January 11th, 2016: The Secure Communication Module of CCC

  • Speaker: Mohammad Hamad (B4)
  • Title: The Secure Communication Module of CCC
  • Abstract: One goal of B4 project is developing the communications security architecture for the entire system to control over all communication links. To achieving this target, firstly we have implemented the secure network stack by rewriting the Genode IP library (LWIP). The reason for that is that the original Genode design assumes that each network-aware task will have its own IP stack and communicate with the physical network hardware. Instead we separated the LWIP code into two components, the one that resides in the task’s address space, and a separate communications service that talks to the actual hardware. We envisage a single communications service per ECU to avoid duplication and to allow a single task to process incoming IP connections. Our secure communications engine is located in this task and also includes the Keynote policy engine. By creating wrappers around all the LWIP calls, we allow transparent access to the secure communications engine without any changes to the source code of the legacy application.  Secondly, we have integrated IPsec to our network stack to provide the security, integrity and the mutual authentication between software components. However, like any other technology, IPsec has its own set of pros and cons. One main disadvantage is the communication overhead. This overhead becomes a critical factor with embedded systems because of their low computing power and limited resources. We have studied the overhead of using embedded IPsec in constrained resource systems in terms of the network latency and throughput. Our research demonstrated that the overhead imposed by IPsec protocols is small and well within the capabilities of even low cost microcontrollers such as the one used in the Raspberry Pi computer.