31 research outputs found
Fault and Defect Tolerant Computer Architectures: Reliable Computing With Unreliable Devices
This research addresses design of a reliable computer from unreliable device technologies. A system architecture is developed for a fault and defect tolerant (FDT) computer. Trade-offs between different techniques are studied and yield and hardware cost models are developed. Fault and defect tolerant designs are created for the processor and the cache memory. Simulation results for the content-addressable memory (CAM)-based cache show 90% yield with device failure probabilities of 3 x 10(-6), three orders of magnitude better than non fault tolerant caches of the same size. The entire processor achieves 70% yield with device failure probabilities exceeding 10(-6). The required hardware redundancy is approximately 15 times that of a non-fault tolerant design. While larger than current FT designs, this architecture allows the use of devices much more likely to fail than silicon CMOS. As part of model development, an improved model is derived for NAND Multiplexing. The model is the first accurate model for small and medium amounts of redundancy. Previous models are extended to account for dependence between the inputs and produce more accurate results
Enhancing Real-time Embedded Image Processing Robustness on Reconfigurable Devices for Critical Applications
Nowadays, image processing is increasingly used in several application fields, such as biomedical, aerospace, or automotive. Within these fields, image processing is used to serve both non-critical and critical tasks. As example, in automotive, cameras are becoming key sensors in increasing car safety, driving assistance and driving comfort. They have been employed for infotainment (non-critical), as well as for some driver assistance tasks (critical), such as Forward Collision Avoidance, Intelligent Speed Control, or Pedestrian Detection.
The complexity of these algorithms brings a challenge in real-time image processing systems, requiring high computing capacity, usually not available in processors for embedded systems. Hardware acceleration is therefore crucial, and devices such as Field Programmable Gate Arrays (FPGAs) best fit the growing demand of computational capabilities. These devices can assist embedded processors by significantly speeding-up computationally intensive software algorithms.
Moreover, critical applications introduce strict requirements not only from the real-time constraints, but also from the device reliability and algorithm robustness points of view. Technology scaling is highlighting reliability problems related to aging phenomena, and to the increasing sensitivity of digital devices to external radiation events that can cause transient or even permanent faults. These faults can lead to wrong information processed or, in the worst case, to a dangerous system failure. In this context, the reconfigurable nature of FPGA devices can be exploited to increase the system reliability and robustness by leveraging Dynamic Partial Reconfiguration features.
The research work presented in this thesis focuses on the development of techniques for implementing efficient and robust real-time embedded image processing hardware accelerators and systems for mission-critical applications. Three main challenges have been faced and will be discussed, along with proposed solutions, throughout the thesis: (i) achieving real-time performances, (ii) enhancing algorithm robustness, and (iii) increasing overall system's dependability.
In order to ensure real-time performances, efficient FPGA-based hardware accelerators implementing selected image processing algorithms have been developed. Functionalities offered by the target technology, and algorithm's characteristics have been constantly taken into account while designing such accelerators, in order to efficiently tailor algorithm's operations to available hardware resources.
On the other hand, the key idea for increasing image processing algorithms' robustness is to introduce self-adaptivity features at algorithm level, in order to maintain constant, or improve, the quality of results for a wide range of input conditions, that are not always fully predictable at design-time (e.g., noise level variations). This has been accomplished by measuring at run-time some characteristics of the input images, and then tuning the algorithm parameters based on such estimations. Dynamic reconfiguration features of modern reconfigurable FPGA have been extensively exploited in order to integrate run-time adaptivity into the designed hardware accelerators.
Tools and methodologies have been also developed in order to increase the overall system dependability during reconfiguration processes, thus providing safe run-time adaptation mechanisms. In addition, taking into account the target technology and the environments in which the developed hardware accelerators and systems may be employed, dependability issues have been analyzed, leading to the development of a platform for quickly assessing the reliability and characterizing the behavior of hardware accelerators implemented on reconfigurable FPGAs when they are affected by such faults
Energy Harvesting and Sensor Based Hardware Security Primitives for Cyber-Physical Systems
The last few decades have seen a large proliferation in the prevalence of cyber-physical systems. Although cyber-physical systems can offer numerous advantages to society, their large scale adoption does not come without risks. Internet of Things (IoT) devices can be considered a significant component within cyber-physical systems. They can provide network communication in addition to controlling the various sensors and actuators that exist within the larger cyber-physical system. The adoption of IoT features can also provide attackers with new potential avenues to access and exploit a system\u27s vulnerabilities. Previously, existing systems could more or less be considered a closed system with few potential points of access for attackers. Security was thus not typically a core consideration when these systems were originally designed. The cumulative effect is that these systems are now vulnerable to new security risks without having native security countermeasures that can easily address these vulnerabilities. Even just adding standard security features to these systems is itself not a simple task. The devices that make up these systems tend to have strict resource constraints in the form of power consumption and processing power. In this dissertation, we explore how security devices known as Physically Unclonable Functions (PUFs) could be used to address these concerns.
PUFs are a class of circuits that are unique and unclonable due to inherent variations caused by the device manufacturing process. We can take advantage of these PUF properties by using the outputs of PUFs to generate secret keys or pseudonyms that are similarly unique and unclonable. Existing PUF designs are commonly based around transistor level variations in a special purpose integrated circuit (IC). Integrating these designs within a system would still require additional hardware along with system modification to interact with the device. We address these concerns by proposing a novel PUF design methodology for the creation of PUFs whose integration within these systems would minimize the cost of redesigning the system by reducing the need to add additional hardware. This goal is achieved by creating PUF designs from components that may already exist within these systems.
A PUF designed from existing components creates the possibility of adding a PUF (and thus security features) to the system without actually adding any additional hardware. This could allow PUFs to become a more attractive security option for integration with resource constrained devices. Our proposed approach specifically targets sensors and energy harvesting devices since they can provide core functions within cyber-physical systems such as power generation and sensing capabilities. These components are known to exhibit variations due to the manufacturing process and could thus be utilized to design a PUF. Our first contribution is the proposal of a novel PUF design methodology based on using components which are already commonly found within cyber-physical systems. The proposed methodology uses eight sensors or energy harvesting devices along with a microcontroller.
It is unlikely that single type of sensor or energy harvester will exist in all possible cyber-physical systems. Therefore, it is important to create a range of designs in order to reach a greater portion of cyber-physical systems. The second contribution of this work is the design of a PUF based on piezo sensors. Our third contribution is the design of a PUF that utilizes thermistor temperature sensors. The fourth contribution of this work is a proposed solar cell based PUF design. Furthermore, as a fifth contribution of this dissertation we evaluate a selection of common solar cell materials to establish which type of solar cell would be best suited to the creation of a PUF based on the operating conditions. The viability of the proposed designs is evaluated through testing in terms of reliability and uniformity. In addition, Monte Carlo simulations are performed to evaluate the uniqueness property of the designs.
For our final contribution we illustrate the security benefits that can be achieved through the adoption of PUFs by cyber-physical systems. For this purpose we chose to highlight vehicles since they are a very popular example of a cyber-physical system and they face unique security challenges which are not readily solvable by standard solutions. Our contribution is the proposal of a novel controller area network (CAN) security framework that is based on PUFs. The framework does not require any changes to the underlying CAN protocol and also minimizes the amount of additional message passing overhead needed for its operation. The proposed framework is a good example of how the cost associated with implementing such a framework could be further reduced through the adoption of our proposed PUF designs. The end result is a method which could introduce security to an inherently insecure system while also making its integration as seamless as possible by attempting to minimize the need for additional hardware
The Fifth NASA Symposium on VLSI Design
The fifth annual NASA Symposium on VLSI Design had 13 sessions including Radiation Effects, Architectures, Mixed Signal, Design Techniques, Fault Testing, Synthesis, Signal Processing, and other Featured Presentations. The symposium provides insights into developments in VLSI and digital systems which can be used to increase data systems performance. The presentations share insights into next generation advances that will serve as a basis for future VLSI design
Secure Physical Design
An integrated circuit is subject to a number of attacks including information leakage, side-channel attacks, fault-injection, malicious change, reverse engineering, and piracy. Majority of these attacks take advantage of physical placement and routing of cells and interconnects. Several measures have already been proposed to deal with security issues of the high level functional design and logic synthesis. However, to ensure end-to-end trustworthy IC design flow, it is necessary to have security sign-off during physical design flow. This paper presents a secure physical design roadmap to enable end-to-end trustworthy IC design flow. The paper also discusses utilization of AI/ML to establish security at the layout level. Major research challenges in obtaining a secure physical design are also discussed
Error Detection and Diagnosis for System-on-Chip in Space Applications
Tesis por compendio de publicacionesLos componentes electrónicos comerciales, comúnmente llamados componentes
Commercial-Off-The-Shelf (COTS) están presentes en multitud de dispositivos habituales
en nuestro día a día. Particularmente, el uso de microprocesadores y sistemas en chip (SoC)
altamente integrados ha favorecido la aparición de dispositivos electrónicos cada vez más
inteligentes que sostienen el estilo de vida y el avance de la sociedad moderna. Su uso se
ha generalizado incluso en aquellos sistemas que se consideran críticos para la seguridad,
como vehículos, aviones, armamento, dispositivos médicos, implantes o centrales eléctricas.
En cualquiera de ellos, un fallo podría tener graves consecuencias humanas o económicas.
Sin embargo, todos los sistemas electrónicos conviven constantemente con factores internos
y externos que pueden provocar fallos en su funcionamiento. La capacidad de un sistema
para funcionar correctamente en presencia de fallos se denomina tolerancia a fallos, y es
un requisito en el diseño y operación de sistemas críticos.
Los vehículos espaciales como satélites o naves espaciales también hacen uso de
microprocesadores para operar de forma autónoma o semi autónoma durante su vida útil,
con la dificultad añadida de que no pueden ser reparados en órbita, por lo que se consideran
sistemas críticos. Además, las duras condiciones existentes en el espacio, y en particular
los efectos de la radiación, suponen un gran desafío para el correcto funcionamiento de los
dispositivos electrónicos. Concretamente, los fallos transitorios provocados por radiación
(conocidos como soft errors) tienen el potencial de ser una de las mayores amenazas para
la fiabilidad de un sistema en el espacio.
Las misiones espaciales de gran envergadura, típicamente financiadas públicamente
como en el caso de la NASA o la Agencia Espacial Europea (ESA), han tenido
históricamente como requisito evitar el riesgo a toda costa por encima de cualquier
restricción de coste o plazo. Por ello, la selección de componentes resistentes a la radiación
(rad-hard) específicamente diseñados para su uso en el espacio ha sido la metodología
imperante en el paradigma que hoy podemos denominar industria espacial tradicional, u
Old Space. Sin embargo, los componentes rad-hard tienen habitualmente un coste mucho
más alto y unas prestaciones mucho menores que otros componentes COTS equivalentes.
De hecho, los componentes COTS ya han sido utilizados satisfactoriamente en misiones
de la NASA o la ESA cuando las prestaciones requeridas por la misión no podían ser
cubiertas por ningún componente rad-hard existente.
En los últimos años, el acceso al espacio se está facilitando debido en gran parte a la
entrada de empresas privadas en la industria espacial. Estas empresas no siempre buscan
evitar el riesgo a toda costa, sino que deben perseguir una rentabilidad económica, por
lo que hacen un balance entre riesgo, coste y plazo mediante gestión del riesgo en un
paradigma denominado Nuevo Espacio o New Space. Estas empresas a menudo están
interesadas en entregar servicios basados en el espacio con las máximas prestaciones y el mayor beneficio posibles, para lo cual los componentes rad-hard son menos atractivos
debido a su mayor coste y menores prestaciones que los componentes COTS existentes.
Sin embargo, los componentes COTS no han sido específicamente diseñados para su uso
en el espacio y típicamente no incluyen técnicas específicas para evitar que los efectos de
la radiación afecten su funcionamiento. Los componentes COTS se comercializan tal cual
son, y habitualmente no es posible modificarlos para mejorar su resistencia a la radiación.
Además, los elevados niveles de integración de los sistemas en chip (SoC) complejos
de altas prestaciones dificultan su observación y la aplicación de técnicas de tolerancia
a fallos. Este problema es especialmente relevante en el caso de los microprocesadores.
Por tanto, existe un gran interés en el desarrollo de técnicas que permitan conocer y
mejorar el comportamiento de los microprocesadores COTS bajo radiación sin modificar
su arquitectura y sin interferir en su funcionamiento para facilitar su uso en el espacio y
con ello maximizar las prestaciones de las misiones espaciales presentes y futuras.
En esta Tesis se han desarrollado técnicas novedosas para detectar, diagnosticar y
mitigar los errores producidos por radiación en microprocesadores y sistemas en chip
(SoC) comerciales, utilizando la interfaz de traza como punto de observación. La interfaz de
traza es un recurso habitual en los microprocesadores modernos, principalmente enfocado
a soportar las tareas de desarrollo y depuración del software durante la fase de diseño. Sin
embargo, una vez el desarrollo ha concluido, la interfaz de traza típicamente no se utiliza
durante la fase operativa del sistema, por lo que puede ser reutilizada sin coste. La interfaz
de traza constituye un punto de conexión viable para observar el comportamiento de un
microprocesador de forma no intrusiva y sin interferir en su funcionamiento.
Como resultado de esta Tesis se ha desarrollado un módulo IP capaz de recabar
y decodificar la información de traza de un microprocesador COTS moderno de altas
prestaciones. El IP es altamente configurable y personalizable para adaptarse a diferentes
aplicaciones y tipos de procesadores. Ha sido diseñado y validado utilizando el dispositivo
Zynq-7000 de Xilinx como plataforma de desarrollo, que constituye un dispositivo COTS
de interés en la industria espacial. Este dispositivo incluye un procesador ARM Cortex-A9
de doble núcleo, que es representativo del conjunto de microprocesadores hard-core
modernos de altas prestaciones. El IP resultante es compatible con la tecnología ARM
CoreSight, que proporciona acceso a información de traza en los microprocesadores ARM.
El IP incorpora técnicas para detectar errores en el flujo de ejecución y en los datos de la
aplicación ejecutada utilizando la información de traza, en tiempo real y con muy baja
latencia. El IP se ha validado en campañas de inyección de fallos y también en radiación con
protones y neutrones en instalaciones especializadas. También se ha combinado con otras
técnicas de tolerancia a fallos para construir técnicas híbridas de mitigación de errores.
Los resultados experimentales obtenidos demuestran su alta capacidad de detección y
potencialidad en el diagnóstico de errores producidos por radiación.
El resultado de esta Tesis, desarrollada en el marco de un Doctorado Industrial entre
la Universidad Carlos III de Madrid (UC3M) y la empresa Arquimea, se ha transferido satisfactoriamente al entorno empresarial en forma de un proyecto financiado por la
Agencia Espacial Europea para continuar su desarrollo y posterior explotación.Commercial electronic components, also known as Commercial-Off-The-Shelf (COTS),
are present in a wide variety of devices commonly used in our daily life. Particularly, the
use of microprocessors and highly integrated System-on-Chip (SoC) devices has fostered
the advent of increasingly intelligent electronic devices which sustain the lifestyles and the
progress of modern society. Microprocessors are present even in safety-critical systems,
such as vehicles, planes, weapons, medical devices, implants, or power plants. In any of
these cases, a fault could involve severe human or economic consequences. However, every
electronic system deals continuously with internal and external factors that could provoke
faults in its operation. The capacity of a system to operate correctly in presence of faults
is known as fault-tolerance, and it becomes a requirement in the design and operation of
critical systems.
Space vehicles such as satellites or spacecraft also incorporate microprocessors to
operate autonomously or semi-autonomously during their service life, with the additional
difficulty that they cannot be repaired once in-orbit, so they are considered critical systems.
In addition, the harsh conditions in space, and specifically radiation effects, involve a big
challenge for the correct operation of electronic devices. In particular, radiation-induced
soft errors have the potential to become one of the major risks for the reliability of systems
in space.
Large space missions, typically publicly funded as in the case of NASA or European
Space Agency (ESA), have followed historically the requirement to avoid the risk at any
expense, regardless of any cost or schedule restriction. Because of that, the selection of
radiation-resistant components (known as rad-hard) specifically designed to be used in
space has been the dominant methodology in the paradigm of traditional space industry,
also known as “Old Space”. However, rad-hard components have commonly a much higher
associated cost and much lower performance that other equivalent COTS devices. In fact,
COTS components have already been used successfully by NASA and ESA in missions
that requested such high performance that could not be satisfied by any available rad-hard
component.
In the recent years, the access to space is being facilitated in part due to the irruption
of private companies in the space industry. Such companies do not always seek to avoid
the risk at any cost, but they must pursue profitability, so they perform a trade-off between
risk, cost, and schedule through risk management in a paradigm known as “New Space”.
Private companies are often interested in deliver space-based services with the maximum
performance and maximum benefit as possible. With such objective, rad-hard components
are less attractive than COTS due to their higher cost and lower performance.
However, COTS components have not been specifically designed to be used in space
and typically they do not include specific techniques to avoid or mitigate the radiation effects in their operation. COTS components are commercialized “as is”, so it is not
possible to modify them to improve their susceptibility to radiation effects. Moreover,
the high levels of integration of complex, high-performance SoC devices hinder their
observability and the application of fault-tolerance techniques. This problem is especially
relevant in the case of microprocessors. Thus, there is a growing interest in the development
of techniques allowing to understand and improve the behavior of COTS microprocessors
under radiation without modifying their architecture and without interfering with their
operation. Such techniques may facilitate the use of COTS components in space and
maximize the performance of present and future space missions.
In this Thesis, novel techniques have been developed to detect, diagnose, and
mitigate radiation-induced errors in COTS microprocessors and SoCs using the trace
interface as an observation point. The trace interface is a resource commonly found
in modern microprocessors, mainly intended to support software development and
debugging activities during the design phase. However, it is commonly left unused
during the operational phase of the system, so it can be reused with no cost. The trace
interface constitutes a feasible connection point to observe microprocessor behavior in a
non-intrusive manner and without disturbing processor operation.
As a result of this Thesis, an IP module has been developed capable to gather and
decode the trace information of a modern, high-end, COTS microprocessor. The IP is highly
configurable and customizable to support different applications and processor types. The
IP has been designed and validated using the Xilinx Zynq-7000 device as a development
platform, which is an interesting COTS device for the space industry. This device features a
dual-core ARM Cortex-A9 processor, which is a good representative of modern, high-end,
hard-core microprocessors. The resulting IP is compatible with the ARM CoreSight
technology, which enables access to trace information in ARM microprocessors. The IP is
able to detect errors in the execution flow of the microprocessor and in the application data
using trace information, in real time and with very low latency. The IP has been validated
in fault injection campaigns and also under proton and neutron irradiation campaigns in
specialized facilities. It has also been combined with other fault-tolerance techniques
to build hybrid error mitigation approaches. Experimental results demonstrate its high
detection capabilities and high potential for the diagnosis of radiation-induced errors.
The result of this Thesis, developed in the framework of an Industrial Ph.D. between the
University Carlos III of Madrid (UC3M) and the company Arquimea, has been successfully
transferred to the company business as a project sponsored by European Space Agency to
continue its development and subsequent commercialization.Programa de Doctorado en Ingeniería Eléctrica, Electrónica y Automática por la Universidad Carlos III de MadridPresidenta: María Luisa López Vallejo.- Secretario: Enrique San Millán Heredia.- Vocal: Luigi Di Lill
Reconfigurable acceleration of Recurrent Neural Networks
Recurrent Neural Networks (RNNs) have been successful in a wide range of applications involving temporal sequences such as natural language processing, speech recognition and video analysis. However, RNNs often require a significant amount of memory and computational resources. In addition, the recurrent nature and data dependencies in RNN computations can lead to system stall, resulting in low throughput and high latency.
This work describes novel parallel hardware architectures for accelerating RNN inference using Field-Programmable Gate Array (FPGA) technology, which considers the data dependencies and high computational costs of RNNs.
The first contribution of this thesis is a latency-hiding architecture that utilizes column-wise matrix-vector multiplication instead of the conventional row-wise operation to eliminate data dependencies and improve the throughput of RNN inference designs. This architecture is further enhanced by a configurable checkerboard tiling strategy which allows large dimensions of weight matrices, while supporting element-based parallelism and vector-based parallelism. The presented reconfigurable RNN designs show significant speedup over CPU, GPU, and other FPGA designs.
The second contribution of this thesis is a weight reuse approach for large RNN models with weights stored in off-chip memory, running with a batch size of one. A novel blocking-batching strategy is proposed to optimize the throughput of large RNN designs on FPGAs by reusing the RNN weights. Performance analysis is also introduced to enable FPGA designs to achieve the best trade-off between area, power consumption and performance. Promising power efficiency improvement has been achieved in addition to speeding up over CPU and GPU designs.
The third contribution of this thesis is a low latency design for RNNs based on a partially-folded hardware architecture. It also introduces a technique that balances initiation interval of multi-layer RNN inferences to increase hardware efficiency and throughput while reducing latency. The approach is evaluated on a variety of applications, including gravitational wave detection and Bayesian RNN-based ECG anomaly detection.
To facilitate the use of this approach, we open source an RNN template which enables the generation of low-latency FPGA designs with efficient resource utilization using high-level synthesis tools.Open Acces
A Framework for Facilitating Secure Design and Development of IoT Systems
The term Internet of Things (IoT) describes an ever-growing ecosystem of physical objects
or things interconnected with each other and connected to the Internet. IoT devices
consist of a wide range of highly heterogeneous inanimate and animate objects. Thus, a
thing in the context of the IoT can even mean a person with blood pressure or heart rate
monitor implant or a pet with a biochip transponder. IoT devices range from ordinary
household appliances, such as smart light bulbs or smart coffee makers, to sophisticated
tools for industrial automation. IoT is currently leading a revolutionary change in many
industries and, as a result, a lot of industries and organizations are adopting the paradigm
to gain a competitive edge. This allows them to boost operational efficiency and optimize
system performance through real-time data management, which results in an optimized
balance between energy usage and throughput. Another important application area is
the Industrial Internet of Things (IIoT), which is the application of the IoT in industrial
settings. This is also referred to as the Industrial Internet or Industry 4.0, where Cyber-
Physical Systems (CPS) are interconnected using various technologies to achieve wireless
control as well as advanced manufacturing and factory automation. IoT applications
are becoming increasingly prevalent across many application domains, including smart
healthcare, smart cities, smart grids, smart farming, and smart supply chain management.
Similarly, IoT is currently transforming the way people live and work, and hence
the demand for smart consumer products among people is also increasing steadily. Thus,
many big industry giants, as well as startup companies, are competing to dominate the
market with their new IoT products and services, and hence unlocking the business value
of IoT.
Despite its increasing popularity, potential benefits, and proven capabilities, IoT is still in
its infancy and fraught with challenges. The technology is faced with many challenges, including
connectivity issues, compatibility/interoperability between devices and systems,
lack of standardization, management of the huge amounts of data, and lack of tools for
forensic investigations. However, the state of insecurity and privacy concerns in the IoT
are arguably among the key factors restraining the universal adoption of the technology.
Consequently, many recent research studies reveal that there are security and privacy issues
associated with the design and implementation of several IoT devices and Smart Applications
(smart apps). This can be attributed, partly, to the fact that as some IoT device
makers and smart apps development companies (especially the start-ups) reap business
value from the huge IoT market, they tend to neglect the importance of security. As a
result, many IoT devices and smart apps are created with security vulnerabilities, which
have resulted in many IoT related security breaches in recent years.
This thesis is focused on addressing the security and privacy challenges that were briefly
highlighted in the previous paragraph. Given that the Internet is not a secure environ ment even for the traditional computer systems makes IoT systems even less secure due
to the inherent constraints associated with many IoT devices. These constraints, which are
mainly imposed by cost since many IoT edge devices are expected to be inexpensive and
disposable, include limited energy resources, limited computational and storage capabilities,
as well as lossy networks due to the much lower hardware performance compared
to conventional computers. While there are many security and privacy issues in the IoT
today, arguably a root cause of such issues is that many start-up IoT device manufacturers
and smart apps development companies do not adhere to the concept of security by
design. Consequently, some of these companies produce IoT devices and smart apps with
security vulnerabilities.
In recent years, attackers have exploited different security vulnerabilities in IoT infrastructures
which have caused several data breaches and other security and privacy incidents
involving IoT devices and smart apps. These have attracted significant attention
from the research community in both academia and industry, resulting in a surge of proposals
put forward by many researchers. Although research approaches and findings may
vary across different research studies, the consensus is that a fundamental prerequisite for
addressing IoT security and privacy challenges is to build security and privacy protection
into IoT devices and smart apps from the very beginning. To this end, this thesis investigates
how to bake security and privacy into IoT systems from the onset, and as its main
objective, this thesis particularly focuses on providing a solution that can foster the design
and development of secure IoT devices and smart apps, namely the IoT Hardware Platform
Security Advisor (IoT-HarPSecA) framework. The security framework is expected to
provide support to designers and developers in IoT start-up companies during the design
and implementation of IoT systems. IoT-HarPSecA framework is also expected to facilitate
the implementation of security in existing IoT systems.
To accomplish the previously mentioned objective as well as to affirm the aforementioned
assertion, the following step-by-step problem-solving approach is followed. The first step
is an exhaustive survey of different aspects of IoT security and privacy, including security requirements in IoT architecture, security threats in IoT architecture, IoT application domains
and their associated cyber assets, the complexity of IoT vulnerabilities, and some
possible IoT security and privacy countermeasures; and the survey wraps up with a brief
overview of IoT hardware development platforms. The next steps are the identification of
many challenges and issues associated with the IoT, which narrowed down to the abovementioned
fundamental security/privacy issue; followed by a study of different aspects of
security implementation in the IoT. The remaining steps are the framework design thinking
process, framework design and implementation, and finally, framework performance
evaluation.
IoT-HarPSecA offers three functionality features, namely security requirement elicitation security best practice guidelines for secure development, and above all, a feature that recommends
specific Lightweight Cryptographic Algorithms (LWCAs) for both software and
hardware implementations. Accordingly, IoT-HarPSecA is composed of three main components,
namely Security Requirements Elicitation (SRE) component, Security Best Practice
Guidelines (SBPG) component, and Lightweight Cryptographic Algorithms Recommendation
(LWCAR) component, each of them servicing one of the aforementioned features.
The author has implemented a command-line tool in C++ to serve as an interface
between users and the security framework. This thesis presents a detailed description,
design, and implementation of the SRE, SBPG, and LWCAR components of the security
framework. It also presents real-world practical scenarios that show how IoT-HarPSecA
can be used to elicit security requirements, generate security best practices, and recommend
appropriate LWCAs based on user inputs. Furthermore, the thesis presents performance
evaluation of the SRE, SBPG, and LWCAR components framework tools, which
shows that IoT-HarPSecA can serve as a roadmap for secure IoT development.O termo Internet das coisas (IoT) é utilizado para descrever um ecossistema, em expansão,
de objetos físicos ou elementos interconetados entre si e à Internet. Os dispositivos
IoT consistem numa gama vasta e heterogénea de objetos animados ou inanimados e,
neste contexto, podem pertencer à IoT um indivíduo com um implante que monitoriza a
frequência cardíaca ou até mesmo um animal de estimação que tenha um biochip. Estes
dispositivos variam entre eletrodomésticos, tais como máquinas de café ou lâmpadas inteligentes,
a ferramentas sofisticadas de uso na automatização industrial. A IoT está a
revolucionar e a provocar mudanças em várias indústrias e muitas adotam esta tecnologia
para incrementar as suas vantagens competitivas. Este paradigma melhora a eficiência
operacional e otimiza o desempenho de sistemas através da gestão de dados em tempo
real, resultando num balanço otimizado entre o uso energético e a taxa de transferência.
Outra área de aplicação é a IoT Industrial (IIoT) ou internet industrial ou Indústria 4.0,
ou seja, uma aplicação de IoT no âmbito industrial, onde os sistemas ciberfísicos estão interconectados
a diversas tecnologias de forma a obter um controlo de rede sem fios, bem
como fabricações avançadas e automatização fabril. As aplicações da IoT estão a crescer
e a tornarem-se predominantes em muitos domínios de aplicação inteligentes como sistemas
de saúde, cidades, redes, agricultura e sistemas de fornecimento. Da mesma forma,
a IoT está a transformar estilos de vida e de trabalho e assim, a procura por produtos inteligentes
está constantemente a aumentar. As grandes indústrias e startups competem
entre si de forma a dominar o mercado com os seus novos serviços e produtos IoT, desbloqueando
o valor de negócio da IoT.
Apesar da sua crescente popularidade, benefícios e capacidades comprovadas, a IoT está
ainda a dar os seus primeiros passos e é confrontada com muitos desafios. Entre eles,
problemas de conectividade, compatibilidade/interoperabilidade entre dispositivos e sistemas,
falta de padronização, gestão das enormes quantidades de dados e ainda falta de
ferramentas para investigações forenses. No entanto, preocupações quanto ao estado de
segurança e privacidade ainda estão entre os fatores adversos à adesão universal desta
tecnologia. Estudos recentes revelaram que existem questões de segurança e privacidade
associadas ao design e implementação de vários dispositivos IoT e aplicações inteligentes
(smart apps.), isto pode ser devido ao facto, em parte, de que alguns fabricantes e empresas
de desenvolvimento de dispositivos (especialmente startups) IoT e smart apps., recolham
o valor de negócio dos grandes mercados IoT, negligenciando assim a importância
da segurança, resultando em dispositivos IoT e smart apps. com carências e violações de
segurança da IoT nos últimos anos.
Esta tese aborda os desafios de segurança e privacidade que foram supra mencionados.
Visto que a Internet e os sistemas informáticos tradicionais são por vezes considerados inseguros,
os sistemas IoT tornam-se ainda mais inseguros, devido a restrições inerentes a tais dispositivos. Estas restrições são impostas devido ao custo, uma vez que se espera que
muitos dispositivos de ponta sejam de baixo custo e descartáveis, com recursos energéticos
limitados, bem como limitações na capacidade de armazenamento e computacionais,
e redes com perdas devido a um desempenho de hardware de qualidade inferior, quando
comparados com computadores convencionais. Uma das raízes do problema é o facto
de que muitos fabricantes, startups e empresas de desenvolvimento destes dispositivos e
smart apps não adiram ao conceito de segurança por construção, ou seja, logo na conceção,
não preveem a proteção da privacidade e segurança. Assim, alguns dos produtos e
dispositivos produzidos apresentam vulnerabilidades na segurança.
Nos últimos anos, hackers maliciosos têm explorado diferentes vulnerabilidades de segurança
nas infraestruturas da IoT, causando violações de dados e outros incidentes de
privacidade envolvendo dispositivos IoT e smart apps. Estes têm atraído uma atenção significativa
por parte das comunidades académica e industrial, que culminaram num grande
número de propostas apresentadas por investigadores científicos. Ainda que as abordagens
de pesquisa e os resultados variem entre os diferentes estudos, há um consenso e
pré-requisito fundamental para enfrentar os desafios de privacidade e segurança da IoT,
que buscam construir proteção de segurança e privacidade em dispositivos IoT e smart
apps. desde o fabrico. Para esta finalidade, esta tese investiga como produzir segurança
e privacidade destes sistemas desde a produção, e como principal objetivo, concentra-se
em fornecer soluções que possam promover a conceção e o desenvolvimento de dispositivos
IoT e smart apps., nomeadamente um conjunto de ferramentas chamado Consultor
de Segurança da Plataforma de Hardware da IoT (IoT-HarPSecA). Espera-se que o conjunto
de ferramentas forneça apoio a designers e programadores em startups durante a
conceção e implementação destes sistemas ou que facilite a integração de mecanismos de
segurança nos sistemas préexistentes.
De modo a alcançar o objetivo proposto, recorre-se à seguinte abordagem. A primeira fase
consiste num levantamento exaustivo de diferentes aspetos da segurança e privacidade na
IoT, incluindo requisitos de segurança na arquitetura da IoT e ameaças à sua segurança,
os seus domínios de aplicação e os ativos cibernéticos associados, a complexidade das
vulnerabilidades da IoT e ainda possíveis contramedidas relacionadas com a segurança e
privacidade. Evolui-se para uma breve visão geral das plataformas de desenvolvimento
de hardware da IoT. As fases seguintes consistem na identificação dos desafios e questões
associadas à IoT, que foram restringidos às questões de segurança e privacidade. As demais
etapas abordam o processo de pensamento de conceção (design thinking), design e
implementação e, finalmente, a avaliação do desempenho.
O IoT-HarPSecA é composto por três componentes principais: a Obtenção de Requisitos
de Segurança (SRE), Orientações de Melhores Práticas de Segurança (SBPG) e a recomendação
de Componentes de Algoritmos Criptográficos Leves (LWCAR) na implementação de software e hardware. O autor implementou uma ferramenta em linha de comandos
usando linguagem C++ que serve como interface entre os utilizadores e a IoT-HarPSecA.
Esta tese apresenta ainda uma descrição detalhada, desenho e implementação das componentes
SRE, SBPG, e LWCAR. Apresenta ainda cenários práticos do mundo real que
demostram como o IoT-HarPSecA pode ser utilizado para elicitar requisitos de segurança,
gerar boas práticas de segurança (em termos de recomendações de implementação) e recomendar
algoritmos criptográficos leves apropriados com base no contributo dos utilizadores.
De igual forma, apresenta-se a avaliação do desempenho destes três componentes,
demonstrando que o IoT-HarPSecA pode servir como um roteiro para o desenvolvimento
seguro da IoT