7 research outputs found
Virtualized Reconfigurable Resources and Their Secured Provision in an Untrusted Cloud Environment
The cloud computing business grows year after year. To keep up with increasing demand and to offer more services, data center providers are always searching for novel architectures. One of them are FPGAs, reconfigurable hardware with high compute power and energy efficiency. But some clients cannot make use of the remote processing capabilities. Not every involved party is trustworthy and the complex management software has potential security flaws. Hence, clients’ sensitive data or algorithms cannot be sufficiently protected. In this thesis state-of-the-art hardware, cloud and security concepts are analyzed and com- bined. On one side are reconfigurable virtual FPGAs. They are a flexible resource and fulfill the cloud characteristics at the price of security. But on the other side is a strong requirement for said security. To provide it, an immutable controller is embedded enabling a direct, confidential and secure transfer of clients’ configurations. This establishes a trustworthy compute space inside an untrusted cloud environment. Clients can securely transfer their sensitive data and algorithms without involving vulnerable software or a data center provider. This concept is implemented as a prototype. Based on it, necessary changes to current FPGAs are analyzed. To fully enable reconfigurable yet secure hardware in the cloud, a new hybrid architecture is required.Das Geschäft mit dem Cloud Computing wächst Jahr für Jahr. Um mit der steigenden Nachfrage mitzuhalten und neue Angebote zu bieten, sind Betreiber von Rechenzentren immer auf der Suche nach neuen Architekturen. Eine davon sind FPGAs, rekonfigurierbare Hardware mit hoher Rechenleistung und Energieeffizienz. Aber manche Kunden können die ausgelagerten Rechenkapazitäten nicht nutzen. Nicht alle Beteiligten sind vertrauenswürdig und die komplexe Verwaltungssoftware ist anfällig für Sicherheitslücken. Daher können die sensiblen Daten dieser Kunden nicht ausreichend geschützt werden. In dieser Arbeit werden modernste Hardware, Cloud und Sicherheitskonzept analysiert und kombiniert. Auf der einen Seite sind virtuelle FPGAs. Sie sind eine flexible Ressource und haben Cloud Charakteristiken zum Preis der Sicherheit. Aber auf der anderen Seite steht ein hohes Sicherheitsbedürfnis. Um dieses zu bieten ist ein unveränderlicher Controller eingebettet und ermöglicht eine direkte, vertrauliche und sichere Übertragung der Konfigurationen der Kunden. Das etabliert eine vertrauenswürdige Rechenumgebung in einer nicht vertrauenswürdigen Cloud Umgebung. Kunden können sicher ihre sensiblen Daten und Algorithmen übertragen ohne verwundbare Software zu nutzen oder den Betreiber des Rechenzentrums einzubeziehen. Dieses Konzept ist als Prototyp implementiert. Darauf basierend werden nötige Änderungen von modernen FPGAs analysiert. Um in vollem Umfang eine rekonfigurierbare aber dennoch sichere Hardware in der Cloud zu ermöglichen, wird eine neue hybride Architektur benötigt
A Hierarchical Architectural Framework for Securing Unmanned Aerial Systems
Unmanned Aerial Systems (UAS) are becoming more widely used in the new era of evolving technology; increasing performance while decreasing size, weight, and cost. A UAS equipped with a Flight Control System (FCS) that can be used to fly semi- or fully-autonomous is a prime example of a Cyber Physical and Safety Critical system. Current Cyber-Physical defenses against malicious attacks are structured around security standards for best practices involving the development of protocols and the digital software implementation. Thus far, few attempts have been made to embed security into the architecture of the system considering security as a holistic problem. Therefore, a Hierarchical, Embedded, Cyber Attack Detection (HECAD) framework is developed to provide security in a holistic manor, providing resiliency against cyber-attacks as well as introducing strategies for mitigating and dealing with component failures. Traversing the hardware/software barrier, HECAD provides detection of malicious faults at the hardware and software level; verified through the development of an FPGA implementation and tested using a UAS FCS
Flexi-WVSNP-DASH: A Wireless Video Sensor Network Platform for the Internet of Things
abstract: Video capture, storage, and distribution in wireless video sensor networks
(WVSNs) critically depends on the resources of the nodes forming the sensor
networks. In the era of big data, Internet of Things (IoT), and distributed
demand and solutions, there is a need for multi-dimensional data to be part of
the Sensor Network data that is easily accessible and consumable by humanity as
well as machinery. Images and video are expected to become as ubiquitous as is
the scalar data in traditional sensor networks. The inception of video-streaming
over the Internet, heralded a relentless research for effective ways of
distributing video in a scalable and cost effective way. There has been novel
implementation attempts across several network layers. Due to the inherent
complications of backward compatibility and need for standardization across
network layers, there has been a refocused attention to address most of the
video distribution over the application layer. As a result, a few video
streaming solutions over the Hypertext Transfer Protocol (HTTP) have been
proposed. Most notable are Apple’s HTTP Live Streaming (HLS) and the Motion
Picture Experts Groups Dynamic Adaptive Streaming over HTTP (MPEG-DASH). These
frameworks, do not address the typical and future WVSN use cases. A highly
flexible Wireless Video Sensor Network Platform and compatible DASH (WVSNP-DASH)
are introduced. The platform's goal is to usher video as a data element that
can be integrated into traditional and non-Internet networks. A low cost,
scalable node is built from the ground up to be fully compatible with the
Internet of Things Machine to Machine (M2M) concept, as well as the ability to
be easily re-targeted to new applications in a short time. Flexi-WVSNP design
includes a multi-radio node, a middle-ware for sensor operation and
communication, a cross platform client facing data retriever/player framework,
scalable security as well as a cohesive but decoupled hardware and software
design.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201
Securing Embedded Systems for Unmanned Aerial Vehicles
This project focuses on securing embedded systems for unmanned aerial vehicles (UAV). Over the past two decades UAVs have evolved from a primarily military tool into one that is used in many commercial and civil applications. As the market for these products increases the need to protect transmitted data becomes more important. UAVs are flying missions that contain crucial data and without the right protection they can be vulnerable to malicious attacks. This project focuses on building a UAV platform and working to protect the data transmitted on it. The platform was able to detect red color and wirelessly transmit the coordinates of the color to a remote laptop. Areas that were focused on for security included the image processing and wireless communications modules