Post on 24-Dec-2015
Developing Devices with Windows Embedded CE 6.0 for Critical Security Markets
Rajesh KakdeSenior Windows Embedded ConsultantAdeneo CorporationSession Code: WEM302
Agenda
Adeneo at a glanceSecuring a Windows Embedded CE deviceSecurity markets: overview and trendsSystem architecture for secured devices using Windows Embedded CE
Gold partner with MSFT on firmware and application development
Adeneo at a Glance
Involved in CE development since 1998
Strong partnership with SVs and board manufacturers
Edition of BSP with maintenance & support to secure reliability
Training and consultation services
BSP, drivers, application development & turnkey services
2007 Excellence Awards
Systems Integrator
ISV/Software Solutions
Mobility Solutions
Securing a Windows Embedded Device
Trusted environment features
Secured shells
Windows Embedded CE Secured Devices
Open platforms
Semi-open platforms
Closed platforms
Windows CE Trusted Environment
Modules execute either in user or kernel mode
Critical APIs available only for kernel mode modules
All applications (.exe) executed in user mode
Only libraries (.dll) can execute in kernel mode
Certification function implemented in a dedicated module of the kernel
Allow restricting execution to certified application
CertMod.dll in public\common\oak\drivers\security\certmod
Windows Embedded CE Secured Shells
Handles user interaction with the system
Command shell Graphical shell
Local shell
Mono applications Multi applications
Remote shellvs.
Components of a typical graphical multi applications shell
Desktop window Taskbar Task manager
Windows Embedded CE Secured Shell
Standard Windows
shell
Final application
shell
Secured application
shell
Full open platform
Multi applications
Closed platform
Mono applications
Closed or semi-opened platform
Multiple applications support
Open platform device
Windows Embedded CE Secured Shell
Typical application – PDA like device
CharacteristicsStandard shell allowing max user interactionNo trusted environment for max flexi
BenefitsLots of flexibility for end user/third party
Security risksMalware when connected to external world3rd party malware apps installed locallyEnd user wrong usage
Windows Embedded CE Secured Shell
Closed platform device
Typical application – dedicated device
CharacteristicsDirect application shell; mono applicationFully trusted environment
BenefitsCompletely secured
Security risksNone, if well designed
Windows Embedded CE Secured Shell
Semi-opened platform deviceTypical application – dedicated device with 3rd party expansion
Characteristics Direct application shell Trusted environment
BenefitsCompletely secured with some flexibility
Security risksNone, if well designed
Security Markets Overview Different types of markets
Critical life marketsMedicalAvionics
Critical economic marketsBankingPayment
Key characteristics: Norm driven
FDA DO178B PCIPED
Security Markets OverviewTypical requirementsPerformance – real time / deterministic
Completely secured against external access
Software piracy
Hardware piracy
100% test coverage
Need for specific certified software and hardware
Secured communication – authentication/cryptography
Security Markets OverviewEmerging Needs
More connectivityWired and wireless
More multimediaAudio, video etc…
More opennessNew markets access through third party add-ons
Incompatibility with specific certified softwareHuge work to develop from ground-upRequires complete re-certification of the system
Designing Secured DevicesSystem architecture
Identify critical and non-critical
functions
Hardware and software isolation between critical and non-critical
parts
Secure the interfaces
Designing Secured DevicesIdentification
Which hardware and which peripheralsMedical – all peripherals handling vital functionsPayment terminal – peripherals related to pin entry & identification
Which CPUDedicated certified ASIC for critical featuresDedicated MCUs with specific security features
Which softwareProprietary or dedicated certified OSProprietary or dedicated certified applicationIdentify critical software functions
Designing Secured DevicesIsolation
Be certain critical part of the design cannot be corrupted by non-critical part
Hardware based isolationDedicated secured ASIC for critical part
Hardware design to ensure hardware securityASIC/CPU with secured storage area for encryption keysViolation detections (mechanical access, tamper detections…)
Software based isolationSW Hypervisor/ Virtual Machine manager
Secured Device System ArchitectureSecuring the interfaces
Control all communication between critical and non-critical parts
Full independence between critical and non-critical peripherals
Only one interface, certified as part of critical part
Dedicated ASIC when using h/w isolationRole of Hypervisor when using s/w isolation
Startup and update of non-secured part is controlled by secured part
Case Study: Payment Terminal
Electronic Fund Terminal
Compliant with PCIPED certification
Advanced features
Allowing PIN based bank transactions
Playing advertisement videos
Wireless communication support (Bluetooth, Wi-Fi…)
CPU
Keypad
Battery
Printer
SAM
Modem
Display
Touchscreen
USBDev
USBHost
Bluetooth
Wi-Fi
Ethernet SDIO
Camera
Serial
Audio
GPRS
ASICProp.O
S
ARMCE 6.0FPGA
Case Study: Payment TerminalBlock diagram
Case Study: Payment TerminalSecuring the interfacesOnly one communication interface, handled by FPGA
FPGA is critical part of the design
Communication using mailbox mechanism
Interfaces availableAccess to secure peripherals from Windows CEAccess to non-secure peripherals from certified OSWindows CE firmware update
FPGA driver on Windows CE side, with trust environment enabled
JTAG controlled by certified OS through FPGA
Windows CE firmware update handled by certified side
WEB serverStock Mgt
Appli
Windows Embedded CE
ARM Based Platform w/Security capabilities
LCDTouchscree
n
Ethernet / Wi-Fi
Secured
Payment
VM
HID Secured
VMTSdrive
r
LCDdrive
r
WindowsEmbedded CEVM
vTS
dri
ve
r
vLC
Ddri
ve
r
Hypervisor
Ordering
Appli.NET CF
3.5
Case Study: Payment TerminalSystem architecture
Summary
Windows Embedded CE provides all the mechanism needed to build secure devices.
These mechanisms are also a key part of the design of devices for security markets, where strong certification requirements apply.
Strong system architecture using hardware or software isolation is required.
question & answer
ResourcesWindows Embedded: http://www.microsoft.com/windowsembedded/en-us/default.mspx
Books for reference:http://msdn.microsoft.com/en-us/embedded/cc294468.aspx
Email: rkakde@adeneocorp.com
Windows Embedded Resources
Website: www.windowsembedded.com
Social Channels: blogs.msdn.com/mikehallblogs.msdn.com/obloch
Technical Resources: http://msdn.microsoft.com/embedded
Tools evaluations: www.windowsembedded.com/downloads
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
Complete an evaluation on CommNet and enter to win!
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.