Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime

Multimission Aircraft Design Study, Payload

It is proposed that a Multi-Mission Aircraft (MMA) be prepared to combine some or all the functions of the aging AWACS, JSTARS, RIVET JOINT, COMPASS CALL, and AECCC fleet. Three different thesis studies have been developed by three Air Force Institute of Technology GSE students to show the feasibility of replacing the current aging fleet with one or more MMA platforms. This is the thesis in which the payload issuer have been examined. Within this thesis, two different alternative architectures, which are One Tail Number and Different Tail Numbers including nine different configurations, have been considered. Estimated payload characteristics of these alternatives have been compared to those of Boeing 767-400ER, which is the aircraft selected as the baseline for MMA platform. Reduced life cycle cost, increased measure of aircraft specifications, and minimum risk are the main objectives pursued by means of several systems engineering and aircraft design methodologies

10281 Abstracts Collection -- Dynamically Reconfigurable Architectures

From 11.07.10 to 16.07.10, Dagstuhl Seminar 10281 ``Dynamically Reconfigurable Architectures \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

High-speed dynamic partial reconfiguration for field programmable gate arrays

With dynamically and partially reconfigurable designs, it is necessary that the speed of the reconfiguration be accomplished in a time that is sufficiently small such that the operation of reconfiguration is not the limiting factor in the process. Therefore, the communication between the source of configuration and the configurable unit must be made as fast as possible. The aim of this work is to use an embedded controller internal to the FPGA to control the reconfiguration process and obtain the maximum speed at which reconfiguration can occur, with current FPGA technology. The use of Direct Memory Access (DMA) driven operations instead of the current arbitrated bus architectures yielded a 30% increase in the speed of reconfiguration compared to other methods such as OPB_HWICAP and PLB_HWICAP [1]. The use of interrupt driven partial reconfiguration was also introduced, allowing the processor to switch to other tasks during the reconfiguration operation. All of these contributions lead to significant performance improvements over current partial reconfiguration subsystems. The configuration controller was tested using four partially reconfigurable system implementations: (i) one targeting the Hard IP PowerPC405 on Virtex-4, (ii) a second targeting the Soft IP MicroBlaze on Virtex-5, (iii) a third targeting the Hard IP PowerPC440 on Virtex-5, and (iv) a fourth system targets the Hard IP PowerPC440 on Virtex-5 capable of adaptive feedback. The adaptive feedback Virtex-5 system can use internal voltage and temperature measurements from the Xilinx System Monitor IP to dynamically increase or decrease the speed of reconfiguration and/or change other reconfigurable aspects of the system to better match the environment

High-Level Design for Ultra-Fast Software Defined Radio Prototyping on Multi-Processors Heterogeneous Platforms

International audienceThe design of Software Defined Radio (SDR) equipments (terminals, base stations, etc.) is still very challenging. We propose here a design methodology for ultra-fast prototyping on heterogeneous platforms made of GPPs (General Purpose Processors), DSPs (Digital Signal Processors) and FPGAs (Field Programmable Gate Array). Lying on a component-based approach, the methodology mainly aims at automating as much as possible the design from an algorithmic validation to a multi-processing heterogeneous implementation. The proposed methodology is based on the SynDEx CAD design approach, which was originally dedicated to multi-GPPs networks. We show how this was changed so that it is made appropriate with an embedded context of DSP. The implication of FPGAs is then addressed and integrated in the design approach with very little restrictions. Apart from a manual HW/SW partitioning, all other operations may be kept automatic in a heterogeneous processing context. The targeted granularity of the components, which are to be assembled in the design flow, is roughly the same size as that of a FFT, a filter or a Viterbi decoder for instance. The re-use of third party or pre-developed IPs is a basis for this design approach. Thanks to the proposed design methodology it is possible to port "ultra" fast a radio application over several platforms. In addition, the proposed design methodology is not restricted to SDR equipment design, and can be useful for any real-time embedded heterogeneous design in a prototyping context

Deploying RIOT operating system on a reconfigurable Internet of Things end-device

Dissertação de mestrado integrado em Engenharia Eletrónica Industrial e ComputadoresThe Internet of Everything (IoE) is enabling the connection of an infinity of physical objects to the Internet, and has the potential to connect every single existing object in the world. This empowers a market with endless opportunities where the big players are forecasting, by 2020, more than 50 billion connected devices, representing an 8 trillion USD market. The IoE is a broad concept that comprises several technological areas and will certainly, include more in the future. Some of those already existing fields are the Internet of Energy related with the connectivity of electrical power grids, Internet of Medical Things (IoMT), for instance, enables patient monitoring, Internet of Industrial Things (IoIT), which is dedicated to industrial plants, and the Internet of Things (IoT) that focus on the connection of everyday objects (e.g. home appliances, wearables, transports, buildings, etc.) to the Internet. The diversity of scenarios where IoT can be deployed, and consequently the different constraints associated to each device, leads to a heterogeneous network composed by several communication technologies and protocols co-existing on the same physical space. Therefore, the key requirements of an IoT network are the connectivity and the interoperability between devices. Such requirement is achieved by the adoption of standard protocols and a well-defined lightweight network stack. Due to the adoption of a standard network stack, the data processed and transmitted between devices tends to increase. Because most of the devices connected are resource constrained, i.e., low memory, low processing capabilities, available energy, the communication can severally decrease the device’s performance. Hereupon, to tackle such issues without sacrificing other important requirements, this dissertation aims to deploy an operating system (OS) for IoT, the RIOT-OS, while providing a study on how network-related tasks can benefit from hardware accelerators (deployed on reconfigurable technology), specially designed to process and filter packets received by an IoT device.O conceito Internet of Everything (IoE) permite a conexão de uma infinidade de objetos à Internet e tem o potencial de conectar todos os objetos existentes no mundo. Favorecendo assim o aparecimento de novos mercados e infinitas possibilidades, em que os grandes intervenientes destes mercados preveem até 2020 a conexão de mais de 50 mil milhões de dispositivos, representando um mercado de 8 mil milhões de dólares. IoE é um amplo conceito que inclui várias áreas tecnológicas e irá certamente incluir mais no futuro. Algumas das áreas já existentes são: a Internet of Energy relacionada com a conexão de redes de transporte e distribuição de energia à Internet; Internet of Medical Things (IoMT), que possibilita a monotorização de pacientes; Internet of Industrial Things (IoIT), dedicada a instalações industriais e a Internet of Things (IoT), que foca na conexão de objetos do dia-a-dia (e.g. eletrodomésticos, wearables, transportes, edifícios, etc.) à Internet. A diversidade de cenários à qual IoT pode ser aplicado, e consequentemente, as diferentes restrições aplicadas a cada dispositivo, levam à criação de uma rede heterogénea composto por diversas tecnologias de comunicação e protocolos a coexistir no mesmo espaço físico. Desta forma, os requisitos chave aplicados às redes IoT são a conectividade e interoperabilidade entre dispositivos. Estes requisitos são atingidos com a adoção de protocolos standard e pilhas de comunicação bem definidas. Com a adoção de pilhas de comunicação standard, a informação processada e transmitida entre dispostos tende a aumentar. Visto que a maioria dos dispositivos conectados possuem escaços recursos, i.e., memória reduzida, baixa capacidade de processamento, pouca energia disponível, o aumento da capacidade de comunicação pode degradar o desempenho destes dispositivos. Posto isto, para lidar com estes problemas e sem sacrificar outros requisitos importantes, esta dissertação pretende fazer o porting de um sistema operativo IoT, o RIOT, para uma solução reconfigurável, o CUTE mote. O principal objetivo consiste na realização de um estudo sobre os benefícios que as tarefas relacionadas com as camadas de rede podem ter ao serem executadas em hardware via aceleradores dedicados. Estes aceleradores são especialmente projetados para processar e filtrar pacotes de dados provenientes de uma interface radio em redes IoT periféricas

Implementing efficient 384-Bit NIST elliptic curves over prime fields on an ARM946E

This thesis presents a performance evaluation of a 384-bit NIST elliptic curve over prime fields on a 32-bit ARM946E microprocessor running at 100-MHz. While adhering to the constraints of an embedded system, the following items were investigated to decrease computation time: the importance of the underlying finite arithmetic, the use of hardware accelerators, the use of memory options, and the use of available processor features. The elliptic curve implementation utilized existing finite arithmetic C code to interface to an AiMEC Montgomery Exponentiator Core. The exponentiator core supports modular addition, modular multiplication, and exponentiation. The finite arithmetic C code also contained functions to perform operations which are not performed by the exponentiator such as non-modular multiplication, non-modular addition, and modular subtraction. Multiple enhancements were made to the finite field arithmetic. These provided a 22% time reduction in execution time of the 384-bit elliptic curve multiplication. Enhancements included writing assembly functions, adding checks prior to performing a modular reduction, utilizing the exponentiator core only when modulus reduction was necessary, using multiplication if more than two additions are required and placing the finite arithmetic into its own library and using ARM mode. Other optimizations investigated including: cache usage, compiler options (speed vs. size), and Thumb instruction set vs. ARM instruction set provided minimal reduction, 3.6%, in the execution time