SECURING ACCESS TO EMBEDDED SYSTEMS - An Effective Concept for Devices Lacking Internet Connection

Bruno Juchli, Peter Sollberger, Roland Portmann

Abstract

Many embedded systems provide a web interface for maintenance tasks such as system configuration, test execution and firmware updating. Access to this interface usually needs to be restricted to authorized employees. This paper shows an efficient and cost-effective concept to secure maintenance interfaces using widespread standards and technology. By storing authorisation information in standard compliant X.509 certificate extensions Transport Layer Security (TLS) and X.509 Public Key Infrastructure (PKI) provide mutual authentication, message integrity as well as confidentiality and enable authorisation of employees. Practical experience of the implementation completes this paper.

References

  1. Choudhury, S. 2002. Public Key Infrastructure: Implementation and Design. Wiley.
  2. Cooper, D. et al. 2008. Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile. [Internet] Available from: <http://tools.ietf.org/html/rfc5280> [Accessed 21 October 2009]
  3. Dierks, T., Rescorla, E. 2006. The Transport Layer Security (TLS) Protocol Version 1.1. [Internet] Available from: <http://tools.ietf.org/rfcmarkup?rfc=4346> [Accessed 21 October 2009]
  4. Hsu, Y.-K. Seymour, S. 1997. Intranet Security Framework Based on Short-lived Certificates, in Proceedings of the Sixth IEEE Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE Computer Society, pp. 228-233.
  5. GeoTrust. 2009. Root Certificates. [Internet] Available from: <http://www.geotrust.com/resources/rootcertificates/index.html> [Accessed 21 October 2009]
  6. Objective Systems. 2003. ASN.1 Tutorial. [Internet] Available from: <http://www.objsys.com/asn1tutorial/asn1only.html> [Accessed 21 October 2009]
  7. Rescorla, E. 2000. HTTP over TLS. [Internet] Available from: <http://tools.ietf.org/html/rfc2818> [Accessed 21 October 2009]
  8. VeriSign. 2009. Root Certificates. [Internet] Available from: <https://www.verisign.com/support/roots.html> [Accessed 21 October 2009]
Download


Paper Citation


in Harvard Style

Juchli B., Sollberger P. and Portmann R. (2010). SECURING ACCESS TO EMBEDDED SYSTEMS - An Effective Concept for Devices Lacking Internet Connection . In Proceedings of the 6th International Conference on Web Information Systems and Technology - Volume 1: WEBIST, ISBN 978-989-674-025-2, pages 152-158. DOI: 10.5220/0002779401520158


in Bibtex Style

@conference{webist10,
author={Bruno Juchli and Peter Sollberger and Roland Portmann},
title={SECURING ACCESS TO EMBEDDED SYSTEMS - An Effective Concept for Devices Lacking Internet Connection},
booktitle={Proceedings of the 6th International Conference on Web Information Systems and Technology - Volume 1: WEBIST,},
year={2010},
pages={152-158},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002779401520158},
isbn={978-989-674-025-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 6th International Conference on Web Information Systems and Technology - Volume 1: WEBIST,
TI - SECURING ACCESS TO EMBEDDED SYSTEMS - An Effective Concept for Devices Lacking Internet Connection
SN - 978-989-674-025-2
AU - Juchli B.
AU - Sollberger P.
AU - Portmann R.
PY - 2010
SP - 152
EP - 158
DO - 10.5220/0002779401520158