaluating the effects of cyber-attacks on cyber physical systems using a hardware-in-the-loop simulation testbed , 2017, 2017 Resilience Week (RWS).

[36]  Henk Corporaal,et al.  Embedded System Design , 2006 .

[37]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[38]  Joe Cunningham,et al.  The industrial internet of things (IIoT): An analysis framework , 2018, Comput. Ind..

[39]  Gaurav Bansod,et al.  Implementation of a New Lightweight Encryption Design for Embedded Security , 2015, IEEE Transactions on Information Forensics and Security.

[40]  Anthony Lai,et al.  Evidence of Advanced Persistent Threat: A case study of malware for political espionage , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[41]  Elisa Bertino,et al.  Web Services Threats, Vulnerabilities, and Countermeasures , 2009 .

[42]  Liu Shian Design and Development of a Security Kernel in an Embedded System , 2014 .

[43]  Ahmet Ali Süzen,et al.  Benchmark Analysis of Jetson TX2, Jetson Nano and Raspberry PI using Deep-CNN , 2020, 2020 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA).

[44]  Xenofon D. Koutsoukos,et al.  Energy-based attack detection in networked control systems , 2014, HiCoNS.

[45]  Yacine Challal,et al.  A roadmap for security challenges in the Internet of Things , 2017, Digit. Commun. Networks.

[46]  Haifeng Dong,et al.  Hardware-Enhanced Protection for the Runtime Data Security in Embedded Systems , 2019, Electronics.

[47]  Rajdeep Chakraborty,et al.  Design of Cryptographic model for End-to-End Encryption in FPGA based systems , 2019, 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC).

[48]  Helge Janicke,et al.  SCADA security in the light of Cyber-Warfare , 2012, Comput. Secur..

[49]  Saraju P. Mohanty,et al.  TSV: A novel energy efficient Memory Integrity Verification scheme for embedded systems , 2013, J. Syst. Archit..

[50]  Elisa Bertino,et al.  Kinesis: a security incident response and prevention system for wireless sensor networks , 2014, SenSys.

[51]  Geir M. Køien,et al.  Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks , 2015, J. Cyber Secur. Mobil..

[52]  Christopher C. White,et al.  Focus on Durability, PATH Research at the National Institute of Standards and Technology | NIST , 2001 .

[53]  Qassim Nasir,et al.  Physically Unclonable Functions (PUFs): A Systematic Literature Review , 2019, 2019 Advances in Science and Engineering Technology International Conferences (ASET).

[54]  H. S. Chandrashekar,et al.  Packet sniffing: a brief introduction , 2003 .

[55]  Srivaths Ravi,et al.  Tamper resistance mechanisms for secure embedded systems , 2004, 17th International Conference on VLSI Design. Proceedings..

[56]  Claude Baron,et al.  About adopting a systemic approach to design connected embedded systems: A MOOC promoting systems thinking and systems engineering , 2020, Syst. Eng..

[57]  Gaurav Verma,et al.  Network Security in Embedded System Using TLS , 2016 .

[58]  Edward A. Lee Cyber Physical Systems: Design Challenges , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[59]  E. Praveen Kumar,et al.  Border Security and Multi Access Robot using Embedded System , 2016 .

[60]  Constantin Scheuermann,et al.  A Metamodel for Cyber-Physical Systems , 2017 .

[61]  Charlie McCarthy,et al.  National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework Applied to Modern Vehicles , 2014 .

[62]  Kevin M. Stine,et al.  Performance Measurement Guide for Information Security , 2008 .

[63]  Nguyen Ngoc Binh,et al.  Embedded System Architecture Design and Optimization at the Model Level , 2012 .

[64]  Panagiotis G. Sarigiannidis,et al.  Securing the Internet of Things: Challenges, threats and solutions , 2019, Internet Things.

[65]  Ashutosh Tiwari,et al.  The security challenges in the IoT enabled cyber-physical systems and opportunities for evolutionary computing & other computational intelligence , 2016, 2016 IEEE Congress on Evolutionary Computation (CEC).

[66]  Stavros Ntalampiras,et al.  Automatic identification of integrity attacks in cyber-physical systems , 2016, Expert Syst. Appl..

[67]  M.B. Potdar,et al.  A network-based intrusion detection and prevention system with multi-mode counteractions , 2017, 2017 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS).

[68]  C. Wilson Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress , 2008 .

[69]  Josef Noll,et al.  Multi-Metrics Approach for Security, Privacy and Dependability in Embedded Systems , 2015, Wirel. Pers. Commun..

[70]  W. Arbaugh,et al.  Embedded security: challenges and concerns , 2001, Computer.

[71]  Hans Günter Brauch,et al.  Concepts of Security Threats, Challenges, Vulnerabilities and Risks , 2010, Coping with Global Environmental Change, Disasters and Security.

[72]  Srivaths Ravi,et al.  Efficient fingerprint-based user authentication for embedded systems , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[73]  Vladimír Oplustil,et al.  Experience with integration and certification of COTS based embedded system into advanced avionics system , 2007, 2007 International Symposium on Industrial Embedded Systems.

[74]  Zhizhang Chen,et al.  ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research , 2014, COSADE.

[75]  Kerstin Eder,et al.  The IoT Energy Challenge: A Software Perspective , 2018, IEEE Embedded Systems Letters.

[76]  Saqib Ali,et al.  ICS/SCADA System Security for CPS , 2018 .

[77]  Michael G Williams,et al.  A Risk Assessment on Raspberry PI using NIST Standards , 2018 .

[78]  Philip Koopman Embedded System Security , 2004, Computer.

[79]  Burak Kantarci,et al.  A survey on cybersecurity, data privacy, and policy issues in cyber-physical system deployments in smart cities , 2019, Sustainable Cities and Society.

[80]  Wolter Pieters,et al.  Defining "The Weakest Link" Comparative Security in Complex Systems of Systems , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[81]  Sotirios G. Ziavras COMPUTER SYSTEMS , 2003 .

[82]  Artemios G. Voyiatzis,et al.  Security challenges in embedded systems , 2013, ACM Trans. Embed. Comput. Syst..

[83]  Qusay H. Mahmoud,et al.  Cyber physical systems security: Analysis, challenges and solutions , 2017, Comput. Secur..

[84]  Simin Nadjm-Tehrani,et al.  Integrating security mechanisms into embedded systems by domain-specific modelling , 2014, Secur. Commun. Networks.

[85]  Stefano Chessa,et al.  Measuring security in IoT communications , 2019, Theor. Comput. Sci..

[86]  Michael Waidner,et al.  Security in industrie 4.0 - challenges and solutions for the fourth industrial revolution , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[87]  George Loukas,et al.  A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles , 2019, Ad Hoc Networks.

[88]  Sibylle B. Fröschle,et al.  Analyzing the impact of injected sensor data on an Advanced Driver Assistance System using the OP2TIMUS prototyping platform , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[89]  Fengjun Li,et al.  Cyber-Physical Systems Security—A Survey , 2017, IEEE Internet of Things Journal.

[90]  Jan-Harm Pretorius,et al.  Industry 4.0 competencies for a control systems engineer , 2019, 2019 IEEE Technology & Engineering Management Conference (TEMSCON).

[91]  Frank Vahid,et al.  Embedded system design - a unified hardware / software introduction , 2001 .

[92]  Wei Hu,et al.  A bottom-up approach to verifiable embedded system information flow security , 2014, IET Inf. Secur..

[93]  Zonghua Gu,et al.  Security-Aware Mapping and Scheduling with Hardware Co-Processors for FlexRay-Based Distributed Embedded Systems , 2016, IEEE Transactions on Parallel and Distributed Systems.

[94]  M. Harrison A Global Perspective , 2015, Bulletin of the history of medicine.

[95]  Giles Hogben,et al.  Privacy Features: Privacy features of European eID card specifications , 2008 .

[96]  Joseph Migga Kizza Understanding Computer Network Security , 2013 .

[97]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[98]  Jin Sun,et al.  A Short Review of Security-Aware Techniques in Real-Time Embedded Systems , 2018, J. Circuits Syst. Comput..

[99]  Wade Trappe,et al.  A Security Framework for the Internet of Things in the Future Internet Architecture , 2017, Future Internet.

[100]  Aditya Ashok,et al.  Cyber-Physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid , 2013, IEEE Transactions on Smart Grid.

[101]  Janusz Zalewski,et al.  Design of Reactive Security Mechanisms in Time-Triggered Embedded Systems , 2014 .

[102]  Bimlendu Shahi,et al.  A proposed methodology for end to end encryption for communicating embedded systems , 2017, 2017 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS).

[103]  George M. Mohay,et al.  Technical challenges and directions for digital forensics , 2005, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05).

[104]  Konstantinos Xynos,et al.  Locking Out the Investigator: The Need to Circumvent Security in Embedded Systems , 2015, Inf. Secur. J. A Glob. Perspect..

[105]  Jennifer Hasler,et al.  Security Implications for Ultra-Low Power Configurable SoC FPAA Embedded Systems , 2018, Journal of Low Power Electronics and Applications.

[106]  Marco de Vivo,et al.  A review of port scanning techniques , 1999, CCRV.

[107]  Wenwen Liu,et al.  Stealthy Attack Against Redundant Controller Architecture of Industrial Cyber-Physical System , 2019, IEEE Internet of Things Journal.

[108]  M. Hsieh,et al.  7nm Chip-Package Interaction Study on a Fine Pitch Flip Chip Package with Laser Assisted Bonding and Mass Reflow Technology , 2019, 2019 IEEE 69th Electronic Components and Technology Conference (ECTC).