Security and availability on embedded systems
Proceedings of the 28th European Safety and Reliability Conference (ESREL)
With the fast-paced development of the Internet of Things and its applications within the emerging field of Industry 4.0 — decentralizing decisions by remotely monitoring data and automata — the issues of security and reliability of the whole communication pipeline between the connected devices taking part in this smart industry become crucial. In such context of embedded systems, microcontrollers are widely preferred over microprocessors as they are cheaper, smaller and less energy consuming. Unfortunately, the implementation of security features on microcontrollers, such as signing and ciphering functions, can largely reduce the availability of embedded systems because these functions are energy consuming and computationally complex. Thus, a trade-off has to be found between the prescribed level of availability and security. It is important to note that such a trade-off greatly depends on how the embedded systems will be used, how they are supposed to communicate between each other and if a central node with high computing resources is available. For instance, a common architecture typically consist of several embedded systems communicating up and down with a unique server. Indeed, this architecture is used in several areas where a monitor must supervise and treat data, which is the reason why this setup is chosen. The present paper aims at proposing a method to reach the right trade-off between security and availability, depending on the available resources. However, this problem is difficult to address because of the complexity to measure the security or the availability of a system. Solutions featuring those characteristics and a generic approach are presented to find the most suitable trade-off, in the use case of Industry 4.0.