Embedded security for Internet of Things

Internet of Things (IoT) consists of several tiny devices connected together to form a collaborative computing environment. IoT imposes peculiar constraints in terms of connectivity, computational power and energy budget, which make it significantly different from those contemplated by the canonical doctrine of security in distributed systems. In order to circumvent the problem of security in IoT domain, networks and devices need to be secured. In this paper, we consider the embedded device security only, assuming that network security is properly in place. It can be noticed that the existence of tiny computing devices that form ubiquity in IoT domain are very much vulnerable to different security attacks. In this work, we provide the requirements of embedded security, the solutions to resists different attacks and the technology for resisting temper proofing of the embedded devices by the concept of trusted computing. Our paper attempts to address the issue of security for data at rest. Addressing this issue is equivalent to addressing the security issue of the hardware platform. Our work also partially helps in addressing securing data in transit.

[1]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[2]  J. Foster,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[3]  E. Canto,et al.  Embedded security: New trends in personal recognition systems , 2007, 2007 Ph.D Research in Microelectronics and Electronics Conference.

[4]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[5]  Christof Paar,et al.  Embedded security in a pervasive world , 2007, Inf. Secur. Tech. Rep..

[6]  W. Buxton Human-Computer Interaction , 1988, Springer Berlin Heidelberg.

[7]  Christof Paar,et al.  Embedded Security in Cars: Securing Current and Future Automotive IT Applications , 2005 .

[8]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[9]  Gregory D. Abowd,et al.  Prototypes and paratypes: designing mobile and ubiquitous computing applications , 2005, IEEE Pervasive Computing.

[10]  Srivaths Ravi,et al.  System design methodologies for a wireless security processing platform , 2002, DAC '02.

[11]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[12]  Srivaths Ravi,et al.  Secure embedded processing through hardware-assisted run-time monitoring , 2005, Design, Automation and Test in Europe.

[13]  Jean-Sébastien Coron,et al.  Statistics and secret leakage , 2000, TECS.

[14]  Mark Weiser The computer for the 21st century , 1991 .

[15]  Ross J. Anderson On the Security of Digital Tachographs , 1998, ESORICS.

[16]  Vipul Gupta,et al.  A public-key cryptographic processor for RSA and ECC , 2004, Proceedings. 15th IEEE International Conference on Application-Specific Systems, Architectures and Processors, 2004..

[17]  Peter Wilson,et al.  Implementing Embedded Security on Dual-Virtual-CPU Systems , 2007, IEEE Design & Test of Computers.

[18]  Cihangir Tezcan,et al.  Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT , 2009, ACISP.

[19]  Kang Yen,et al.  Sensor network security: a survey , 2009, IEEE Communications Surveys & Tutorials.

[20]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[21]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[22]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[23]  Bhagirath Narahari,et al.  A compiler-hardware approach to software protection for embedded systems , 2009, Comput. Electr. Eng..

[24]  Richard Evans,et al.  Derivation of Safety Targets for the Random Failure of Programmable Vehicle Based Systems , 2000, SAFECOMP.

[25]  Mahmut T. Kandemir,et al.  A data-driven approach for embedded security , 2005, IEEE Computer Society Annual Symposium on VLSI: New Frontiers in VLSI Design (ISVLSI'05).

[26]  Brian D. Noble,et al.  Mobile Device Security Using Transient Authentication , 2006, IEEE Transactions on Mobile Computing.

[27]  Jean-Pierre Hubaux The security of vehicular networks , 2005, WiSe '05.

[28]  M. Weiser The Computer for the Twenty-First Century , 1991 .

[29]  TessierRussell,et al.  A security approach for off-chip memory in embedded microprocessor systems , 2009 .

[30]  Tom Martin,et al.  Mobile phones as computing devices: the viruses are coming! , 2004, IEEE Pervasive Computing.

[31]  Philip Koopman,et al.  Embedded System Security , 2004, Computer.

[32]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[33]  Charles E. Stroud,et al.  Online BIST and BIST-based diagnosis of FPGA logic blocks , 2004, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[34]  Bülent Yener,et al.  Key distribution mechanisms for wireless sensor networks : a survey , 2005 .

[35]  Chris Weaver,et al.  CryptoManiac: a fast flexible architecture for secure communication , 2001, ISCA 2001.