< Back to previous page
Project
STRES:Secure Techniques for Remote configuration of Embeded Systems (IWTTETRA08AT)
Embedded systems found their way into many domestic and industrial applications. This has led to specific challenges concerning after sales services and system upgradability. Thanks to the presence of broadband technology new opportunities have arisen to deal with the product life cycle more efficiently. For this reason three main principles are integrated in such systems: remote status checking, remote problem solving and remote upgradability. Some basic technologies already exist to implement these principles, e.g. M2M (Machine to Machine) communication modules, remote reconfiguration techniques for hardware (FPGAs) and software (microprocessors,...) and broadband network providers (broadband internet, WiFi, GPRS, UMTS,...).
There is however an important shortcoming concerning data confidentiality, data authenticity and authenticity of the entities (i.e. both the sender and receiver of the configuration or status data). To guarantee a minimal security level, a protected communication protocol becomes necessary. For this reason some (architectural) implementation premises must be foreseen on the sender and receiver side of the data. This can be provided by specific cryptographic modules.
Some FPGA manufacturers anticipated on this problem recently by providing on-chip cryptographic hardware and the possibility to send encrypted configurations over the internet to the FPGA. This however solves only part of the problem. The security of an embedded system is not fully covered by ensuring the confidentiality of the configuration data. For example, the integrity of the configuration data and authenticity of the sender can not be guaranteed by simply encrypting data.
It is important that techniques for remote configuration are sufficiently reliable and have a low integration cost. In this project we try to combine these two challenges. Therefore, compact cryptographic modules will be designed for embedded systems consisting of FPGAs and microprocessors. Furthermore, a generic test board will be developed to evaluate the behaviour of these modules. In the final phase of the project, a test case embedded system with secure reconfiguration facilities will be built based on the input of the user committee of the project. Remote configuration will be controlled from a central reconfiguration unit.
There is however an important shortcoming concerning data confidentiality, data authenticity and authenticity of the entities (i.e. both the sender and receiver of the configuration or status data). To guarantee a minimal security level, a protected communication protocol becomes necessary. For this reason some (architectural) implementation premises must be foreseen on the sender and receiver side of the data. This can be provided by specific cryptographic modules.
Some FPGA manufacturers anticipated on this problem recently by providing on-chip cryptographic hardware and the possibility to send encrypted configurations over the internet to the FPGA. This however solves only part of the problem. The security of an embedded system is not fully covered by ensuring the confidentiality of the configuration data. For example, the integrity of the configuration data and authenticity of the sender can not be guaranteed by simply encrypting data.
It is important that techniques for remote configuration are sufficiently reliable and have a low integration cost. In this project we try to combine these two challenges. Therefore, compact cryptographic modules will be designed for embedded systems consisting of FPGAs and microprocessors. Furthermore, a generic test board will be developed to evaluate the behaviour of these modules. In the final phase of the project, a test case embedded system with secure reconfiguration facilities will be built based on the input of the user committee of the project. Remote configuration will be controlled from a central reconfiguration unit.
Date:1 Dec 2008 → 30 Nov 2010
Keywords:industrial sciences
Disciplines:Civil and building engineering