Defining an untethered device is an interesting task. For some, untethered means a portable computer that relies on a wireless connection to other computers. But untethered also means medical devices placed into the human body for diagnostic purposes, a semiconductor that includes an antenna and communication circuitry, wireless communication equipment for factory automation, mine tracking equipment for safety, and much more. Untethered evidently really refers to a technical capability and not to a traditional market segmentation.
Until fairly recently, most untethered devices used proprietary communications and closed Operating Systems (OSes). One of the beliefs that fostered the proprietary systems approach was the mistaken idea that using a closed system provided better security than common general purpose OSes. Obscure OSes held little reputation-building potential for hackers, so they focused their attention on mass market systems using a common OS such as Windows. Now we’re in the midst of fundamental changes. Systems experts have recognized that obscure doesn’t mean secure. While other changes are based on a systems philosophy that not only embraces popular OSes, but also adopts Open Software – the ultimate in transparency .
As untethered devices become the norm in a wide variety of applications employing a common OS and open source tools/applications, securing the mobile unit is required to ensure safety of people, data and equipment. One industry market researcher predicts that engineers will not have the tools necessary to achieve this goal until 2012. However, much of the required fundamental infrastructure is in place today.
Chief among the untethered applications requiring security are Medical, Industrial, Military, and retail. First responders will use the latest embedded technologies in mobile diagnostic equipment to securely transmit diagnostic data in real time to medical professionals. Intelligent multi-axis mobile robots will employ 3D machine vision and video analytics software to improve manufacturing factory floor efficiency while simultaneously assuring safety for people. New terminals will help bring low-cost banking services to remote locations. All of these embedded applications either already rely on, or will rely on, Internet Protocol technology for communication. Securing the communications channel is a key part of securing an embedded device.
The boot process is the beginning of securing an embedded system. Systems that are non-reprogrammable have one of the lowest native security risks possible because there’s relatively little opportunity for exploiting simple software attacks. This fact does not lessen the need for security in these systems because many non-reprogrammable systems are vulnerable to theft which gi ves hackers complete access to the device. In this case, physical hardware hacks join the more traditional software attack as methods of breaking into the system.
For systems in which applications software can be loaded onto the system, the security risks increase. Many different attacks on systems begin during the boot process. Intel’s Trusted eXecution Technology (TXT) provides developers with a configurable boot process that minimizes chances for corruption. The basics of TXT were explored in an earlier blog. When supported by an Intel processor with required hardware support, TXT provides a first, fundamental line of defense against hacking and attempts by unauthorized people from compromising the system.
Beyond the boot process, software isolation is one technique to improve security. Virtualization adds an additional layer of software to the system. Green Hills® Software, an Affiliate member of Intel® Embedded Alliance, provides software designed to work with Intel Virtualization Technology hardware support, when present in the processor, to isolate applications software and kernel functions. This provides the highest degree of security currently possible.
Regardless of how virtualization is implemented and used, it is always necessary for an additional layer of software to be part of the overall system. This additional layer schedules the operating systems which share the hardware platform, manages the resources assigned to each OS, and saves/restores state when context switching between the OSes. In this way each OS executes within a "virtual machine" (VM) rather than on a physical machine. This additional layer of software, the Virtual Machine Monitor (VMM), manages the execution of OSes. A more detailed treatment of VMMs for embedded systems is available at http://www.intel.com/technology/itj/2006/v10i3/5-communications/1-abstract.htm
Green Hills Software’s INTEGRITY® can host a wide range of guest operating systems in Padded Cell™s and simultaneously hosting safety and security-critical native INTEGRITY® applications. Using this model allows developers to maintain real-time performance and protect critical applications from other applications. Guest operating systems may include Alliance Associate member Wind River Systems’ VxWorks, BSD, Red Hat Linux, Alliance Associate Sun Microsystems Solaris, and Alliance Associate Microsoft®’s Windows®. For example, Windows or Linux can be hosted on Padded Cell® virtual machines where they can be protected and isolated from common security threats. For industrial control and automation, INTEGRITY® Padded Cell™ supports retrofitting these systems to make them resistant to attack. Of course, newly developed Industrial Control and Automation applications can be developed to gain a greater advantage by relying on virtualization techniques as a fundamental part of the design.
For untethered embedded systems that rely on a server for all or part of its functionality, there are OSes that can be configured to reduce their footprint and only provide server services necessary for the whole embedded system. Microsoft Windows 2008 R2 server software can be configured in a minimal footprint in a server-client system. When configured as an embedded server, Windows 2008 is designed to:
- Protect your network against unauthorized or unhealthy computers
- Deploy small footprint specialized servers
- Achieve more highly secure server communication
- Reduce server attack surfaces
- Provide best-of-breed data encryption
Design decisions for embedded applications that require security depend heavily on the actual applications. In this blog we’ve examined a number of alternative and options for securing untethered applications from data vulnerabilities and hijacking of the platform through software attack.
Intel Virtualization, whether for realtime systems or not provides embedded systems with a wide selection of techniques to insulate the system from outside attack. Physical loss of the embedded device by a user is still a risk to be managed. But like the standardized TXT technology, there are other ways to guard against unauthorized access under those conditions that are outside the scope of this blog.
What applications are you developing that need enhanced security?