pSHIELD<strong>System</strong> <strong>Architecture</strong> <strong>Design</strong>PU• components which can be reconfigured (i.e. FPGA) and interfaces that allows reconfiguration atsystem level (redundant power supply, node redundancy, spare node, etc.)• set of FPGA SPD core blocks• firmware that supports remote reconfiguration of BIOS, FPGA images, etc.• power supply monitoring and protection unit• monitoring devices that allow to control continuously the status of the node• programmable I/O and network interface• BMC embedded unit• MIL standard to ensure that the node is capable to work in critical environmental conditionsThe node hardware functionalities intend to support security, privacy and dependability. Thesefunctionalities are based on the capabilities and features offered by the hardware available on the PowerNode board. The functionalities include:• reconfigurablity functionalities for components, interfaces and firmware• functionalities for security monitoring (through a dedicated FPGA core logic)• cryptographic functionalities (through a dedicated core of the FPGA or using Intel AES-NItechnology)• functionalities to monitor continuously working parameters, performance and status of node• composability functionalities that allow to implement networks of Power Nodes, increasing faulttolerance, computing power, security and dependabilityThe network services are oriented to increase privacy and dependability. These services are intendedmainly to provide some Power Node hardware functionalities remotely. The network services include:• services for remote reconfiguration of BIOS and FPGA• SNMP services• services for remote self-test and performance monitoring• privacy and login management servicesThe node SPD services rely on the hardware capabilities and functionalities, on the network services andon the operating system, offering a set of more abstract services that can be used by the middleware andoverlay layers. The set of services includes:• FPGA and BIOS reconfiguration services• privacy and user control services• composability services• status and performance monitoring services;• services for the management of the topology of Power Nodes NetworkThe Power Node has been conceived to host entire parts of the pSHIELD middleware and of thepSHIELD overlay, in particular when the requirements in terms of computing power, hardwarecomposability and reliability are important. In this context, it acts as a computing and reasoning node,more than a data acquisition node. The middleware and overlay services that can be hosted depend onthe application context and the role of the parts themselves. From an operating system and applicationpoint of view the Power Node can be seen as a very powerful rugged personal computer therefore, anypart of the pSHIELD middleware and overlay that runs on a PC may run also on the Power Node.PUD2.3.2Issue 5 Page 34 of 122
pSHIELD<strong>System</strong> <strong>Architecture</strong> <strong>Design</strong>PU3.2.3 Cryptography TechnologiesThis section presents in a summarized way the most relevant cryptography technologies related termsand definitions used in pSHIELD project. It is divided in the following sections: attacks on cryptosystems,attacks on protocols, asymmetric and symmetric cryptography, message authentication codes and keymanagement.Elliptic curve cryptography (ECC) is becoming a powerful cryptographic scheme. Because of its efficiencyand security is a good alternative to cryptosystems, like RSA and DSA, not just in constrained devices,but also on powerful computers. ECC is very important in the field of low-resource devices such as smartcards and Radio Frequency Identification (RFID) devices because of the significant improvements interms of speed and memory compared to traditional cryptographic primitives (e.g. RSA). Memory is one ofthe most expensive resources in the design of embedded systems which encourages the use of ECC onsuch platforms. Security, implementation and performance of ECC applications on various mobile deviceshave been examined and it can be concluded that ECC is the most suitable PKC scheme for use in aconstrained environment.More and more electronic transactions for mobile devices are implemented on Internet or wirelessnetworks. In electronic transactions, remote client authentication in insecure channel is an importantissue. For example, when one client wants to login a remote server and access its services, such as onlineshopping and pay-TV, both the client and the server must authenticate the identity with each other forthe fair transaction.The remote client authentication can be implemented by the traditional public-key cryptography. Thecomputation ability and battery capacity of mobile devices are limited, so traditional PKC, in which thecomputation of modular exponentiation is needed, cannot be used in mobile devices. Elliptic curvecryptosystem (ECC), compared with other public-key cryptography, has significant advantages likesmaller key sizes, faster computations. Thus, ECC-based authentication protocols are more suitable formobile devices than other cryptosystem. However, like other public-key cryptography, ECC also needs apublic key infrastructure (PKI) to maintain the certificates for users’ public keys. When the number ofusers is increased, PKI needs a large storage space to store users’ public keys and certificates. Inaddition, users need additional computations to verify the other’s certificate in these protocols.A WSN is a wireless ad-hoc network consisting of resource-constrained sensoring devices (limited energysource, low communication bandwidth, small computational power) and one or more base stations. Thebase stations are more powerful and collect the data gathered by the sensor nodes so it can be analyzed.Routing is accomplished by the nodes themselves as any ad hoc network through hop-by-hop forwardingof data. Common WSN applications range from battlefield exploration and emergency rescue operationsto surveillance and environmental protection.Security and cryptography on WSNs meet several open problems even though several years of intenseresearch. Given the limited computational power and the resource-constrained nature of sensoringdevices, the deployment of cryptography in sensor networks is a difficult task. In D3.2 is presented theimplementations of elliptic curve cryptography in the tiny sensor nodes. <strong>Design</strong> goals for a sensor platformis to develop optimizations specifically:(i)(ii)(iii)the cost of memory addressing;the cost of memory instructions;the limited flexibility of bitwise shift instructions.D3.2 work presents efficient implementations for arithmetic of binary field algorithms such as squaring,multiplication, modular reduction and inversion at two different security levels. These implementationstake into account the characteristics of the target platform. The implementation of field multiplication andPUD2.3.2Issue 5 Page 35 of 122