Cyber-security for embedded systems: methodologies, techniques and tools

L'abstract è presente nell'allegato / the abstract is in the attachmen

Design and Real-World Evaluation of Dependable Wireless Cyber-Physical Systems

The ongoing effort for an efficient, sustainable, and automated interaction between humans, machines, and our environment will make cyber-physical systems (CPS) an integral part of the industry and our daily lives. At their core, CPS integrate computing elements, communication networks, and physical processes that are monitored and controlled through sensors and actuators. New and innovative applications become possible by extending or replacing static and expensive cable-based communication infrastructures with wireless technology. The flexibility of wireless CPS is a key enabler for many envisioned scenarios, such as intelligent factories, smart farming, personalized healthcare systems, autonomous search and rescue, and smart cities. High dependability, efficiency, and adaptivity requirements complement the demand for wireless and low-cost solutions in such applications. For instance, industrial and medical systems should work reliably and predictably with performance guarantees, even if parts of the system fail. Because emerging CPS will feature mobile and battery-driven devices that can execute various tasks, the systems must also quickly adapt to frequently changing conditions. Moreover, as applications become ever more sophisticated, featuring compact embedded devices that are deployed densely and at scale, efficient designs are indispensable to achieve desired operational lifetimes and satisfy high bandwidth demands. Meeting these partly conflicting requirements, however, is challenging due to imperfections of wireless communication and resource constraints along several dimensions, for example, computing, memory, and power constraints of the devices. More precisely, frequent and correlated message losses paired with very limited bandwidth and varying delays for the message exchange significantly complicate the control design. In addition, since communication ranges are limited, messages must be relayed over multiple hops to cover larger distances, such as an entire factory. Although the resulting mesh networks are more robust against interference, efficient communication is a major challenge as wireless imperfections get amplified, and significant coordination effort is needed, especially if the networks are dynamic. CPS combine various research disciplines, which are often investigated in isolation, ignoring their complex interaction. However, to address this interaction and build trust in the proposed solutions, evaluating CPS using real physical systems and wireless networks paired with formal guarantees of a system’s end-to-end behavior is necessary. Existing works that take this step can only satisfy a few of the abovementioned requirements. Most notably, multi-hop communication has only been used to control slow physical processes while providing no guarantees. One of the reasons is that the current communication protocols are not suited for dynamic multi-hop networks. This thesis closes the gap between existing works and the diverse needs of emerging wireless CPS. The contributions address different research directions and are split into two parts. In the first part, we specifically address the shortcomings of existing communication protocols and make the following contributions to provide a solid networking foundation: • We present Mixer, a communication primitive for the reliable many-to-all message exchange in dynamic wireless multi-hop networks. Mixer runs on resource-constrained low-power embedded devices and combines synchronous transmissions and network coding for a highly scalable and topology-agnostic message exchange. As a result, it supports mobile nodes and can serve any possible traffic patterns, for example, to efficiently realize distributed control, as required by emerging CPS applications. • We present Butler, a lightweight and distributed synchronization mechanism with formally guaranteed correctness properties to improve the dependability of synchronous transmissions-based protocols. These protocols require precise time synchronization provided by a specific node. Upon failure of this node, the entire network cannot communicate. Butler removes this single point of failure by quickly synchronizing all nodes in the network without affecting the protocols’ performance. In the second part, we focus on the challenges of integrating communication and various control concepts using classical time-triggered and modern event-based approaches. Based on the design, implementation, and evaluation of the proposed solutions using real systems and networks, we make the following contributions, which in many ways push the boundaries of previous approaches: • We are the first to demonstrate and evaluate fast feedback control over low-power wireless multi-hop networks. Essential for this achievement is a novel co-design and integration of communication and control. Our wireless embedded platform tames the imperfections impairing control, for example, message loss and varying delays, and considers the resulting key properties in the control design. Furthermore, the careful orchestration of control and communication tasks enables real-time operation and makes our system amenable to an end-to-end analysis. Due to this, we can provably guarantee closed-loop stability for physical processes with linear time-invariant dynamics. • We propose control-guided communication, a novel co-design for distributed self-triggered control over wireless multi-hop networks. Self-triggered control can save energy by transmitting data only when needed. However, there are no solutions that bring those savings to multi-hop networks and that can reallocate freed-up resources, for example, to other agents. Our control system informs the communication system of its transmission demands ahead of time so that communication resources can be allocated accordingly. Thus, we can transfer the energy savings from the control to the communication side and achieve an end-to-end benefit. • We present a novel co-design of distributed control and wireless communication that resolves overload situations in which the communication demand exceeds the available bandwidth. As systems scale up, featuring more agents and higher bandwidth demands, the available bandwidth will be quickly exceeded, resulting in overload. While event-triggered control and self-triggered control approaches reduce the communication demand on average, they cannot prevent that potentially all agents want to communicate simultaneously. We address this limitation by dynamically allocating the available bandwidth to the agents with the highest need. Thus, we can formally prove that our co-design guarantees closed-loop stability for physical systems with stochastic linear time-invariant dynamics.:Abstract Acknowledgements List of Abbreviations List of Figures List of Tables 1 Introduction 1.1 Motivation 1.2 Application Requirements 1.3 Challenges 1.4 State of the Art 1.5 Contributions and Road Map 2 Mixer: Efficient Many-to-All Broadcast in Dynamic Wireless Mesh Networks 2.1 Introduction 2.2 Overview 2.3 Design 2.4 Implementation 2.5 Evaluation 2.6 Discussion 2.7 Related Work 3 Butler: Increasing the Availability of Low-Power Wireless Communication Protocols 3.1 Introduction 3.2 Motivation and Background 3.3 Design 3.4 Analysis 3.5 Implementation 3.6 Evaluation 3.7 Related Work 4 Feedback Control Goes Wireless: Guaranteed Stability over Low-Power Multi-Hop Networks 4.1 Introduction 4.2 Related Work 4.3 Problem Setting and Approach 4.4 Wireless Embedded System Design 4.5 Control Design and Analysis 4.6 Experimental Evaluation 4.A Control Details 5 Control-Guided Communication: Efficient Resource Arbitration and Allocation in Multi-Hop Wireless Control Systems 5.1 Introduction 5.2 Problem Setting 5.3 Co-Design Approach 5.4 Wireless Communication System Design 5.5 Self-Triggered Control Design 5.6 Experimental Evaluation 6 Scaling Beyond Bandwidth Limitations: Wireless Control With Stability Guarantees Under Overload 6.1 Introduction 6.2 Problem and Related Work 6.3 Overview of Co-Design Approach 6.4 Predictive Triggering and Control System 6.5 Adaptive Communication System 6.6 Integration and Stability Analysis 6.7 Testbed Experiments 6.A Proof of Theorem 4 6.B Usage of the Network Bandwidth for Control 7 Conclusion and Outlook 7.1 Contributions 7.2 Future Directions Bibliography List of Publication

Energy efficient hardware acceleration of multimedia processing tools

The world of mobile devices is experiencing an ongoing trend of feature enhancement and generalpurpose multimedia platform convergence. This trend poses many grand challenges, the most pressing being their limited battery life as a consequence of delivering computationally demanding features. The envisaged mobile application features can be considered to be accelerated by a set of underpinning hardware blocks Based on the survey that this thesis presents on modem video compression standards and their associated enabling technologies, it is concluded that tight energy and throughput constraints can still be effectively tackled at algorithmic level in order to design re-usable optimised hardware acceleration cores. To prove these conclusions, the work m this thesis is focused on two of the basic enabling technologies that support mobile video applications, namely the Shape Adaptive Discrete Cosine Transform (SA-DCT) and its inverse, the SA-IDCT. The hardware architectures presented in this work have been designed with energy efficiency in mind. This goal is achieved by employing high level techniques such as redundant computation elimination, parallelism and low switching computation structures. Both architectures compare favourably against the relevant pnor art in the literature. The SA-DCT/IDCT technologies are instances of a more general computation - namely, both are Constant Matrix Multiplication (CMM) operations. Thus, this thesis also proposes an algorithm for the efficient hardware design of any general CMM-based enabling technology. The proposed algorithm leverages the effective solution search capability of genetic programming. A bonus feature of the proposed modelling approach is that it is further amenable to hardware acceleration. Another bonus feature is an early exit mechanism that achieves large search space reductions .Results show an improvement on state of the art algorithms with future potential for even greater savings

Spectrum Sharing, Latency, and Security in 5G Networks with Application to IoT and Smart Grid

The surge of mobile devices, such as smartphones, and tables, demands additional capacity. On the other hand, Internet-of-Things (IoT) and smart grid, which connects numerous sensors, devices, and machines require ubiquitous connectivity and data security. Additionally, some use cases, such as automated manufacturing process, automated transportation, and smart grid, require latency as low as 1 ms, and reliability as high as 99.99\%. To enhance throughput and support massive connectivity, sharing of the unlicensed spectrum (3.5 GHz, 5GHz, and mmWave) is a potential solution. On the other hand, to address the latency, drastic changes in the network architecture is required. The fifth generation (5G) cellular networks will embrace the spectrum sharing and network architecture modifications to address the throughput enhancement, massive connectivity, and low latency. To utilize the unlicensed spectrum, we propose a fixed duty cycle based coexistence of LTE and WiFi, in which the duty cycle of LTE transmission can be adjusted based on the amount of data. In the second approach, a multi-arm bandit learning based coexistence of LTE and WiFi has been developed. The duty cycle of transmission and downlink power are adapted through the exploration and exploitation. This approach improves the aggregated capacity by 33\%, along with cell edge and energy efficiency enhancement. We also investigate the performance of LTE and ZigBee coexistence using smart grid as a scenario. In case of low latency, we summarize the existing works into three domains in the context of 5G networks: core, radio and caching networks. Along with this, fundamental constraints for achieving low latency are identified followed by a general overview of exemplary 5G networks. Besides that, a loop-free, low latency and local-decision based routing protocol is derived in the context of smart grid. This approach ensures low latency and reliable data communication for stationary devices. To address data security in wireless communication, we introduce a geo-location based data encryption, along with node authentication by k-nearest neighbor algorithm. In the second approach, node authentication by the support vector machine, along with public-private key management, is proposed. Both approaches ensure data security without increasing the packet overhead compared to the existing approaches

Machine Learning for Unmanned Aerial System (UAS) Networking

Fueled by the advancement of 5G new radio (5G NR), rapid development has occurred in many fields. Compared with the conventional approaches, beamforming and network slicing enable 5G NR to have ten times decrease in latency, connection density, and experienced throughput than 4G long term evolution (4G LTE). These advantages pave the way for the evolution of Cyber-physical Systems (CPS) on a large scale. The reduction of consumption, the advancement of control engineering, and the simplification of Unmanned Aircraft System (UAS) enable the UAS networking deployment on a large scale to become feasible. The UAS networking can finish multiple complex missions simultaneously. However, the limitations of the conventional approaches are still a big challenge to make a trade-off between the massive management and efficient networking on a large scale. With 5G NR and machine learning, in this dissertation, my contributions can be summarized as the following: I proposed a novel Optimized Ad-hoc On-demand Distance Vector (OAODV) routing protocol to improve the throughput of Intra UAS networking. The novel routing protocol can reduce the system overhead and be efficient. To improve the security, I proposed a blockchain scheme to mitigate the malicious basestations for cellular connected UAS networking and a proof-of-traffic (PoT) to improve the efficiency of blockchain for UAS networking on a large scale. Inspired by the biological cell paradigm, I proposed the cell wall routing protocols for heterogeneous UAS networking. With 5G NR, the inter connections between UAS networking can strengthen the throughput and elasticity of UAS networking. With machine learning, the routing schedulings for intra- and inter- UAS networking can enhance the throughput of UAS networking on a large scale. The inter UAS networking can achieve the max-min throughput globally edge coloring. I leveraged the upper and lower bound to accelerate the optimization of edge coloring. This dissertation paves a way regarding UAS networking in the integration of CPS and machine learning. The UAS networking can achieve outstanding performance in a decentralized architecture. Concurrently, this dissertation gives insights into UAS networking on a large scale. These are fundamental to integrating UAS and National Aerial System (NAS), critical to aviation in the operated and unmanned fields. The dissertation provides novel approaches for the promotion of UAS networking on a large scale. The proposed approaches extend the state-of-the-art of UAS networking in a decentralized architecture. All the alterations can contribute to the establishment of UAS networking with CPS

Distributed embedded system with internet GSM connectivity for intelligent e-monitoring of machine tools

Machining is one of the most important operations in many industrial environments. To prosper in today's competitive industrial world any machining system should be able to deliver the highest possible quality at the lowest possible costs, with very high reliability and flexibility. To fulfil these requirements the idea of e-Monitoring an industrial process was introduced by the Intelligent Process Monitoring and Management (IPMM) Centre at Cardiff University. It has considerable potential applications in industrial systems to not only monitor the health of the machines but also for data management and presentation for future decision making. The research presented in this thesis considers the evolution of two different low complexity signal analysis techniques which can be used for e-Monitoring the health of the cutters used in milling machine tools. The researched techniques are based in the time and frequency domains. The frequency domain analysis technique is based on the idea of using switched capacitor filters and microcontrollers to monitor the frequencies of interest in existing machine tool signals (spindle load and speed) thus avoiding the need for external sensors. The results of frequency domain analysis are used to assess the health of the cutter. The time domain analysis technique uses the same signals to analyse any variations within a tool rotation period and relate these to the health of the cutter. The results are integrated before final decision making which helps in reducing false alarms. The thesis goes on to logically describe the design and development of an on-line microcontroller based distributed intelligent e-Monitoring system for a milling machine tool model Kondia B500, using the proposed signal analysis techniques. Some additional features such as internet and GSM connectivity have also been added to the designed system. The designed system was interfaced to the machine tool and tested for its reliability which was found to be competitive with many other very expensive systems. The designed system can be fitted into a machine tool at the manufacturing stage or it could be interfaced to an existing machine tool for automatically detecting a tooth breakage

Reconfigurable Receiver Front-Ends for Advanced Telecommunication Technologies

The exponential growth of converging technologies, including augmented reality, autonomous vehicles, machine-to-machine and machine-to-human interactions, biomedical and environmental sensory systems, and artificial intelligence, is driving the need for robust infrastructural systems capable of handling vast data volumes between end users and service providers. This demand has prompted a significant evolution in wireless communication, with 5G and subsequent generations requiring exponentially improved spectral and energy efficiency compared to their predecessors. Achieving this entails intricate strategies such as advanced digital modulations, broader channel bandwidths, complex spectrum sharing, and carrier aggregation scenarios. A particularly challenging aspect arises in the form of non-contiguous aggregation of up to six carrier components across the frequency range 1 (FR1). This necessitates receiver front-ends to effectively reject out-of-band (OOB) interferences while maintaining high-performance in-band (IB) operation. Reconfigurability becomes pivotal in such dynamic environments, where frequency resource allocation, signal strength, and interference levels continuously change. Software-defined radios (SDRs) and cognitive radios (CRs) emerge as solutions, with direct RF-sampling receivers offering a suitable architecture in which the frequency translation is entirely performed in digital domain to avoid analog mixing issues. Moreover, direct RF- sampling receivers facilitate spectrum observation, which is crucial to identify free zones, and detect interferences. Acoustic and distributed filters offer impressive dynamic range and sharp roll off characteristics, but their bulkiness and lack of electronic adjustment capabilities limit their practicality. Active filters, on the other hand, present opportunities for integration in advanced CMOS technology, addressing size constraints and providing versatile programmability. However, concerns about power consumption, noise generation, and linearity in active filters require careful consideration.This thesis primarily focuses on the design and implementation of a low-voltage, low-power RFFE tailored for direct sampling receivers in 5G FR1 applications. The RFFE consists of a balun low-noise amplifier (LNA), a Q-enhanced filter, and a programmable gain amplifier (PGA). The balun-LNA employs noise cancellation, current reuse, and gm boosting for wideband gain and input impedance matching. Leveraging FD-SOI technology allows for programmable gain and linearity via body biasing. The LNA's operational state ranges between high-performance and high-tolerance modes, which are apt for sensitivityand blocking tests, respectively. The Q-enhanced filter adopts noise-cancelling, current-reuse, and programmable Gm-cells to realize a fourth-order response using two resonators. The fourth-order filter response is achieved by subtracting the individual response of these resonators. Compared to cascaded and magnetically coupled fourth-order filters, this technique maintains the large dynamic range of second-order resonators. Fabricated in 22-nm FD-SOI technology, the RFFE achieves 1%-40% fractional bandwidth (FBW) adjustability from 1.7 GHz to 6.4 GHz, 4.6 dB noise figure (NF) and an OOB third-order intermodulation intercept point (IIP3) of 22 dBm. Furthermore, concerning the implementation uncertainties and potential variations of temperature and supply voltage, design margins have been considered and a hybrid calibration scheme is introduced. A combination of on-chip and off-chip calibration based on noise response is employed to effectively adjust the quality factors, Gm-cells, and resonance frequencies, ensuring desired bandpass response. To optimize and accelerate the calibration process, a reinforcement learning (RL) agent is used.Anticipating future trends, the concept of the Q-enhanced filter extends to a multiple-mode filter for 6G upper mid-band applications. Covering the frequency range from 8 to 20 GHz, this RFFE can be configured as a fourth-order dual-band filter, two bandpass filters (BPFs) with an OOB notch, or a BPF with an IB notch. In cognitive radios, the filter’s transmission zeros can be positioned with respect to the carrier frequencies of interfering signals to yield over 50 dB blocker rejection