Hardware-Assisted Security Monitoring Unit for Real-Time Ensuring Secure Instruction Execution and Data Processing in Embedded Systems

The hardware security of embedded systems is raising more and more concerns in numerous safety-critical applications, such as in the automotive, aerospace, avionic, and railway systems. Embedded systems are gaining popularity in these safety-sensitive sectors with high performance, low power, and great reliability, which are ideal control platforms for executing instruction operation and data processing. However, modern embedded systems are still exposing many potential hardware vulnerabilities to malicious attacks, including software-level and hardware-level attacks; these can cause program execution failure and confidential data leakage. For this reason, this paper presents a novel embedded system by integrating a hardware-assisted security monitoring unit (SMU), for achieving a reinforced system-on-chip (SoC) on ensuring program execution and data processing security. This architecture design was implemented and evaluated on a Xilinx Virtex-5 FPGA development board. Based on the evaluation of the SMU hardware implementation in terms of performance overhead, security capability, and resource consumption, the experimental results indicate that the SMU does not lead to a significant speed degradation to processor while executing different benchmarks, and its average performance overhead reduces to 2.18% on typical 8-KB I/D-Caches. Security capability evaluation confirms the monitoring effectiveness of SMU against both instruction and data tampering attacks. Meanwhile, the SoC satisfies a good balance between high-security and resource overhead.

Relay Selection for Security Improvement in Cognitive Radio Networks with Energy Harvesting

This paper selects an unlicensed relay among available self-powered relays to not only remain but also secure information transmission from an unlicensed source to an unlicensed destination. The relays harvest energy in signals of the unlicensed source and the licensed transmitter. Then, they spend the harvested energy for their relaying operation. Conditioned on the licensed outage restriction, the peak transmission power restriction, Rayleigh fading, and the licensed interference, the current paper proposes an exact closed-form formula of the secrecy outage probability to quickly evaluate the secrecy performance of the proposed relay selection method in cognitive radio networks with energy harvesting. The proposed formula is corroborated by computer simulations. Several results illustrate the effectiveness of the relay selection in securing information transmission. Additionally, the security capability is saturated at large peak transmission powers or large preset outage probabilities of licensed users. Furthermore, the security capability depends on many specifications among which the power splitting ratio, the relays’ positions, and the time switching ratio can be optimally selected to obtain the best security performance.

Impact of Artificial Noise on Security Capability of Energy Harvesting Overlay Networks

Artificial noise, energy harvesting, and overlay communications can assure design metrics of modern wireless networks such as data security, energy efficiency, and spectrum utilization efficiency. This paper studies impact of artificial noise on security capability of energy harvesting overlay networks in which the cognitive transmitter capable of self-powering its operation by harvesting radio frequency energy and self-securing its communications against eavesdroppers by generating artificial noise amplifies and forwards the signal of the primary transmitter as well as transmits its individual signal concurrently. To quantify this impact, the current paper firstly suggests accurate expressions of crucial security performance indicators. Then, computer simulations are supplied to corroborate these expressions. Finally, numerous results are demonstrated to expose insights into this impact from which optimum specifications are determined. Notably, primary/cognitive communications can be secured at distinct degrees by flexibly controlling multiple specifications of the suggested system model.

SECURITY CAPABILITY ANALYSIS OF COGNITIVE RADIO NETWORK WITH SECONDARY USER CAPABLE OF JAMMING AND SELF-POWERING

This paper investigates a cognitive radio network where a secondary sender assists a primarytransmitter in relaying primary information to a primary receiver and also transmits its own information toa secondary recipient. This sender is capable of jamming to protect secondary and/or primary informationagainst an eavesdropper and self-powering by harvesting radio frequency energy of primary signals.Security capability of both secondary and primary networks are analyzed in terms of secrecy outageprobability. Numerous results corroborate the proposed analysis which serves as a design guidelineto quickly assess and optimize security performance. More importantly, security capability trade-offbetween secondary and primary networks can be totally controlled with appropriate selection of systemparameters.

Security Monitoring and Network Management for the Power Control Network

Security monitoring is a viable solution to enhance the security capability in the current power control Supervisory Control and Data Acquisition (SCADA) system, more broadly Industrial Control System (ICS), since the intrusion detection system as a main tool for monitoring can be easily deployed without any change of SCADA configuration. We explain how to design the SCADA domain-specific network security monitoring system, reflecting semantics of the target SCADA network. However, the attack vectors of the recent attacks to the SCADA/ICS systems are the vulnerabilities of the software underlying the host systems. In this respect, we need security monitoring running on host systems which can provide process and memory protection. Furthermore, network and system management (NMS), which incorporates the traditional network management into the power control system, can not only help to manage and maintain the IT/OT (information technology and operational technology) systems in a unified way, but also enhance the security capability of the SCADA system with collaboration with network and host security monitoring.