Embedded System Security (ESS)

Led jointly by Prof. Dr. Sjouke Mauw with Prof. Dr. Alex Biryukov and Prof. Dr. Jean-Sebastien Coron
Project duration: 01/02/2009 - 01/02/2012
Funding source(s): UL

Embedded Systems Security is a rapidly developing area of research. This area is mainly driven by the market and the industry. Miniaturization of computational devices allows to embed them into diverse set of products thus adding new functionalities. This total computarisation of our everyday lives is aiming to make our lives more comfortable (ex. PDAs, mobile phones, satellite navigation devices, smartcards, security tokens, RFID tags), However together with it comes a challenge of protecting the information stored and exchanged by such devices as well as serious privacy issues. In the haste of commercial development these issues often do not get enough attention and are given quick ad-hoc solutions, which are often non-adequate.
It is thus a task of academic research to provide the foundations for proper development of secure embedded systems and their standardization.
In this area there are both theoretical challenges for design of new primitives and protocols which would fit into special purpose devices (which often have severe processing power limitations), as well practical challenges such as security of implementation and security of wireless communication channels. There are also important social challenges such as privacy.
The aim of the project is to take into account every aspect of the implementation of secure systems for embedded devices, from the mathematical algorithms to the cryptographic protocols, and from these protocols to their implementation in the real world.
An important part of security research resides in implementation of cryptographic schemes and protocols. There are two main objectives in this area: efficiency of implementation and security of implementation.
For example, biometrics techniques can be combined with cryptographic protocols in order to provide a better level of security for user identification; however, biometrics introduces new concerns such as identity theft and privacy issues, since once a biometric information has been stolen it is compromised forever.
Similarly, smart-cards can be used to store secret keys and perform cryptographic operations on a portable device; they are used for a diverse range of applications: pay TV, automatic teller machines (ATM), SIMs for mobile phones, electronic identification cards, electronic wallets, etc. However, smart-cards can be vulnerable to so-called side channel attacks in which an attacker uses additional information - from power consumption to electromagnetic emanations - in order to recover the secrets stored inside the smart-card. Therefore smartcard manufacturers are in a constant search for a tradeoff between strength of side-channel attack counter-measures and the cost of implementation. Since smartcards are typically rolled out to millions of customers, development of effective and inexpensive counter-measures is a very difficult task.
Another example is Radio-Frequency Identification (RFID) tags that are made of a small chip containing a unique identification number. One of the main application of RFIDs is to track objects on which they are attached, but this also introduces privacy issues. Those privacy issues can be addressed by appropriate cryptographic algorithms that respect the user's privacy.