Embedded Systems Security Challenges

Konstantinos Fysarakis, George Hatzivasilis, Konstantinos Rantos, Alexandros Papanikolaou, Charalampos Manifavas


In a world of pervasive computing, embedded systems can be found in a wide range of products and are employed in various heterogeneous domains. The abovementioned devices often need to access, store, manipulate and/or communicate sensitive or even critical information, making the security of their resources and services an important concern in their design process. These issues are further exacerbated by the resource-constrained nature of the devices, in conjunction with the ever-present need for smaller size and lower production costs. This paper aims to provide an overview of the challenges in designing secure embedded systems, covering both node hardware and software issues, as well as relevant network protocols and cryptographic algorithms. Moreover, recent advances in the field are identified, highlighting opportunities for future research.


  1. Aad, I., Hubaux, J., and Knightly, E. W. (2008). Impact of denial of service attacks on ad hoc networks. IEEE/ACM Transactions on Networking (TON), 16(4):791-802.
  2. Abdalrazak, T. R. and Sawant, H. K. (2012). Collaborative trust-based secure routing based ad-hoc routing protocol. International Journal of Modern Engineering Research (IJMER), 2(2):95-101.
  3. Akishita, T. and Hiwatari, H. (2012). Very compact hardware implementations of the blockcipher CLEFIA. In Miri, A. and Vaudenay, S., editors, 18th international conference on Selected Areas in Cryptography (SAC 7811), volume 7118 of LNCS, pages 278-292, Toronto, ON, Canada.
  4. Alam, S., Chowdhury, M. M. R., and Noll, J. (2011). Interoperability of security-enabled Internet of Things. Wireless Personal Communications, 61(3):567-586.
  5. Alhaqbani, B. and Fidge, C. (2008). Access control requirements for processing electronic health records. In Hofstede, A., Benatallah, B., and Paik, H.-Y., editors, Business Process Management Workshops, volume 4928 of Lecture Notes in Computer Science, pages 371-382. Springer Berlin Heidelberg.
  6. Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., and Wingers, L. (2013). The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404.
  7. Bogdanov, A., Knezevic, M., Leander, G., Toz, D., Varici, K., and Verbauwhede, I. (2011). SPONGENT: A lightweight hash function. In Preneel, B. and Takagi, T., editors, 13th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 7811), volume 6917 of LNCS, pages 312-325, Nara, Japan.
  8. Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y., and Vikkelsoe, C. (2007). PRESENT: An ultralightweight block cipher. In Paillier, P. and Verbauwhede, I., editors, 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007), volume 4727 of LNCS, pages 450-466, Vienna, Austria.
  9. Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., and Seurin, Y. (2008). Hash functions and RFID tags: Mind the gap. In Oswald, E. and Rohatgi, P., editors, 10th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2008), volume 5154 of LNCS, pages 283-299, Washington, D.C., USA.
  10. Boneh, D. and Franklin, M. (2003). Identity-based encryption from the Weil pairing. SIAM Journal on Computing, 32(3):586-615. Also appeared in CRYPTO 7801.
  11. Buchegger, S., Tissieres, C., and Le Boudec, J.-Y. (2004). A test-bed for misbehavior detection in mobile ad-hoc networks, how much can watchdogs really do? In 6th IEEE Workshop on Mobile Computing Systems and Applications (WMCSA 7804), pages 102-111, Low Wood, Lake Windermere, UK.
  12. Byoungyoung, L., Jinoh, O., Hwanjo, Y., and Jong, K. (2011). Protecting location privacy using location semantics. In 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 7811), pages 1289-1297, San Diego, California, USA.
  13. Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and Arkko, J. (2003). Diameter base protocol. RFC 3588, IETF.
  14. Carl, G., Kesidis, G., Brooks, R. R., and Rai, S. (2006). Denial-of-service attack detection techniques. IEEE Internet Computing, 10(1):82-89.
  15. Chen, C.-Y. and Chao, H.-C. (2011). A survey of key distribution in wireless sensor networks. Security and Communication Networks.
  16. Dane?k, M., Kadlec, J., Bartosinski, R., and Kohout, L. (2008). Increasing the level of abstraction in FPGAbased designs. In Udo, K., editor, International Conference on Field Programmable Logic and Applications (FPL 2008), pages 5-10, Heidelberg, Germany.
  17. Doomun, M. R. and Soyjaudah, K. M. S. (2009). Analytical comparison of cryptographic techniques for resourceconstrained wireless security. International Journal of Network Security, 9(1):82-94.
  18. Doyle, B., Bell, S., Smeaton, A. F., McCusker, K., and O'Connor, N. (2006). Security considerations and key negotiation techniques for power constrained sensor networks. The Computer Journal, 49(4):443-453.
  19. ECRYPT (2008). The eSTREAM project. Available online at: http://www.ecrypt.eu.org/stream/.
  20. Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A., and Uhsadel, L. (2007). A survey of lightweightcryptography implementations. IEEE Design & Test, 24(6).
  21. Engels, D., Saarinen, M.-J. O., Schweitzer, P., and Smith, E. M. (2011). The hummingbird-2 lightweight authenticated encryption algorithm. In Juels, A. and Paar, C., editors, 7th Workshop of RFID Security and Privacy (RFIDSec 7811), volume 7055 of LNCS, pages 19-31, Amherst, Massachusetts, USA.
  22. Feldhofer, M., Wolkerstorfer, J., and Rijmen, V. (2005). AES implementation on a grain of sand. IEE Proceedings on Information Security, 152(1):13-20.
  23. Fysarakis, K., Manifavas, C., Papaefstathiou, I., and Adamopoulos, A. (2013). A lightweight anonymity & location privacy service. In IEEE Int. Symposium on Signal Processing and Information Technology (ISSPIT 2013), Athens, Greece. To appear.
  24. Gaj, K., Homsirikamol, E., Rogawski, M., Shahid, R., and Sharif, M. U. (2012). Comprehensive evaluation of high-speed and medium-speed implementations of five SHA-3 finalists using Xilinx and Altera FPGAs. Cryptology ePrint Archive, Report 2012/368.
  25. Gedik, B. and Liu, L. (2008). Protecting location privacy with personalized k-anonymity: Architecture and algorithms. IEEE Transactions on Mobile Computing, 7(1):1-18.
  26. Golle, P. and Partridge, K. (2009). On the anonymity of home/work location pairs. In Tokuda, H., Beigl, M., Friday, A., Brush, A. J. B., and Tobe, Y., editors, 7th International Conference on Pervasive Computing (Pervasive 2009), volume 5538 of LNCS, pages 390- 397, Nara, Japan.
  27. Gruteser, M. and Grunwald, D. (2005). Enhancing location privacy in wireless lan through disposable interface identifiers: a quantitative analysis. Mobile Networks and Applications, 10(3):315-325.
  28. Gruteser, M. and Hoh, B. (2005). On the anonymity of periodic location samples. In Hutter, D. and Ullmann, M., editors, 2nd International Conference on Security in Pervasive Computing (SPC 2005), volume 3450 of LNCS, pages 179-192, Boppard, Germany.
  29. Guo, J., Peyrin, T., and Poschmann, A. (2011). The PHOTON family of lightweight hash functions. In Rogaway, P., editor, 31st annual conference on Advances in cryptology (CRYPTO 7811), volume 6841 of LNCS, Santa Barbara, CA, USA.
  30. Gupta, K., Yadav, A. S., and Yadav, S. (2011). Location privacy using user anonymity and dummy locations. International Journal of Innovative Technology & Creative Engineering, 1(10):5-8.
  31. Hatzivasilis, G. and Manifavas, C. (2012). Building trust in ad hoc distributed resource-sharing networks using reputation-based systems. In 16th Panhellenic Conference on Informatics, pages 416-421, Piraeus, Greece.
  32. Hatzivasilis, G., Theodoridis, A., Gasparis, H., Manifavas, C., and Papaefstathiou, I. (2014). ULCL: An ultralightweight cryptographic library for embedded systems. In Measurable security for Embedded Computing and Communication Systems (MeSeCCS 2014), Lisbon, Portugal. To appear.
  33. Hoh, B. and Gruteser, M. (2005). Protecting location privacy through path confusion. In 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM 7805), pages 194-205, Athens, Greece.
  34. Huang, J., Buckingham, J., and Han, R. (2005a). A level key infrastructure for secure and efficient group communication in wireless sensor networks. In 1st IEEE/CreateNet Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm 2005), pages 249-260, Athens, Greece.
  35. Huang, L., Matsuura, K., Yamane, H., and Sezaki, K. (2005b). Enhancing wireless location privacy using silent period. In IEEE Wireless Communications and Networking Conference (WCNC 7805), volume 2, New Orleans, LA, USA.
  36. Hui, J. and Thubert, P. (2011). Compression format for IPv6 datagrams over IEEE 802.15.4-based networks. RFC 6282, IETF.
  37. IEEE Standard for Local and metropolitan area networks (2011). IEEE standard for local and metropolitan area networks-Part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs). Available online at: http://standards.ieee.org/getieee802/ download/802.15.4-2011.pdf.
  38. Kamal, A. A. and Youssef, A. M. (2009). An FPGA implementation of the NTRUEncrypt cryptosystem. In International Conference on Microelectronics (ICM), pages 209-212.
  39. Karakoc¸, F., Demirci, H., and Harmanci, A. E. (2013). ITUbee: A software oriented lightweight block cipher. In 2nd International workshop on lightweight cryptography for security & privacy (LightSEC 2013).
  40. Karalis, A., Joannopoulos, J. D., and Soljac?ic, M. (2008). Efficient wireless non-radiative mid-range energy transfer. Annals of Physics, 323(1):34-48.
  41. Kuo, C., Luk, M., Negi, R., and Perrig, A. (2007). Messagein-a-bottle: User-friendly and secure key deployment for sensor nodes. In 5th International Conference on Embedded Networked Sensor Systems (SenSys 7807), pages 233-246, Sydney, Australia.
  42. Kurs, A., Karalis, A., Moffatt, R., Joannopoulos, J. D., Fisher, P., and Soljac?ic, M. (2007). Wireless power transfer via strongly coupled magnetic resonances. Science, 317(5834):83-86.
  43. Liu, L. (2007). From data privacy to location privacy: Models and algorithms. In 33rd international conference on Very large data bases (VLDB 7807), pages 1429- 1430, Vienna, Austria. VLDB Endowment.
  44. Liu, L. (2009). Privacy and location anonymization in location-based services. SIGSPATIAL Special, 1(2):15-22.
  45. Machanavajjhala, A., Kifer, D., Gehrke, J., and Venkitasubramaniam, M. (2007). L-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data, 1(1). Article No. 3.
  46. Madhavi, S. and Kim, T. H. (2011). An intelligent distributed reputation based mobile intrusion detection system. International Journal of Computer Science and Telecommunications, 2(7):53-58.
  47. Manifavas, C., Hatzivasilis, G., Fysarakis, K., and Rantos, K. (2013). Lightweight cryptography for embedded systems - A comparative analysis. In 6th Internations Workshop on Autonomous and Spontaneous Security (SETOP 2013), volume 8247 of Lecture Notes in Computer Science, pages 371-382. Springer-Verlag Berlin Heidelberg, RHUL, Egham, U.K.
  48. Martin, K. M. and Paterson, M. B. (2008). An applicationoriented framework for wireless sensor network key establishment. Electronic Notes in Theoretical Computer Science, 192(2):31-41.
  49. Naedele, M. (2006). An access control protocol for embedded devices. In 4th International IEEE Conference on Industrial Informatics (INDIN 7806), pages 565-569, Singapore.
  50. Oliveira, L. B., Aranha, D. F., Gouveˆa, C. P. L., Scott, M., Caˆmara, D. F., Ló pez, J., and Dahab, R. (2011). TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks. Computer Communications, 34(3):485-493.
  51. Preneel, B. (2009). Research challenges in lightweight cryptography. Key Note Talk at the 2nd ACM conference on Wireless network security (WiSec 7809).
  52. Rantos, K., Papanikolaou, A., Fysarakis, K., and Manifavas, C. (2012). Secure policy-based management solutions in heterogeneous embedded systems networks.
  53. In IEEE International conference on Telecomunications and Multimedia (TEMU 2012), pages 227-232, Heraklion, Crete, Grece.
  54. Rantos, K., Papanikolaou, A., and Manifavas, C. (2013a). IPsec over IEEE 802.15.4 for low power and lossy networks. In 11th ACM International Symposium on Mobility Management and Wireless Access (MobiWac 2013), pages 59-64, Barcelona, Spain.
  55. Rantos, K., Papanikolaou, A., Manifavas, C., and Papaefstathiou, I. (2013b). IPv6 security for low power and lossy networks. In Wireless Days 2013 (WD 2013), Valencia, Spain. To appear.
  56. Raymond, D. R. and Midkiff, S. F. (2008). Denial-ofservice in wireless sensor networks: Attacks and defenses. IEEE Pervasive Computing, 7(1):74-81.
  57. Raza, S., Duquennoy, S., Chung, T., Yazar, D., Voigt, T., and Roedig, U. (2011). Securing communication in 6LoWPAN with compressed IPsec. In 7th IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS 7811), pages 1-8, Barcelona, Spain.
  58. Resnick, P. and Zeckhauser, R. (2002). Trust among strangers in internet transactions: Empirical analysis of eBay's reputation system. In Baye, M. R., editor, The Economics of the Internet and E-commerce, volume 11 of Advances in Applied Microeconomics, pages 127-157. Emerald Group Publishing Limited.
  59. Shibutani, K., Isobe, T., Hiwarati, H., Mitsuda, A., Akishita, T., and Shirai, T. (2011). Piccolo: An ultralightweight blockcipher. In Preneel, B. and Takagi, T., editors, 13th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 7811), volume 6917 of LNCS, pages 342-357, Nara, Japan.
  60. Simplicio, Jr., M. A., Barreto, P. S. L. M., Margi, C. B., and Carvalho, T. C. M. B. (2010). A survey on key management mechanisms for distributed wireless sensor networks. Computer Networks, 54(15):2591-2612.
  61. Smith, R. (2008). Phlashdance, discovering permanent denial of service attacks against embedded systems. Talk at the EUSecWest Applied Security Conference. London.
  62. Stefanidis, K. and Serpanos, D. N. (2008). Implementing filtering and traceback mechanism for packet-marking IP-based traceback schemes against DDoS attacks. In 4th International IEEE Conference on Intelligent Systems (IS 7808), volume 2, pages 14-28, Varna, Bulgaria.
  63. Szilagyi, C. and Koopman, P. (2009). Flexible multicast authentication for time-triggered embedded control network applications. In IEEE/IFIP International Conference on Dependable Systems & Networks (DSN 7809), pages 165-174, Lisbon, Portugal.
  64. Szilagyi, C. and Koopman, P. (2010). Low cost multicast authentication via validity voting in time-triggered embedded control networks. In 5th Workshop on Embedded Systems Security (WESS 7810), pages 10:1- 10:10, Scottsdale, Arizona.
  65. Trusted Platform Module (2009). nology - Trusted Platform Overview. ISO/IEC 11889-1:2009. Available online at: http://www.trustedcomputinggroup.org/resources/ tpm main specification.
  66. Watanabe, D., Ideguchi, K., Kitahara, J., Muto, K., and Furuichi, H. (2008). Enocoro-80: A hardware oriented stream cipher. In 3rd International Conference on Availability, Reliability and Security (ARES 08), pages 1294-1300.
  67. Yoshihama, S., Ebringer, T., Nakamura, M., Munetoh, S., Mishina, T., and Maruyama, H. (2007). WSattestation: Enabling trusted computing on web services. In Baresi, L. and Di Nitto, E., editors, Test and Analysis of Web Services, pages 441-469. Springer Berlin Heidelberg.
  68. Zeeb, E., Moritz, G., Timmermann, D., and Golatowski, F. (2010). WS4D: Toolkits for networked embedded systems based on the devices profile for web services. In 39th International Conference on Parallel Processing Workshops (ICPPW 7810), pages 1-8, San Diego, CA, USA.
  69. Zhang, Y., Xu, L., and Wang, X. (2008). A cooperative secure routing protocol based on reputation system for ad hoc networks. Journal of Communications, 3(6):43-50.
  70. Zhong, G. and Hengartner, U. (2008). Toward a distributed k-anonymity protocol for location privacy. In 7th ACM workshop on Privacy in the electronic society (WPES 7808), pages 33-38, Alexandria, VA, USA.

Paper Citation

in Harvard Style

Fysarakis K., Hatzivasilis G., Rantos K., Papanikolaou A. and Manifavas C. (2014). Embedded Systems Security Challenges . In Proceedings of the 4th International Conference on Pervasive and Embedded Computing and Communication Systems - Volume 1: MeSeCCS, (PECCS 2014) ISBN 978-989-758-000-0, pages 255-266. DOI: 10.5220/0004901602550266

in Bibtex Style

author={Konstantinos Fysarakis and George Hatzivasilis and Konstantinos Rantos and Alexandros Papanikolaou and Charalampos Manifavas},
title={Embedded Systems Security Challenges},
booktitle={Proceedings of the 4th International Conference on Pervasive and Embedded Computing and Communication Systems - Volume 1: MeSeCCS, (PECCS 2014)},

in EndNote Style

JO - Proceedings of the 4th International Conference on Pervasive and Embedded Computing and Communication Systems - Volume 1: MeSeCCS, (PECCS 2014)
TI - Embedded Systems Security Challenges
SN - 978-989-758-000-0
AU - Fysarakis K.
AU - Hatzivasilis G.
AU - Rantos K.
AU - Papanikolaou A.
AU - Manifavas C.
PY - 2014
SP - 255
EP - 266
DO - 10.5220/0004901602550266