pSHIELD<strong>System</strong> <strong>Architecture</strong> <strong>Design</strong>PU4 SPD Considerations4.1 Fundamental Concepts4.1.1 Security and Privacy4.1.1.1 Concepts4.1.1.1.1 Cryptographic primitivesIn the context of systems and network security, the basic functional security primitives that have beenproposed and implemented are the various cryptographic algorithms that are to be used for data andcommunications encryption and decryption as well as data integrity. The three basic classes ofcryptographic primitives are symmetric ciphers, asymmetric ciphers and hashing algorithms.Symmetric ciphers perform the encryption and decryption operations using the same key that is to beshared among the sender and receiver of the message in hand. They are used mainly to ensure dataconfidentiality and are divided in two basic classes; block ciphers and stream ciphers. Block ciphers suchas AES, DES, 3DES, perform the cryptographic operations on similar sized blocks of data, while streamciphers such as RC4 operate on a bit by bit basis. On both cases, the cryptographic operations consist ofa sequence of mathematical computations such as permutations and substitutions performed on theoriginal or encrypted data.Asymmetric ciphers, or public-key algorithms, such as RSA, Diffie-Hellman, use different keys forencryption and decryption. Those keys are called public and private keys. They use computationallyintensive mathematical functions such as modular exponentiation and are used primarily for generatingand verifying digital signatures and certificates as well as exchanging the symmetric cipher keys. Due totheir computational complexity they are not usually used for encryption and decryption of the actualmessages, but as a means to providing a secure channel for symmetric key exchange.Hashing algorithms such as MD5 and SHA provide ways of mapping messages (with or without a key)into a fixed-length value, thereby providing “signatures” for messages. Thus, integrity checks can beperformed on communicated messages by (a) having the sender “securely sending” the actual hash valueof a message along with the message itself, (b) allowing the receiver to compute the hash value of thereceived message, and (c) comparing the two signatures to verify message integrity.4.1.1.1.2 Security MechanismsSecurity solutions to meet the various security requirements typically rely on the aforementionedcryptographic primitives or on security mechanisms that use a combination of these primitives in a specificmanner (e.g., security protocols). Various security technologies and mechanisms have been designedaround these cryptographic algorithms in order to provide specific security services.Security protocols provide ways of ensuring secure communication channels to and from the embeddedsystem. IPSec [IPSec] and SSL [SSL] are popular examples of security protocols, widely used for VirtualPrivate Networks (VPNs) and secure web transactions, respectively.Digital certificates provide ways of associating identity with an entity, while biometric technologies [Reid2003] such as fingerprint recognition and voice recognition aid in end-user authentication. Digitalsignatures, which function as the electronic equivalent of handwritten signatures, can be used toauthenticate the source of data as well as verify its identity.PUD2.3.2Issue 5 Page 48 of 122
pSHIELD<strong>System</strong> <strong>Architecture</strong> <strong>Design</strong>PUDigital Rights Management (DRM) protocols, such as OpenIPMP [OpenIPMP], MPEG [MPEG], ISMA[ISMA], and MOSES [MOSES], provide secure frameworks for protecting application content againstunauthorized use.Secure storage and secure execution require that the architecture of the system be tailored for securityconsiderations. Simple examples include the use of hardware to monitor bus transactions and block illegalaccesses to protected areas in the memory, authentication of firmware that executes on the system,application isolation to preserve the privacy and integrity of code and data associated with a givenapplication or process, HW/SW techniques to preserve the privacy and integrity of data throughout, thememory hierarchy, execution of encrypted code and so on.4.1.1.1.3 <strong>Design</strong> Challenges<strong>Design</strong>ers of a large and increasing number of embedded systems need to support various securitysolutions in order to deal with one or more of the security requirements described earlier. Theserequirements present significant bottlenecks during the embedded system design process.Processing Gap: Existing embedded system architectures are not capable of keeping up with thecomputational demands of security processing, due to increasing data rates and complexity of securityprotocols. These shortcomings are most felt in systems that need to process very high data rates or alarge number of transactions (e.g., network routers, firewalls, and web servers), and in systems withmodest processing and memory resources (e.g., PDAs, wireless handsets, and smartcards). In this paper,we will examine the two sides of the processing gap issue (requirements and availability) and studyvarious solutions proposed to address this mismatch.Battery Gap: The energy consumption overheads of supporting security on battery-constrainedembedded systems are very high. Slow growth rates in battery capacities (5–8% per year) are easilyoutpaced by the increasing energy requirements of security processing, leading to a battery gap. Variousstudies [Carman et al. 2000; Perrig et al. 2002; Potlapally et al. 2003] show that the widening battery gapwould require designers to make energy-aware design choices (such as optimized security protocols,custom security hardware, and so on) for security.Flexibility: An embedded system is often required to execute multiple and diverse security protocols andstandards in order to support (i) multiple security objectives (e.g., secure communications, DRM, and soon), (ii) interoperability in different environments (e.g., a handset that needs to work in both 3G cellularand wireless LAN environments) and (iii) security processing in different layers of the network protocolstack (e.g., a wireless LAN enabled PDA that needs to connect to a virtual private network, and supportsecure web browsing may need to execute WEP, IPSec, and SSL). Furthermore, with security protocolsbeing constantly targeted by hackers, it is not surprising that they keep continuously evolving. It is,therefore, desirable to allow the security architecture to be flexible (programmable) enough to adapt easilyto changing requirements. However, flexibility may also make it more difficult to gain assurance of adesign’s security.Tamper Resistance: Attacks due to malicious software such as viruses and trojan horses are the mostcommon threats to any embedded system that is capable of executing downloaded applications [Howardand LeBlanc 2002; Hoglund and McGraw 2004; Ravi et al. 2004]. These attacks can exploit vulnerabilitiesin the operating system (OS) or application software, procure access to system internals and disrupt itsnormal functioning. Because these attacks manipulate sensitive data or processes (integrity attacks),disclose confidential information (privacy attacks) and/or deny access to system resources (availabilityattacks), it is necessary to develop and deploy various HW/SW countermeasures against these attacks. Inmany embedded systems such as smartcards, new and sophisticated attack techniques, such as busprobing, timing analysis, fault induction, power analysis, electromagnetic analysis and so on, have beendemonstrated to be successful in easily breaking their security [Ravi et al. 2004; Anderson and Kuhn1996, 1997; Kommerling and Kuhn 1999; Rankl and Effing; Hess et al. 2000; Quisquater and SamydePUD2.3.2Issue 5 Page 49 of 122