Advanced Remote Attestation Protocols for Embedded Systems

Small integrated computers, so-called embedded systems, have become a ubiquitous and indispensable part of our lives. Every day, we interact with a multitude of embedded systems. They are, for instance, integrated in home appliances, cars, planes, medical devices, or industrial systems. In many of these applications, embedded systems process privacy-sensitive data or perform safety-critical operations. Therefore, it is of high importance to ensure their secure and safe operation. However, recent attacks and security evaluations have shown that embedded systems frequently lack security and can often be compromised and misused with little effort. A promising technique to face the increasing amount of attacks on embedded systems is remote attestation. It enables a third party to verify the integrity of a remote device. Using remote attestation, attacks can be effectively detected, which allows to quickly respond to them and thus minimize potential damage. Today, almost all servers, desktop PCs, and notebooks have the required hardware and software to perform remote attestation. By contrast, a secure and efficient attestation of embedded systems is considerably harder to achieve, as embedded systems have to encounter several additional challenges. In this thesis, we tackle three main challenges in the attestation of embedded systems. First, we address the issue that low-end embedded devices typically lack the required hardware to perform a secure remote attestation. We present an attestation protocol that requires only minimal secure hardware, which makes our protocol applicable to many existing low-end embedded devices while providing high security guarantees. We demonstrate the practicality of our protocol in two applications, namely, verifying code updates in mesh networks and ensuring the safety and security of embedded systems in road vehicles. Second, we target the efficient attestation of multiple embedded devices that are connected in challenging network conditions. Previous attestation protocols are inefficient or even inapplicable when devices are mobile or lack continuous connectivity. We propose an attestation protocol that particularly targets the efficient attestation of many devices in highly dynamic and disruptive networks. Third, we consider a more powerful adversary who is able to physically tamper with the hardware of embedded systems. Existing attestation protocols that address physical attacks suffer from limited scalability and robustness. We present two protocols that are capable of verifying the software integrity as well as the hardware integrity of embedded devices in an efficient and robust way. Whereas the first protocol is optimized towards scalability, the second protocol aims at robustness and is additionally suited to be applied in autonomous networks. In summary, this thesis contributes to enhancing the security, efficiency, robustness, and applicability of remote attestation for embedded systems

Cyber-secure Communication Architecture for Active Power Distribution Networks

Active power distribution networks require sophisticated monitoring and control strategies for efficient energy management and automatic adaptive reconfiguration of the power infrastructure. Such requirements are realized by deploying a large number of various electronic automation and communication field devices, such as Phasor Measurement Units (PMUs) or Intelligent Electronic Devices (IEDs), and a reliable two-way communication infrastructure that facilitates transfer of sensor data and control signals. In this paper, we perform a detailed threat analysis in a typical active distribution network’s automation system. We also propose mechanisms by which we can design a secure and reliable communication network for an active distribution network that is resilient to insider and outsider malicious attacks, natural disasters, and other unintended failure. The proposed security solution also guarantees that an attacker is not able to install a rogue field device by exploiting an emer- gency situation during islanding

Seamless Communication for Crises Management

SECRICOM is proposed as a collaborative research project aiming at development of a reference security platform for EU crisis management operations with two essential ambitions: (A) Solve or mitigate problems of contemporary crisis communication infrastructures (Tetra, GSM, Citizen Band, IP) such as poor interoperability of specialized communication means, vulnerability against tapping and misuse, lack of possibilities to recover from failures, inability to use alternative data carrier and high deployment and operational costs. (B) Add new smart functions to existing services which will make the communication more effective and helpful for users. Smart functions will be provided by distributed IT systems based on an agents’ infrastructure. Achieving these two project ambitions will allow creating a pervasive and trusted communication infrastructure fulfilling requirements of crisis management users and ready for immediate application

Blockchain in Education

This report introduces the fundamental principles of the Blockchain focusing on its potential for the education sector. It explains how this technology may both disrupt institutional norms and empower learners. It proposes eight scenarios for the application of the Blockchain in an education context, based on the current state of technology development and deployment.JRC.B.4-Human Capital and Employmen

Security in heterogeneous wireless networks

The proliferation of a range of wireless devices, from the cheap low power resource starved sensor nodes to the ubiquitous cell phones and PDA\u27s has resulted in their use in many applications. Due to their inherent broadcast nature Security and Privacy in wireless networks is harder than the wired networks. Along with the traditional security requirements like confidentiality, integrity and non-repudiation new requirements like privacy and anonymity are important in wireless networks. These factors combined with the fact that nodes in a wireless network may have different resource availabilities and trust levels makes security in wireless networks extremely challenging. The functional lifetime of sensor networks in general is longer than the operational lifetime of a single node, due to limited battery power. Therefore to keep the network working multiple deployments of sensor nodes are needed. In this thesis, we analyze the vulnerability of the existing key predistribution schemes arising out of the repeated use of fixed key information through multiple deployments. We also develop SCON, an approach for key management that provides a significant improvement in security using multiple key pools. SCON performs better in a heterogeneous environment. We present a key distribution scheme that allows mobile sensor nodes to connect with stationary nodes of several networks. We develop a key distribution scheme for a semi ad-hoc network of cell phones. This scheme ensures that cell phones are able to communicate securely with each other when the phones are unable to connect to the base station. It is different from the traditional ad hoc networks because the phones were part of a centralized network before the base station ceased to work. This allows efficient distribution of key material making the existing schemes for ad hoc networks ineffective. In this thesis we present a mechanism for implementing authenticated broadcasts which ensure non-repudiation using identity based cryptography. We also develop a reputation based mechanism for the distributed detection and revocation of malicious cell phones. Schemes which use the cell phone for secure spatial authentication have also been presented

Decentralization, Blockchains, and the Development of Smart Communities in Economically Challenging Environments

Current implementations of blockchain technologies for smart cities assume environments with ample socio-technical resources. In this paper, we analyze four particular cases to show how blockchains can be used to create smart communities within under-developed and resource-poor environments. In these contexts, blockchains were critical in developing and maintaining trust within the community while meeting specific social needs. Our analysis of these specific cases was then used to derive a definition of a “smart community”. We provide a schematic outline of the foundational elements for the development of smart communities using blockchain technology. The goal of our paper is to show that blockchains hold promise not just for building smart cities in resource-rich contexts, but also for building smart communities in resource-impoverished contexts using a bottom-up, problem-driven approach

A policy-based security framework for ad-hoc networks

Imperial Users onl

Securing Critical Infrastructures

1noL'abstract è presente nell'allegato / the abstract is in the attachmentopen677. INGEGNERIA INFORMATInoopenCarelli, Albert

The Law of Blockchain

Blockchain technology is a new general-purpose technology that poses significant challenges to the existing state of law, economy, and society. Blockchain has one feature that makes it even more distinctive than other disruptive technologies: it is, by nature and design, global and transnational. Moreover, blockchain operates based on its own rules and principles that have a law-like quality. What may be called the lex cryptographia of blockchain has been designed based on a rational choice vision of human behavior. Blockchain adopts a framing derived from neoclassical economics, and instantiates it in a new machinery that implements rational choice paradigms using blockchain in a semi-automatic way, across all spheres of life, and without regard to borders. Accordingly, a global law and crypto-economics movement is now emerging owing to the spread of blockchain. This Article suggests that such a rational choice paradigm is an insufficient foundation for the future development of blockchain. It seeks to develop a new understanding of blockchain and its regulation through code according to the emerging “law and political economy” framework. Blockchain is much more than a machine that enables the automation of transactions according to a rational choice framework. Blockchain should instead be understood as a technological infrastructure. Acknowledging the infrastructural dimension of blockchain technology may help identify a new role for the law in its interaction with blockchain, as well as for government in its interaction with the new technology. More precisely, identifying blockchain as an “infrastructural commons” helps us recognize that law and regulation should not be relegated to the role of merely facilitating the operation of the invisible hand of the market by and within blockchain, but should rather acquire more active roles, such as safeguarding access on non-discriminatory terms to users, on a model with net neutrality and other public utility safeguards. The Article closes by proposing a “law and political economy” framework for blockchain that is based on principles of publicness, trust, and interoperability