Pages

Saturday, October 31, 2009

Security as a New Dimension in Embedded System Design

Security as a New Dimension in Embedded System Design

ABSTRACT

Today, security in one form or another is a requirement for an increasing number of embedded systems, ranging from low-end systems such as PDAs, wireless handsets,  networked sensors, and smart cards, to high-end systems such as routers, gateways, firewalls,  storage servers, and web servers. It has been observed that the cost of insecurity in  electronic systems can be very high. For example, it was estimated that the “I Love You” virus caused nearly one billion dollars in lost revenues worldwide. With an increasing proliferation of such attacks, it is not surprising that a large number of users in the mobile commerce world (nearly 52% of cell phone users and 47% of PDA users, according to a survey by Forrester Research) feel that security is the single largest concern preventing the successful deployment of next-generation mobile services.

With the evolution of the Internet, information and communications security has gained significant attention. For example, various security protocols and standards such as SSL, WEP, and WTLS, are used for secure communications. While security protocols and the cryptographic algorithms they contain address security considerations from a functional perspective, many embedded systems are constrained by the environments they operate in, and by the resources they possess. For such systems, there are several factors that are moving security considerations from a function centric perspective into a system architecture design issue. For example,

* An ever increasing range of attack techniques for breaking security such as software, physical and side-channel attacks require that the embedded system be secure even when it can be logically or physically accessed by malicious entities. Resistance to such attacks can be ensured only if built into the system architecture and implementation.
* The processing capabilities of many embedded systems are easily overwhelmed by the computational demands of security processing, leading to undesirable tradeoffs between security and cost, or security and performance.
* Embedded system architectures need to be flexible enough to support the rapid evolution of security mechanisms and standards.
* New security objectives, such as denial of service and digital content protection, require a higher degree of co-operation between security experts and embedded system architects.

This paper will introduce the embedded system designer to the importance of embedded system security, review evolving trends and standards, and illustrate how the security requirements translate into system design challenges. Emerging solutions to address these challenges through a combination of advanced embedded system architectures and design methodologies will be presented.

No comments:

Post a Comment