Security and Reconfigurability in Networked Embedded Systems

Nowadays, the convergence of communication, computing and control provides the ability to build large-scale, widely distributed, heterogeneous, pervasive, networked embedded systems, which not only have capabilities of sensing, but also of acting in and on the environment. Security in these systems is an open question that could prove to be a more difficult long-term problem than is today in desktop and enterprise computing. Given their interactive and pervasive nature, a security breach in embedded systems can result in severe privacy violations and physical side effects, including property damage, injury and even death. In order to be cost-effective and operational over time, embedded systems have to adapt to changing operating conditions by dynamically downloading software. Usually, such systems use wireless communication to simplify deployment and increase reconfigurability. It follows that an adversary can easily launch security logical attacks by downloading malicious software through the wireless medium. Furthermore, cost reasons often cause embedded devices to lack adequate physical/hardware support aimed at protection and tamper-resistance. This, together with the fact that devices can be deployed over unattended areas, implies that each embedded device is exposed to the risk of being compromised. In such scenario, compromised devices have to be logically removed from the network communication. However, removing the logical presence of compromised devices could not guarantee the usefulness and effectiveness of the network. Hence, the network has to be able to autonomously reconfigure itself by replacing compromised devices with new ones to cover all the geographical areas. With reference to such scenario, we focus on defining a security architecture for guaranteeing secure software reconfiguration and secure communication in networked embedded systems. Furthermore, we define a protocol for key distribution and revocation aimed at logically removing compromised devices from the network communication. Finally, we define a decentralized protocol to cope with the presence of compromised and damaged devices by using autonomous mobile devices. For our prototyping we consider a network composed of low-power, low-cost communication miniature computing sensors, such as Wireless Sensor Networks.