34,010 research outputs found
Securing Real-Time Internet-of-Things
Modern embedded and cyber-physical systems are ubiquitous. A large number of
critical cyber-physical systems have real-time requirements (e.g., avionics,
automobiles, power grids, manufacturing systems, industrial control systems,
etc.). Recent developments and new functionality requires real-time embedded
devices to be connected to the Internet. This gives rise to the real-time
Internet-of-things (RT-IoT) that promises a better user experience through
stronger connectivity and efficient use of next-generation embedded devices.
However RT- IoT are also increasingly becoming targets for cyber-attacks which
is exacerbated by this increased connectivity. This paper gives an introduction
to RT-IoT systems, an outlook of current approaches and possible research
challenges towards secure RT- IoT frameworks
FPGA based remote code integrity verification of programs in distributed embedded systems
The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems
Satellite Navigation for the Age of Autonomy
Global Navigation Satellite Systems (GNSS) brought navigation to the masses.
Coupled with smartphones, the blue dot in the palm of our hands has forever
changed the way we interact with the world. Looking forward, cyber-physical
systems such as self-driving cars and aerial mobility are pushing the limits of
what localization technologies including GNSS can provide. This autonomous
revolution requires a solution that supports safety-critical operation,
centimeter positioning, and cyber-security for millions of users. To meet these
demands, we propose a navigation service from Low Earth Orbiting (LEO)
satellites which deliver precision in-part through faster motion, higher power
signals for added robustness to interference, constellation autonomous
integrity monitoring for integrity, and encryption / authentication for
resistance to spoofing attacks. This paradigm is enabled by the 'New Space'
movement, where highly capable satellites and components are now built on
assembly lines and launch costs have decreased by more than tenfold. Such a
ubiquitous positioning service enables a consistent and secure standard where
trustworthy information can be validated and shared, extending the electronic
horizon from sensor line of sight to an entire city. This enables the
situational awareness needed for true safe operation to support autonomy at
scale.Comment: 11 pages, 8 figures, 2020 IEEE/ION Position, Location and Navigation
Symposium (PLANS
Why We Cannot (Yet) Ensure the Cybersecurity of Safety-Critical Systems
There is a growing threat to the cyber-security of safety-critical systems.
The introduction of Commercial Off The Shelf (COTS) software, including
Linux, specialist VOIP applications and Satellite Based Augmentation Systems
across the aviation, maritime, rail and power-generation infrastructures has created
common, vulnerabilities. In consequence, more people now possess the technical
skills required to identify and exploit vulnerabilities in safety-critical systems.
Arguably for the first time there is the potential for cross-modal attacks
leading to future ‘cyber storms’. This situation is compounded by the failure of
public-private partnerships to establish the cyber-security of safety critical applications.
The fiscal crisis has prevented governments from attracting and retaining
competent regulators at the intersection of safety and cyber-security. In particular,
we argue that superficial similarities between safety and security have led
to security policies that cannot be implemented in safety-critical systems. Existing
office-based security standards, such as the ISO27k series, cannot easily be integrated
with standards such as IEC61508 or ISO26262. Hybrid standards such as
IEC 62443 lack credible validation. There is an urgent need to move beyond
high-level policies and address the more detailed engineering challenges that
threaten the cyber-security of safety-critical systems. In particular, we consider
the ways in which cyber-security concerns undermine traditional forms of safety
engineering, for example by invalidating conventional forms of risk assessment.
We also summarise the ways in which safety concerns frustrate the deployment of
conventional mechanisms for cyber-security, including intrusion detection systems
- …