De Benedictis, Alessandra (2013) Change to survive: a Moving Target Defense approach to secure resource-constrained distributed devices. [Tesi di dottorato]

De Benedictis_ PhD Thesis.pdf

Download (2MB) | Preview
[error in script] [error in script]
Item Type: Tesi di dottorato
Lingua: English
Title: Change to survive: a Moving Target Defense approach to secure resource-constrained distributed devices
De Benedictis,
Date: 2 April 2013
Number of Pages: 96
Institution: Università degli Studi di Napoli Federico II
Department: Ingegneria Elettrica e delle Tecnologie dell'Informazione
Scuola di dottorato: Ingegneria dell'informazione
Dottorato: Ingegneria informatica ed automatica
Ciclo di dottorato: 25
Coordinatore del Corso di dottorato:
Date: 2 April 2013
Number of Pages: 96
Uncontrolled Keywords: Moving Target Defense, Wireless Sensor Networks, Reconfiguration, Security Metrics
Settori scientifico-disciplinari del MIUR: Area 09 - Ingegneria industriale e dell'informazione > ING-INF/05 - Sistemi di elaborazione delle informazioni
Aree tematiche (7° programma Quadro): TECNOLOGIE DELL'INFORMAZIONE E DELLA COMUNICAZIONE > Trasporti, telecomunicazioni, attrezzature mediche, etc. Tecnologie della fotonica, plastiche elettroniche, display flessibili e micro e nano sistemi
SICUREZZA > Sicurezza delle infrastrutture e dei servizi pubblici
Date Deposited: 05 Apr 2013 12:41
Last Modified: 04 Dec 2014 08:26
DOI: 10.6092/UNINA/FEDOA/9403


This doctoral thesis has been developed with the aim of defining a design methodology for monitoring architectures composed of resource-constrained devices (sensor nodes, FPGAs, smartphones...), able to take into account both functional and non-functional requirements. Even if our primary focus was on security, our activity was aimed at identifying a holistic approach able to meet even other quality requirements, such as performance and energy consumption, as they are fundamental in real world applications. Security, performance and energy consumption requirements are closely related to one another and are often conflicting, and typically in complex real-world scenarios they change over time, thus requiring the ability to adapt dynamically. These features make the definition of a comprehensive approach very challenging in constrained networks, and require the introduction of a more flexible strategy to achieve security while preserving the overall quality of the system. In order to cope with these issues, we proposed a reconfiguration approach based on the Moving Target Defense paradigm, an emergent technique aimed at continuously changing a system's attack surface for thwarting attacks. Such mechanisms increase the uncertainty, complexity, and cost for attackers, limit the exposure of vulnerabilities, and ultimately increase overall resiliency, with the result of decreasing the attack probability. We defined a reconfiguration model for a generic embedded node, identifying some of the possible reconfigurable parameters -- namely the firmware, the APIs and the cryptosystem adopted to secure exchanged data -- and characterized a reconfiguration strategy, aimed at choosing the new configuration to activate based on given requirements. In order to do that, we introduced a coverage-based security metric to quantitatively measure the level of security provided by each system configuration; such metric, along with the commonly adopted performance metrics, is used by the reconfiguration strategy to identify the configuration to activate in the system that best meets the current requirements. In order to show the feasibility of our approach in real applications, we considered a Wireless Sensor Networks (WSNs) case study. We defined a reconfiguration model characterized by two different cryptosystems, based on Elliptic Curve Cryptography (ECC), at the security layer, and two different firmware versions at the physical layer. We developed and implemented two ad-hoc reconfiguration mechanisms to perform security-level and physical-level reconfiguration, and conducted specific analyses on the security layer to show how reconfiguration can help increase, or at least control, the security level provided by a system. At this aim, we first analyzed the performance, consumption and intrinsic security level provided by the two considered cryptosystems, and then conducted theoretical and experimental evaluations to show that reconfiguration is effective in increasing the complexity for the attacker. Current MTD designs lack quantitative metrics to measure the effectiveness of the proposed mechanisms in terms of enhanced security. We adopted the attack probability to indirectly measure the level of security provided by each configuration and show that our approach is capable of reducing the probability of successful attacks, compared to a baseline scenario where configurations are static.

Actions (login required)

View Item View Item