1. SECURE COMMUNICATION FRAMEWORK FOR EMBEDDED
NETWORKING
A Report
Submitted in partial fulfillment of the
requirements for the award of the degree
of
BACHELOR OF TECHNOLOGY
in
ELECTRONICS AND COMMUNICATION ENGINEERING
by
SANDEEPAN SENGUPTA
USHNISH CHOWDHURY
TAMOJIT SAHA
MOUMITA DAS
SHAMIK GUPTA
DEBKANYA BASU
Supervisor
ASHIM KAR, PhD
2. DEPARTMENT OF ELECTRONICS AND COMMUNICATIONENGINEERING
TECHNO INDIA UNIVERSITY, EM – 4/1, SECTOR – V, SALT-LAKE
KOLKATA – 700091(INDIA)
January, 2017
ABSTRACT
Information security is a challenging issue in any modern-day events or applications. In order to address
such issues for embedded networks a framework need to be introduced. A comprehensible, easy to
implement yet robust framework can handle such issues. In this specific project, we are aiming at
achieving a platform neutral, hardware independent framework.
INTRODUCTION
Information security is a persisting issue since the beginning of information age and it is becoming an
even challenging field as more and more connected devices and communication standards (like Internet of
Things) have been introduced in the recent years. Majority of the devices associated with these
technologies have embedded systems built-in. So, a framework utilizing those embedded systems can
potentially address the security issues. As majority of these systems are vendor specific the framework
has to be flexible, cross platform compatible and independent of hardware architecture.
SCOPE
For the sake of simplicity, the scope of the project will be limited to generic full duplex topology. No
higher security issues (like internet security) or physical threats are considered in this framework.
FRAMEWORK
The basic constituents of any communication topology is as follows: -
1. Sender
2. Receiver
3. Communication channel
4. Information
5. Protocol
3. To implement the framework following elements need to be incorporated. These elements will
be used by different constituents of communication topology. The elements are:-
1. Secured database
2. Self-contained auto adaptation engine
Explanation
The working of framework can be demonstrated by explaining the prototype implementation.
Let’s consider a scenario where all possible events are pre-recorded in a database. The
database can only be accessed by an authenticated set of embedded systems associated with the
networked devices. It is recommended to choose existing cryptographic algorithms to ensure
authentication method in order to maximize its portability to different systems. If the system
doesn’t have a native cryptographic engine embedded in it, encryptable EEPROMs (like
ATSHA204) can be incorporated increasing its portability even more by reducing hardware
dependency.
Another line of defense can be safeguarding the communication channel. This can be
achieved by following the steps mentioned below: -
(1) Encrypting the communication channel.
(2) Introducing a secured hand-shake before establishing the communication.
(3) Incorporating intrusion detection techniques.
(4) Using self-adaptive frames without having any major structural restriction.
Let’s consider a system having n number of functions and each function have Pn number of
parameters. So the number of all possible events for the system will be the sum of the product of
these two. All these possible events will be stored in the secured database. To ensure its security
conventional methods (like Hashed table) can be adapted with a cryptographic security on top of
it. The table may also contain different set of encryption strategy, different types of frame format
presets and other necessary parts of the framework. This database is undoubtedly the single most
important element of the framework.
The framework will govern the communication using the following technique. Sender
will scan for a valid receiver and handshake request will be sent. If valid response is received (by
verifying all the necessary security checks and references) sender will acknowledge the existence
of a valid receiver and will perform a key exchange. This key will be used by either side to
decrypt/encrypt packages sent from the other side.
The decrypted message signal will not contain any actual information. Instead it will
contain the reference index of the desired event stored in the database. Again, this will limit the
4. information safety to the database only. Even if some invalid receiver or interception device
manages to syphon some information, the information will actually be some reference number
and will be useless without the database. The database itself will not be fixed. During each
power-on events it will be recreated from the said encrypted memory storage, so the event
indexes will change dynamically making it even difficult to penetrate.
In case of intrusion the message segments will be swapped and constituent parameters
(initiation identifier length, original information length, CRC length etc.) will be either padded
differently or will be reduced. It is essential to have multiple frame structure strategy and
multiple swapping strategy. This will add another layer of security on the existing model.
Conclusion
From the above explanation it can be concluded that, the defensive measures taken are crafted
out of proven security technologies ensuring the ease of implementation but put together in such
a way that it ensures modest level of safeguarding for embedded networking devices. The
database can be a single point of failure in this framework making it the prime target of a
security threat and simultaneously it will be easier for the network manager as the database will
be the only element having a physical safety flaw that needs to be managed externally.