Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Modeling New Categories of CVC Investments

Security issues appearing in one or another form become a requirement for an increasing number of embedded systems. Those systems, which will be used to capture, store, manipulate, and access data with a sensitive nature, have posed several unique and urgent challenges. The challenges to those embedded system require new approaches to security covering all aspects of embedded system design from architecture, implementation to the methodology. However, security is always treated by embedded system designer as the addition of features, such as specific cryptographic algorithm or other security protocol. This paper is intended to draw both the SW and HW designer attention to treat the security issues as a new mainstream during the design of embedded system. We intend to show why hardware option issues have been taken into consideration and how those hardware mechanisms and key features of processor architecture could be implemented in the hardware level (through modification of processor architecture, for example) to deal with various potential attacks unique to embedded systems

High Speed Unified Field Crypto processor for Security Applications using Verilog

Traditional cryptographic algorithms are developed on a software platform and provides information security schemes. Also, some processors have performed one of the crypto algorithms (either prime field or binary extension field) on chip level with optimal performance. The objective is to design and implement both symmetric key and public key algorithms of a cryptographic on chip level and make better architecture with pleasing performance. Crypto-processor design, have been designed with unified field instructions to make different processor architecture and improve system performance. The proposed high speed Montgomery modular multiplication and high radix Montgomery multiplication algorithms for pairing computation supports the public key algorithm. This design has been developed using Verilog HDL’s and verified using ModelSim-Altera 6.4a, and it has synthesized with Xilinx 9.1 Integrated Synthesis Environment (ISE) tool

A unified architecture of MD5 and RIPEMD-160 hash algorithms

Hash algorithms are important components in many cryptographic applications and security protocol suites. In this paper, a unified architecture for MD5 and RIPEMD-160 hash algorithms is developed. These two algorithms are different in speed and security level. Therefore, a unified hardware design allows applications to switch from one algorithm to another based on different requirements. The architecture has been implemented using Altera's EPF10K50SBC356-1, providing a throughput over 200Mbits/s for MD5 and 80Mbits/s for RIPEMD-160 when operated at 26.66MHz with a resource utilization of 1964LC.published_or_final_versio

Implementing a protected zone in a reconfigurable processor for isolated execution of cryptographic algorithms

We design and realize a protected zone inside a reconfigurable and extensible embedded RISC processor for isolated execution of cryptographic algorithms. The protected zone is a collection of processor subsystems such as functional units optimized for high-speed execution of integer operations, a small amount of local memory, and general and special-purpose registers. We outline the principles for secure software implementation of cryptographic algorithms in a processor equipped with the protected zone. We also demonstrate the efficiency and effectiveness of the protected zone by implementing major cryptographic algorithms, namely RSA, elliptic curve cryptography, and AES in the protected zone. In terms of time efficiency, software implementations of these three cryptographic algorithms outperform equivalent software implementations on similar processors reported in the literature. The protected zone is designed in such a modular fashion that it can easily be integrated into any RISC processor; its area overhead is considerably moderate in the sense that it can be used in vast majority of embedded processors. The protected zone can also provide the necessary support to implement TPM functionality within the boundary of a processor

Memory-Based High-Level Synthesis Optimizations Security Exploration on the Power Side-Channel

High-level synthesis (HLS) allows hardware designers to think algorithmically and not worry about low-level, cycle-by-cycle details. This provides the ability to quickly explore the architectural design space and tradeoffs between resource utilization and performance. Unfortunately, security evaluation is not a standard part of the HLS design flow. In this article, we aim to understand the effects of memory-based HLS optimizations on power side-channel leakage. We use Xilinx Vivado HLS to develop different cryptographic cores, implement them on a Spartan-6 FPGA, and collect power traces. We evaluate the designs with respect to resource utilization, performance, and information leakage through power consumption. We have two important observations and contributions. First, the choice of resource optimization directive results in different levels of side-channel vulnerabilities. Second, the partitioning optimization directive can greatly compromise the hardware cryptographic system through power side-channel leakage due to the deployment of memory control logic. We describe an evaluation procedure for power side-channel leakage and use it to make best-effort recommendations about how to design more secure architectures in the cryptographic domain

Secure Vehicular Communication Systems: Implementation, Performance, and Research Challenges

Vehicular Communication (VC) systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. In [1] we discuss the design of a VC security system that has emerged as a result of the European SeVeCom project. In this second paper, we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from today's simple prototypes to full-fledged systems