Finding Free Bytes for Security
October 11, 2018 | Duke UniversityEstimated reading time: 3 minutes
From your watch to your refrigerator to your dog, it’s becoming increasingly difficult to find much of anything in the modern world that does not have some sort of sensor or microprocessor embedded into it. Even people, with medical technology like pacemakers and neural stimulators, are becoming part of the Internet of Things.
This level of digital interconnectedness isn’t just making life easier for people using these futuristic devices, it’s also making life easier for hackers. For every new subsystem integrated into an autonomous vehicle, for example, there’s a new route to attack its central computing functions.
Miroslav Pajic, the Nortel Networks Assistant Professor of Electrical and Computer Engineering at Duke University, has been working to secure such systems through a project jointly funded by Intel and the National Science Foundation (NSF). His goal is to secure the complex integrated systems that interact with the physical world around us in a way that does not diminish performance or increase costs.
Pajic’s approach takes advantage of a device’s interactions with its physical environment to detect attacks and provide resiliency against them. Returning to the example of driverless cars, a digital assailant could compromise the GPS to take the vehicle off course. But by using additional sensors, Pajic and his team showed that the car will be able to recognize the false data, and act accordingly.
Adding complexity to these efforts of securing modern vehicles with varying levels of autonomy, is the computational and communication limits of a car’s electronics. Consumers don’t want to pay the added price for extra CPUs or faster communication networks, nor do they want to sacrifice their car’s performance to allow it to execute these security-related algorithms. The second half of Pajic’s work, then, is to find ways to slip these processes in to the car’s existing moments of computational and communication downtime.
“Most of the cost of a modern car is tied to its software,” said Pajic. “And adding significant security overheard adds too much to an already taxed system. Our goal is to find ways to utilize intermittently available open slots to piece together sufficient security protocols, in order to provide strong security guarantees without reducing the overall system performance.”
Theoretically, a car’s embedded processing system could simply encrypt every single message sent between sensors, controllers and processors, negating the need for double-checking data. But this again would take up too much processing power. Another solution Pajic is pursuing is to encrypt only a certain number of messages—every fifth one, for example—and then find space in the existing programming to carry out the spaced-out encryptions and decryptions.
Pajic has received national attention for both of these approaches. Besides earning an Early Career Award from the NSF and a Young Investigator Award from the ONR to pursue these topics, his initial work on embedding security control tasks into existing computational downtime won the Best Paper Award at the 17th Association for Computing Machinery SIGBED International Conference on Embedded Software (EMSOFT) held in the fall of 2017.
In the paper, Pajic and his students demonstrate that these security approaches can work. As a convoy of toy cars outfitted with real automotive industry sensors and controllers race along a treadmill in a line, the communications between the middle car’s proximity sensors and speed controller is attacked.
When working normally, the system automatically keeps the cars a certain distance apart. When attacked, the controller believes the lead car is further away than it is, causing the trailing car to speed up and run into it. Unless, that is, Pajic’s software has been initiated, which thwarts the attack just enough to keep the car’s behavior in line.
The research grant supporting the work culminated this summer with a presentation on their progress to the funding agencies. Both the NSF and Intel were impressed enough to extend Pajic’s funding for an additional two years, beating out several other projects in the initial program.
“Attackers have shown the ability to cut an entire nation’s power for days and wreak havoc on companies and government agencies,” said Pajic, referring to several notable cyberattacks carried out against Ukraine in the past several years. “These types of security protocols aren’t just relegated to the road. They’re applicable to all kinds of networked devices, autonomous vehicles and infrastructure. And it’s essential that we stay ahead of bad actors no matter their intent or location.”
Suggested Items
Real Time with... IPC APEX EXPO 2024: AI Implementation at Omron
04/18/2024 | Real Time with...IPC APEX EXPOEditor Nolan Johnson and Omron Product Manager Nick Fieldhouse discuss the company's focus on AI implementation to enhance customer experience and results. They address programming challenges and how AI can help customers achieve better outcomes with less experience. Omron's AI is compatible with existing systems, facilitating easy upgrades.
Cadence Unveils Palladium Z3 and Protium X3 Systems
04/18/2024 | Cadence Design SystemsThe Palladium Z3 and Protium X3 systems offer increased capacity, and scale from job sizes of 16 million gates up to 48 billion gates, so the largest SoCs can be tested as a whole rather than just partial models, ensuring proper functionality and performance.
Real Time with... IPC APEX EXPO 2024: MYCRONIC's Evolution and New Solutions
04/17/2024 | Real Time with...IPC APEX EXPOHenry Crandall interviews Kevin Clue, the vice president of global sales for MYCRONIC's High Flex division. They discuss the company's evolution, emphasizing its strong customer relationships and its role as a versatile, turnkey solution provider. Kevin unveils new solutions launched at IPC APEX EXPO, including an AI-integrated inspection system and the A40 pick-and-place platform. The conversation also touches on the increased use of AI and deep learning.
Australian Flow Batteries and The SCHMID Group Announce Groundbreaking Memorandum of Understanding
04/17/2024 | SCHMID GroupAustralian Flow Batteries Pty Ltd (AFB), a leader in innovative energy solutions and economical, safe, and reliable power storage, and SCHMID Energy Systems GmbH a company of the German SCHMID Group, a global technology leader with a rich history in delivering innovative solutions across multiple industries including Electronics, Renewables, and Energy Storage sectors, are thrilled to announce the signing of a Memorandum of Understanding (MoU)
Ansys Joins BAE Systems’ Mission Advantage Program to Advance Digital Engineering Across US Department of Defense
04/16/2024 | ANSYSAnsys announced it is working with BAE Systems, Inc., to accelerate the adoption of digital engineering and MBSE across the Department of Defense (DoD).