Sage Journals: Discover world-class research

Abstract

The process of creating secure embedded systems with sensor network is highly challenging and complex, particularly from a technical viewpoint. A secure embedded system is used for a specific purpose and operation, and needs hardware-software codesign methodology. As such, there are many considerations in terms of system design when the system developer creates or constructs a secure embedded system with sensor network. However, there is a lack of research into quality models in the area of secure embedded systems in sensor network. This paper seeks to redress this issue by presenting a quality model for a secure embedded system with sensor network. Each quality for the secure embedded system is constructed according to DeLone and McLean's success information system, and has subcriteria according to their characteristics. The present research also focuses on making a quality model network which considers the correlation between the qualities' attributes.

1. Introduction

The computer communication system demands user or human centric system that it can guarantee security properties such as authenticity, integrity, privacy, anonymity, and availability [1]. Nowadays, embedded system has been applied to many areas like smart phones, communication system, information system, control system, and so on. And embedded real-time systems become more and more complex as the traditional development process of manual coding from scratch followed by tedious testing is becoming inadequate. Nowadays success in the development of embedded systems depends on aspects such as low cost, reliability, quickness to market, and cost-effective variations in the product [2]. In an embedded systems environment, there are often limitations in terms of processing power, storage capacity, network bandwidth, and so on, and these factors are at odds with the computationally intensive nature of the cryptographic algorithms underlying many security protocols [3].

In particular, in sensor network environment [4–7], embedded system needs more security technique to improve reliability and efficiency. We call it to secure embedded system. Secure embedded systems are vulnerable to attacks, like physical tampering, malware, and side-channel attacks. Therefore design of secure embedded systems has to be guided by the following factors: small form factor, good performance, low energy consumption, longer battery life, and robustness to attacks [3]. So, when the engineer or system designer develops a secure embedded system with sensor network, they have to consider the environment of specific application: secure embedded software must typically fulfill stringent QoS (Quality of Service) (nonfunctional) requirements imposed by the runtime environment such as severely limited CPU power and memory, network bandwidth, authenticity, and the application domain such as hard real-time constraints. However it is difficult to consider all of these characteristics at the same time. And it needs to identify the quality criteria and to consider the correlation. In the contents, there is a lack of research into practical quality models for secure embedded systems with sensor network.

Decision-making systems could be helpful in identifying the relationship between the quality criterions and to extract important criteria from among these. The Analytic Hierarchy Process (AHP) [8] is one of the widely used approaches to handle such a multicriteria decision-making problem. However, a significant limitation of AHP is the assumption of independency among the various criteria of decision-making. The analytic network process (ANP), on the other hand, captures interdependencies among the decision attributes, thus allowing for a more systematic analysis. It also allows inclusion of all the relevant criteria that have some bearing on arriving at the best decision. Contrary to AHP, ANP provides a more generalized model in decision-making without making assumptions about the independency of the higher-level elements from lower-level elements and also of the elements within a level. Despite all these merits, the applications of ANP are not very common in a decision-making problem scenario. However, in recent years, there has been an increase in the use of ANP in multicriteria decision-making problems [9].

In this paper, this research aims to present a quality model for secure embedded systems with sensor network which takes into consideration the correlation between the quality criterions. Each of quality criteria has been extracted from DeLone and McLean's model, which is one of the most famous and successful models. The quality criteria of the system have many subcriteria resulting in different characteristics for the secure embedded system. For multicriteria decision-making problems, this research uses ANP. Finally, the research will suggest what the important criteria in secure embedded systems with sensor network for system engineer are.

2. A Secure Embedded System and Its Quality Model

2.1. A Secure Embedded System with Sensor Network

Generally, embedded systems are commonplace; in industrialized countries they outnumber people by about an order of magnitude. This includes smart phones and applications, cars, entertainment devices, and broadband modems. With our increasing dependence on embedded systems, their reliability and security become the most important issue, because embedded systems (e.g., smart phones) are used to perform financial transactions and also to store increasing amounts of sensitive personal data [10]. Therefore secure embedded systems are typically characterized by a specific functionality in a specific domain, where the software element is taking an increasingly important role [11]. Secure embedded software typically faces some unique constraints not found in desktop software or enterprise systems, such as limited resources, real-time requirements, hardware integration, cryptographic algorithms, and authenticity. Sadeghi and Stüble [1] suggest fundamental security requirements for building secure systems as follows. (i)

Trusted Computing Base (TCB): all components that can violate the defined security policy should be correct and trustworthy.

(ii)

Integrity of the TCB: the TCB should be protected from manipulations to guarantee the enforcement of security policies.

(iii)

Confidentiality and integrity of application code and data.

(iv)

Enforcing least privilege: a process should not be given more privilege than necessary to perform a task.

(v)

Trusted path to user: the inputs/outputs of the application a user interacts with should be protected from unauthorized access by other applications.

(vi)

Secure channel to devices and between applications: the integrity, confidentiality, and authenticity of interapplication communication should be maintained.

(vii)

Secure random numbers.

Besides, many secure embedded devices are often a part of some safety-critical system where failures are not acceptable. So, embedded devices should be reliable [2] and lightweight. In this case, lightweight means having an ability to easily be secure embedded in applications. Brinksma et al. [12] describe a lightweight component model that is being used to develop low-level programmable networking software. This model incorporates lightweight reflective mechanisms to assist in run-time deployment and dynamic reconfiguration of component compositions. Coulson et al. [13] proposes a model that can be implemented on a wide range of device types, including very small devices such as sensor motes.

2.2. A System Quality Model

Generally, QoS aspects with security requirements are a nontrivial operation involving both the description of the system functional behavior and the definition of the performance-related configuration parameters [14]. In a well-known success QoS model for the system, DeLone and McLean aimed to present influential criteria and their relationships. Since their introduction, the model has been applied and modified across hundreds of studies which prove that a general approach is needed to measure success. DeLone and McLean modified their model later and instead of five criteria (“system quality,” “information quality,” “use,” “user satisfaction,” and “individual impact”) that influence “organizational impact” the new model includes six criteria that influence “net benefits.” The developed model included “service quality” as a new criterion, “individual impact” was removed, and “intention to use” was added in relation to “use.” In addition, “net benefits” replaced “organizational impact” as an output of the measure [15]. DeLone and McLean [16] described the subcriterions which are in each quality of the model as follows. (i)

System quality measures the desired characteristics of a system. Usability, availability, reliability, adaptability, and response time (e.g., download time) are examples of qualities that are valued by users of a system.

(ii)

Information quality captures the e-commerce content issue. Web content should be personalized, complete, relevant, easy to understand, and secure if we expect prospective buyers or suppliers to initiate transactions via the Internet and return to our site on a regular basis.

(iii)

Service quality, the overall support delivered by the service provider, applies regardless of whether this support is delivered by the IS department, a new organizational unit, or outsourced to an Internet service provider (ISP).

(iv)

Usage measures everything from a visit to a Web site, to navigation within the site, to information retrieval, to execution of a transaction.

(v)

User satisfaction remains an important means of measuring our customers' opinions of our e-commerce system and should cover the entire customer experience cycle from information retrieval through purchase, payment, receipt, and service.

(vi)

Net benefits are the most important success measures as they capture the balance of positive and negative impacts of e-commerce on our customers, suppliers, employees, organizations, markets, industries, and economies and even our societies.

3. The Analytic Network Process

The analytic network process (ANP) is the most comprehensive framework for the analysis of public, governmental, and corporate decisions. It allows the decision maker to include all the factors and tangible or intangible criteria that have a significant effect on making a best decision. The ANP allows both interaction and feedback within clusters of elements (inner dependence) and between clusters (outer dependence). Such feedback best captures the complex effects of interplay in human society, especially when risk and uncertainty are involved [17]. The determination of relative weights in ANP is based on the pairwise comparison as in the standard AHP. Pairwise comparisons of the elements in each level are conducted with respect to their relative importance towards their control criterion based on the principle of AHP. Saaty [18] suggested a scale of 1–9 when comparing two criterions as shown in Table 1.

Table 1

Scale of 1–9 of Saaty.

Intensity of importance	Definition	Explanation
1	Equal importance	Two activities contribute equally to the objective
3	Moderate importance	Experience and judgment slightly favor one activity over another
5	Strong importance	Experience and judgment strongly favor one activity over another
7	Very strong or demonstrated importance	An activity is favored very strongly over another; its dominance is demonstrated in practice
9	Extreme importance	The evidence favoring one activity over another is of the highest possible order of affirmation
2, 4, 6, 8	Intermediate values between adjacent scale values	When compromise is needed

The score of $a_{i j}$ in the pairwise comparison matrix represents the relative importance of the criterion on row (i) over the criterion on column (j); that is, $a_{i j} = w_{i} / w_{j}$ . The score of 1 represents equal importance of two criterions and 9 represents extreme importance of the criterion i over the criterion j. The reciprocal value of the expression ( $1 / a_{i j}$ ) is used when the criterion j is more important than the criterion i. After all pairwise comparisons have been completed the priority weight vector (w) is computed as the unique solution of

\begin{matrix} A w = λ_{\max} W, \end{matrix}

(1)

where

λ_{\max}

is the largest eigenvalue of matrix A. The priority vector w is often normalized by

α = \sum_{i = 1}^{n} w_{i}

. The consistency index (C.I) of the derived weights could then be calculated by

\begin{matrix} C . I = \frac{λ_{\max} - n}{n - 1} . \end{matrix}

(2)

In general, if C.I is less than 0.10, satisfaction of judgments may be derived [18].

4. Quality Attributes for a Secure Embedded System with Sensor Network

The advantage of this methodology is that it not only supports decision-making for multicriteria on a secure embedded system but also suggests significant factors to the system developers or us. For this process, this research has to identify the quality attributes for a secure embedded system. However, the DeLone and McLean model is not suited to secure embedded systems in sensor network environment.

In particular, to consider security factor, Ravi et al. [19] propose the security requirements for embedded systems as follows. (i)

User identification refers to the process of validating users before allowing them to use the system.

(ii)

Secure network access provides a network connection or service access only if the device is authorized.

(iii)

Secure communications functions include authenticating communicating peers, ensuring confidentiality and integrity of communicated data, preventing repudiation of a communication transaction, and protecting the identity of communicating entities.

(iv)

Secure storage mandates confidentiality and integrity of sensitive information stored in the system.

(v)

Content security enforces the usage restrictions of the digital content stored or accessed by the system.

(vi)

Availability ensures that the system can perform its intended function and service legitimate users at all times, without being disrupted by denial-of-service attacks.

In terms of quality issues for secure embedded systems, it is necessary to consider criterion with security in embedded environments which have limited resources. These include memory and screen size, in addition to system performance such as CPU speed, and key pads, authenticity, reliability, each applying differently to its environment according to its individual purpose. Therefore the research extracts each criterion from the existing DeLone and McLean model and adapts it to our purpose. The proposed secure embedded system's quality consists of 5 criteria, system quality, information quality, function quality, efficiency quality, and maintenance quality, as described below. (i)

Systems quality has 8 subcriteria: adaptability (AD), availability (AV), reliability (RE), response time (RT), maturity (MA), fault tolerance (FT), recoverability (RA), and stability (ST).

(ii)

Information quality has 6 subcriteria: completeness (CO), ease of understanding (EU), characterization (CH), relevance (RV), security (SE), and being up-to-date (UD).

(iii)

Function quality has 6 subcriteria: assurance (AS), responsiveness (RP), usability (UA), operability (OP), interoperability (IP), and suitability (SU).

(iv)

Efficiency quality has 2 subcriteria: error rate (ER) and operation rate (OR).

(v)

Maintenance quality has 4 subcriteria: analyzability (AA), changeability (CA), MTTR (mean time between repair (MR)), and MTBF (mean time between failures (MF)).

5. ANP Model for a Secure Embedded System with Sensor Network

Using the proposed quality attributes, this research proposes a quality model which is of benefit to a secure embedded system. According to the relation of each quality shown in Figure 1, this research considered the correlation between the subcriteria and calculated pairwise comparisons and eigenvectors.

Figure 1

Proposed quality model for a secure embedded system.

Table 2 shows the value after processing of system quality; $λ_{\max}$ is 8.3515 and the C.I value is 0.0502. For information quality, $λ_{\max}$ is 6.1952 and the C.I value is 0.0390 as shown in Table 3. Table 4 shows the value for function quality; in this case, $λ_{\max}$ is 6.1830 and the C.I value is 0.0366. For efficiency quality, Table 5 shows that $λ_{\max}$ is 2.0000 and the C.I value is 0.0000. Table 6 shows the value for maintenance quality that $λ_{\max}$ is 4.0728 and the C.I value is 0.0243.

Table 2

Pairwise comparison matrix and eigenvector for system quality.

	AD	AV	RE	RT	MA	FT	RA	ST	Eigenvector
AD	1.0000	3.0000	4.0000	8.0000	2.0000	5.0000	6.0000	3.0000	0.7010
AV	0.3333	1.0000	2.0000	5.0000	0.3333	4.0000	4.0000	0.5000	0.2756
RE	0.2500	0.5000	1.0000	4.0000	0.3333	2.0000	3.0000	0.5000	0.1848
RT	0.1250	0.2000	0.2500	1.0000	0.1667	0.2500	0.5000	0.1667	0.0546
MA	0.5000	3.0000	3.0000	6.0000	1.0000	4.0000	5.0000	2.0000	0.4975
FT	0.2000	0.2500	0.5000	4.0000	0.2500	1.0000	2.0000	0.2500	0.1215
RA	0.1667	0.2500	0.3333	2.0000	0.2000	0.5000	1.0000	0.2000	0.0800
ST	0.3333	2.0000	2.0000	6.0000	0.5000	4.0000	5.0000	1.0000	0.3560

Table 3

Pairwise comparison matrix and eigenvector for information quality.

	CO	EU	CH	RV	SE	UD	Eigenvector
CO	1.0000	4.0000	0.5000	3.0000	5.0000	2.0000	0.4909
EU	0.2500	1.0000	0.2000	0.5000	2.0000	0.2500	0.1192
CH	2.0000	5.0000	1.0000	4.0000	6.0000	3.0000	0.7528
RV	0.3333	2.0000	0.2500	1.0000	3.0000	0.3333	0.1840
SE	0.2000	0.5000	0.1667	0.3333	1.0000	0.2000	0.0800
UD	0.5000	4.0000	0.3333	3.0000	5.0000	1.0000	0.3711

Table 4

Pairwise comparison matrix and eigenvector for function quality.

	AS	RP	UA	OP	IP	SU	Eigenvector
AS	1.0000	0.5000	0.3333	0.2500	0.2500	0.2000	0.0970
RP	2.0000	1.0000	0.5000	0.3333	0.3333	0.2500	0.1476
UA	3.0000	2.0000	1.0000	0.5000	0.3333	0.2500	0.2135
OP	4.0000	3.0000	2.0000	1.0000	0.5000	0.3333	0.3382
IP	4.0000	3.0000	3.0000	2.0000	1.0000	0.5000	0.4872
SU	5.0000	4.0000	4.0000	3.0000	2.0000	1.0000	0.7559

Table 5

Pairwise comparison matrix and eigenvector for efficiency quality.

	ER	OR	Eigenvector

ER	1.0000	3.0000	0.7010
OR	0.3333	1.0000	0.3560

Table 6

Pairwise comparison matrix and eigenvector for maintenance quality.

	AA	CA	MR	MF	Eigenvector
AA	1.0000	0.5000	0.2000	0.2500	0.1255
CA	2.0000	1.0000	0.2500	0.5000	0.2186
MR	5.0000	4.0000	1.0000	3.0000	0.8806
MF	4.0000	2.0000	0.3333	1.0000	0.4012

$λ_{\max}$ is 8.3515 and the C.I value is 0.0502. For information quality, $λ_{\max}$ is 6.1952 and the C.I value is 0.0390 as shown in Table 3. Table 4 shows the value for function quality; in this case, $λ_{\max}$ is 6.1830 and the C.I value is 0.0366. For efficiency quality, Table 5 shows that $λ_{\max}$ is 2.0000 and the C.I value is 0.0000. Table 6 shows the value for maintenance quality that $λ_{\max}$ is 4.0728 and the C.I value is 0.0243.

As a result of this process, this research shows the numerical value of the degree of influence of each quality and subcriteria for the secure embedded system. The result of the final priority weight calculation is summarized in Table 7. In this result, to develop a successful secure embedded system, this research considered the following criteria as significant factors: adaptability (AD) in system quality, characterization (CH) in information quality, suitability (SU) in function quality, operation rate (OR) in efficiency quality, and MTTR (mean time between repair (MR)) in maintenance quality.

Table 7

The result of the final priority weight calculation by ANP.

System quality	Final weight	Ranking	Information quality	Final weight	Ranking	Function quality	Final weight	Ranking	Efficiency quality	Final weight	Ranking	Maintenance quality	Final weight	Ranking
AD	0.3087	1	CO	0.2457	2	AS	0.0476	6	ER	0.2500	2	AA	0.0772	4
AV	0.1214	4	EU	0.0597	5	RP	0.0724	5	OR	0.7500	1	CA	0.1344	3
RE	0.0814	5	CH	0.3768	1	UA	0.1047	4				MR	0.5416	1
RT	0.0240	8	RV	0.0921	4	OP	0.1658	3				MF	0.2468	2
MA	0.2191	2	SE	0.0400	6	IP	0.2389	2
FT	0.0535	6	UD	0.1857	3	SU	0.3706	1
RA	0.0352	7
ST	0.1568	3

C.I.	0.0502		C.I.	0.0390		C.I.	0.0366		C.I.	0.0000		C.I.	0.0243
$λ_{\max}$	8.3515		$λ_{\max}$	6.1952		$λ_{\max}$	6.1830		$λ_{\max}$	2.0000		$λ_{\max}$	4.0728

6. Conclusions

This paper aimed to address the need for a quality model for secure embedded systems which use ANP. In particular, the quality attributes have to consider the special environment of the secure embedded system, such as situations that have many limitations to use or develop applications or software. This research constructed 5 criteria—systems quality, information quality, function quality, efficiency quality, and maintenance quality, for secure embedded systems. The research also addressed each criterion's relation to and influence on other criteria. Ultimately, this research was able to find the most significant criterion between the qualities as a result of the ANP process.

Footnotes

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

The research was supported by the Ministry of Science, ICT and Future Planning (MSIP), Republic of Korea, under the Information Technology Research Center (ITRC) support program (NIPA-2014-H0301-13-4007) supervised by the National IT Industry Promotion Agency (NIPA).

References

Sadeghi

Stüble

Towards multilaterally secure computing platforms - With open source and trusted computing

Information Security Technical Report 2005 10 2 83 95

2-s2.0-23444435267

10.1016/j.istr.2005.05.004

Components and contracts for embedded software

Proceedings of the 12th IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECS '05)

April 2005

19 24

2-s2.0-28444455993

Potlapally

Topics in secure embedded system design, department of electrical engineering [Ph.D. thesis] 2008

Princeton, NJ, USA

Princeton University

Gnanaraj

J. W.

Ezra

Rajsingh

Smart card based time efficient authentication scheme for global grid computing

Human-Centric Computing and Information Sciences 2013 3 16

Yoon

Kim

Y.-K.

Chang

J.-W.

An energy-efficient routing protocol using message success rate in wireless sensor networks

Journal of Convergence 2013 4 1 15 22

Dubey

Sahu

O. P.

Self-localized packet forwarding in wireless sensor networks

Journal of Information Processing Systems 2013 9 3 477 488

Zeng

Cao

Hong

Zhang

Xie

Secure localization and location verification in wireless sensor networks: a survey

Journal of Supercomputing 2013 64 3 685 701

2-s2.0-78049396450

10.1007/s11227-010-0501-4

Saaty

T. L.

The Analytic Hierarchy Process 1980

New York, NY, USA

McGraw-Hill

Jharkharia

Shankar

Selection of logistics service provider: an analytic network process (ANP) approach

Omega 2007 35 3 274 289

2-s2.0-33748259237

10.1016/j.omega.2005.06.005

10.

Heiser

Secure embedded systems need microkernels

USENIX 2005 30 6 9 13

11.

Berbers

Rigole

Vandewoude

Baelen

S. V.

CoConES: an approach for components and contracts in embedded systems

Lecture Notes in Computer Science 2005 3778 209 231

12.

Brinksma

Coulson

Crnkovic

Evans

Gérard

Graf

Hermanns

Jonsson

Ravn

Schnoebelen

Terrier

Votintseva

Jézéquel

J. M.

Component-based design and integration platforms

ARTIST Advanced Real-Time Systems Project IST-2001-34820

Information Society Technology

13.

Coulson

Grace

Blair

Duce

Cooper

Sagar

A middleware approach for pervasive grid environments

Proceedings of the UK e-Science Programme Workshop on Ubiquitous Computing and e-Research, UK-UbiNet

2005

14.

Aldini

Bernardo

A formal approach to the integrated analysis of security and QoS

Reliability Engineering and System Safety 2007 92 11 1503 1520

2-s2.0-34447102446

10.1016/j.ress.2006.10.003

15.

Halonen

Thomander

Measuring knowledge transfer success by D&M

Working Papers on Information Systems 2008 Volume 8, number 41

Sprouts

16.

DeLone

W. H.

McLean

E. R.

The DeLone and McLean model of information systems success: a ten-year update

Journal of Management Information Systems 2003 19 4 9 30

2-s2.0-0037368865

17.

Gülfem

Semih

Ö.

Umut

R. T.

Bahadır

G. I.

An analytic network process approach for locating undesirable facilities: An example from Istanbul, Turkey

Journal of Environmental Management 2008 88 4 970 983

2-s2.0-48949118500

10.1016/j.jenvman.2007.05.004

18.

Neaupane

K. M.

Piantanakulchai

Analytic network process model for landslide hazard zonation

Engineering Geology 2006 85 3-4 281 294

2-s2.0-33744823280

10.1016/j.enggeo.2006.02.003

19.

Ravi

Raghunathan

Kocher

Hattangady

Security in embedded systems: design challenges

ACM Transactions on Embedded Computing Systems 2004 3 3 461 491

An ANP-Based Practical Quality Model for a Secure Embedded System with Sensor Network

Abstract

1. Introduction

2. A Secure Embedded System and Its Quality Model

2.1. A Secure Embedded System with Sensor Network

2.2. A System Quality Model

3. The Analytic Network Process

4. Quality Attributes for a Secure Embedded System with Sensor Network

5. ANP Model for a Secure Embedded System with Sensor Network

6. Conclusions

Footnotes

Conflict of Interests

Acknowledgments

References