Homer Simpson Twentieth Century Fox Springfield

Published Date: 02 Nov 2017

Michael Shell School of Electrical and Computer Engineering

Georgia Institute of Technology

Atlanta, Georgia 30332–0250

Email: http://www.michaelshell.org/contact.html

Homer Simpson Twentieth Century Fox Springfield, USA

Email: [email protected]

James Kirk

and Montgomery Scott

Starfleet Academy

San Francisco, California 96678-2391

Telephone: (800) 555–1212

Fax: (888) 555–1212

Abstract—Embedded systems security is a recurring theme in current research efforts, brought in the limelight by the wide adoption of ubiquitous devices. Security issues often pose an obstacle to the wider adoption of embedded systems, espe- cially in critical applications or ones involving private sensitive information. Significant funding has been allocated to various European projects on this subject area, in order to investigate and overcome the various security challenges. In this paper we provide an overview of recent EU-funded research efforts pertaining to embedded systems security, where several prominent security issues and the respective proposed approaches are presented. We identify emerging trends, state-of-the-art technologies being used or developed, opportunities for composing or expanding past work and, generally, high- light open issues. A layered approach is adopted to categorize the identified technologies, focusing on the node, network, middleware and overlay tiers.

I. INTRODUCTION

Embedded devices have nowadays an important role in a variety of systems, such as critical infrastructures or enhanced reality and e-health applications. However, their resource- constrained nature and their deployment in dynamic, hetero- geneous networks which are commonly exposed to various attacks, even physical in nature, only exacerbate their security, privacy and dependability issues.

The wide adoption of embedded systems for various ap- plication scenarios makes it imperative to face the abovemen- tioned security issues, regardless of the layer these may be found in; thus, the focus of current research on these issues is evident and justified. This survey paper has been conducted within the scope of such a project, nSHIELD [1], an EU research project focusing on embedded systems security. The work presented here aims at providing an overview of said past and running projects in order to identify emerging trends, state- of-the-art technologies being used or developed, opportunities for composing or expanding past work and, generally, highlight open issues that need to be addressed in the future. Research in these projects has been conducted using EU resources, hence they have a budget within the funding limits imposed by the EU itself and have undergone a similar review process in terms of novelty, application and quality requirements. In addition, they all try to achieve the common goal of attaining a uniform technological level among all EU state-members. Details on the EU projects related to embedded systems security that were reviewed for the purposes of this paper are presented in Table ??.

The paper is organized as follows: Section II gives an overview of the research efforts in some resent EU projects

related to embedded systems security, following a layered approach. In particular, Section II-A presents the various technologies related to embedded systems’ nodes. Section II-B deals with the network-related technologies. Section II-C presents the approaches followed for the middleware and overlay layers. Issues that future research could deal with are presented in Section III and finally the paper concludes in Section IV.

II. OVERVIEW OF TECHNOLOGIES

The heterogeneous nature of the field is evident from the literature review. In terms of hardware (i.e. nodes/motes) used, it was revealed that there is a variety of platforms being utilised, with equally varied capabilities, such as the low- power TelosB, IRIS and MICAz platforms from Crossbow Technology [2], the more capable Verdex Pro XL6P COM from Gumstix [3] and the FOX LX board from Acme Sys- tems [4], or even more powerful devices such as the Freescale i.MX51 [5] and the Xilinx Spartan-6 [6] FPGA family. Equally varied are the software security solutions being utilized and de- veloped, featuring different operating environments, protocols and cryptographic primitives.

A. Node

A significant area of security research related to Wireless Sensor Networks (WSN) aims at utilizing Trusted Platform Module (TPM) hardware and adapting it to the specific needs of resource constrained applications. Such a TPM-related subject is that of the implementation of the Direct Anonymous Attestation (DAA) scheme specified by the Trusted Computing Group (TCG). In [7] a detailed report on the implementation of the aforementioned functionality is provided, as well as suggestions for improvements. The presented experimental results indicate that especially the rogue detection part of the DAA protocol can be very time consuming and the overhead is very evident on resource-constrained devices, increasing linearly with the size of the black-lists of rogue TPMs. Moreover, problems with the mechanisms and protocols used to report compromised TPMs are identified. On the subject of TPMs, research has also focused on the security extensions of mobile platforms for hosting Mobile Trusted Module (MTM) functionality. Two different reconfigurable MTM architectures are presented in [8]; the first one is based on a software implementation of the MTM running on the same physical processor as the applications using that MTM and the second is based on JavaCards providing the MTM functionality via the

Java runtime environment, each with its own set of isolation mechanisms between the MTM and its users. The techniques utilize security features commonly found on mobile devices, i.e. Secure Elements and ARM TrustZone [9], proposing respective techniques for dynamic loading of TPM commands, aiming to alleviate the performance and memory issues arising from the security facilities of mobile platforms. In [10] the server side of Trusted Computing functionality is examined, presenting a design based on the Nizza Architecture [11] but minimizing the trusted computing base and aiming to provide anonymous and trustworthy service for users, even counteracting certain insider attacks which, with the proposed scheme cannot go undetected.

An approach for protecting agents by utilizing tamper- resistant cryptographic hardware is presented in [12]. The proposed agent migration protocol (Secure Migration Library

– SecMiLiA) is based on the use of Trusted Computing technology that attempts to protect the agent from malicious hosts. A weakness of this system is the key management system that requires further improvement. In particular, due to the fact that the available key storage in the TPM is very limited, the key to be used is loaded into memory when required and is offloaded as soon as it is no longer useful, thus triggering many key transactions. Issues such as the use of key caching and the best possible management of cached keys remain topics that future research could deal with.

It should be evident from the above that TPMs are an important tool for building secure embedded system platforms; still, it must be noted that they should not be considered fail- proof. In [13] an active hardware attack on TPMs is detailed, which may not allow access to protected data (e.g. crypto- graphic keys), but circumvents the chain of trust assumed to be provided by the trusted platform. So, the module itself might be tamper resistant but the communication channels are often vulnerable and this is something that must be taken into consideration at the design phase.

Another approach to WSN node security is based on the use of low cost, low energy consumption Complex Programmable Logic Devices (CPLDs), which are programmable logic de- vices having a complexity between that of Programmable Logic Arrays (PLAs) and that of Field Programmable Gate Arrays (FPGAs), sharing architectural features with both. A WSN platform which embeds a CPLD in a standard WSN node is presented in [14] and, as real-world experiments show, this CPLD-equipped platform can increase the performance of a standard WSN node by a factor of 1220 to 3000 when execut- ing certain algorithms and equally significant gains in power consumption, with a reported reduction of up to 98%. This concept is further expanded in [15], where various networking and security protocols are implemented on the aforementioned platform and real-world performance is compared to existing schemes. In [16] RESENSE is presented, a complete node platform integrating this technique on popular WSN nodes (MICAz and IRIS from Crossbow Technology) running the TinyOS operating system. An indicative summary of results can be seen in Table ??.

Virtualization is a feature that, as research has shown, adds to the overall security of the system, in various ways. Firstly, it seems to be a remedy for facing the severe security challenges that mobile devices have, given that they are usually targeting

a completely open setup [17]. In addition, efficient virtual machines have successfully been implemented in micro-kernel based systems, thus enabling the reuse of arbitrary operating systems [18]. The overhead imposed on the kernel growth was rather marginal and the overall performance was found to be similar to other virtual machine implementations. An analysis on how and to which degree recent x86 virtualization extensions can influence the response times of a real-time operating system that hosts virtual machines was performed in [19]. In [20] it was shown that a thin and rather simple virtualization layer can add to the overall system’s security, as it provides fewer options for attack to a potential adversary. What is more, this approach was found to exhibit signif- icantly better performance, compared to contemporary full virtualization environments. Finally, regarding the way virtual machines should be implemented, it is claimed in [21] that their construction should follow the principle of incremental complexity growth. Namely, additional functionality should not be included in the trusted computing base of a component if the benefits it offers are less than the drawbacks (e.g. due to larger risk for introduced bugs and errors). Such an approach can be efficiently implemented and it was possible to achieve high throughput and good real-time performance.

Embedded systems exhibit a significant number of soft errors, the correction of which imposes equally significant hardware and real-time overhead. For improving embedded systems’ dependability, the authors of [22] proposed an ap- proach that exploits application knowledge to classify errors according to their relevance and the impact of their correction to the system. Avoiding to correct every single error (effec- tively delaying the error-correcting process) caused a reduction in the imposed correction overhead, thus making it easier to meet mandatory deadlines in cases where real-time behavior is an absolute requirement.

An overview of the literature pertaining to time and energy overhead various cryptographic primitives impose on popular types of wireless sensor nodes is presented in [23]. A num- ber of symmetric and public-key algorithms, hash functions and cryptographic primitives in general are mentioned as well as their light-weight counterparts, where available. It is worth pointing out that the node lifetime data presented in the literature usually refers to the overhead imposed by the security-related functionality alone and, in a real-life scenario, values would be significantly lower due to additional functions running on the same node.

In the literature, whenever strong encryption is required on rather resource-constrained devices, elliptic-curve cryptog- raphy (ECC) is always a strong candidate. In [24] the finite fields Fp , F2d and Fpd are being investigated for suitability for performing ECC on the ATmega128 microcontroller and it turns out that binary fields are most preferable when efficient implementations are required.

An interesting security scheme for WSN that provides transparent security is proposed in [25]. This scheme is ef- fectively a light-weight CBC-X mode cipher that is able to provide encryption/decryption and authentication, combined as an one-pass operation. Consequently, it exhibits significant energy gains of about 50-60%, compared to TinySec [26]. Furthermore, the proposed scheme has no ciphertext expansion for the transmitted data payload, thus significantly reducing

the communication overhead. Although a block cipher is used, ciphertext expansion is avoided by having padding rules making use of a Data Stealing technique and a MAC Stealing technique, thus allowing for zero redundant padding bytes.

A strong, compact and efficient block cipher, DESL (DES Light-weight extension), based on the DES (Data Encryption Standard) cipher design is proposed in [27]. Instead of using

8 S-boxes as in DES, it uses a single S-box repeated eight times, thus considerably reducing chip size requirements. Furthermore, a light-weight implementation of DESL is also proposed, that requires almost half the chip size and 86% less clock cycles compared to the best AES implementations targeted for RFID applications, therefore rendering DESL a strong candidate for ultra low-cost encryption applications.

An optimized implementation of a modular multiplication is presented in [28]. The proposed algorithm was tested on an 8-bit microcontroller (AVR), using an 160-bit standard compliant elliptic curve (secp160r1). Given that the majority of the processing time for elliptic-curve cryptography (ECC) is spent on modular multiplication, related schemes such as EC ElGamal or ECDSA would greatly benefit from it, as well as their applications in the field of resource-constrained devices (such as WSNs).

Hardware-specific optimizations have also played an im- portant role in light-weight cryptography research efforts. The authors in [29] present an area-efficient implementation of AES (requires 0.33 mm2 in a 0.25 µm technology), featuring good performance and low power consumption. These goals were achieved by both optimizing individual functional blocks of AES, as well as the overall architecture.

A clock frequency watch dog, implemented using a digital standard CMOS library, is presented in [30]. The proposed scheme is able to prevent clock speed manipulations, thus preventing side channel attacks on cryptographic hardware devices. The cost in terms of both additional area and energy requirements is low and is therefore suitable for being applied to low-cost devices, such as wireless sensor nodes.

B. Network

The resource-constrained and often heterogeneous and dis- tributed nature of embedded systems, imposes restrictions and introduces issues at the network layer as well which, of course, researchers try to address.

The interoperability with existing infrastructures and the Internet is a major challenge which must be tackled in a definitive way if we are to realize what is often referred to as the Internet of Things (IoT). A very valuable tool in this area is the combination of the IEEE 802.15.4 standard with

6LoWPAN (IPv6 over Low power Wireless Personal Area Networks, [31]) which, expectedly, introduces new security challenges and opportunities. An example of the security challenges introduced by using these new technologies can be found in [32], where an off-the-shelf T-Mote Sky wireless sensor is transformed into an 802.15.4 packet sniffer. Analysis is then trivial using open source software like Wireshark. Of course, this technique is a valuable tool in the hands of researchers developing protocols but can also be exploited by malicious users to eavesdrop on a network or even launch

active attacks (e.g. packet injection). The authors in [33] propose new compression mechanisms for 6LoWPAN security headers, along with cryptographic mechanisms typically used with the IP security architecture, allowing the establishment of end-to-end secure channels between internet hosts and sensor nodes. The proposed mechanisms also allow for fine-grained control over the energy consumed on security-related tasks on the nodes, while an extensive evaluation of the proposed model on MicaZ sensors indicates that AES/CCM and SHA1 are the cryptographic primitives of choice [34].

The security and constraints stemming from the limited resources of sensor nodes have been investigated in EU projects extensively. Such an EU-funded attempt at trying to tackle these issues is presented in [35], namely the AWIS- SENET project, giving an overview of the topic, including security and operational requirements, sensor and network constraints as well as the objectives of the abovementioned project (Table ??). Another overview, more focused on smart- home applications, can be found in [36], where key privacy and security issues, among others, are identified.

In terms of network technologies, the utilization of Trusted Platform Modules and virtualization techniques is an emerg- ing pattern in relevant EU projects. A combination of said technologies is presented in [37], intending to provide a reference design for a Trusted Computing-based, light-weight, virtualization framework specifically aimed at cloud computing scenarios, an increasingly important area of applications. An overview of the proposed architecture, which exploits both the ARM TrustZone and TPM DAA technologies, can be seen in Figure ??.

Anonymous Authentication and Anonymity schemes in general are another key area of current research, since privacy is essential in many application (e.g. social, medical). An analysis of how Trusted Computing technologies can be used for anonymous authentication and how they can be integrated into common security frameworks (e.g. Java Crypto Architec- ture) can be found in [38]. This work is based on the DAA scheme for providing anonymity over secure communications channels (i.e. anonymous TLS client authentication), but using alternative, more light-weight, schemes than those defined in the TPM v1.2 specification. The proposed integration of the DAA library in the JCA architecture can be seen in Figure ??. Another interesting aspect of this work are the discrepancies reported between various TPM manufacturers (e.g. Infineon, Atmel, Winbond, Intel, ST Micro), TPM emulators and the original specification.

Another anonymous authentication scheme based on an optimized version of DAA and aimed at resource-constrained mobile devices is presented in [39]. Functionality includes secure devices authentication, credential revocation as well as anonymity and untraceability of said devices against service providers. The proof-of-concept implementation was deployed on an ARM11-equipped development platform (exploiting the ARM TrustZone feature, using an ECC and pairings scheme, while integration with the OpenSSL security framework was also demonstrated.

Further work on Trusted Computing Group anonymity schemes (i.e. PrivacyCA and DAA) is attempted in [40]. The goal is to overcome the need for a trusted third party which

is evident in the aforementioned standard schemes, while maintaining compatibility with the TPM v1.2 specification. The proposed anonymization scheme for trusted platforms overcomes the need for a trusted third party while, relying on the TPM’s DAA functionality so that no TPM modifications are required.

Regarding anonymous authentication, a Direct Anonymous Attestation protocol utilizing Near Field Communication- equipped (NFC,[41]) mobile devices and RFID is proposed in [42], expanding on the now relatively popular Secure Element (SE) scheme presented in [43]. Experimental results are also presented, using off-the-shelf mobile devices.

Secure routing protocols constitute another critical research area of networking technologies. In [44] an overview of security issues and current trends in trusted routing for ad- hoc networks is provided, evaluating their applicability in WSNs. Various trust-management enhanced routing protocols and trusted routing frameworks are investigated, focusing on their applicability on resource constrained environments. A secure routing protocol better suited to such environments is proposed in [45], namely Ambient Trust Sensor Routing (ATSR) and its performance and effectiveness is evaluated. In ATSR the geographical location of nodes along with other pa- rameters (e.g. their remaining energy; for better load balancing and lifetime extension) are considered. Moreover, the protocol features a distributed trust model, based both on direct and indirect trust data, to detect malicious nodes.

The interactions between secure routing protocols and the Service Discovery functionality on WSN networks where the nodes are used as service providers are investigated in [46]. Simulation results presented in the aforementioned work in- dicate that in some situations there is an efficiency gain if routing protocols allow the higher layers to override the routing decisions which might, for example, try to avoid using an untrusted node that the service discovery layer wants to use.

Intrusion Detections Systems (IDS) are a key tool in safe- guarding distributed ES networks. A dynamic and distributed IDS scheme is presented in [47] and further expanded in [48], where nodes act as local monitors of their neighbors and, in combination with data received from other monitors, are able to detect malicious entities. Simulations are used to prove the effectiveness of the proposed methods, with applications focusing mostly on smart-vehicles. Defensive techniques for sensor networks based on the nodes’ locations are surveyed in [49]; assuming every node is capable of detecting its own location. Furthermore, concepts of robust statistics (i.e. robust regression) are proposed, aiming to localize a node in the presence of malicious beacons. To facilitate the analysis and understanding of IDS data, various advanced methods have been investigated in EU funded products, including neural network-based techniques for the visualization of said data, as presented in [50].

A security service protocol for MANETs, able to negotiate the security settings for the communications is presented in [51], a feature which is particularly useful in heterogeneous networks, both in terms of hardware and of services pro- vided. This negotiation protocol aims at selecting the cheapest services that consume the least possible amount of energy, while offering the highest possible security level among nodes

with different security requirements. In addition, run-time negotiation of services is supported, thus making it suitable for cases where self-adaptivity is involved. Nevertheless, the protocol is not yet complete and additional work is required on the message exchange for key management and errors.

When it comes to Wireless Sensor Networks (WSNs), max- imizing the sensors’ battery life is, naturally, of great impor- tance. For this reason, in-network aggregation protocols have been proposed, where the required function(s) on the mea- surements is/are computed as data traverses the network [52]. One problem in such a scheme is that a corrupted sensor pro- viding incorrect measurements cannot be distinguished from a sensor under attack, where the attacker has either modified the environmental conditions or has obtained the sensor’s cryptographic secrets, in order to inject false measurements into the data sink. A novel secure data aggregation protocol is presented in [53] that is able to provide security, privacy and integrity for sensor networks, using inexpensive cryptographic tools. The main idea of the proposed ABBA (A Balls and Bins Approach) protocol is to define several bins for different sensing intervals and to demand each sensor to provide its sensed value adding one ball in the appropriate bin.

The aforementioned problem of deliberately-introduced corrupt data in an in-network aggregation protocol may be faced by exploiting the statistical properties found in the communicated data [54], [55]. In particular, the naturally existing correlation between the readings produced by different sensors are taken into consideration to increase the resilience of data aggregation, without any special assumption on the distribution of the sensor readings, or the attacker’s strategy.

Should the scheme involve the election of aggregator nodes, the authors in [56] discuss the requirements that need to be fulfilled, in order to have a non-manipulable aggregator node election protocol. Moreover, they provide a comparative review of three Secure Aggregator Node Election (SANE) protocols, based on a particular threat model.

Due to the very limited memory of Harvard-based archi- tecture devices (such as Mica motes), it was believed that buffer overflow attacks that inject code into the stack and then execute it were not possible. Nevertheless, the authors in [57] demonstrated the feasibility of a remote code injection attack for Mica sensors, where the injected code is permanent, thus enabling the attacker to gain full control of the target sensor, persistently across reboots. What is more, they show how this attack can be transformed into a worm, namely how to make the injected code self-replicating and therefore able to propagate through the WSN, with the potential of eventually forming a sensor botnet. The employed techniques for this attack involve return-oriented programming and fake stack injection. It only suffices for the attacker to corrupt one network node and use its keys to propagate the malware to its neighbors. Packet authentication and cryptographic techniques in general can make such code injection attacks more difficult, nevertheless they cannot completely prevent them.

C. Middleware – Overlay

Moving to higher layers, namely middleware and overlay, researchers have to tackle with additional challenges. The aspect of reconfigurability and its repercussions on security are

considered in [58]. A security architecture is proposed which, based on a middleware layer, offers secure reconfiguration and communication (i.e. SecComm component framework) with fine-grained application-specific policy enforcement, au- thenticated downloading from a remote source (i.e. ALoader component framework) as well as a re-keying service for key distribution and revocation (i.e. Rekeying component frame- work).

Trusted Software is another important area of middleware layer research and [59] proposes a Trusted Software Stack (TSS – which acts as an interface between applications and a TPM) to be integrated into existing security framework, facilitating the adaptation to Trusted Computing technology. The prototype developed and proposed uses the .NET pro- gramming environment, taking advantage of the environment’s fault-detection functionality (e.g. regarding buffer overflows), portability and developer base.

Furthermore, a capability-based, object-oriented software architecture is presented in [60]. Featuring a micro-kernel interface and enforceable security policies along with virtu- alization provisions, it aims to improve security and provide isolation between multiple un-trusted software components.

In [61] a middleware called MWSAN is proposed that provides high-level services for Wireless Sensor and Actor Networks (WSANs), where the nodes are not only able to sense environmental data, but can also react by affecting the environment. It follows the component-oriented paradigm and it leaves it up to the developers to configure it according to the actor and sensor resources, by taking into consideration issues such as the network configuration, the quality of service and coordination among actors. Since actor nodes are usually more powerful than sensor nodes, the middleware features high configurability to match the diversity of requirements between these two types of nodes. For instance, the middleware for sensors does not include the various actor-related components, thus leading to a much smaller memory footprint. What is more, provision has been made for enabling the definition of real-time characteristics, in order to offer improved temporal behavior, such as cases of priority schemas where the highest priority events are executed first.

The main features of a secure, service-oriented middleware for embedded peer-to-peer systems, in order to face the var- ious security challenges of the Internet of Things (IoT) are presented in [62]. The notion of groups is used, as peers offer services inside groups and the discovery of these services is also performed within the group. Services can be state-less or state-full, and the latter ones may be session-less or session- full. The offered API allows for abstract peer and group man- agement, as well as for events and message handling, features that facilitate application development within this environment. The presented service model and component-based middleware satisfies necessary principles such as security, heterogeneity, interoperability and scalability. The model was validated with two very different applications, including applications of WSN for monitoring radiation in nuclear power plants and for health- care in a mobile environment.

An extensive overview of a particular category of mid- dleware, the context-aware middleware, is presented in [63], categorizing their properties and use. The survey in [64]

covers service composition mechanisms in ubiquitous com- puting, by presenting qualitative metrics and drawbacks of various such approaches, focusing on usability, adaptability and efficiency. An ontology-based approach has been followed using the Web Ontology Language (OWL) and Semantic Web Rule Language (SWRL) in order to develop monitoring and diagnosis rules [65]. In this way, any malfunctions can be detected and self-healing procedures can be invoked, in an effective, extensible and scalable way, as it was proved by the experimental results. A similar ontology-based approach was also presented in [66], where an ontology-enabled compiler called Limbo was developed and tested on both Java SE and Java ME platforms. In the evaluation experiments performed Limbo showed good performance in general, with the Limbo ME implementation being orders of magnitude slower that its SE counterpart. Furthermore, Limbo proved to be successful in terms of resource consumption of the generated web services, as well as usable for developers in creating new services. Enriching the relations between the different systems’ parts with semantic information, as well as exploiting contextual process data, can yield useful information which can be fed into the various control and decision-making algorithms [67], [68].

Utilising the aforementioned concepts to enhance user profiling and trust sharing and to offer content and context- awareness for cloud-based services is also examined in [69].

The deployment and orchestration of web services on heterogeneous embedded systems is another emerging research area and a task often assigned to the middleware layer, follow- ing the standardization of the Devices Profile for Web Services (DPWS) [70] open framework and research already conducted in the SIRENA project [71] and its follow-ups, SODA [72] and SOCRADES [73]. Some pervasive applications often require remote management and monitoring while maintaining interoperability, and the Web Services standard offers a solid basis for that. It is therefore justifiable that the runtime of the middleware developed for the MORE project [74] was based on the aforementioned DPWS specifications, as detailed in [75]. The DPWS4J [76] Java-based stack was extended and, to further facilitate development, the middleware is managed via the OSGi [77] modular service platform environment running on a Java Virtual Machine. Further enhancements were also introduced, enabling small footprint service orchestration in a DPWS-compliant environment [78]. An overview of the MORE middleware architecture is depicted in Figure ??. The whole concept was validated on Gumstix Verdex XL6P embedded platforms.

Facilitating seamless online payments is another the key issue researchers try to address. Such services often raise privacy concerns, and location-based services even more so. Privacy-preserving payment schemes are one of the main themes examined in the SEPIA project. Application scenarios involve end-users being equipped with mobile devices featur- ing ARM processors and TrustZone support [79], like NFC- equipped smartphones. An application of the aforementioned privacy-preserving mechanism on NFC-enabled smartphones is presented in [80] (Figure ??). The proposed method is based on selective disclosure protocols and experimental results on a standard JavaCard indicate a key of up to 1024 may be feasible. Utilization of the ARM TrustZone features would be beneficial

to the security and overall performance of the model, as would further support for light-weight cryptography (e.g. ECC) on the JavaCard.

Cloud-related scenarios are an associated theme where, for instance, privacy issues arise from the application of the split processing mode on mobile transactions. In such schemes, light-weight tasks are executed on end-user devices (e.g. smartphones, tablets), whereas more demanding tasks are offloaded to the Cloud. The proposed payment scheme utilizes ARM’s TrustZone and Intel’s Trusted Execution Technology (TXT), assuming said support is present on both the client and cloud provider platforms and allows the end-user to take advantage of the cloud resources while the cloud provider is unable to track users’ activity patterns [81]. Moreover, the authors in [82], [83] propose a node join protocol which, via remote-attestation, doesn’t allow nodes with unknown configurations to join the cloud network, thus alleviating concerns for control over data and code execution on such networks. Proof-of-concept implementations are presented for the Android operating system, both on Intel and ARM-based platforms. Presented work assumes every node hosts a TPM which, in the case of the ARM platform, requires an add-on module to be installed. With the add-on module in place, the ARM prototype’s security qualities were similar to that of the x86-based platform.

Middleware can also be used in Kahn Process Networks (KPN) implemented over a Network on Chip (NoC). In [84], a methodology for identifying requirements and implementing fault tolerance and adaptivity is presented. The overhead in terms of computational time and total data traffic can be lower than 10%, depending on the chosen bound of the connectors and the tokens’ size being transferred at the application level. Fault monitoring and fault tolerant control for constrained sensor nodes is also examined in the GINSENG project [85], [86], wherein a multi-layered, middleware-based architecture is proposed. The scheme involves multiple agents implementing distributed artificial intelligence techniques for robust control over the wireless sensor nodes and also details the communi- cation and coordination mechanisms involved.

In the application scenario of smart vehicles, embedded systems can greatly benefit from over-the-air updates that ex- tend their functionality through the offered services. However, such an approach has stringent requirements on security and safety, as an attacker could install malicious firmware during an over-the-air diagnosis and firmware update procedure.

The scheme presented in [87] is a configurable and adaptive middleware, that aims at reducing the complexity of the realization of an appropriate security level for a given WSN application. It consists of a modular middleware architecture which separates core functionality needed for adaptability support from pure security functionalities and also introduces the concept of a middleware compiler. A suitable configuration tool compiles a security architecture at development time and the architecture allows for dynamic exchange of security mod- ules at run time. An initial set of security modules get config- ured before the deployment of the application; the application programmer then has to specify the security functionality that is required by the application, such as secrecy and authenti- cation, as well as some additional information regarding the hardware platform of the sensors (processor type, memory

size, etc.). Based on this information, the appropriate security modules are selected. In cases where either the application needs have changed or an update is required for facing a newly- detected vulnerability, security modules can be exchanged after deployment. Such functionality is particularly useful for long- living applications.

The authors in [88] propose a scheme for implementing security on extremely low-cost sensors that run with min- imal resources regarding computational power, energy con- sumption and memory size. The sensors are initially loaded with firmware suitable for providing asymmetric cryptography during the one-time bootstrapping phase. Then, through a dynamic code update, it is replaced by other security protocols that are required for the operation of the WSN, effectively offering hybrid security functionality. Their proof-of-concept implementation makes use of the FlexCup plug-in for TinyOS.

D. Architectures – Formalization

Other approaches in current research focus on providing fully-featured frameworks and/or formalizing the process of designing and developing secure and dependable embedded systems, especially in applications where safety is critical. In [89], the two distinct domains of embedded systems and security are considered, and an appropriate view of a final system model is provided, aiming to support cooperation between the two domains, while leaving them independent from each other. The proposed scheme is intended for on- demand provision of communication services in crisis-related situations, where different actors could be involved, also bear- ing heterogeneous client devices. The model consists of two components: The System Security Interface (SSI) that abstracts the system design model for communicating security needs and resource availability and the Security Building Block (SBB) that abstracts the implementation for a security mechanism.

In [90] a process metamodel is introduced which takes safety lifecycle requirements into consideration for secure software engineering (e.g. validation). This concept is explored further in [91], where a process metamodel, the Repository- Centric Process Metamodel (RCPM) is described. RCPM includes safety lifecycle concepts at its core and includes software tools for creating the required models, as well as a case study based on a railway application. Moreover, the au- thors in [92] present a model-based framework which focuses on formalizing and managing fault-tolerance and redundancy concepts and which uses composable UML components to construct fault-tolerant infrastructures. A test case of a fault- tolerant GPS is evaluated using the aforementioned system. A similar model-based technique is used in [93] aiming to encode security and dependability patterns (S&D), while introducing artifacts for the formal validation of these patterns. Therefore, the fulfillment of S&D requirements identified at higher abstraction levels can be validated via the proposed process. The concept of S&D formalization is further explored in [94], where the authors focus on the systematic reuse of S&D patterns in embedded systems where security and dependability are major concerns. To facilitate, automate and enforce fulfillment of S&D requirements, [95] defines a trust- aware platform-independent architecture, the TECOM archi- tecture, as it was the outcome of the research project bearing the same name. An attempt to encode S&D patterns utilizing

meta-modeling techniques can also be found in [96], while said work also includes an implementation of those patterns using a profiled UML and adapted to resource-constrained embedded systems. The goal is to help application developers integrate the application building blocks they typically use with security and dependability building blocks. Furthermore, the authors in [97] apply modeling techniques on reconfigurable systems; namely distributed real time embedded systems. The approach presented is called RCA4RTES and published work includes the case study of a Global Positioning System (GPS), where the dynamic reconfigurations of the system are described by state machines.

With the widespread use of embedded systems leading to the Internet of Things, smart vehicles are another emerging and significant application. The potential new features and services available to vehicle occupants are, of course, numerous. Still, security and dependability is essential in this scenario and any compromise to the safety of vehicle occupants and other road users would not be acceptable. The authors in [98] introduce the Open VEhiculaR SEcurE platform (OVERSEE), which aims to provide a standardized vehicular infrastructure with a protected runtime environment and onboard access and communication points. The proposed platform allows the integration of multiple Engine Control Units (ECUs) into one hardware node, offering temporal and spatial isolation, a secure interface for connecting to external networks (e.g. the Internet) and also the required interfaces and open APIs to allow the secure download and execution of OEM and third party ap- plications, much like the functionality offered by smartphones and their application "markets" [99], [100] (Figure ??). Part of the research in the field is more engineering-oriented in nature. The authors in [101] presents such an approach, as developed on project CESAR. Functional safety and tool-chain integration are the main challenges which researchers try to ad- dress by developing a reference technology platform. The work presented in [102] extends the safety-oriented environment AVATAR (a SysML modeling language framework) [103] with security constructs and verification techniques, to formally secure safety-critical automotive applications.

III. FUTURE ENHANCEMENTS

The increased complexity and interconnection of the cur- rent systems’ components, as well as the varying and often undefined security levels of the networks they consist of, demands for different approaches in the way the requirements are stated, in addition to the way these systems are designed. An integrated approach is required, where the components’ security level is properly and systematically assessed, thus enabling the correct evaluation of the architecture’s overall security level. In order for this to occur, reliable and useful metrics need to be defined, also applicable to legacy and therefore potentially insecure systems.

The exploitation of advancements in the energy field could be examined and, if possible, exploited, either as the main power source or failsafe alternatives. Such advancements in- clude super-capacitors, micro-generators, micro-solar cells as well as wireless charging schemes. In the case of FPGA- equipped devices, the concepts of self-reconfiguration (e.g. in order to adapt to changes in the network, service or location) and self-recovery (e.g. in fault condition) could be investigated

further. This can be achieved via on-the-fly hardware and/or software changes.

Furthermore, light-weight alternatives to existing crypto- graphic primitives (e.g. hash functions) and key distribution mechanisms could be looked into. The development of a com- prehensive cryptographic library focused on embedded systems and featuring light-weight primitives would be a very impor- tant development, including utilization of TPM functionality and features, where available. Moreover, authentication proto- cols based on the aforementioned light-weight cryptographic primitives could be developed, utilizing software/hardware co-design techniques (i.e. with simultaneous development of hardware implementations) to maximize efficiency. What is more, in cases where dependability is important, the concept of using virtual computing to offer a form of redundancy, on a virtual/software level, could be explored.

Wearable systems introduce more challenges, like devel- oping the means to securely and seamlessly collect, store and transmit various data, some of which might be private sensitive in nature (thus having to consider regulatory compliance issues that arise when dealing with such data). Access to location- based services is a given in such applications, which again raises privacy concerns and thus mandates the development of efficient anonymizing schemes, which must allow the user to access said services while prohibiting the service provider from uniquely identify the specific user and her location among the rest of the users.

Future research could perhaps focus on revising the tradi- tional role of middleware (namely, facilitating interaction and compositions via discovery and orchestration), by upgrading it and expanding it to that of a recommendation engine, able to dynamically and adaptively detect patterns and predict potential service interactions, thus better reflecting the new crowdsourcing, social and generally human-related applica- tions. Finally, there is room for improvement on the formali- sation, definition and application of security and dependability (S&D) concepts. It is important to be able to formalize S&D requirements and product lifecycle in general, accurately modeling the processes from research and development until the end product. In this way, it will enable the validation of the end-product whether it meets all S&D and the other requirements defined at earlier stages.

IV. CONCLUSIONS

A survey was performed on EU projects related to em- bedded systems security which confirmed it is indeed a very active topic, with many active and past projects which have received significant funding. From this survey certain patterns emerged regarding the issues investigated, such as the optimal employment of Trusted Platform Modules (TPM) and their Direct Anonymous Attestation (DAA) functionality in resource constrained devices, the exploitation of other embedded secu- rity features like ARM TrustZone and virtualization techniques and the deployment of reputation-based Intrusion Detection Systems. Last but not least, there is an evident emphasis on light-weight cryptographic primitives and privacy-aware techniques (anonymous authentication schemes, for instance). Various open security issues have been identified in most of the aforementioned topics that future research will have to deal with and hopefully resolve.