Embedded systems are integrated into a larger technical context and take over control, regulation, and data processing tasks – usually unnoticed by the user. They often work in networks with many other systems, such as cars, planes, household appliances and medical devices.

“Embedded systems are used in many critical areas, but they are seldom up-to-date in terms of IT security”, says Professor Davi. “One of the reasons for this is the real-time requirements they have to meet”. Real-time means that a system must complete its task within a set time. It guarantees that an airbag control unit, for example, triggers exactly at the right time in the event of a crash. “These strict time limits make it difficult to integrate security mechanisms into the software because they could affect the runtime behavior of the systems.”

With the RealSWATT framework, Professor Davi’s paluno team has developed a solution. It is based on the technique of remote attestation. This method allows the reliability of a device to be checked remotely, i.e., before networking: An inspector sends a request to the device, which triggers a measurement of the software status. If the measurement returns an unexpected value, this can be an indication of malicious code and networking is avoided. Unlike other remote certification approaches, the solution of the paluno team does not require custom hardware extensions nor special trusted computing components. It can therefore be used on commodity off-the-shelf low-cost embedded devices. The attestation runs continuously in the background on an otherwise unused processor core.

RealSWATT was thoroughly evaluated using a syringe pump. Manipulations caused by a simulated hacker attack were reliably detected and the real-time operation was not disrupted in any way. Tests with commercial smart home devices have confirmed this. Professor Davi is certain: “Embedded systems are often in operation for many years and hacker attacks can have fatal consequences. RealSWATT is a practical approach to improving security with simple means.”

RealSWATT was presented at the ACM Computer and Communications Security Conference in November 2021. The publication (“Remote Software-based Attestation for Embedded Devices under Realtime Constraints”) and a short presentation are available here: https://dl.acm.org/doi/10.1145/3460120.3484788