Visible to the public Embedded System Security

SoS Newsletter- Advanced Book Block

Embedded System Security

Embedded Systems Security aims for a comprehensive view of security across hardware, platform software (including operating systems and hypervisors), software development processes, data protection protocols (both networking and storage), and cryptography. Critics say embedded device manufacturers often lack maturity when it comes to designing secure embedded systems. They say vendors in the embedded device and critical infrastructure market are starting to conduct classic threat modeling and risk analysis on their equipment, but they've not matured to to the point of developing formal secure development standards. Research is beginning to bridge the gap between promise and performance, as the articles cited here, suggest.

  • Dejun Mu; Wei Hu; Baolei Mao; Bo Ma, "A Bottom-Up Approach To Verifiable Embedded System Information Flow Security," Information Security, IET , vol.8, no.1, pp.12,17, Jan. 2014. (ID#:14-1662) Available at: With the wide deployment of embedded systems and constant increase in their inter-connections, embedded systems tend to be confronted with attacks through security holes that are hard to predict using typical security measures such as access control or data encryption. To eliminate these security holes, embedded security should be accounted for during the design phase from all abstraction levels with effective measures taken to prevent unintended interference between different system components caused by harmful flows of information. This study proposes a bottom-up approach to designing verifiably information flow secure embedded systems. The proposed method enables tight information flow controls by monitoring all flows of information from the level of Boolean gates. It lays a solid foundation to information flow security in the underlying hardware and exposes the ability to prove security properties to all abstraction levels in the entire system stack. With substantial amounts of modifications made to the instruction set architecture, operating system, programming language and input/output architecture, the target system can be designed to be verifiably information flow secure. Keywords: embedded systems; formal verification; instruction sets; operating systems (computers);security of data; access control; bottom up approach; data encryption; information flow controls; input-output architecture; instruction set architecture; operating system; programming language; security holes; verifiable embedded system information flow security
  • Apostolos P. Fournaris, Nicolas Sklavos, "Secure Embedded System Hardware Design - A Flexible Security And Trust Enhanced Approach," Computers and Electrical Engineering, Volume 40 Issue 1, January 2014, (Pages 121-133). (ID#:14-1663) Available at: This paper explores the vulnerabilities and risks associated with embedded systems and data collection, particularly stemming from the advent of new smart devices (mobile phones, cars, household technology). From an ES hardware perspective, the authors of this paper analyzes various physical attacks, and explores countermeasures in terms of reconfigurable logic flexibility, adaptability, and scalability. This paper applies to aforementioned criteria to a proposed FPGA-based embedded system hardware realistic options for embedded system security enhancement. Keywords: Embedded system security, Hardware design, Physical attacks, Reconfigurable logic, Trusted computing
  • Hatzivasilis, George; Papaefstathiou, Ioannis; Manifavas, Charalampos; Papadakis, Nikos, "A Reasoning System for Composition Verification and Security Validation," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, vol., no., pp.1,4, March 30 2014-April 2 2014. (ID#:14-1664) Available at: The procedure to prove that a system-of-systems is composable and secure is a very difficult task. Formal methods are mathematically-based techniques used for the specification, development and verification of software and hardware systems. This paper presents a model-based framework for dynamic embedded system composition and security evaluation. Event Calculus is applied for modeling the security behavior of a dynamic system and calculating its security level with the progress in time. The framework includes two main functionalities: composition validation and derivation of security and performance metrics and properties. Starting from an initial system state and given a series of further composition events, the framework derives the final system state as well as its security and performance metrics and properties. We implement the proposed framework in an epistemic reasoner, the rule engine JESS with an extension of DECKT for the reasoning process and the JAVA programming language. Keywords: (not provided)
  • Al-Jarrah, Omar; Arafat, Ahmad, "Network Intrusion Detection System using attack behavior classification," Information and Communication Systems (ICICS), 2014 5th International Conference on , vol., no., pp.1,6, 1-3 April 2014. (ID#:14-1665) Available at: This paper discusses Probes attacks, or reconnaissance attacks, which attempts to collect pertinent information on the network. The authors of this paper propose embedding temporal attack behavior into a TDNN neural network system, in order to more efficiently and quantitatively recognize rate of network attacks. The projected system will feature five modules, consisting of a packet capture engine, preprocessor, pattern recognition, classification, monitoring, and alert. Keywords: IP networks; Intrusion detection; Neural networks; Pattern recognition; Ports (Computers); Probes; Protocols; Host sweep; Intrusion Detection Systems; Network probe attack; Port scan; TDNN neural network
  • Pierre Schnarz, Joachim Wietzke, Ingo Stengel, "Towards Attacks On Restricted Memory Areas Through Co-Processors In Embedded Multi-OS Environments Via Malicious Firmware Injection," CS2 '14 Proceedings of the First Workshop on Cryptography and Security in Computing Systems, January 2014, (Pages 25-30). (ID#:14-1666) Available at: Multi-operating systems have been introduced to manage the manifold requirements of embedded systems. Especially in safety critical environments like the automotive domain the system's security must be guaranteed. Despite the state-of-the-art virtualization mechanisms, the idea of asymmetric-multi-processing can be used to split a system's hardware resources, which makes the virtualization of hardware obsolete. However, this special technique to implement a multi-operating system might add special demands to security objectives like isolation. In this paper an attack vector is shown, which utilizes a co-processor to break through the isolation of an operating system domain. Using a multi-operating system environment, we inject a malicious firmware into the co-processor in order to circumvent isolation mechanisms on behalf of an attacking operating system. Our attack vector demonstrates weaknesses in CPU centric isolation mechanisms, which will be further presented in the remainder of the document. Keywords: (not provided)
  • Subramanian, N.; Zalewski, J., "Quantitative Assessment of Safety and Security of System Architectures for Cyberphysical Systems Using the NFR Approach," Systems Journal, IEEE, vol. PP, no.99, pp.1,13, January 2014. (ID#:14-1667) Available at: Cyberphysical systems (CPSs) are an integral part of modern societies since most critical infrastructures are controlled by these systems. CPSs incorporate computer-based and network-based technologies for the monitoring and control of physical processes. Two critically important properties of CPSs are safety and security. It is widely accepted that properties such as safety and security should be considered at the system design phase itself, particularly at the architectural level wherein such properties are embedded in the final system. However, safety and security are interrelated, and there seems to be a lack of techniques that consider both of them together. The nonfunctional requirement (NFR) approach is a technique that allows the simultaneous evaluation of both safety and security at the architectural level. In this paper, we apply the NFR approach to quantitatively evaluate the safety and security properties of an example CPS, i.e., an oil pipeline control system. We conclude that the NFR approach provides practical results that can be used by designers and developers to create safe and secure CPSs. Keywords: Cyberphysical systems (CPSs); nonfunctional requirement (NFR) approach; safety; security; system architecture assessment
  • Strobel, D.; Oswald, D.; Richter, B.; Schellenberg, F.; Paar, C., "Microcontrollers as (In)Security Devices for Pervasive Computing Applications," Proceedings of the IEEE , vol.PP, no.99, pp.1,17, June 2014. (ID#:14-1668) Available at: Often overlooked, microcontrollers are the central component in embedded systems which drive the evolution toward the Internet of Things (IoT). They are small, easy to handle, low cost, and with myriads of pervasive applications. An increasing number of microcontroller-equipped systems are security and safety critical. In this tutorial, we take a critical look at the security aspects of today's microcontrollers. We demonstrate why the implementation of sensitive applications on a standard microcontroller can lead to severe security problems. To this end, we summarize various threats to microcontroller-based systems, including side-channel analysis and different methods for extracting embedded code. In two case studies, we demonstrate the relevance of these techniques in real-world applications: Both analyzed systems, a widely used digital locking system and the YubiKey 2 onetime password generator, turned out to be susceptible to attacks against the actual implementations, allowing an adversary to extract the cryptographic keys which, in turn, leads to a total collapse of the system security. Keywords: Algorithm design and analysis; Clocks; Cryptography; Field programmable gate arrays; Microcontrollers; Registers; Code extraction; microcontroller; real-world attacks; reverse engineering; side-channel analysis
  • Turkoglu, Cagin; Cagdas, Serhat; Celebi, Anil; Erturk, Sarp, "Hardware Design of An Embedded Real-Time Acoustic Source Location Detector," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on , vol., no., pp.1,4, March 30 2014-April 2 2014. (ID#:14-1669) Available at: This paper presents an embedded system that detects the 3 dimensional location of an acoustic source using a multiple microphone constellation. The system consists of a field programmable gate array (FPGA)that is used as main processing unit and the necessary peripherals. The sound signals are captured using multiple microphones that are connected to the embedded system using XLR connectors. The analog sound signals are first amplified using programmable gain amplifiers (PGAs) and then digitized before they are provided to the FPGA. The FPGA carries out the computations necessary for the algorithms to detect the acoustic source location in real-time. The system can be used for consumer electronics applications as well as security and defense applications. Keywords: (not provided)
  • Brunel, Jeremie; Pacalet, Renaud; Ouaarab, Salaheddine; Duc, Guillaume, "SecBus, a Software/Hardware Architecture for Securing External Memories," Mobile Cloud Computing, Services, and Engineering (MobileCloud), 2014 2nd IEEE International Conference on , vol., no., pp.277,282, 8-11 April 2014. (ID#:14-1670) Available at: Embedded systems are ubiquitous nowadays. In many cases, they manipulate sensitive applications or data and may be the target of logical or physical attacks. On systems that contain a System-on-Chip connected to an external memory, which is the case of numerous medium to large-size embedded systems, the content of this memory is relatively easy to retrieve or modify. This attack can be performed by probing the memory bus, dumping the content of the memory (cold boot attack) or by exploiting flaws in DMA-capable devices. Thus, if the embedded system manipulates sensitive applications or data, the confidentiality and the integrity of data in memory shall be protected. SecBus is a combined hardware/software architecture that guarantees these two security properties. This paper describes the different software components that are in charge of the management of the SecBus platform, from the early initialization to their use by the sensitive applications. Keywords: (not provided)
  • Zonghua Gu; Chao Wang; Ming Zhang; Zhaohui Wu, "WCET-Aware Partial Control-Flow Checking for Resource-Constrained Real-Time Embedded Systems," Industrial Electronics, IEEE Transactions on , vol.61, no.10, pp.5652,5661, Oct. 2014. (ID#:14-1671) Available at: Real-time embedded systems in diverse application domains, such as industrial control, automotive, and aerospace, are often safety-critical systems with stringent timing constraints that place strong demands on reliability and fault tolerance. Since fault-tolerance mechanisms inevitably add performance and/or resource overheads, it is important to guarantee a system's real-time constraints despite these overheads. Control-flow checking (CFC) is an effective technique for improving embedded systems' reliability and security by online monitoring and checking of software control flow to detect runtime deviations from the control-flow graph (CFG). Software-based CFC has high runtime overhead, and it is generally not applicable to resource-constrained embedded systems with stringent timing constraints. We present techniques for partial CFC (PCFC), which aims to achieve a tradeoff between runtime overhead, which is measured in terms of increases in worst case execution time (WCET), and fault-detection coverage by selectively instrumenting a subset of basic blocks. Experimental results indicate that PCFC significantly enables reductions of the program WCET compared to full CFC at the cost of reduced fault-detection ratio, thus providing a tunable fault-tolerance technique that can be adapted by the designer to suit the needs of different applications. Keywords: embedded systems; fault diagnosis; flow graphs; software fault tolerance; system monitoring; CFG;P CFC; WCET-aware partial control-flow checking; control-flow graph; embedded systems reliability; fault-detection coverage; fault-detection ratio; fault-tolerance mechanisms; partial CFC; resource-constrained real-time embedded systems; runtime deviations; software control flow checking; worst case execution time; Embedded systems; Fault detection; Fault tolerance; Fault tolerant systems; Instruments; Optimization; Real-time systems; Control flow checking; Control-flow checking (CFC);fault tolerance; fault-tolerance; real-time embedded systems
  • Helfmeier, C.; Boit, C.; Nedospasov, D.; Tajik, S.; Seifert, J.-P., "Physical vulnerabilities of Physically Unclonable Functions," Design, Automation and Test in Europe Conference and Exhibition (DATE), 2014 , vol., no., pp.1,4, 24-28 March 2014. (ID#:14-1672) Available at: In recent years one of the most popular areas of research in hardware security has been Physically Unclonable Functions (PUF). PUFs provide primitives for implementing tamper detection, encryption and device fingerprinting. One particularly common application is replacing Non-volatile Memory (NVM) as key storage in embedded devices like smart cards and secure microcontrollers. Though a wide array of PUF have been demonstrated in the academic literature, vendors have only begun to roll out PUFs in their end-user products. Moreover, the improvement to overall system security provided by PUFs is still the subject of much debate. This work reviews the state of the art of PUFs in general, and as a replacement for key storage in particular. We review also techniques and methodologies which make the physical response characterization and physical/digital cloning of PUFs possible. Keywords: SRAM chips; NVM; PUF; device fingerprinting; digital cloning; encryption; nonvolatile memory; physical cloning; physical response characterization; physical vulnerabilities; physically unclonable functions; secure microcontrollers; smart cards; tamper detection; Encryption; Hardware; Integrated circuits; Inverters; SRAM cells
  • Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, Vijay Varadharajan, "TrustLite: a Security Architecture For Tiny Embedded Devices," EuroSys '14 Proceedings of the Ninth European Conference on Computer Systems, April 2014, Article No. 10. (ID#:14-1673) Available at: Embedded systems are increasingly pervasive, interdependent and in many cases critical to our everyday life and safety. Tiny devices that cannot afford sophisticated hardware security mechanisms are embedded in complex control infrastructures, medical support systems and entertainment products [51]. As such devices are increasingly subject to attacks, new hardware protection mechanisms are needed to provide the required resilience and dependency at low cost. In this work, we present the TrustLite security architecture for flexible, hardware-enforced isolation of software modules. We describe mechanisms for secure exception handling and communication between protected modules, enabling seamless interoperability with untrusted operating systems and tasks. TrustLite scales from providing a simple protected firmware runtime to advanced functionality such as attestation and trusted execution of userspace tasks. Our FPGA prototype shows that these capabilities are achievable even on low-cost embedded systems. Keywords: (not provided)
  • Lucas Davi, Patrick Koeberl, Ahmad-Reza Sadeghi, "Hardware-Assisted Fine-Grained Control-Flow Integrity: Towards Efficient Protection of Embedded Systems Against Software Exploitation," DAC '14 Proceedings of the The 51st Annual Design Automation Conference, June 2014. (ID#:14-1674) Available at: Embedded systems have become pervasive and are built into a vast number of devices such as sensors, vehicles, mobile and wearable devices. However, due to resource constraints, they fail to provide sufficient security, and are particularly vulnerable to runtime attacks (code injection and ROP). Previous works have proposed the enforcement of control-flow integrity (CFI) as a general defense against runtime attacks. However, existing solutions either suffer from performance overhead or only enforce coarse-grain CFI policies that a sophisticated adversary can undermine. In this paper, we tackle these limitations and present the design of novel security hardware mechanisms to enable fine-grained CFI checks. Our CFI proposal is based on a state model and a per-function CFI label approach. In particular, our CFI policies ensure that function returns can only transfer control to active call sides (i.e., return landing pads of functions currently executing). Further, we restrict indirect calls to target the beginning of a function, and lastly, deploy behavioral heuristics for indirect jumps. Keywords: (not provided)
  • Shabir A. Parah, Javaid A. Sheikh, Abdul M. Hafiz, G. M. Bhat, "Data Hiding In Scrambled Images: A New Double Layer Security Data Hiding Technique," Computers and Electrical Engineering , Volume 40 Issue 1, January, 2014, (Pages 70-82). (ID#:14-1675) Available at: The contemporary multimedia and communication technology has made it possible to replicate and distribute digital media easier and faster. This ease of availability causes the problem of exposing transmitted digital data on the network with the risk of being copied or intercepted illegally. Many cryptographic techniques are in vogue to encrypt the data before transmission to avert any security problems. However, disguised appearance of the encrypted data makes the adversary suspicious and increases the chances of malicious attack. In such a scenario data hiding has received significant attention as an alternate way to ensure data security. This paper presents a data hiding technique based on the concepts of scrambling and pseudorandom data hiding; to provide a data hiding system with two layer security to the embedded data, and good perceptual transparency of the stego images. The proposed system uses the novel concept of embedding the secret data in scrambled (encrypted) cover images. The data embedding is carried out in the Intermediate Significant and least significant bit planes of encrypted image at the predetermined locations pointed to by Pseudorandom Address Space (PAS) and Address Space Direction Pointer (ASDP). Experimental results prove the efficacy of scheme viz-a-viz various parameters of interest. Keywords: (not provided)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.