Security method of embedded software for mechatronic systems

A. Venčkauskas*, N. Jusas**, L. Kižauskienė***, E. Kazanavičius****, V. Kazanavičius***** *Kaunas University of Technology, Studentų 50, 51368 Kaunas, Lithuania, E-mail: algimantas.venckauskas@ktu.lt **Kaunas University of Technology, Studentų 50, 51368 Kaunas, Lithuania, E-mail: nerijus.jusas@stud.ktu.lt ***Kaunas University of Technology, Studentų 50, 51368 Kaunas, Lithuania, E-mail: losta@ifko.ktu.lt ****Kaunas University of Technology, Studentų 50, 51368 Kaunas, Lithuania, E-mail: ekaza@ifko.ktu.lt *****TEO LT, AB, Lvovo g. 25, 09320 Vilnius, Lithuania, E-mail: vkaza@ifko.ktu.lt


Introduction
Mechatronic systems are widespread in various areas of lifehome, office, manufacturing, and transport.They are widely used in robots, digitally controlled machines, "smart machine tool" and so on.The typical view of mechatronics is as a combination of mechanical and electrical systems controlled by an embedded control system [1] (Fig. 1).
Fig. 1 Mechatronics is a synergy of mechanical and electrical systems controlled by an embedded system Machining is a process that removes a lager of material from a workpiece in the form of chips to obtain the desired product shape, size, accuracy, and surface quality.Conventional machining operations, which include turning, milling, grinding, and drilling are among the most common activities in the manufacturing industry (US industries spend US $100 billion annually to machine metals).Experimental structure of smart machine tool is presented in Fig. 2. Fig. 2 Experimental structure of smart machine tool The complex interaction between machines, tools, workpieces, fluids, measurement systems, material handling systems, humans and the environment in cutting operations requires the application of sensors or embedded systems to ensure efficient production identify the needs for maintenance, protect workers and the environment [2].Standard approaches of process monitoring are the measurement or identification of the interaction between the process and machine structure.
In a "smart machine tool" the objective is to maintain an optimized cutting performance by using sensors and control systems with knowledge accumulation capability for use in future production.Vibrational behavior of the tool is of utmost importance since it significantly affects the workpiece [3].For example, measurement of vibrations on the tool fixture is one of the indirect methods to evaluate the effects of the cutting force.
Vibration sensor signals are very sensitive to the change of workpiece dynamics, which reflects the change of cutting force due to the tool wear.During machining operation the sensors collect tool vibration signals in realtime, which are transmitted to the machine control system via feedback loop, which adjusts cutting parameters, if required, in order to reduce excessive unwanted vibrations in machine-tool-workpiece system thereby ensuring high machining quality and higher productivity.These cutting parameters may include feed rate, depth of cut, spindle speed, etc.As the sensors need to be installed near the cutting area inside the machining chamber, the wiring is an obstacle to the application of vibration measuring device in machining centers, in particular in milling machines, where the cutter and workpiece are always moving.Therefore, wireless data transmission is an attractive solution for vibration monitoring in machining operation.
Sensor systems must be able to be interfaced with open system architecture controllers for machines and systems must be designed to accommodate needs of so called "reconfigurable" systems.Activity in both of these areas is still predominately in the research stage with few industrial applications.Accordingly, one of the main challenges in future machining process monitoring systems is the development of algorithms and paradigms that are truly autonomous from machine tool operators with signal feature extraction and decision making performed without intervention of the operator, who should provide only very simple (the lesser, the better) input and information.
Integral parts of mechatronic systems, which often determine the system's functionality and vitality, are the embedded control systemsdigital hardware and software subsystem.As an integral part, mechatronic systems and embedded systems face significant challenges in information security; these systems usually have very limited resources and function in an unsafe environment.Embedded systems usually perform critical functionscontrol important real time objects, process important information, therefore its work can be sabotaged.
Security requirements of an embedded system's depend on specific areas of application [4].The following requirements are related to the general requirements for information security: integrity, availability and confidentiality.However, the specificity of mechatronic systems, their mobility and work in real time, typically have certain limitations such as processing gap, energy gap, flexibility, tamper resistance, assurance gap and cost, largely due to limited resources, performance and security requirements.
An important component of embedded systems, which often determines the system's performance and vitality is software.Software security has two aspects: secure program and program protection.We will explore the protection aspect of the program security.The main program protection vulnerabilities are [5]: violation of intellectual propertyillegal copying and distribution, improper use of licenses, and reverse engineeringdisclosure of software code, theft of algorithms and falsification of software codes.
According to a study by the Business Software Alliance (BSA) [6], software creators lost 51.4 billion dollars and pirated software accounted for 43% of all software, observing approximately 2% annual growth trend of piracy.
No matter from what threats software is protected, for example copying or stealing algorithms, attackers attempt to crack the protection by several methods including reverse engineering, including disassembly and decompilation, debuggers, disassemblers, decompilers, emulators, simulators and spoofing attacks [7].
There are many software protection methods, which are divided into software-based and hardware-based.
Software-based protection mechanisms are installed into software or algorithms that are protected and can be added to software code -code and date obfuscation [8], anti-debugging method [9], code encryption technology, self-modifying code and self-extracting code [10].
Hardware-based methods can significantly increase the level of security, because it is external device in which the level of security is controlled by the software provider and not by the end-user [11,12].By using additional hardware (commonly Dongle or USB keys), part of the program code or data (encryption keys) required to run the program, can be stored.However, this protection mechanism is relatively expensive and is generally only used for those programs that are of great commercial value.
Intermediate software/hardware methods are also usedtethering a program to a computer or devices signatures (CPU, RAM, ROM, BIOS, OS and etc. serial numbers, model ID and so on) [13][14][15].Firewalls are used for the protection of internet programs [16].These methods are usually used for anti-piracy in personal computers.
In assessing the limitations of embedded systems [17], one of the most acceptable software protection methods is encryption of a code.However, one needs to take into account the key's management issues; external storage medium, networktransfer must be secure, using SSL protocol and the encryption key entered manually.
Software development is one of the most challenging tasks during the design of a mechatronic system.Mechatronic system software is related to and dependent on the other system components; mechanics, electronics, controllers, etc.Therefore, ranges of techniques are used for the development of mechatronic system software.
Model driven architecture is an approach to increase the quality of complex software systems based on creating high level system models that represent systems at different abstract levels and automatically generating system architectures from the models.In the papers [18,19] is proposed a model-driven (model-based) approach to design the software part of a mechatronic system, which consists of two major parts; systematic modeling and correctness-preserving synthesis.In the paper [20] is presented an agent-based embedded control system design methodology for mechatronic systems.The paper [21] puts forward a component-based development method for increasingly complex embedded systems.Most methods used the UML (Unified Modeling Language) for the description of mechatronic systems.
Protection of programs is not directly related to mechatronic system functionality.In order for the developer to concentrate on the functionality, he should be free from issues related to program protection.Protection of programs must be automatically included in the system during the realization.For this it is necessary to describe the program protection requirements at a high level of mechatronic system design (UML).
Model-based approach is also widely used to create secure software.In the paper [22] are described processed data security and an access control requirement in the UML and OCL (Object Constraint Language), each vulnerability defined by its own stereotype.In the paper [23] is proposed an approach to the security model as a separate concern by augmenting UML with separate and new diagrams for role-based, discretionary and mandatory access controls; collectively, these diagrams provide visual access-control aspects.In the paper [24] is proposed security primitives (Authentication, data Integrity, data Confidentiality …) for UML; [25] defines User rights as UML and OCL context.The Secure UML meta-model [26] introduces the concepts of User, Role, and Permission to annotate UML diagrams with information pertaining to access control.In the paper [27] are described security criteria, such as confidentiality and integrity.He also defines in UMLSec a UML profile extension using stereotypes, tagged values and constraints.
As we can see, the UML is extended in various ways and is mainly used for creating secure software.
Our goal is to extend the model-driven embedded system development methodology measures to describe the requirements for the program protection to create a mechatronic system embedded software protection method.This method should implement a sufficient level of protection and not require additional hardware and security infrastructure.
In the following sections we describe the proposed security method of embedded software for mechatronic systems and investigate its characteristics and the possibilities of using for protection of embedded software.

Embedded software protection method
Protection method for mechatronic systems embedded software core is: 

encryption = {DES, AES, Blowfish}
In the constraints there may be specified a necessary level of protection, time limitations, encryption key, the number of signatures and the generation function and the encryption algorithm.If the protections settings are not specified, then the default level of the program protection is applied.
A representation of program protection requirements in UML diagram format is shown in Fig. 3.

Fig. 3 Representation of program protection requirements in UML diagram
By installing embedded software of a mechatronic system, according to a description of the UML, a special install program automatically adds the security measures, created by protection templates.
Secret keys are generated in our proposed method [28].Secret key generation process is shown in Fig. 4.
Protection key of software module is generated according to the protecting software headers and mechatronic system hardware and software components (control-ler, CPU, RAM, ROM, BIOS, OS, and etc.) signatures, using the fastest and simplest logical commands (XOR, OR).

Fig. 4 Secret key generation process
The encryption key must be a fixed length and must have sufficient value of entropy.The strings of an embedded system signature are variable in length.Key Derivation Functions [29] and hash functions MD5, SHA, SHA-2 [30] are used to format fixed-length and high entropy secret keys from the variable-length strings.
The structure of the protected program is presented in Fig. 5.To increase effectiveness of the program, only critical code modules are encrypted and other modulesthe program header, the data segments and noncritical modules are not encrypted.Encrypted code modules are decrypted in execution time automatically.Therefore, each module includes calls to key generation and decryption routines (Fig. 6).Fig. 6 The structure of the protected module The program is protected (the required modules are encrypted) during installation in mechatronic systems by using a special software installer, whose functioning is shown schematically in Fig. 7. Fig. 7 The software installer operation scheme The main steps of the installation process:  generation of program protections profile from UML and OCL constraints;  decomposition of program object's modules under program protections profile;  generation of the modules encryption key.Editing links between modules, encrypting and saving modules in system memory.
The next section will investigate the created method of the program protection characteristics.

Evaluation of embedded software protection method
For evaluation of the proposed method, we created a prototype of mechatronic system software installer that realizes the described options.We investigated the secret encryption key entropy and its dependence on the signature creation and the hash function, and the formation time.We also estimated the impact of various encryption algorithms to operation speed of protection mechanisms; this is vital to mechatronic systems operating in real time.
The experiments were performed on the PDA (Personal Digital Assistant) of the model ASUS P750 (Pocket PC platform, Intel PXA270 520 MHz CPU, 256 MB RAM, Windows Mobile © 6 Professional CE OS 5.2).We simulated the software of a mechatronic system by programming discrete mathematical methods.The experiment's initial dataheader of the program to be protected, mechatronic system hardware and software components signatures elements (Vendor ID, Type ID, Model ID and Serial Number), their lengths and numbers generated with programmable random strings and numbers generators.20 sets of signatures (from 2 to 7 elements) were generated.
Secret encryption keys are generated from the embedded system signature using Key Derivation Function.These functions use hash functions, such as MD5, SHA, SHA-2 etc. Furthermore, we investigated the influence of the hash function algorithm for the value of entropy.Since the embedded system signature, which was formatted using sign 4 function, based on OR and XOR operations [28], has the best entropy, we investigated the key generated by this function.Fig. 8 displays the entropy of keys, which was formatted from 7 component signatures, using sign 4 function and MD5, SHA and SHA-2 hash functions.All hash functions generate high-entropy cryptographic keys, however the least standard deviation (0.003) and the lower limit of prediction interval (0.994) contain keys generated using function SHA-2.
The computing time (ms) of the keys, which was formatted from 7 component signatures, using sign 4 and MD5, SHA and SHA-2 hash functions is shown in Fig. 9.As can be seen from Table 2, the best time characteristics were obtained by using the MD5 hash function, 65% faster than SHA-2.In the assessment of the generated key entropy (Table 1) and the generation time (Table 2), it is clear that for key generation it is better to use MD5, as the entropy is high enough, only 0.4% lower than the SHA-2, but with a much shorter generation time.
To investigate the impact of encryption algorithms to characteristics of program protection method, the simulated module solved the system of differential equations by using the Runge-Kutta method.The experiment was repeated 20 times and different algorithms were used to encrypt the module.Program execution times average and encryption module size (kB) are presented in Table 3.
As can be seen from Table 5, the best time characteristics were obtained by using the Blowfish, DES and IDEA algorithms.Blowfish are known to have better encryption (i.e.stronger against data attacks) than the other two.The Blowfish algorithm is the smallest size at 7.2 kB.It is therefore proposed to use the Blowfish algorithm to protect programs.

Conclusions
In this paper we have presented security method of embedded software for mechatronic systems.This method is based on encryption and decryption code of critical program modules during execution.
We proposed to describe protection requirements of the program modules in the UML diagram by using OCL constraints.
The proposed method effectively generates high entropy keys using the embedded system signature.
The Blowfish algorithm is the fastest and has better encryption: it is therefore proposed to use the Blowfish algorithm to protect programs.

SECURITY METHOD OF EMBEDDED SOFTWARE FOR MECHATRONIC SYSTEMS S u m m a r y
This paper proposes embedded software of mechatronic system protection method based on encryption and decryption code of critical program modules during runtime.Secret keys are not stored, but generated by the signature of mechatronic system components.This paper experimentally researches the application of symmetric cryptographic algorithms and the influence of security mechanisms on characteristics (value entropy of secret key, operating speed, and amount of memory) of embedded software.

Fig. 5
Fig. 5 The structure of the protected program

Fig. 8
Fig. 8 Keys entropy depend on the hash functions Entropy estimatesaverage, standard deviation

Fig. 9
Fig. 9 Keys generation time (ms) dependence on the hash functionsKey computing time estimatesaverage, standard deviation and prediction interval, depending on the hash function are shown in Table2.
protection requirements of the program modules are described in the UML diagram by using OCL con- in Table1.

Table 2
Keys computing time (ms) dependence on the function