Global ETD Search

1	Security concerns regarding connected embedded systems Mårdsjö, Jon January 2013 (has links) Embedded systems have been present in our daily lives for some time, but trends clearly show a rise in inter-connectivity in such devices. This presents promising new applications and possibilities, but also opens up a lot attack surface. Our goal in this thesis is to find out how you can develop such interconnected embedded systems in a way that guarantees the three major components of information security: Confidentialy, Integrity and Availability. The main focus of security is networked security. In this thesis, a dual approach is taken: investigate the development process of building secure systems, and perform such an implementation. The artifacts produced as byproducts, the software itself, deployment instructions and lessons learned are all presented. It is shown that the process used helps businesses find a somewhat deterministic approach to security, have a higher level of confidence, helps justify the costs that security work entails and helps in seeing security as a business decision. Embedded systems were also shown to present unforeseen obstacles, such as how the lack of a motherboard battery clashes with X.509. In the end, a discussion is made about how far the system can guarantee information security, what problems still exist and what could be done to mitigate them. Embedded security network security risk management untrusted domains interconnected systems Internet of Things (IoT). Computer Engineering Datorteknik
2	SCA-Resistant and High-Performance Embedded Cryptography Using Instruction Set Extensions and Multi-Core Processors Chen, Zhimin 28 July 2011 (has links) Nowadays, we use embedded electronic devices in almost every aspect of our daily lives. They represent our electronic identity; they store private information; they monitor health status; they do confidential communications, and so on. All these applications rely on cryptography and, therefore, present us a research objective: how to implement cryptography on embedded systems in a trustworthy and efficient manner. Implementing embedded cryptography faces two challenges - constrained resources and physical attacks. Due to low cost constraints and power budget constraints, embedded devices are not able to use high-end processors. They cannot run at extremely high frequencies either. Since most embedded devices are portable and deployed in the field, attackers are able to get physical access and to mount attacks as they want. For example, the power dissipation, electromagnetic radiation, and execution time of embedded cryptography enable Side-Channel Attacks (SCAs), which can break cryptographic implementations in a very short time with a quite low cost. In this dissertation, we propose solutions to efficient implementation of SCA-resistant and high-performance cryptographic software on embedded systems. These solutions make use of two state-of-the-art architectures of embedded processors: instruction set extensions and multi-core architectures. We show that, with proper processor micro-architecture design and suitable software programming, we are able to deliver SCA-resistant software which performs well in security, performance, and cost. In comparison, related solutions have either high hardware cost or poor performance or low attack resistance. Therefore, our solutions are more practical and see a promising future in commercial products. Another contribution of our research is the proper partitioning of the Montgomery multiplication over multi-core processors. Our solution is scalable over multiple cores, achieving almost linear speedup with a high tolerance to inter-core communication delays. We expect our contributions to serve as solid building blocks that support secure and high-performance embedded systems. / Ph. D. embedded systems embedded security virtual secure circuit cryptography pSHS side-channel attack parallel Montgomery multiplication
3	A Simplified Secure Programming Platform for Internet of Things Devices Yesilyurt, Halim Burak 29 June 2018 (has links) The emerging Internet of Things (IoT) revolution has introduced many useful applications that are utilized in our daily lives. Users can program these devices in order to develop their own IoT applications; however, the platforms and languages that are used during development are abounding, complicated, and time-consuming. The software solution provided in this thesis, PROVIZ+, is a secure sensor application development software suite that helps users create sophisticated and secure IoT applications with little software and hardware experience. Moreover, a simple and efficient domain-specific programming language, namely Panther language, was designed for IoT application development to unify existing programming languages. In addition to these contributions, PROVIZ+ supports a novel secure over-the-air programming framework, namely SOTA, using Bluetooth and WiFi as well as serial programming. In this thesis, we explain the features of PROVIZ+’s components, how these tools can help develop IoT applications, and SOTA. We also present the performance evaluations of PROVIZ+ and SOTA. Internet of Things IoT security bootloader embedded security IoT security Information Security OS and Networks Other Computer Engineering Software Engineering
4	Security Enhanced Firmware Update Procedures in Embedded Systems Abrahamsson, David January 2008 (has links) <p>Many embedded systems are complex, and it is often required that the firmware in these systems are updatable by the end-user. For economical and confidentiality reasons, it is important that these systems only accept firmware approved by the firmware producer.</p><p>This thesis work focuses on creating a security enhanced firmware update procedure that is suitable for use in embedded systems. The common elements of embedded systems are described and various candidate algorithms are compared as candidates for firmware verification. Patents are used as a base for the proposal of a security enhanced update procedure. We also use attack trees to perform a threat analysis on an update procedure.</p><p>The results are a threat analysis of a home office router and the proposal of an update procedure. The update procedure will only accept approved firmware and prevents reversion to old, vulnerable, firmware versions. The firmware verification is performed using the hash function SHA-224 and the digital signature algorithm RSA with a key length of 2048. The selection of algorithms and key lengths mitigates the threat of brute-force and cryptanalysis attacks on the verification algorithms and is believed to be secure through 2030.</p> Secure firmware update threat analysis embedded security embedded systems Säker uppdatering hotanalys säkerhet inbyggda system firmware mjukvara Information technology Informationsteknik
5	A Hands-on Modular Laboratory Environment to Foster Learning in Control System Security Deshmukh, Pallavi Prafulla 07 July 2016 (has links) Cyber-Physical Systems (CPSes) form the core of Industrial Control Systems (ICS) and critical infrastructures. These systems use computers to control and monitor physical processes in many critical industries including aviation, industrial automation, transportation, communications, waste treatment, and power systems. Increasingly, these systems are connected with corporate networks and the Internet, making them susceptible to risks similar to traditional computing systems experiencing cyber-attacks on a conventional IT network. Furthermore, recent attacks like the Stuxnet worm have demonstrated the weaknesses of CPS security, which has gained much attention in the research community to develop more effective security mechanisms. While this remains an important topic of research, often CPS security is not given much attention in undergraduate programs. There can be a significant disconnect between control system engineers with CPS engineering skills and network engineers with an IT background. This thesis describes hands-on courseware to help students bridge this gap. This courseware incorporates cyber-physical security concepts into effective learning modules that highlight real-world technical issues. A modular learning approach helps students understand CPS architectures and their vulnerabilities to cyber-attacks via experiential learning, and acquire practical skills through actively participating in the hands-on exercises. The ultimate goal of these lab modules is to show how an adversary would break into a conventional CPS system by exploiting various network protocols and security measures implemented in the system. A mock testbed environment is created using commercial-off-the-shelf hardware to address the unique aspects of a CPS, and serve as a cybersecurity trainer for students from control system or IT backgrounds. The modular nature of this courseware, which uses an economical and easily replicable hardware testbed, make this experience uniquely available as an adjunct to a conventional embedded system, control system design, or cybersecurity courses. To assess the impact of this courseware, an evaluation survey is developed to measure the understanding of the unique aspects of CPS security addressed. These modules leverage the existing academic subjects, help students understand the sequence of steps taken by adversaries, and serve to bridge theory and practice. / Master of Science cybersecurity trust embedded security modular education security lab hands-on learning embedded systems cyber-physical systems control systems
6	Security Enhanced Firmware Update Procedures in Embedded Systems Abrahamsson, David January 2008 (has links) Many embedded systems are complex, and it is often required that the firmware in these systems are updatable by the end-user. For economical and confidentiality reasons, it is important that these systems only accept firmware approved by the firmware producer. This thesis work focuses on creating a security enhanced firmware update procedure that is suitable for use in embedded systems. The common elements of embedded systems are described and various candidate algorithms are compared as candidates for firmware verification. Patents are used as a base for the proposal of a security enhanced update procedure. We also use attack trees to perform a threat analysis on an update procedure. The results are a threat analysis of a home office router and the proposal of an update procedure. The update procedure will only accept approved firmware and prevents reversion to old, vulnerable, firmware versions. The firmware verification is performed using the hash function SHA-224 and the digital signature algorithm RSA with a key length of 2048. The selection of algorithms and key lengths mitigates the threat of brute-force and cryptanalysis attacks on the verification algorithms and is believed to be secure through 2030. Secure firmware update threat analysis embedded security embedded systems Säker uppdatering hotanalys säkerhet inbyggda system firmware mjukvara Computer and Information Sciences Data- och informationsvetenskap
7	Nouvelles Contre-Mesures pour la Protection de Circuits Intégrés / New Protection Strategies for Integrated Circuits Cioranesco, Jean-Michel 18 December 2014 (has links) Les domaines d'application de la cryptographie embarquée sont très divers et se retrouvent au croisement de toutes les applications personnelles, avec un besoin évident de confidentialité des données et également de sécurité d'accès des moyens de paiement. Les attaques matérielles invasives ont fait de tous temps partie de l'environnement industriel. L'objectif de cette thèse est de proposer de nouvelles solutions pour protéger les circuits intégrés contre ces attaques physiques. La première partie décrit les notions d'attaques par canaux cachés, d'attaques invasives et de retro-conception. Plusieurs exemples de ces types d'attaques ont pu être mis en œuvre pendant le travail de recherche de cette thèse, ils sont présentés en détail dans cette partie. La deuxième partie est consacrée à des propositions de différentes contre-mesures pour contrer des attaques par canaux cachés ayant pour vecteur la consommation de courant. La troisième partie est dédiée à la protection contre les attaques invasives en utilisant divers types de boucliers et capteurs. Nous conclurons ce manuscrit de thèse par la proposition d'un bouclier actif cryptographique inviolable ayant pour but premier de contrer Je sondage, mais aussi celui de détecter l'injection de fautes et d'être immunisé contre les analyses par consommation de courant. / Embedded security applications are diverse and at the center of all personal embedded applications. They introduced an obvious need for data confidentiality and security in general. Invasive attacks on hardware have always been part of the industrial scene. The aim of this thesis is to propose new solutions in order to protect embedded circuits against some physical attacks described above. ln a first part of the manuscript, we detail the techniques used to achieve side-channel, invasive attacks and reverse engineering. I could implement several of these attacks during my thesis research, they will be detailed extensively. ln the second part we propose different hardware countermeasures against side-channel attacks. The third part is dedicated to protection strategies against invasive attacks using active shielding and we conclude this work by proposing an innovative cryptographic shield which is faulty and dpa resistant. Attaques par canaux cachés Attaques invasives Analyse par consommation de courant Circuit intégré Bouclier actif Émanations électromagnétiques Chiffrement sécurisé Sécurité embarquée Side-channel attacks Invasive attacks Differential power analysis Integrated circuit Active shield Embedded security Cryptography Fault attack 652.8
8	Secure Reprogramming of a Network Connected Device : Securing programmable logic controllers Tesfaye, Mussie January 2012 (has links) This is a master’s thesis project entitled “Secure reprogramming of network connected devices”. The thesis begins by providing some background information to enable the reader to understand the current vulnerabilities of network-connected devices, specifically with regard to cyber security and data integrity. Today supervisory control and data acquisition systems utilizing network connected programmable logic controllers are widely used in many industries and critical infrastructures. These network-attached devices have been under increasing attack for some time by malicious attackers (including in some cases possibly government supported efforts). This thesis evaluates currently available solutions to mitigate these attacks. Based upon this evaluation a new solution based on the Trusted Computing Group (TCG’s) Trusted Platform Modules (TPM) specification is proposed. This solution utilizes a lightweight version of TPM and TCG’s Reliable Computing Machine (RCM) to achieve the desired security. The security of the proposed solution is evaluated both theoretically and using a prototype. This evaluation shows that the proposed solution helps to a great extent to mitigate the previously observed vulnerabilities when reprogramming network connected devices. The main result of this thesis project is a secure way of reprogramming these network attached devices so that only a valid user can successfully reprogram the device and no one else can reprogram the device (either to return it to an earlier state, perhaps with a known attack vector, or even worse prevent a valid user from programming the device). / Avhandlingen börjar med att ge lite bakgrundsinformation för att läsaren att förstå de nuvarande sårbarheten i nätverksanslutna enheter, särskilt när det gäller IT-säkerhet och dataintegritet. Idag övervakande kontroll och datainsamlingssystem använder nätverksanslutna programmerbara styrsystem används allmänt i många branscher och kritisk infrastruktur. Dessa nätverk anslutna enheter har under ökande attacker under en tid av illvilliga angripare (inklusive i vissa fall eventuellt regeringen stöds insatser). Denna avhandling utvärderar för närvarande tillgängliga lösningar för att minska dessa attacker. Baserat på denna utvärdering en ny lösning baserad på Trusted Computing Group (TCG) Trusted Platform Modules (TPM) specifikation föreslås. Denna lösning använder en lätt version av TPM och TCG:s pålitliga dator (RCM) för att uppnå önskad säkerhet. Säkerheten i den föreslagna lösningen utvärderas både teoretiskt och med hjälp av en prototyp. Utvärderingen visar att den föreslagna lösningen bidrar i stor utsträckning för att minska de tidigare observerade sårbarheter när omprogrammering nätverksanslutna enheter. Huvudresultatet av denna avhandling projektet är ett säkert sätt omprogrammering dessa nätverksanslutna enheter så att endast ett giltigt användarnamn framgångsrikt kan omprogrammera enheten och ingen annan kan programmera enheten (antingen att återställa den till ett tidigare tillstånd, kanske med en känd attack vector, eller ännu värre förhindra en giltig användare från programmering av enheten). SCADA PLC SCADA security SCADA networks PLC security Trusted computing TCM TPM Embedded security Digital security SCADA PLC SCADA säkerhet SCADA-nätverk PLC säkerhet pålitlig datoranvändning TCM TPM inbäddad säkerhetlösningar datasäkerhet Communication Systems Kommunikationssystem

Search results