Systematic Security and Timeliness Tradeoffs in Real-Time Embedded Systems

Real-time embedded systems are increasingly being networked. In distributed real-time embedded applications, e.g., electric grid management and command and control applications, it is required to not only meet real-time constraints but also support the data confidentiality, integrity, and authenticity. Unfortunately, in general, cryptographic functions are computationally expensive, possibly causing deadline misses in real-time embedded systems with limited resources. As a basis for cost-effective security support in real-time embedded systems, we define a quantitative notion of strength of defense (SoD). Based on the SoD concept, we propose a novel adaptive security policy in which the SoD can be degraded by decreasing the cryptographic key length for certain tasks, if necessary, to improve the success ratio under overload conditions. Our approach is lightweight. The time complexity of our approach is linear and its amortized version has the constant overhead per SoD adaptation period. Moreover, our approach supports desirable security features requiring an attacker to do extra work to find the cryptographic key. In the performance evaluation, we show that our approach can considerably improve the success ratio due to controlled SoD degradation under overload

[1]  Charles L. Phillips,et al.  Digital control system analysis and design (2nd ed.) , 1989 .

[2]  William Hugh Murray,et al.  Modern Cryptography , 1995, Information Security Journal.

[3]  Donald F. Towsley,et al.  Scheduling Transactions with Temporal Constraints: Exploiting Data Semantics , 2002, IEEE Trans. Knowl. Data Eng..

[4]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[5]  Kang G. Shin,et al.  End-host architecture for QoS-adaptive communication , 1998, Proceedings. Fourth IEEE Real-Time Technology and Applications Symposium (Cat. No.98TB100245).

[6]  Sang Hyuk Son,et al.  Correction to 'Integrating Security and Real-Time Requirements Using Covert Channel Capacity' , 2000, IEEE Trans. Knowl. Data Eng..

[7]  Ragunathan Rajkumar,et al.  Protecting resources with resource control lists , 2001, Proceedings Seventh IEEE Real-Time Technology and Applications Symposium.

[8]  Sang Hyuk Son,et al.  STAR: secure real-time transaction processing with timeliness guarantees , 2002, 23rd IEEE Real-Time Systems Symposium, 2002. RTSS 2002..

[9]  Jörgen Hansson,et al.  An adaptable security manager for real-time transactions , 2000, Proceedings 12th Euromicro Conference on Real-Time Systems. Euromicro RTS 2000.

[10]  James W. Layland,et al.  Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment , 1989, JACM.

[11]  Sang Hyuk Son,et al.  Feedback Control Real-Time Scheduling: Framework, Modeling, and Algorithms* , 2001, Real-Time Systems.

[12]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[13]  Cynthia E. Irvine,et al.  Calculating costs for quality of security service , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[14]  Daniel P. Siewiorek,et al.  Practical solutions for QoS-based resource allocation problems , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[15]  MukkamalaRavi,et al.  Integrating Security and Real-Time Requirements Using Covert Channel Capacity , 2000 .

[16]  Vincent Rijmen,et al.  Efficient Block Ciphers for Smartcards , 1999, Smartcard.

[17]  Matthew J. Weiner,et al.  Efficient DES Key Search , 1994 .

[18]  Jane W.-S. Liu,et al.  Imprecise Results: Utilizing Partial Comptuations in Real-Time Systems , 1987, RTSS.

[19]  Jayant R. Haritsa,et al.  Secure Concurrency Control in Firm Real-Time Database Systems , 2004, Distributed and Parallel Databases.

[20]  Mike Bond,et al.  Experience Using a Low-Cost FPGA Design to Crack DES Keys , 2002, CHES.

[21]  Daniel P. Siewiorek,et al.  On quality of service optimization with discrete QoS options , 1999, Proceedings of the Fifth IEEE Real-Time Technology and Applications Symposium.

[22]  Susan V. Vrbsky,et al.  Maintaining security in firm real-time database systems , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[23]  Joseph P. Loyall,et al.  A distributed real-time embedded application for surveillance, detection, and tracking of time critical targets , 2005, 11th IEEE Real Time and Embedded Technology and Applications Symposium.

[24]  Charles R. Phillips,et al.  Digital control system analysis and design , 1985, IEEE Transactions on Systems, Man, and Cybernetics.

[25]  Bruce Schneier,et al.  Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .

[26]  John Linn,et al.  Generic Security Service Application Program Interface , 1993, RFC.