The aim of the project is to define a framework to improve the level of security associated to Embedded Systems while reducing the design and development costs. At the same time, the project will contribute to dramatically reduce the development cycles because the qualification, (re-)certification and (re-)validation process will be faster, easier and widely accepted.
The era where Embedded Systems were closed and inaccessible has ended. The exclusive (secure) physical access to Embedded Systems is no longer guaranteed; the present reveals a future where network connectivity is everywhere, leading to logical access methods, so common and as simple as using TCP/IP protocol to communicate.
In this new era, Embedded Systems are ever more prevalent, interoperability and information exchange is an increasing need and connectivity options proliferate in systems of this nature. This new context brings a whole new range of security issues that, if not managed properly, may pose serious safety and security risks. Without built-in security, the Embedded Systems, such as those used in automobiles, become extremely vulnerable to a wide spectrum of possible attackers with unpredictable consequences. The not so distant mass adoption of IPv6 and the endless amount of Embedded Systems that will surface with their own public IP address widens even more the number of possible targets.
The pSHIELD project addresses these issues building a framework that incorporates Security, Privacy and Dependability (SPD) concerns in the context of Embedded Systems as “built in” rather than as “add-on”. This framework is based on the design and development of open and dependable interfaces that allow both a static and dynamic composition of SPD technologies (e.g. cryptography, secure routing, semantic rules, and authentication), hence laying the foundations for becoming the reference for a new generation of “SPD-ready” Embedded Systems.
pSHIELD will approach SPD at 4 different levels: node, network, middleware and overlay. For each level, the state of the art in SPD of single technologies and solutions will be improved and integrated (e.g. hardware and communication technologies, cryptography, middleware, smart SPD applications). The framework will also use an overlay approach to SPD and introduce semantic technologies to address the complexity associated with the design, development and deployment of built-in SPD in Embedded Systems. Using semantics, the available technologies can be automatically composed to match the needed, application specific SPD levels, resulting in an effort reduction during the design, operational and maintaining phases.
The project will use an application scenario to validate the technology through monitoring of freight trains transporting hazardous material.
Critical Software’s experience in cryptography for low-powered and embedded systems aims to introduce the security paradigm from the very beginning (such as authentication mechanisms, secure communication channels, etc). The Critical Software responsibilities in the consortia are focussed on:
1. Researching the state-of-the-art in the means of providing security in lightweight and networked embedded devices through an adequate cryptographic scheme;
2. Analysing relevant requirements especially those used in the application scenario;
3. Developing a framework through which asymmetric and/or symmetric cryptography, using an appropriate key management scheme, can provide security for the proposed architecture.
pSHIELD (pshield.eu) is a pilot project co-funded by the ARTEMIS JOINT UNDERTAKING (Sub-programme SP6) focused on the research of SPD (Security, Privacy, Dependability) in the context of Embedded Systems.
The project partners are (12 Industrial Partners, 3 Research Centres, 3 Universities): SESM S.c.a.r.l. (Coordinator - IT); Acorde Seguridad (ES); Ansaldo STS (IT); ATHENA (GR); Critical Software (PT); Elsag Datamat (IT); Eurotech (IT); Hellenic Aerospace Industry (GR); Integrated Systems Development (GR); Selex Communications (IT); THYIA Tehnologije (SL); Tecnologie nelle Reti e nei Sistemi TRS (IT); Movation AS (NO); European Software Institute (ES); Center for Wireless Innovation (NO); Mondragon Goi Eskola Politeknikoa (ES); Università degli studi di Roma “Sapienza” (IT); Università di Genova (IT).
About Critical Software:
Critical Software (criticalsoftware.com) has a proven experience in delivering highly dependable mission oriented critical solutions to Aeronautics, Space Defence and Transportation markets to high profile customers, including NASA, European Space Agency, AgustaWestland, EADS, UK MoD, BAE Systems and Thales Alenia Space, among many others.
Since 1998, Critical Software’s core competences cover a wide array of expertise: Embedded and Real-Time Systems, Command & Control, Earth Observation, Integrated Logistic and Operational Support, Security, Verification, Validation & RAMS - that are flexibly used in order to better address customer requirements and engineering solutions for multidisciplinary projects profile.
The company proven track record in delivering high integrity systems and software solutions can be attributed to the application of best project management techniques, backed by the coordination and control provided by an internal Quality Management System (QMS) certified CMMI Level 5.