ABSTRACT
An embedded system is a special purpose computer system, which is completely encapsulated in the device it controls. It has specific requirements and performs pre-defined tasks.
However, embedded systems, which is designed to capture, store, manipulate and access data of a sensitive nature, provides several challenges.
Security has been the subject of intensive research in the area of cryptography, computing, and networking.
Concisely, security is often mis-construed by embedded system designers as the addition of features, such as specific cryptographic algorithms and security protocols, to the system. In reality, it is an entirely new metric that designers consider throughout the design process, along with other metrics such as performance, cost and power.
This project has been designed to restrict access to individual protected data and files in a networked system through the use of encryption and decryption methods of file protection. It is implemented using visual basic programming and notepad for text input and output.
TABLE OF CONTENT
Title Page … … … … … … … … … i
Certification … … … … … … … … ii
Dedication … … … … … … … … … iii
Acknowledgement … … … … … … … … iv
Abstract … … … … … … … … … v
Table Of Content … … … … … … … … vi-viii
CHAPTER ONE
1.0 Introduction … … … … … … … … 1-2
1.1 Historical Background … … … … … … 2-3
1.2 Statement Of The Problem … … … … … 3-4
1.3 Objective Of Study … … … … … … 4-5
1.4 Benefits … … … … … … … … 5-6
1.5 Scope Of Study … … … … … … … 6
1.6 Limitations … … … … … … … … 7
1.7 Definition Of Terms … … … … … … 7-9
CHAPTER TWO
2.0 Review Of Related Work … … … … … 10
2.1 Introduction … … … … … … … … 10-11
2.2 Attacks On Embedded Systems … … … … … 11-14
2.3 Countermeasures To Avoid Attacks … … … … 14-16
2.4 Security Mechanisms … … … … … … 16-18
2.5 Embedded Network Security … … … … … 18
2.6 Encryption (Encipherment) … … … … … 18
2.7 Security Policy … … … … … … … 18-22
CHAPTER THREE
3.0 System Investigation And Analysis … … … … 23
3.1 System Investigation … … … … … … 23
3.2 Research Methodology … … … … … … 24
3.3 Methods Of Data Collection … … … … … 25
3.4 System Analysis … … … … … … … 26
3.4.1 Analysis Of Finding … … … … … … 26-27
3.5 Firewall Security … … … … … … … 27-28
3.6 Embedded Client … … … … … … … 28-29
3.7 Embedded Firewalls … … … … … … 29
3.8 Embedded System Restricted Access … … … … 30
CHAPTER FOUR
4.0 Design, Development, Implementation And Maintenance
Of The New System … … … … … … 31
4.1 System Design … … … … … … … 31-32
4.2 Hardware Requirements … … … … … … 32-34
4.3 Software Requirements … … … … … … 34-35
4.4 Organizational Requirement … … … … … 35-37
4.5 Proposal Of The New System … … … … … 37
4.6 Objective Of The New System … … … … … 37
4.7 System Development … … … … … … 38
4.7.1 Program Specification … … … … … … 38-40
4.7.2 Program Design … … … … … … … 41
4.7.3 Program Flowchart … … … … … … 41
4.7.4 Test Run … … … … … … … … 41
4.8 System Implementation … … … … … … 41-42
4.9 System Maintenance … … … … … … 42-43
CHAPTER FIVE
5.0 Recommendation And Conclusion … … … … 44
5.1 Recommendation … … … … … … … 44-45
5.2 Conclusion … … … … … … … … 45-46
Reference … … … … … … … … … 47-49
Appendix I: Program Flowchart
Appendix II: Program Test Run
Appendix III: program Design Code
CHAPTER ONE
1.0 Introduction
Each day, our lives become more dependent on ‘embedded systems’, digital information technology that is embedded in our environment. This includes not only safety-critical applications such as automotive devices and controls, railways, aircraft, aerospace and medical devices, but also communications, ‘mobile worlds’ and ‘e-worlds’, the ‘smart’ home, clothes, factories etc. All of these have wide-ranging impacts on society, including security, privacy and modes of working and living.
More than 98% of processors applied today are in embedded systems, and are no longer visible to the customer as ‘computers’ in the ordinary sense. New processors and methods of processing, sensors, actuators, communications and infrastructures are ‘enablers’ for this very pervasive computing. They are in a sense ubiquitous, that is, almost invisible to the user and almost omnipresent. As such, they form the basis for a significant economic push.
An embedded system is a special-purpose computer system, which is completely encapsulated in the device it controls. An embedded system has specific requirements and performs pre-defined tasks, unlike a general-purpose personal computer. Examples of embedded systems are: mobile phones, network equipment, control devices for automobiles, household appliances, monitoring and control systems for industrial automation etc. The security of this type of systems is a pending subject and this can soon become a problem, even bigger than the lack of security of current desktop computers. One of the reasons for this lack of security is the constraints of the hardware devices when implementing security measures.
Another reason is the cost of security; manufacturers try to reduce production cost to obtain a market advantage for price sensitive products.
1.1 Historical background
The first recognized modern embedded system “ Hardware Chip”, was the Apollo Guidance Computer, developed by Charles Stark Draper at the MIT Instrumentation Laboratory. At the project inception, the Apollo Guidance computer was considered the riskiest item as the use of the then new monolithic integrated circuits, to reduce the size and weight, increased this risk.
As a result, the ever first mass produced embedded system was the Guidance computer for the minuteman missile in 1961. it was the Autonetics D-17 Guidance computer, built using discrete transistor logic and a hard disk for main memory.
When the minuteman II went into production in 1966, the D-17 was replaced with a new computer that used integrated circuits, and was the first volume user of them. Without this program, integrated circuits might never have reached a usable price-point.
The crucial design features of the minuteman computer were that its guidance algorithm could be reprogrammed latter in the program to make the missile more accurate, and the computer could also test the missile, saving cable and connector weight.
1.2 Statement Of The Problem
Security has traditionally been a subject of intensive research in the area of computing and networking. However, security of embedded systems is often ignored during the design and development period of the product, thus leaving many devices vulnerable to attacks. The stated problem researched are namely:
• Hardware-enforced mechanisms: The low-level resources can only be accessed while the processor is in supervisor mode, and switching from user mode to supervisor mode can only be performed through specific entry points that branch to the access control code. On the user side, resources are represented indirectly by “handles”, e.g indices into kernel tables. Hardware memory management prevents user code from accessing kernel data directly. This model, while effective, is not always suitable. Sometimes, user-mode programs must be further partitioned into relatively trusted (web browser) and completely untrusted (web applets). Switching between user and supervisor modes can be expensive.
• Language-based Approach: An alternate, language-based approach executes all code within the same memory space, without hardware protections, but relies on strong typing to restrict access to sensitive resources. These resources are directly represented by pointers, but strong typing prevents these pointers from being forged, e.g. by guessing their addresses. Thus, the typing discipline of the language can be used to enforce security invariants on the resources.
1.3 Objective of Study
The strategic objective on embedded system security in this research is namely, to develop the next generation of technologies and tools for modeling design, implementation and operation of hardware/software systems embedded in intelligent devices.
The focus is on the following:
• Middleware and platform for building networked embedded systems that aim to hide the complexity of underlying computing, communications, sensing and control, while at the same time providing efficient and effective distribution of resources at low cost. Effort is geared towards scalable and self organizing platform that offer services for ad-hoc networking of very small devices and for mastering complexity through perception techniques for object and event recognition and advanced computing and control.
• Concepts, methods and tools for system design and development of warrantable software components and implementation of systems, with an emphasis on the correct handling of complex real-time constraints work includes unification of computational models and composition methods, holistic design addressing event and time constraints, interface technologies in hardware and software addressing real-world and legacy issues, and techniques and integrated validation tools to ensure ultra-stable, dependable embedded systems.
• Advanced controls for networked embedded systems focusing on networked autonomous system.
1.4 Benefits
If a resource is not reachable from the initial memory roots of a piece of code, memory safety, also called garbage collection safety, ensures that this code can never access this resource.
In contrast, two standard type-based encapsulation techniques can be used to provide controlled access to a resource namely: Procedural encapsulation and type abstraction.
• With procedural encapsulation, the resource is a free variable of a function closure, or private fields of an object, and only the closure or the object are given to the untrusted code. The latter, then, cannot fetch the resource pointers directly from the object or the closure (this would be ill-typed), and must call the function or a method of the object to operate on the resource; the code of the function or the method will then perform the required access checks before performing the operation.
• With type abstraction, the resource pointer itself can be given to the untrusted code, but its type is made abstract, preventing the code from operating directly on it; to use the resource code must call one of the operations provided in the signature of the abstract type, and this code will then perform access checks as described.
1.5 Scope Of Study
Today, security in one form or another is a requirement for an increasing number of embedded systems. Information security in this research work of embedded systems will be explored in the context of communications systems.
The communications channel for Local Area network which arts as an embedded system will ensure security functions such as data confidentiality, data integrity, and peer authentication.
1.6 Limitations Or Constraints
This study is written under the limitation of scarce information because some firms find it difficult to give out every information required.
The non-availability of effective text books and manuals on embedded system security and high cost of the few available ones also contributed to scarcity of information during the process of the research of this project work.. The work was to be carried out to meet a stipulated time, thereby leaving the researcher with limited time to carry out this study. And the research was carried out simultaneously with other courses which as well requires some attention.
1.7 Definition Of Terms
COMPUTER: This is device that works under the control of stored programs, automatically accepting, storing and processing data to produce information that is the result of that processing in a way it is understandable to its users.
COMPUTER HARDWARE: These are the electronic and mechanical elements of the computer, together with those devices used with the computer.
COMPUTER SOFTWARE: Are the various programs that may be used on a computer system together with their associated documentation.
FIRMWARE: The software written for many embedded systems, especially those without a disk drive.
USER IDENTIFICATION: A restricted access to an embedded system, only allowing authorized users.
PACKET FILTERING: Is a technique whereby routers have ACLs (Access Control Lists) turned on. Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network and vice versa.
HYBRID SYSTEM: In an attempt to marry the security of application layer gateways with the flexibility and speed of packet filtering, some vendors have created systems that use the principles of both.
TCP WRAPPER: Provide monitoring and control of network services.
SWATCH: This is a program used to parse through the myriad of LOG data generated by the various security programs in particular “SYSLOG”.
CONTROLLED ACCESS POINT (CAP): Provides a network mechanism intended to reduce the risk of password guessing, probing for well known accounts with default passwords, capture by network snooping.
DATA CONFIDENTIALITY: Protecting sensitive information from undesired eavesdroppers.
DATA INTEGRITY: This is ensuring that an information is not been changed illegitimately.
PEER AUTHENTICATION: This verifies that the information sent is received by appropriate parties rather than masqueraders.
DIGITAL RIGHTS MANAGEMENT (CONTENT SECURITY): Protects the rights of the digital content used in the system, and is an issue actively pursued by several content providers.
Click “DOWNLOAD NOW” below to get the complete Projects
FOR QUICK HELP CHAT WITH US NOW!
+(234) 0814 780 1594
Login To Comment