Systematic Security and Timeliness Tradeoffs in Real-Time Embedded Systems

Real-time embedded systems are increasingly being networked. In distributed real-time embedded applications, e.g., electric grid management and command and control applications, it is required to not only meet real-time constraints but also support the data confidentiality, integrity, and authenticity. Unfortunately, in general, cryptographic functions are computationally expensive, possibly causing deadline misses in real-time embedded systems with limited resources. As a basis for cost-effective security support in real-time embedded systems, we define a quantitative notion of strength of defense (SoD). Based on the SoD concept, we propose a novel adaptive security policy in which the SoD can be degraded by decreasing the cryptographic key length for certain tasks, if necessary, to improve the success ratio under overload conditions. Our approach is lightweight. The time complexity of our approach is linear and its amortized version has the constant overhead per SoD adaptation period. Moreover, our approach supports desirable security features requiring an attacker to do extra work to find the cryptographic key. In the performance evaluation, we show that our approach can considerably improve the success ratio due to controlled SoD degradation under overload