Towards security and QoS optimization in real-time embedded systems

A number of real-time embedded systems (RTESs) are used to manage critical infrastructure such as electric grids or C4I systems. In these systems, it is essential to meet deadlines, for example, to avoid a power outage or loss of a life. The importance of security support is also increasing, because more RTESs are being networked. To securely transmit sensitive data, e.g., a battle field status, across the network, RTESs need to protect the data via cryptographic techniques. However, security support may cause deadline misses or unacceptable QoS degradation. As an initial effort to address this problem, we formulate the security support in RTESs as a QoS optimization problem. Also, we propose a novel adaptive approach for security support in which a RTES initially uses a relatively short cryptographic key to maximize the QoS, while increasing the key length when the security risk level is raised. In this way, we can make a possible cryptanalysis several orders of magnitude harder by requiring the attacker to search a larger key space, while meeting all deadlines by degrading the QoS in a controlled manner. To minimize the overhead, we derive the appropriate QoS levels for several key lengths via an offine polynomial time algorithm. When the risk level is raised online, a real-time task can use a longer key and adapt to the corresponding QoS level (derived offine) in O(1) time.

[1]  Sang Hyuk Son,et al.  Correction to 'Integrating Security and Real-Time Requirements Using Covert Channel Capacity' , 2000, IEEE Trans. Knowl. Data Eng..

[2]  Gail-Joon Ahn,et al.  Dynamic and risk-aware network access management , 2003, SACMAT '03.

[3]  Jörgen Hansson,et al.  An adaptable security manager for real-time transactions , 2000, Proceedings 12th Euromicro Conference on Real-Time Systems. Euromicro RTS 2000.

[4]  Cynthia E. Irvine,et al.  Calculating costs for quality of security service , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[5]  Daniel P. Siewiorek,et al.  On quality of service optimization with discrete QoS options , 1999, Proceedings of the Fifth IEEE Real-Time Technology and Applications Symposium.

[6]  William Hugh Murray,et al.  Modern Cryptography , 1995, Information Security Journal.

[7]  Sang Hyuk Son,et al.  STAR: secure real-time transaction processing with timeliness guarantees , 2002, 23rd IEEE Real-Time Systems Symposium, 2002. RTSS 2002..

[8]  Susan V. Vrbsky,et al.  Maintaining security in firm real-time database systems , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[9]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[10]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[11]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[12]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[13]  Jane W.-S. Liu,et al.  Imprecise Results: Utilizing Partial Comptuations in Real-Time Systems , 1987, RTSS.

[14]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[15]  John Linn,et al.  Generic Security Service Application Program Interface , 1993, RFC.

[16]  Matthew J. Weiner,et al.  Efficient DES Key Search , 1994 .

[17]  Ragunathan Rajkumar,et al.  Protecting resources with resource control lists , 2001, Proceedings Seventh IEEE Real-Time Technology and Applications Symposium.

[18]  Jayant R. Haritsa,et al.  Secure Concurrency Control in Firm Real-Time Database Systems , 2004, Distributed and Parallel Databases.

[19]  Wenbo Mao,et al.  Modern Cryptography: Theory and Practice , 2003 .