Software Technology Maturation and Software Security

Software technology maturation, also referred to as technology transfer, is as difficult as it is rare, mostly because of the time scale involved. Software maturation is defined as the process of taking a piece of technology from conception to popularization. Frequently, software engineers and developers tend to oversimplify the problems of technology transfer. They attribute problems to management pressures that complicate the use of software-engineering practices. However, a good understanding of the processes and problems is necessary to effectively tackle the technology-transfer problem. Without that understanding, the transfer of inappropriate technology to an organization without the maturity to understand and absorb it is likely to do harm, rather than to bring benefits. This research aims to answer two research questions regarding the technology maturation. Namely, is Redwine and Riddle's "Software Technology Maturation" study the accepted and gold standard within the software engineering discipline for assessing the maturation of software technology? Secondly, can the software technology maturation study be applied to other areas of software technology? The purpose of this research is to answer these questions of interest which will serve as the basis for the second implementation; applying the Redwine and Riddle criteria to the comparatively young discipline of software security. The primary goal for the second implementation is to explore and extend the second research question and demonstrate the maturity phases for the field of software security

Improving the security of wireless sensor networks

With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) have become the main technology for the Internet of Things (IoT). We investigated the security of WSNs in an environmental monitoring system with the goal to improve the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our investigational environment. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect firmware in the MSP430 MCU chips. We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, we illustrate how an attacker can reverse engineer firmware and obtain copies of cryptographic keys. We contributed a solution to improve the BSL password and better protect firmware found in the MSP430 chips. The Secure-BSL software we contributed allows the randomization of the BSL password. Our solution increases the brute force time to decades. The impractical brute force time improves the security of firmware and prevents future reverse engineering tactics. In addition, our Secure-BSL software supports two-factor authentication that allows developers to specify a user-defined passphrase to further protect the MSP430 MCU. Our research serves as proof that any security implemented in a WSN environment is broken if an attacker has access to firmware found in sensor devices

Key Management and Secure Software Updates in Wireless Process Control Environments

Process control systems using wireless sensor nodes are large and complex environments built to last for a long time. Cryptographic keys are typically preloaded in the wireless nodes prior to deployment and used for the rest of their lifetime. To reduce the risk of successful cryptanalysis, new keys must be established (rekeying).We have designed a rekeying scheme that provides both backward and forward secrecy.Furthermore, since these nodes are used for extensive periods of time, there is a need to update the software on the nodes. Different types of sensors run different types and versions of software. We therefore establish group keys to update the software on groups of nodes. The software binary is split into fragments to construct a hash chain that is then signed by the network manager. The nodescan thus verify the authenticity and the integrity of the new software binary. We extend this protocol by encrypting the packets with the group key such that only the intended receivers can access the new software binary

Key Management and Secure Software Updates in Wireless Process Control Environments

Process control systems using wireless sensor nodes are large and complex environments built to last for a long time. Cryptographic keys are typically preloaded in the wireless nodes prior to deployment and used for the rest of their lifetime. To reduce the risk of successful cryptanalysis, new keys must be established (rekeying).We have designed a rekeying scheme that provides both backward and forward secrecy.Furthermore, since these nodes are used for extensive periods of time, there is a need to update the software on the nodes. Different types of sensors run different types and versions of software. We therefore establish group keys to update the software on groups of nodes. The software binary is split into fragments to construct a hash chain that is then signed by the network manager. The nodescan thus verify the authenticity and the integrity of the new software binary. We extend this protocol by encrypting the packets with the group key such that only the intended receivers can access the new software binary