Our experiences with personal computers and the Internet have clearly identified information security as a paramount challenge. Embedded systems, which are used pervasively in our lives, now contain our sensitive personal data, identity, and even our purchasing power, and perform several safetycritical functions. Some examples include mobile phones, MP3 players, automotive electronics, medical appliances, and ubiquitous devices such as sensors and RFID tags. Unless embedded system security is adequately addressed, it will become a concern that impedes the adoption and usage of many embedded system products, applications, and services.
Several technologies have been developed to address information security (cryptography, secure communication protocols, anti-virus tools, firewalls, intrusion detection, and so on), which can be adapted to embedded systems. These technologies can be referred to as "functional" security measures, since they usually specify functions that must be added to the target system without any consideration of how they are embodied in hardware or software.
However, they are hardly sufficient to ensure the security of embedded systems in practice. Most real security attacks do not directly take on the theoretical strength of cryptographic algorithms; instead, they target weaknesses in a system's "implementation". Moreover, embedded-system designers have to cope with security as yet another requirement, in addition to performance, power, cost, etc.
In this talk, I will present an introduction to embedded system security challenges, and argue that effective security solutions can be realized only if they are built-in at various stages of the design process (architecture, HW design, and SW development). The objectives of secure embedded system
design will be defined from the designer's perspective as addressing various "gaps" such as
• the assurance gap, which refers to the gap between functional security measures and truly secure implementations,
• the security processing gap, which arises due to the processing requirements of the additional computations that must be performed for the purpose of security, and
• the battery gap, which is a consequence of the energy consumed in performing securityrelated functions.
I will provide an overview of our research in this area, covering both embedded system architectures that address these gaps, and methodologies that assist in their design. I will use mobile appliances
(mobile phones, PDAs) to illustrate secure embedded system design challenges, and describe MOSES, a security platform that we have developed and deployed in NEC's next-generation mobile phones.
Dr. Anand Raghunathan is a Senior Researcher at NEC Laboratories America, Princeton, NJ, where he leads research efforts on advanced system-on-chip and embedded system architectures and design methodologies. He also holds a visiting position at Princeton University's Department of Electrical Engineering. His recent work has focused on the development of MOSES, a security solution for next-generation mobile appliances. He has also worked on various aspects of SoC and embedded system design methodologies, including system-level design and tools for power analysis and reduction, and on-chip communication architectures.
Dr. Raghunathan has authored a book, six book chapters, over 150 conference and journal papers, and 20 U.S patents, and has presented several invited talks and conference tutorials in these areas. He has received six best paper awards at leading IEEE and ACM conferences, NEC's Patent of the Year and Technology Commercialization awards, and IEEE's meritorious service award. He was selected by MIT Technology Review among the "TR35" top young innovators in 2006 for his work on mobile security. He has served as Program Chair for the VLSI Test Symposium and the International Symposium on Low Power Electronics & Design, and as a member of the Program and Organizing Committees of several IEEE and ACM conferences. He has also served on the Editorial Board of IEEE Transactions on CAD, IEEE Transactions on VLSI, IEEE Design & Test of Computers, and the Journal of Low Power Electronics. Dr. Raghunathan received M.A. and Ph.D. degrees from Princeton University, and a B.Tech. degree from the Indian Institute of Technology, Chennai. He is a Golden Core member of IEEE Computer Society and a senior member of IEEE.