Choose an application

• Reference Manager
• EndNote
• RefWorks (Direct export to RefWorks)

The goal of this thesis is to develop an IoT gateway that uses Bluetooth low energy to securely communicate with sensors and input devices and that protects against external intrusion. Secure in this context means providing protection against eavesdropping attacks, spoofing attacks and Man In The Middle (MITM) attacks. A high level architectural diagram based on the scenarios provides by the main stakeholder of the case study will serve as the basis for a STRIDE security analysis. Using a selection of the most important threats, a prototype implementation is made. Throughout the thesis several refinements are made to make a final prototype that complies with the requirements provided by the main stakeholder. The envisioned application of the final design is a nurse-call system with strict security requirements. The resulting prototype mitigates the attacks that were possible in the original problem. A core contribution of the solution is the authentication protocol using lightweight certificates, and while there is an initial time cost to the authentication protocol, the long term cost of using this protocol is minimal.

Choose an application

• Reference Manager
• EndNote
• RefWorks (Direct export to RefWorks)

There has been a big increase in connected computing devices in recent years. Some of them are handling privacy-sensitive information in the cloud or performing safety-critical actions in modern automotive systems. Assuring all of those devices are secure and performing as expected is a big challenge. To that end, different software isolation techniques have been widely implemented in high-end systems. On embedded devices however, these techniques are often omitted because of resource constraints. Recent research on Protected Module Architectures (PMAs) aims to provide efficient isolation of software modules from any compromised software running on the system. Concrete implementations of PMAs exist both for high-end systems and low-end embedded devices. In practice, many large applications will likely consist of a heterogeneous set of platforms and thus a heterogeneous set of PMAs. This master's thesis looks into the secure interaction of different PMAs. One important observation is that there is no isolation mechanism that can protect against a modules' own source code when it contains memory safety vulnerabilities like the ones that are common in unsafe languages like C and C++. These vulnerabilities can nullify any integrity or confidentiality guarantees a PMA provides for a module. Taking into account these memory safety issues, a first main contribution of this master's thesis is to propose the use of Rust as an alternative to C/C++ for writing code that executes inside a protected module. Rust is positively evaluated as a promising alternative in terms of provided security, performance, and programmer effort. Two other, more practical, contributions focus on the specific PMAs Intel SGX and Sancus in the context of automotive control networks. The first one being an SGX enclave containing a rust port of the LeiA message authentication protocol. This enclave is able to keep a secure log of all authenticated traffic it observed on the CAN bus. The second enclave is a realization of an attestation server for such networks, a central entity responsible for attesting participating Sancus modules and providing them with fresh connection keys. Both show the viability of interaction between PMAs via secure communication channels, implemented in a safe and fast programming language.