290 likes | 455 Views
Developing Devices with Windows Embedded CE 6.0 for Critical Security Markets. Rajesh Kakde Senior Windows Embedded Consultant Adeneo Corporation Session Code: WEM302. Agenda. Adeneo at a glance Securing a Windows Embedded CE device Security markets: overview and trends
E N D
Developing Devices with Windows Embedded CE 6.0 for Critical Security Markets Rajesh Kakde Senior Windows Embedded Consultant Adeneo Corporation Session Code: WEM302
Agenda • Adeneo at a glance • Securing a Windows Embedded CE device • Security markets: overview and trends • System architecture for secured devices using Windows Embedded CE
Adeneo at a Glance Involved in CE development since 1998 Strong partnership with SVs and board manufacturers Edition of BSP with maintenance & support to secure reliability Training and consultation services BSP, drivers, application development & turnkey services Gold partner with MSFT on firmware and application development ISV/Software Solutions Mobility Solutions 2007 Excellence AwardsSystems Integrator
Securing a Windows Embedded Device • Trusted environment features • Secured shells Windows Embedded CE Secured Devices • Open platforms • Semi-open platforms • Closed platforms
Windows CE Trusted Environment Modules execute either in user or kernel mode • Critical APIs available only for kernel mode modules • All applications (.exe) executed in user mode • Only libraries (.dll) can execute in kernel mode Certification function implemented in a dedicated module of the kernel • Allow restricting execution to certified application • CertMod.dll in public\common\oak\drivers\security\certmod
Windows Embedded CE Secured Shells Handles user interaction with the system • Command shell • Graphical shell vs. • Local shell • Remote shell • Mono applications • Multi applications Components of a typical graphical multi applications shell • Desktop window • Taskbar • Task manager
Windows Embedded CE Secured Shell • Standard Windows shell Final applicationshell Secured applicationshell Full open platform Closed platform Closed or semi-opened platform Multi applications Mono applications Multiple applications support
Windows Embedded CE Secured Shell Open platform device • Typical application – PDA like device • Characteristics • Standard shell allowing max user interaction • No trusted environment for max flexi • Benefits • Lots of flexibility for end user/third party • Security risks • Malware when connected to external world • 3rd party malware apps installed locally • End user wrong usage
Windows Embedded CE Secured Shell Closed platform device • Typical application – dedicated device • Characteristics • Direct application shell; mono application • Fully trusted environment • Benefits • Completely secured • Security risks • None, if well designed
Windows Embedded CE Secured Shell Semi-opened platform device • Typical application – dedicated device with 3rd party expansion • Characteristics • Direct application shell • Trusted environment • Benefits • Completely secured with some flexibility • Security risks • None, if well designed
Security Markets Overview Different types of markets • Critical life markets • Medical • Avionics • Critical economic markets • Banking • Payment Key characteristics: Norm driven • FDA • DO178B • PCIPED
Security Markets OverviewTypical requirements Performance – real time / deterministic Completely secured against external access • Software piracy • Hardware piracy 100% test coverage Need for specific certified software and hardware Secured communication – authentication/cryptography
Security Markets OverviewEmerging Needs • More connectivity • Wired and wireless • More multimedia • Audio, video etc… • More openness • New markets access through third party add-ons • Incompatibility with specific certified software • Huge work to develop from ground-up • Requires complete re-certification of the system
Designing Secured DevicesSystem architecture Identify critical and non-critical functions Hardware and software isolation between critical and non-critical parts Secure the interfaces
Designing Secured DevicesIdentification • Which hardware and which peripherals • Medical – all peripherals handling vital functions • Payment terminal – peripherals related to pin entry & identification • Which CPU • Dedicated certified ASIC for critical features • Dedicated MCUs with specific security features • Which software • Proprietary or dedicated certified OS • Proprietary or dedicated certified application • Identify critical software functions
Designing Secured DevicesIsolation Be certain critical part of the design cannot be corrupted by non-critical part • Hardware based isolation • Dedicated secured ASIC for critical part • Software based isolation • SW Hypervisor/ Virtual Machine manager • Hardware design to ensure hardware security • ASIC/CPU with secured storage area for encryption keys • Violation detections (mechanical access, tamper detections…)
Secured Device System ArchitectureSecuring the interfaces Control all communication between critical and non-critical parts • Full independence between critical and non-critical peripherals • Only one interface, certified as part of critical part • Dedicated ASIC when using h/w isolation • Role of Hypervisor when using s/w isolation • Startup and update of non-secured part is controlled by secured part
Case Study: Payment Terminal Electronic Fund Terminal • Compliant with PCIPED certification • Allowing PIN based bank transactions Advanced features • Playing advertisement videos • Wireless communication support (Bluetooth, Wi-Fi…)
Case Study: Payment TerminalBlock diagram Battery Display Ethernet SDIO Printer CPU Audio ASICProp.OS ARMCE 6.0 FPGA SAM Wi-Fi Modem Camera Touchscreen Serial USBHost Keypad Bluetooth USBDev GPRS
Case Study: Payment TerminalSecuring the interfaces Only one communication interface, handled by FPGA • FPGA is critical part of the design • Communication using mailbox mechanism • Interfaces available • Access to secure peripherals from Windows CE • Access to non-secure peripherals from certified OS • Windows CE firmware update • FPGA driver on Windows CE side, with trust environment enabled • JTAG controlled by certified OS through FPGA • Windows CE firmware update handled by certified side
Case Study: Payment TerminalSystem architecture OrderingAppli .NET CF 3.5 WindowsEmbedded CE VM HID Secured VM SecuredPayment VM vLCDdriver Windows Embedded CE TSdriver LCDdriver vTSdriver WEB server Stock Mgt Appli Hypervisor ARM Based Platform w/Security capabilities Ethernet / Wi-Fi LCD Touchscreen
Summary Windows Embedded CE provides all the mechanism needed to build secure devices. These mechanisms are also a key part of the design of devices for security markets, where strong certification requirements apply. Strong system architecture using hardware or software isolation is required.
Resources Windows Embedded: http://www.microsoft.com/windowsembedded/en-us/default.mspx Books for reference:http://msdn.microsoft.com/en-us/embedded/cc294468.aspx Email: rkakde@adeneocorp.com
Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. Windows Embedded Resources Website: www.windowsembedded.com Social Channels: blogs.msdn.com/mikehall blogs.msdn.com/obloch Technical Resources: http://msdn.microsoft.com/embedded Tools evaluations: www.windowsembedded.com/downloads
Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Resources • www.microsoft.com/teched Sessions On-Demand & Community • www.microsoft.com/learning • Microsoft Certification & Training Resources • http://microsoft.com/technet • Resources for IT Professionals • http://microsoft.com/msdn Resources for Developers
Required Slide Complete an evaluation on CommNet and enter to win!
Required Slide © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.