See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/278334337

Cryptographic In Embedded Systems

Article · June 2016

CITATIONS READS
0 192

1 author:

Bharat Kumar
Jagannath Institute for Technology and Management
1 PUBLICATION 0 CITATIONS

SEE PROFILE

All content following this page was uploaded by Bharat Kumar on 16 June 2015.

The user has requested enhancement of the downloaded file.

Cryptographic In Embedded Systems

Mr. Bharat Kumar Pattnaik ,

Project Executive, Centurion University of Technology and management, Odisha, India ,
Email : [email protected]


Abstract— Unauthorized attackers are able to take
control of the data stream and monitor or listen to the
communication between two parties. From this it follows
that integration of methodical measure of safety are
required. The growing number of instances of breaches Figure 1 : active attack and passive attack
in information security in the last few years has created a
compelling case for efforts towards secure electronic With the evolution of the Internet, information and
systems. Embedded systems, which will be ubiquitously communications security has gained significant attention. For
used to capture, store, manipulate, and access data of a example, various security protocols and standards such as
sensitive nature, pose several unique and interesting IPSec, SSL, WEP, and WTLS, are used for secure
security challenges. Security has been the subject of communications in embedded systems. While security protocols
intensive research in the areas of cryptography, and the cryptographic algorithms they contain address security
computing, and networking. security is often mis- considerations from a functional perspective, many embedded
construed by designers as the hardware or software systems are constrained by the environments they operate in,
implementation of specific cryptographic algorithms and and by the resources they possess. For such systems, there are
security protocols. In reality, it is an entirely new metric several factors that are moving security considerations from a
that designers should consider throughout the design function-centric perspective into a system architecture
process, along with other metrics such as cost, (hardware/software) design issue.
performance, and power.
I. EMBEDDED SYSTEM SECURITY REQUIREMENT
1. INTRODUCTION
Embedded systems often provide critical functions that could be
Today, security in one form or another is a requirement for an sabotaged by malicious parties. When they send or receive
increasing number of embedded systems, ranging from sensitive or critical information using public networks or
lowend systems such as PDAs, wireless handsets, networked communications channels accessible to potential attackers, they
sensors, and smart cards to mid- and high-end network should ideally provide basic security functions such as data
equipment such as routers, gateways, firewalls, storage and confidentiality, data integrity, and user authentication. Data
web servers. Technological advances that have spurred the confidentiality protects sensitive information from undesired
development of these electronic systems have also ushered eavesdroppers. Data integrity ensures that the information has
in seemingly parallel trends in the sophistication of security not been changed illegitimately. User authentication verifies
attacks. It has been observed that the cost of insecurity in that the information is sent and received by appropriate parties
electronic systems can be very high. For a long time rather than masqueraders. These are basic security functions are
technology is integrated into our environment. often collectively termed secure communications and are
Microprocessors are the main part of electronic devices and required of many embedded systems used in medical, sensing,
equip them with crucial intelligence. Solutions to complex automotive, financial, military and many other applications.
problems in communication technology can be realized with Since the mandate of embedded system security often requires
the help of embedded systems, which are integrated in a protecting sensitive information (code or data) throughout its
technical concept and have a fixed miniaturization, mobility lifetime, secure storage and content security become crucial.
and networking are essential IT trends in recent years. For Secure storage involves securing code or data in all system
this reason security requirements have been increased storage devices, external or internal to the system in question.
correspondingly, so that common concepts are no longer Content security protects the rights of the digital content used in
sufficient. The networking of embedded systems constitutes the system, and this issue is actively pursued by several content
an unsecured interaction or unsaved data exchange using providers. In addition to secure communications, other security
various communication channels. Especially wireless requirements have also been mentioned in the context of several
communication is particularly endangered and provides a embedded systems. Fig 1 shows some of these requirements
unique opportunity for active or passive attacks. Figure 1 from the perspective of an end-user. Very often, access to the
illustrates a passive and active attack where malicious user embedded system should be restricted to a selected set of
Mike eavesdrops on or manipulate the communication authorized users (user identification), while access to a network
between Alice and Bob. These activities are also known as or a service has to be provided only if the
man-in-the-middle attack.
device is authorized (secure network access). In several
scenarios, one can expect malicious entities preventing an
embedded system from performing the functions it is
supposed to, resulting in a degradation of performance,
quality of service, etc.

Figure 2 : Functional chart of Stream cipher

The block ciphers divides processing plaintext in blocks M1,

M2, M3 with typical size of 64 Bits and encrypts it
individually. An efficient solution for incomplete blocks at
the end of messages is the padding using regular bit pattern.
Block algorithms can operate in different modes. A
cryptographic mode combines encryption with a feedback
and other mathematical operations.

Algorithm Block [bit] Secret Key

[bit]
DES 64 56
Figure 1.1 – Security Requirements of embedded system
from end users 3DES 64 112, 168
Finally, an undercurrent behind many of these embedded AES (Rijndael) 128, 192, 256 128, 192, 256
system security requirements is that we would like the
requirements to be met even when the device is physically or IDEA 64 128
logically probed by malicious sentities. We refer to the
property of the device being “secure” in the face of these Blowfish 64 32 . . . 448
threats as tamper resistance. Twofish 128 128, 192, 256
CAST 64 40 . . . 128
2. ENCRYPTION USING EMBEDDED SYSTEMS
FEAL 64 64,13
A. Embedded Systems
RC4 Stream cipher Up to 2048
An embedded system is a computer system with various
dedicated functions designed for integration as part of a SEAL Stream cipher 160
complete device. Compared to the traditional general-
purpose computer these systems are developed to control Figure 3: Overview of stream and block ciphers
physical processes instead of visual interaction with its
users. Furthermore, most embedded systems must react in 3. FUNCTIONAL SECURITY MEASURES
real time to handle important modifications and to perform
 Symmetric ciphers require the sender to use a
timely significant operations. The most commonly used
secret key to encrypt data (the data being
programming language in embedded systems is C. This is
encrypted is often referred to as plaintext) and
why many microprocessor manufacturers offer a C compiler
transmit the encrypted data (usually called the
for their products. Compactness, clarity and reusability of
ciphertext) to the receiver. On receiving the
source code are major criteria for the software development
ciphertext, the receiver then uses the same secret
in C.
key to decrypt it and regenerate the plaintext. The
B. Private Key Cryptography ciphertext should have the property that it is very
hard for a third party to deduce the plaintext,
The private key cryptography is based on encryption E(M,K)
without having access to the secret key. Thus,
= C and decryption D(C,K) = M using shared secret key K.
All symmetric encryption methods are divided into block confidentiality or privacy of data is ensured
and stream ciphers. Stream ciphers, which are illustrated in during transmission. Examples of symmetric
Figure 2, encrypt always a bit or a byte of the plaintext. For ciphers include DES, 3DES, AES, and RC4.
the encryption a cipher key stream is generated and has the Most symmetric ciphers are constructed from
same length as the plaintext. Due to the mode of operation, computationally light-weight operations such as
stream ciphers encrypt always different bits or bytes for the permutations, substitutions, etc.

same plaintext character.  Hashing algorithms such as MD5 and SHA
convert arbitrary messages into unique fixed-
length values, thereby providing unique
“thumbprints” for messages. Hash functions are (NBS), now National Institute of Standards and Technology
often used to construct Message Authentication (NIST). The basic idea of standardization was the creation of
Codes (MACs), such as HMAC-SHA, which unified and secure cryptographic techniques for storage or
additionally incorporate a key to prevent transmission of information in private and commercial
adversaries who tamper with data from avoiding sectors.The algorithm was developed by IBM and investigated
detection by recomputing hashes. for possible vulnerabilities with support from NSA. Due to the
 Asymmetric algorithms (also called public key efficient implementation and a high degree of security DES has
algorithms), on the other hand, typically use a been standardized. Safety of DES is strongly affected by the
private (secret) key for decryption, and a related short key length. This main weakness allows a successful brute
public (non- secret) key for encryption force attack. Data encryption standard is based on the Feistel
Encryption requires only the public key, which is cipher and encrypts 64-bit blocks using a 56-bit long secret key.
not sufficient for decryption. Digital signatures This cryptographic technique begins encryption and decryption
are also constructed using public key with an initial permutation IP. Each input block Mi is divided
cryptography and hashes. Asymmetric algorithms into a left Li and right part Ri and is processed in sixteen
(e.g., RSA, Diffie-Hellman, etc.) rely on the use rounds. Each round uses a specially calculated round key Ki
of more computationally intensive mathematical and contains various operations such as permutation and
functions such as modular exponentiation for
substitution, which are described in detail in. Inverse initial
encryption and decryption. Therefore, they are
often used for security functions complementary permutation IP-1 follows at the end of all procedures. For
to secure bulk data transfers such as exchanging implementation of this algorithm the source code from was
symmetric cipher keys. used.

 Secure communication protocols (popularly
called security protocols) provide ways of B. AES ( Advanced Encryption Standard)
ensuring secure communication channels to and National Institute of Standards and Technology started a
from the embedded system. IP Security and SSL competition for development of the Advanced Encryption
are popular examples of security protocols, Standard (AES) in 1997. The main goal was to develop a
widely used for Virtual Private Networks (VPNs) royalty-free cryptographic technique for public authorities and
and secure web transactions, respectively.
 private sector. In the case of AES-128 there are no known
 Secure storage and secure execution require that approaches for an attack, which are faster then the complexity
the architecture of the system be tailored for of 2128 The Advanced Encryption Standard or Rijndael
security considerations. Simple examples include algorithm can be used with a variable block and key length. In
the use of bus monitor logic to block illegal AES, 128-bit long secret keys and blocks. In the first step a
accesses to protected areas in the memory, message M is divided into several blocks m1, m2 ... mn. First
authentication of firmware that executes on the block is linked by XOR with the first round key and is
system, application isolation to preserve the
processed in 10 rounds using The Advanced Encryption
privacy and integrity of code and data associated
Standard or Rijndael algorithm can be used with a variable
with a given application or a process, HW/SW
block and key length. According to (NIST 2001) we use in this
techniques to preserve the privacy and integrity
of data throughout the memory hierarchy, investigation 128-bit long secret keys and blocks. In the first
execution of encrypted code in processors to step a message M is divided into several blocks m1, m2
prevent bus probing etc. ... mn. First block is linked by XOR with the first round key
and is processed in 10 rounds using different operations like
4. DESIGNINGSECUREEMBEDDEDSYSTEMSubstitution, Permutation, Diffusion and Key generation
IMPLEMENTATIONS Decryption of AES uses the same key-schedule for the round
Various attacks on electronic and computing systems have keys and is realized with inverse function of encryption,
shown that hackers rarely take on the theoretical strength of which needs longer processing time due to high complexity.
well-designed functional security measures or cryptographic
algorithms. Instead, they rely on exploiting security C. RC4 (Ron’s Code 4)
vulnerabilities in the SW or HW components of the The RC4 algorithm was developed by Ron Rivest for RSA
implementation. In this section, we will see that unless Data Security Inc. in 1987. After seven years of secrecy the
security is considered throughout the design cycle, source code was published anonymously. From that time on,
embedded system implementation weaknesses can easily be this cryptographic technique was discussed and examined by
exploited to bypass or weaken functional security measures. cryptanalysts. RC4 uses a variable length of the secret key (up
to 2048 bits) and operates on a 16 * 16 large state field. Firstly,
4.1. SELECTION AND IMPLEMENTATION OF the S-box is linearly initialized from S0 = 0 to S255 = 255. In
ALGORITHMS
the second, unsigned char K-Box is filled with the secret key,
which will be repeated if necessary. Because of the length up to
A. DES (Data Encryption Standard definition.)
2048 bits, an brute-force attack can not be realized with an
The Data Encryption Standard (DES) was founded and reasonable effort. According to RSA Data Security Inc. this
standardized in 1977 by the National Bureau of Standards
algorithm is immune to differential and
linear cryptanalysis. It must be pointed out that strong Security is an emergent property of a software system. This
reduction of the secret key can make RC4 algorithm unsafe. is a subtle point often lost on development people who tend
to focus on functionality. there are security functions in the
4.2. EMBEDDED SOFTWARE ATTACKS AND world, and most modern software includes security features,
COUNTERMEASURES but adding features such as SSL (for cryptographically
There are Three factors, which we call the Trinity of protecting communications) does not present a complete
Trouble— complexity, extensibility and connectivity. solution to the security problem.
 Complexity: Software is complicated, and will become
6. PHYSICAL ATTACKS
even more complicated in the near future. The
equation is simple. more lines of code equals more For an embedded system on a circuit board, physical attacks
bugs. As embedded systems converge with the can be launched by using probes to eavesdrop on inter-
Internet and more code is added, they are clearly component communications. The first step in such attacks is
becoming more complex. The complexity problem is de-packaging. De-packaging typically involves removal of the
exacerbated by the use of unsafe programming chip package by dissolving the resin covering the silicon using
languages (e.g., C or C++) that do not protect against fuming acid. The next step involves layout reconstruction
simple kinds of attacks, such as buffer overflows. using a systematic combination of microscopy and invasive
 removal of covering layers. During layout reconstruction, the
 Extensibility: Modern software systems, such as
internals of the chip can be inferred at various granularities.
Java and .NET, are built to be extended. An
While higher-level architectural structures within the chip such
extensible host accepts updates or extensions
as data and address buses, memory and processor boundaries,
(mobile code) to incrementally evolve system
etc., can be extracted with little effort, detailed views of lower-
functionality. Today’s operating systems support
level structures such as the instruction decoder and ALU in a
extensibility through dynamically loadable device
drivers and modules. Advanced embedded systems processor, ROM ells, etc., can also be obtained. Physical
are designed to be extensible (e.g., J2ME, Java attacks at the chip level are relatively hard to use because of
Card, and so on). their expensive infrastructure requirements (relative to other
 attacks). However, they can be performed once and then used
 Connectivity: More and more embedded systems as precursors to the design of successful non-invasive
are being connected to the Internet. The high degree
of connectivity makes it possible for small failures
to propagate and cause massive security breaches. 7. DESIGN METHODOLOGY AND TOOL
Embedded systems with Internet connectivity will REQUIREMENTS
only make this problem grow. An attacker no
longer needs physical access to a system to launch a Compared to an embedded system’s functionality and
automated attacks to exploit vulnerable software. other design metrics (e.g., area, performance, power),
The ubiquity of networking means that there are security is currently specified by system architects in a
more attacks, more embedded software systems to vague and imprecise manner. Security experts are often the
attack and greater risks from poor software security only people in a design team who have a complete
practice. understanding of the security requirements. This is a
problem, since different aspects of the embedded system
design process can impact security. Hence, design
methodologies for secure embedded systems will have to
start with techniques to specify security requirements in a
way that can be easily communicated to the design team, and
evaluated throughout the design cycle. Any attempt to
specify security requirements needs to address the ”level” of
security desired, e.g., what level of tamper resistance should
be incorporated in the system. Security standards, such as
the FIPS security requirements for cryptographic modules
and the Common Criteria for information technology
security evaluation could provide some initial guidelines in
this direction, although they tend to be quite cumbersome
and difficult to understand for the average designer. During
embedded system architecture design, techniques to map
security requirements to alternative solutions, and to explore
5. SECURING AGAINST SW ATTACKS the attendant tradeoffs in terms of cost, performance, and
Central and critical aspect of the computer security problem power consumption, would be invaluable in helping
is a software problem. Software defects with security embedded system architects understanding and making
ramifications. malicious intruders can hack into systems by better design choices. For example, system architects would
exploiting software defects. Moreover, Internet enabled like to understand the performance and power impact of the
software applications present the most common security risk the processing architecture used to perform security
encountered today, with software’s ever-expanding complexity processing, and the tamper-resistance schemes used.
and extensibility adding further fuel to the fire.
8. CONCLUSION
Today, secure embedded system design remains a field in
its infancy in terms of pervasive deployment and research.
Although historically, various security issues have been
investigated in the context of network security and
cryptography, the challenges imposed by the process of
securing emerging environments or networks of embedded
systems compel us to take a fresh look at the problem.

9. REFERENCES

[1] B. Schneier, Applied Cryptography: Protocols,

Algorithms and Source Code in
C. John Wiley and Sons, 1996.
[2] IPSec Working Group.
http://www.ietf.org/html.charters/ipsec-charter.html.
[3] SSL 3.0 Specification.
http://wp.netscape.com/eng/ssl3/.
[4] Biometrics and Network Security. Prentice Hall
PTR, 2003.
[5] OpenIPMP. http://www.openipmp.org.
[6] Moving Picture Experts Group.
http://mpeg.telecomitalialab.com.
[7] Internet Streaming Media Alliance.
http:/www.isma.tv/home.
[8] MPEG Open Security for Embedded Systems
(MOSES).
http://www.crl.co.uk/projects/moses/.
[9] Discretix Technologies Ltd.
(http://www.discretix.com).
[10] D. Lie, C. A. Thekkath, M. Mitchell, P. Lincoln,
D. Boneh, J. C. Mitchell, and M. Horowitz,
“Architectural support for copy and tamper resistant
software,” in Proc. ACM Architectural Support for
Programming Languages and Operating Systems
(ASPLOS), pp. 168–177, 2000.

View publication stats