Remote attestation mechanism for embedded devices based on physical unclonable functions

Remote attestation mechanisms are well studied in the high-end computing environments; however, the same is not true for embedded devices-especially for smart cards. With ever changing landscape of smart card technology and advancements towards a true multi-application platform, verifying the current state of the smart card is significant to the overall security of such proposals. The initiatives proposed by GlobalPlatform Consumer Centric Model (GP-CCM) and User Centric Smart Card Ownership Model (UCOM) enables a user to download any application as she desire-depending upon the authorisation of the application provider. Before an application provider issues an application to a smart card, verifying the current state of the smart card is crucial to the security of the respective application. In this paper, we analyse the rationale behind the remote attestation mechanism for smart cards, and the fundamental features that such a mechanism should possess. We also study the applicability of Physical Unclonable Functions (PUFs) for the remote attestation mechanism and propose two algorithms to achieve the stated features of remote attestation. The proposed algorithms are implemented in a test environment to evaluate their performance. © 2013 The authors and IOS Press. All rights reserved

Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Smart Ticket Protection: An Architecture for Cyber-Protecting Physical Tickets Using Digitally Signed Random Pattern Markers

In order to counter forgeries of tickets for public transport or mass events, a method to validate them, using printed unique random pattern markers was developed. These markers themselves are unforgeable by their physically random distribution. To assure their authenticity, however, they have to be cryptographically protected and equipped with an environment for successful validation, combining physical and cyber security protection. This paper describes an architecture for cryptographically protecting these markers, which are stored in Aztec codes on physical tickets, in order to assure that only an authorized printer can generate a valid Aztec code of such a pattern, thus providing forge protection in combination with the randomness and uniqueness of the pattern. Nevertheless, the choice of the signature algorithm is heavily constrained by the sizes of the pattern, ticket provider data, metadata and the signature confronted by the data volume the code hold. Therefore, this paper also defines an example for a signature layout for the proposed architecture. This allows for a lightweight ticket validation system that is both physically and cryptographically secured to form a smart solution for mass access verification for both shorter to longer periods at relatively low cost.Comment: 4 pages, 2 figure

Dynamic Selection of Symmetric Key Cryptographic Algorithms for Securing Data Based on Various Parameters

Most of the information is in the form of electronic data. A lot of electronic data exchanged takes place through computer applications. Therefore information exchange through these applications needs to be secure. Different cryptographic algorithms are usually used to address these security concerns. However, along with security there are other factors that need to be considered for practical implementation of different cryptographic algorithms like implementation cost and performance. This paper provides comparative analysis of time taken for encryption by seven symmetric key cryptographic algorithms (AES, DES, Triple DES, RC2, Skipjack, Blowfish and RC4) with variation of parameters like different data types, data density, data size and key sizes.Comment: 8 pages, 4 figures, Fifth International Conference on Communications Security & Information Assurance (CSIA 2014) May 24~25, 2014, Delhi, Indi