Network Security for Embedded Systems

Lessner, Dirk

Unknown Date

It is widely recognised that security is a concern in the design of a wide range of embedded systems. However, security for embedded systems remains an unsolved problem, which could create greater challenges in the future than security for mainstream computers today. The promise of universal connectivity for embedded systems creates increased possibilities for malicious users to gain unauthorised access to sensitive information. All modern security protocols use private-key and public-key algorithms. This thesis investigates three important cryptography algorithms (RC4, AES, and RSA) and their relevance to networked embedded systems. Limitations in processing power, battery life, communication bandwidth, memory and costs constrain the applicability of existing cryptography standards for small embedded devices. A mismatch between wide arithmetic for security (32 bit word operations) and embedded data bus widths (often only 8 or 16 bits) combined with a lack of certain operations (e. g., multi precision arithmetic) highlight a gap in the domain of networked embedded systems security. The aim of this thesis is to find feasible security solutions for networked embedded system applications. The above mentioned cryptography algorithms have been ported to three hardware platforms (Rabbit RCM3000, Xilinx Virtex 4 FPGA with MicroBlaze softcore, and a Linux desktop machine) in order to simulate several real world scenarios. Three applications – bidirectional transmission with encryption and decryption for various payload length, unidirectional transmission with very short payload, and encrypted data streaming – were developed to meet the simulation requirements. Several timing results were collected and used for calculating the achieved throughput. The Rabbit hardware platform, which represents the lower end in this thesis, was able to perform the RC4 crypto algorithm with a throughput of about 155 kbit/s. Thus the RC4 crypto algorithm was proven to outperform the AES crypto algorithm by a factor of 5, with AES achieving a throughput of about 32 kbit/s with the same hardware platform. The throughput was similar with the streaming application and UDP data transport. Without performing a cryto algorithm, the streaming application was able to process up to 1.5 Mbit/s. RSA was not implemented on the Rabbit hardware platform. The MicroBlaze hardware platform outperformed the Rabbit system by a factor of 5 – 10. It reached a throughput up to 1.5 Mbit/s with RC4 and up to 130 kbit/s with AES. The RSA algorithm reached up to 0.8 kbit/s on this hardware platform, showing that public-key ciphers are only suitable for short payload data, such as the exchange of a session key. The Linux machine was included in this test only to provide a reference to a non embedded system. The Linux performance was better than the MicroBlaze system by a factor of between 67 – 770, and better than the Rabbit platform by a factor of between 645 – 3125. Both the RC4 and the AES crypto algorithm reached a throughput of up to 100 Mbit/s on the Linux machine, with a throughput of up to 130 kbit/s reached with RSA. Hence, the Rabbit platform combined with the RC4 algorithm is suitable, for example, for MP3 streams with up to 150 kbit/s. The Rabbit platform with the AES algorithm could be used for low quality audio streams, for example for speech announcements. If a higher throughput is required, for example for video streams, the MicroBlaze could be an appropriate platform with throughput of up to 1.5 Mbit/s. Low cost embedded systems like Atmel AVR are not suitable for processing cipher algorithms developed in C. It is widely recommended that assembly language is used to develop such platforms.

Embedded Systems

Rabbit

MicroBlaze

Xilinx

FPGA

Cryptography

Cipher Algorithm

AES

RSA

RC4

Linux

C

C#

Assembly Language

.NET