I love the Internet, but let’s face it: the ‘net is a dangerous place.  As more embedded systems go online, the risks from malware and hackers are increasing exponentially.  So how can you reap the rewards of connectivity without exposing your embedded system to the dark side of the Internet?

 

One good place to start is with Intel® vPro™, a suite of hardware-assisted security and management technologies built into 2nd generation Intel® Core™ processors and chipsets. These technologies include:

 

  • Intel® Active Management Technology (Intel® AMT), which provides remote management and energy-saving capabilities
  • Intel® Trusted Execution Technology (Intel® TXT), which supplies security protection over and above ordinary software solutions
  • Intel® Virtualization Technology (Intel® VT), which improves the efficiency and security of virtualized environments

 

Together, these technologies provide a foundation for proactive threat deterrence – an approach that stops threats before they breach your system and isolates compromised systems so the damage is contained.

 

For a good introduction to Intel vPro and its applications in embedded systems, I recommend the Kontron white paper Building Trusted Systems. This isn’t super bits-n-bytes technical, but it’s a great starting point for understanding the technology. For a deeper dive, Kontron has written another paper, Standardized Security Principles for Embedded Computing Industries that is well worth reading. Kontron is a Premier member of the Intel® Embedded Alliance, whose 160-plus members collaborate closely with Intel to create optimized hardware, software, tools, and services that give OEMs a head start on their designs.

 

The Intel AMT component of Intel vPro gives remote IT staff “out-of-band” access. This means a staffer can remotely access a device even if it is powered down or has a failure at the OS or BIOS level.  Using Intel AMT, IT can remotely repair and update the BIOS, OS, or system software. It also enables scheduled power management – for example, automatically turning off a point-of-sale (POS) device at the end of the day and powering it back on before the next sales day begins.

 

To learn more about Intel AMT, check out the article Manage and Secure Remote Systems by IEI, an Associate member of the Alliance. This article shows how remote management improves security and reduces maintenance in digital signage, POS terminals, kiosks, ATMs, and other remote networked devices. You can also peruse a list of Alliance solutions that support Intel AMT.

 

Intel TXT performs a measured and verified launch of the OS kernel and (if present) the hypervisor, ensuring that a system launches into a known-good state. To see how Intel TXT can be used in conjunction with Intel AMT and Intel VT, see Open, Secure Platforms for Health Information by Emerson, a Premier member of the Alliance. The principles outlined in this article apply to a range of applications beyond the medical field, including retail and industrial applications. You can also take a look at our related solutions.

 

Intel VT provides hardware acceleration for virtualization, a technology that enables multiple OSs to run on a single hardware platform. To dig into Intel VT, I recommend the white paper The Benefits of Virtualization for Embedded Systems. This paper lays out the typical use cases, as well as solutions using Intel VT from Alliance members.  I also recommend browsing Intel VT-enabled solutions from the Alliance to get an idea of what you can do with this technology.

 

If you already know about virtualization, you may know that the technology is often associated with multi-core technology. While Intel VT is also available on many multi-core processors, it is also available on the single-core Intel® Atom™ Processor E6xx series. To see how you can put this processor to work, check out Securing Smart Grid Devices from Associate Alliance member Wind River and Securing Low-Power Devices with Virtualization from Affiliate Alliance member Green Hills Software.

 

It’s also worth noting that Intel VT is available in Intel® Xeon® processors. This is one of many features that makes Intel Xeon processors well-suited to network security applications. To see one example of how this works, read the article Versatile Network Security Devices by Associate Alliance member Norco.

 

security.pngThe links I’ve listed here only scratch the surface of what the Alliance has to offer.  For more on securing connected devices, see intel.com/go/embedded-security. The materials on this page will give you a great start on building your own secure system.

 

Kenton Williston

Roving Reporter (Intel Contractor), Intel® Embedded Alliance

Editor-In-Chief, Embedded Innovator magazine

Follow me on Twitter: @kentonwilliston