I love this disclaimer that is often included in many data sheets for computers, “No computer system can provide absolute security under all conditions.” How true this statement is, but yet many military and aerospace computing platforms are frequently embedded in very mission critical applications that must be secure. Invasion from interlopers can bring a mission down. Increasing mobility of electronic platforms makes the challenge even more daunting. What are the major security issues designers need to be concerned with when developing embedded platforms? How can you reduce the risk of security intrusions when developing embedded platforms?
Computers are used in military and aerospace applications from IT to UAVs. The IT applications use server technology that has well established security protection built into the architecture but the UAV application has many embedded computing platforms that are not able to use much of the IT technology. In past years, protecting real-time, embedded platforms was a lower priority as each system was very isolated, but now, security is of paramount importance in embedded computing platforms, as more and more data is being transmitted and stored electronically. As platforms become more intelligent and connected, connected via wireless networks that are especially vulnerable, the concern for security has gained even more prominence.
Security is such a huge topic that it is hard to decide where to begin. I won’t be able to completely do the topic justice but at least I would like to be sure that your eyes are open to the basics. Risk is everywhere, hence the disclaimer at the introduction. Just when you think you might have a secure system, someone finds a vulnerability and brings down your platform. Short of a totally isolated system built with the highest degree of caution, a secure system is nothing but a dream. But understanding the types of security threats can at least help set some priorities and manage the risk.
In his book, “Security for Ubiquitous Computing”, John Wiley & Sons, Inc., Frank Stajano uses a well-established taxonomy to subdivide computer security threats into three categories, according to whether they threaten confidentiality, integrity or availability. Breaking security into these elements makes the evaluation of potential solutions easier and more effective.
Stajano describes confidentiality as the property that is violated whenever information is disclosed to an unauthorized principal. That may be a person or another computing device, either is relevant. Integrity is violated whenever the information is altered in an unauthorized way. It may be altered at a host or in transit between devices. Availability is the property of a system which always honors any legitimate requests by authorized principals. It is violated when an attacker succeeds in denying service to legitimate users, typically by using up all the available resources.
Security Risk Management.
Security is critical from the hardware through the layers of software all the way to the end application. Each is important to ensure the most secure system possible. To manage your risk, you must be sensitive to security threats through the entire system architecture. Security starts at the processor. A foundation or root-of-trust must be established to provide security services upon which to build a robust security environment. Intel vPro technology was first introduced in 2006 and has been upgraded with several new features since then. It offers a strong foundation upon which to build a secure system. Much has been published on the Intel vPro technology and I leave that to you for further research.
Intel® Trusted Execution Technology (Intel® TXT)
Establishes hardware-based root of trust to defend against software attacks at launch
Intel® Virtualization Technology (Intel® VT)
Works with Intel TXT to deliver built-in protection against malware and rootkit attacks
Intel® OS Guard
Delivers automatic “blanket” protection to defend against escalation-of-privilege attacks
Intel® Identity Protection Technology (Intel IPT) with public-key infrastructure (PKI)
Protects access points by working with authentication solutions to support hardware-based storage of tokens or certificates inside the platform
Intel® Advanced Encryption Standard New Instructions (Intel AES-NI)
Encrypts data up to four times faster without slowing performance or interfering with user productivity
Generates high-quality random numbers to enhance encryption for online transactions
Intel® Anti-Theft Technology
Offers tamper-resistant security to detect potential theft with the capability to automatically disable PCs
Intel® Advanced Management Technology (Intel® AMT)
Provides remote support for proactive threat management and diagnosing, isolating, and repairing an infected PC, regardless of operational state
Intel® Platform Protection Technology with BIOS Guard
Provides authentication and protection against BIOS recovery attacks; BIOS updates are cryptographically verified to ensure malware stays out of the BIOS
Intel® Platform Trust Technology and Intel® Boot Guard
Designed to work with Microsoft* Windows* 8., Intel Platform Trust Technology supports secure and measured boot, and Intel Boot Guard protects again boot block-level malware
The next layer of defense is at the BIOS level. The threat of attacks on the BIOS is growing with reports of intrusions at the BIOS level becoming more common. The National Institute of Standards and Technology (NIST) has released new security guidelines for updating the BIOS, the point at which the security threat is the greatest. Through new security guidelines – NIST SP 800-147, NIST is setting standards that require authentication of BIOS upgrade mechanisms.
BIOS providers have taken the security challenge seriously and offer suites of products providing multiple levels of security. They support the latest Intel vPro technology which allows users to manage, inventory, diagnose, and repair their systems in efficient, remote, and streamlined ways all without compromising system security. The BIOS providers support the NIST SP 800-147 guidelines and they offer multiple other security options to protect FLASH and other storage devices. Users prefer to keep as much of the security responsibility at the hardware and BIOS level as possible because that is where the defense is strongest.
Phoenix Technologies’ Phoenix SecureCore has an impressive suite of security support. American Megatrends (AMI) with its Aptio V UEFI BIOS compliant products features UEFI Secure Boot for enhanced platform security.
Operating systems play many roles in providing increased levels of security. The most recent advancement became more feasible with the introduction of multi-core processors that enable the ability to run multiple instances of operating systems on one multi-core processor. This has led to hypervisor architectures that can protect key elements of the software environment. Real-time operating system suppliers have made hypervisors a key part of their product portfolios.
Green Hills Software demonstrates an excellent example of how important security is to an operating system supplier. They have a dedicated business unit, INTEGRITY Security Services (ISS) business unit, to address the growing need for more secure software. ISS packages the INTEGRITY operating system with a toolkit to provide reliable and authenticated security software that can ensure these ubiquitous embedded devices remain secure.
ISS toolkits are based on the Green Hills proprietary Federal Information Processing Standards (FIPS) compliant Cryptographic Toolkit. The ISS Cryptographic Toolkit meets the latest government standards and also provides the underlying FIPS compliant cryptographic primitives for use with a comprehensive compliment of security protocols. The toolkits are designed to be small, scalable and certifiable by the US Government. Support is available for Windows, Linux, VxWorks, INTEGRITY and general-purpose operating systems on Intel processors.
ISS focuses on addressing:
- Authentication - the process of ensuring that users, devices and software on a network are correctly identified.
- Authorization - grants users and devices the right to access resources and perform specified actions.
- Network Access Control - mechanisms that limit access to the network to authenticated and authorized devices, software and users.
- Confidentiality - using ciphers to transform data to make it unreadable to anyone except those authorized and authenticated to view the data.
- Integrity - checking mechanisms are designed to detect unauthorized changes to transmitted data through the lifecycle of a device, software and data.
- Remote Management - a method to monitor, update and manage remotely manufactured and fielded devices.
Delivering end-to-end security solutions
A connected battlefield is critical to our Armed Forces' success. As multiple classifications of data are transmitted to more devices and vehicles on the battlefield; the requirement for a high assurance, portable encryption toolkit is critical.
Attacks on computers and networks continue to proliferate in spite of extensive software approaches to prevent these attacks. Establishing a strong digital identity for both the user and the computer system through hardware-based security is a significant step beyond software-only strategies.
The defense community has made cybersecurity a top priority. In the push for defense programs to use more COTS, the dependencies on Intel Intelligent System Alliance members and their products only becomes greater. Security never rests as defense systems shift to Intelligent Systems. New breaches are discovered and technology shifts to address the breaches.
I would love to hear more about your experiences as a system designer and what you have done or plan to do to manage security risks.
Solutions in this blog:
- Intel vPro technology
- Phoenix Technologies’ Phoenix SecureCore Tiano
- American Megatrends (AMI) Aptio V
- Green Hills Software INTEGRITY Secure Virtualization
- Security - Top Picks (blogs, white papers, and more)
- Military, Aerospace, Government - Top Picks (blogs, white papers, and more)
American Megatrends (AMI) is an Affiliate member of the Intel® Intelligent Systems Alliance.