; Hand this in to: ece849-staff+hw@ece.cmu.edu ;Required Readings @inproceedings{anderson94_cryptosystems_fail, author = "Ross Anderson", title = "Why cryptosystems fail", booktitle = "Proceedings of the 1st ACM conference on Computer and communications security", year = "1993", pages = "215--227", abstract = "Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government agencies, which are very secretive about their mistakes.In this article, we present the results of a survey of the failure modes of retail banking systems, which constitute the next largest application of cryptology. It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures. This suggests that a paradigm shift is overdue in computer security; we look at some of the alternatives, and see some signs that this shift may be getting under way.", url = "http://doi.acm.org/10.1145/168588.168615", studentname = "", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @inproceedings{kocher04_embedded_security, author = "Kocher, P.; R Lee, G McGraw, A Raghunathan, S Ravi", title = "Security as a New Dimension in Embedded System Design", inproceedings = "Proc. of 41st Design Automation Conference (DAC 2004)", year = "2004", abstract = "The growing number of instances of breaches in information security in the last few years has created a compelling case for efforts towards secure electronic systems. Embedded systems, which will be ubiquitously used to capture, store, manipulate, and access data of a sensitive nature, pose several unique and interesting security challenges. Security has been the subject of intensive research in the areas of cryptography, computing, and networking. However, despite these efforts, security is often mis-construed by designers as the hardware or software implementation of specific cryptographic algorithms and security protocols. In reality, it is an entirely new metric that designers should consider throughout the design process, along with other metrics such as cost, performance, and power..This paper is intended to introduce embedded system designers and design tool developers to the challenges involved in designing secure embedded systems. We attempt to provide a unified and holistic view of embedded system security by first analyzing the typical functional security requirements for embedded systems from an end-user perspective. We then identify the implied challenges for embedded system architects, as well as hardware and software designers (e.g., tamper-resistant embedded system design, processing requirements for security, impact of security on battery life for battery-powered systems, etc.). We also survey solution techniques to address these challenges, drawing from both current practice and emerging research, and identify open research problems that will require innovations in embedded system architecture and design methodologies. ", studentname = "", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @inproceedings{koopman05_deeply_networked_survivability, author = "Koopman, P., Morris, J. & Narasimhan, P.", title = "Challenges in Deeply Networked System Survivability", booktitle = "Nato Advanced Research Workshop On Security and Embedded Systems", year = "2005", abstract = "Deeply networked systems are formed when embedded computing systems gain connectivity to each other and to larger enterprise systems. New functionality also brings new survivability challenges, including security across the embedded/enterprise interface. Addressing the needs of deeply networked system survivability is an open challenge that will require new approaches beyond those used for enterprise systems. ", studentname = "", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @inproceedings{paar07_embedded_security_pervasive, author = "Christof Paar, Andre Weimerskirch", title = "Embedded security in a pervasive world", booktitle = "Information Security Technical Report Volume 12, Issue 3, 2007, Pages 155-161", year = "2007", abstract = "Embedded systems have become an integral part of our everyday life. Devices like vehicles, household appliances, and cell phones are already equipped with embedded microcontrollers. The networking of the myriads of embedded devices gives rise to the brave new world of pervasive computing. Pervasive computing offers enormous advantages and opportunities for users and businesses through new applications, increased comfort, and cost reduction. One often overlooked aspect of pervasive computing, however, are new security threats. This article describes security issues in current and future pervasive security scenarios, ranging from privacy threats and unreliable products to loss of revenue. We also highlight the opportunities, such as new business models, which are enabled through strong embedded security solutions. Current research issues are also summarized. As case studies, we introduce security aspects in future automotive systems and in ad-hoc networks.", studentname = "", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } ;Supplemental Readings @InProceedings{ parno05_vehicular_network_security, author = {Bryan Parno and Adrian Perrig}, title = {Challenges in Securing Vehicular Networks}, booktitle = {Fourth Workshop on Hot Topics in Networks (HotNets-IV)}, year = {1995}, address = {College Park, MD}, month = {Nov}, url = "http://sparrow.ece.cmu.edu/~parno/pubs/vehicles.pdf", studentname = "", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @article{bergstrom01_home_automation, author = "Peter Bergstrom, Kevin Driscoll, John Kimball", title = "Making Home Automation Communications Secure", journal = "Computer", year = "2001", pages = "50-56", url = "http://ieeexplore.ieee.org/iel5/2/20660/00955099.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @conference{wargo03_eEnabled_aircraft, author = "Wargo, C. & Dhas, C.", title = "Security Considerations for the e-Enabled Aircraft", inproceedings ="Aerospace Conference 2003", year = "2003", abstract = "Abstract The aviation industry continues to adopt Internet Protocol (IP) technology as the design basis for networking the functional domains both onboard and offboard commercial aircraft. The emerging network domains include connections to wireless networks reaching to ground-based services for Business Operations and Air Traffic Control. This increased IP connectivity to e-services is the beginning of the air commerce web. Realizing the benefits of these eservices will be dependent upon the choice of security measures used in domain and cross-domain communications. This paper addresses security considerations to be taken into account for the various eservice domains. Security mechanisms available in today’s protocols are described and summarized. The lack of a coherent overall aviation security solution is also discussed. The paper intentionally does not refer to specific technical or procedural vulnerabilities that may exist in today’s designs.", url = "http://www.ece.cmu.edu/~ece749/papers/wargo03_security_aircraft.pdf", studentname = "", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @Conference{Lampson91, author = "Lampson, B. ; Abadi, M. ; Burrows, M. ; Wobber, E.", title = "Authentication in distributed systems: theory and practice", inbook = "Operating Systems Review 25, no. 5, ", year = "1991", abstract = "The authors describe a theory of authentication and a system that implements it. The theory is based on the notion of principal and a `speaks for' relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegation of authority. The theory explains how to reason about a principal's authority by deducing the other principals that it can speak for; authenticating a channel is one important application. The authors use the theory to explain many existing and proposed mechanisms for security. In particular, they describe the system they have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, loading programs, delegation, access control, and revocation", url = "http://doi.acm.org/10.1145/138873.138874", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @Conference{Dobson86, author = "Dobson, J.E. ; Randell, B. ", title = "Building reliable secure computing systems out of unreliable insecure components", inbook = "Proceedings of the 1986 IEEE Symposium on Security and Privacy ", year = "1986", pages = "187-93", abstract = "Parallels are drawn between the problems and techniques associated with achieving high reliability, and those associated with the provision of security, in distributed computing systems. Some limitations of the concept of a trusted computing base are discussed, and an alternative approach to the design of highly secure computing systems is put forward, based on fault tolerance concepts and techniques", url = "http://ieeexplore.ieee.org/iel5/7785/21388/00991533.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @article{Wood02, author = "Wood, A.D. ; Stankovic, J.A.", title = "Denial of service in sensor networks", journal = "Computer 35,", year = "2002", pages = "54-62", number = "10", abstract = "Sensor networks hold the promise of facilitating large-scale, real-time data processing in complex environments, helping to protect and monitor military, environmental, safety-critical, or domestic infrastructures and resources, Denial-of-service attacks against such networks, however, may permit real world damage to public health and safety. Without proper security mechanisms, networks will be confined to limited, controlled environments, negating much of the promise they hold. The limited ability of individual sensor nodes to thwart failure or attack makes ensuring network availability more difficult. To identify denial-of-service vulnerabilities, the authors analyzed two effective sensor network protocols that did not initially consider security. These examples demonstrate that consideration of security at design time is the best way to ensure successful network deployment", url = "http://ieeexplore.ieee.org/iel5/2/22283/01039518.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @article{ravi04_embedded_security_challenges.pdf, author = "Srivaths Ravi, Anand Raghunathan, Paul Kocher, Sunil Hattangady", title = "Security in Embedded Systems: Design Challenges", journal = "ACM Trans. Embedded Computing Systems", year = "2004", volume = "3", number = "3", pages = "461-491", abstract = "Many modern electronic systems---including personal computers, PDAs, cell phones, network routers, smart cards, and networked sensors to name a few---need to access, store, manipulate, or communicate sensitive information, making security a serious concern in their design. Embedded systems, which account for a wide range of products from the electronics, semiconductor, telecommunications, and networking industries, face some of the most demanding security concerns---on the one hand, they are often highly resource constrained, while on the other hand, they frequently need to operate in physically insecure environments.Security has been the subject of intensive research in the context of general-purpose computing and communications systems. However, security is often misconstrued by embedded system designers as the addition of features, such as specific cryptographic algorithms and security protocols, to the system. In reality, it is a new dimension that designers should consider throughout the design process, along with other metrics such as cost, performance, and power.The challenges unique to embedded systems require new approaches to security covering all aspects of embedded system design from architecture to implementation. Security processing, which refers to the computations that must be performed in a system for the purpose of security, can easily overwhelm the computational capabilities of processors in both low- and high-end embedded systems. This challenge, which we refer to as the "security processing gap," is compounded by increases in the amounts of data manipulated and the data rates that need to be achieved. Equally daunting is the "battery gap" in battery-powered embedded systems, which is caused by the disparity between rapidly increasing energy requirements for secure operation and slow improvements in battery technology. The final challenge is the "assurance gap," which relates to the gap between functional security measures (e.g., security services, protocols, and their constituent cryptographic algorithms) and actual secure implementations. This paper provides an introduction to the challenges involved in secure embedded system design, discusses recent advances in addressing them, and identifies opportunities for future research.", studentname = "", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", }