Slide - Channel 9

klapdorothypondΚινητά – Ασύρματες Τεχνολογίες

23 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

67 εμφανίσεις

Rajesh
Kakde

Senior Windows Embedded Consultant

Adeneo

Corporation

Session Code: WEM302

Agenda

Adeneo

at a glance

Securing a Windows Embedded CE device

Security markets: overview and trends

System architecture for secured devices

using Windows Embedded CE





Gold partner with MSFT on firmware and application development

Adeneo at a Glance

Involved in CE development since 1998

Strong partnership with SVs and board manufacturers

Edition of BSP with maintenance & support to secure reliability

Training and consultation services

BSP, drivers, application development & turnkey services

2007 Excellence
Awards

Systems Integrator

ISV/Software
Solutions

Mobility Solutions

Securing a Windows Embedded Device

Trusted environment
features

Secured shells

Windows Embedded CE Secured Devices

Open
platforms

Semi
-
open
platforms

Closed
platforms

Windows CE Trusted Environment

Modules execute either in user or kernel mode

Critical APIs available only for kernel mode modules

All applications (.exe) executed in user mode

Only libraries (.dll) can execute in kernel mode

Certification function implemented in

a dedicated module of the kernel

Allow restricting execution to certified application

CertMod.dll in
public
\
common
\
oak
\
drivers
\
security
\
certmod

Windows Embedded CE Secured Shells

Handles user interaction with the system

Command shell

Graphical shell

Local shell

Mono applications

Multi applications

Remote shell

vs.

Components of a typical graphical multi applications shell

Desktop window

Taskbar

Task manager

Windows Embedded CE Secured Shell

Standard
Windows

shell

Final

application

shell

Secured
application

shell

Full open platform

Multi applications

Closed platform

Mono applications

Closed or semi
-
opened
platform

Multiple applications
support

Open platform device

Windows Embedded CE Secured Shell

Typical application


PDA like device

Characteristics

Standard shell allowing max user interaction

No trusted environment for max flexi

Benefits

Lots of flexibility for end user/third party

Security risks

Malware when connected to external world

3rd party malware apps installed locally

End user wrong usage

Windows Embedded CE Secured Shell

Closed platform device

Typical application


dedicated device

Characteristics

Direct application shell; mono application

Fully trusted environment

Benefits

Completely secured

Security risks

None, if well designed

Windows Embedded CE Secured Shell

Semi
-
opened platform device

Typical application


dedicated device with 3
rd

party expansion

Characteristics


Direct application shell


Trusted environment

Benefits

Completely secured with some flexibility

Security risks

None, if well designed

Security Markets Overview

Different types of markets


Critical life markets

Medical

Avionics


Critical economic markets

Banking

Payment

Key characteristics: Norm driven

FDA

DO178B

PCIPED

Security Markets Overview

Typical requirements

Performance


real time / deterministic

Completely secured against external access

Software piracy

Hardware piracy

100% test coverage

Need for specific certified software and hardware

Secured communication


authentication/cryptography

Security Markets Overview

Emerging Needs

More connectivity

Wired and wireless

More multimedia

Audio, video etc…

More openness

New markets access through third party add
-
ons

Incompatibility with specific certified software

Huge work to develop from ground
-
up

Requires complete re
-
certification of the system

Designing Secured Devices

System architecture

Identify critical

and non
-
critical
functions

Hardware and
software isolation
between critical
and non
-
critical
parts

Secure the
interfaces

Designing Secured Devices

Identification

Which hardware and which peripherals

Medical


all peripherals handling vital functions

Payment terminal


peripherals related to pin entry & identification

Which CPU

Dedicated certified ASIC for critical features

Dedicated MCUs with specific security features

Which software

Proprietary or dedicated certified OS

Proprietary or dedicated certified application

Identify critical software functions

Designing Secured Devices

Isolation


Be certain critical part of the design cannot be
corrupted by non
-
critical part

Hardware based isolation

Dedicated secured ASIC for critical part

Hardware design to ensure hardware security

ASIC/CPU with secured storage area for encryption keys

Violation detections (mechanical access, tamper detections…)

Software based isolation

SW Hypervisor/ Virtual Machine manager

Secured Device System Architecture

Securing the interfaces

Control all communication between critical

and non
-
critical parts

Full independence between critical and

non
-
critical peripherals

Only one interface, certified as part of critical part

Dedicated ASIC when using h/w isolation

Role of Hypervisor when using s/w isolation

Startup and update of non
-
secured part is

controlled by secured part

Case Study: Payment Terminal

Electronic Fund Terminal

Compliant with PCIPED certification

Advanced features

Allowing PIN based bank transactions

Playing advertisement videos

Wireless communication support (Bluetooth, Wi
-
Fi…)

CPU

Keypad

Battery

Printer

SAM

Modem

Display

Touchscree
n

USBDev

USBHost

Bluetooth

Wi
-
Fi

Ethernet

SDIO

Camera

Serial

Audio

GPRS

ASIC

Prop.O
S

ARM

CE 6.0

FPGA

Case Study: Payment Terminal

Block diagram

Case Study: Payment Terminal

Securing the interfaces

Only one communication interface, handled by FPGA

FPGA is critical part of the design

Communication using mailbox mechanism

Interfaces available

Access to secure peripherals from Windows CE

Access to non
-
secure peripherals from certified OS

Windows CE firmware update

FPGA driver on Windows CE side, with trust environment enabled

JTAG controlled by certified OS through FPGA

Windows CE firmware update handled by certified side

WEB server

Stock Mgt
Appli

Windows
Embedde
d CE

ARM Based Platform w/Security capabilities

LCD

Touchscreen

Ethernet / Wi
-
Fi

Secured

Payment

VM

HID
Secured VM

TS

driver

LCD

driver


Windows

Embedded CE

VM

vTS

driver

vLCD

driver

Hypervisor

Ordering

Appli

.NET CF
3.5

Case Study: Payment Terminal

System architecture

Summary

Windows Embedded CE provides all the mechanism

needed to build secure devices.

These mechanisms are also a key part of the design of

devices for security markets, where strong

certification requirements apply.

Strong system architecture using hardware or

software isolation is required.

Resources

Windows Embedded:

http://www.microsoft.com/windowsembedded/en
-
us/default.mspx



Books for reference:

http://msdn.microsoft.com/en
-
us/embedded/cc294468.aspx



Email:
rkakde@adeneocorp.com


Windows Embedded Resources

Website:
www.windowsembedded.com

Social Channels:


blogs.msdn.com/mikehall

b
logs.msdn.com/
obloch


Technical Resources:

http://msdn.microsoft.com/embedded

Tools evaluations:

www.windowsembedded.com/downloads

Required Slide

Track PMs
will
supply the content
for this slide,

which will be
inserted during

the final scrub.

www.microsoft.com/teched



Sessions On
-
Demand & Community

http://microsoft.com/technet



Resources for IT Professionals

http://microsoft.com/msdn



Resources for Developers

www.microsoft.com/learning



Microsoft Certification & Training Resources

Resources

Required Slide

Speakers,

TechEd 2009 is not
producing

a DVD. Please
announce that

attendees can
access
session

recordings at TechEd
Online.

Complete an
evaluation on
CommNet

and
enter to win!

Required Slide

©
2009 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademar
ks
and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the
dat
e of this presentation. Because Microsoft must respond to changing market conditions, it should
not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any informatio
n p
rovided after the date of this presentation.
MICROSOFT
MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Required Slide