Dedicated solutions needed for thorough info security o…

While embedded systems were mainly applied in enclosed and independent operating environments in early years, the interoperability of devices achieved through wireless and wired connections, ensuing from the advent of the IoT (Internet of Things) era, has triggered a new wave of IoT-related information security problems that are hard to tackle with old anti-virus software packages. Now, only by adopting dedicated solutions for embedded systems can enterprises improve information security.

Lin Chi-wen, a senior manager at Advantech’s embedded computing division, noted that in the Big Data era, all the aspects such as equipment activation, data access, data transmission, should be subject to tight security protection. Lin added that any loophole in any aspect is very likely to cause leakage of sensitive information.

Digital Signature Verification Before System Activation

Wang Bo-chi, another senior manager at Lin’s division, explained how protection starts with BIOS. He said the BIOS should first undergo a Security Boot mechanism, which requires all the equipment hardware and software programs to pass an encrypted digital signature verification procedure before an equipment system is activated. And only licensed hardware devices and software programs are allowed to operate on the equipment system, thus preventing embedded devices from being “case open” for hardware replacements that could carry harmful software and firmware, or for undesirable BIOS updates, according to Wang.

Electronic gaming machines (EGM) are an example of such applications. The gaming industry gives top priority to fairness and trustworthiness, using computing programs to achieve consistent gaming results that can match natural probability and norms. If the machine is open to unauthorized hardware, the computing of the games is likely to be affected, Wang continued.

Normally, screws or mechanical structures of EGMs are rarely visible from the outside of the machines, so that they won’t be illegally cracked open. To prevent perpetrators from forcibly opening the machines and tampering with the Security Boot, Adventech has developed machines that are available with two Boot Guard modes allowing the system activation mechanism to verify BIOS, hardware, software and programming codes to see if they are legally licensed. In case any irregularity is found, the activation system will immediately stop functioning and the irregularity may also be recorded on a Trusted Platform Module (TPM) and processed by the operating system.

The same Boot Guard technology can be applied to military electronic devices for security use. Such devices usually store many military secrets, and enemies can easily crack the secrets from captives carrying the devices. With the technology, the storage devices can be locked with encryption, and the stored confidential data can also be instantly ruined in emergency.

Whitelist Antivirus Software Bars Illegal Access

After a system is safely activated, information security loopholes would surface from various forms of resources and data access control mechanisms. To counter, Adventech’s embedded systems are installed with McAfee’s whitelist antivirus software and Acronis True Image, a backup and recovery software, so as to block viruses and recover data after being attacked, according to Chiang Hua-chi, a marketing manager at the firm’s embedded computing division.

Usually, traditional antivirus technologies focus on the blacklist mode, mainly designed to counter blacklisted viruses already identified with potential security threats. But real security threats come from newly-borne viruses that have yet to be recorded. In this regard, the whitelist mode can be applied to rule out zero-day attack by unidentified viruses. This means that obtaining licensed software programs for system execution can help to bar the invasion of malware.

As no one in charge of networking operations can afford big losses resulting from virus attacks, Advantech’s embedded computer systems are fitted with WISE-PaaS/RMM and integrated with Acronis software packages to provide end-users with an additional data security mechanism. Users can set the automatic backup time in accordance with their needs or system resources, with all the hard disk data, including operating system, application software, files, production parameters and system recording files, able to be fully covered in the backup copy. Once the systems are attacked by viruses, the backup copy can help to restore the original setups.

Now at production plants, machines are mostly connected to internal networks but the USB drives used by employees may bring viruses to erode the system security of the plants. Whitelist antivirus software can be applied to allow access by only licensed programs and hardware and deny access for unlicensed ones.

ATM Solutions: Blocking Digital Heisters

An ATM heist case broke out in Taiwan in July 2016, though the machinese adopted enclosed network architecture and conducted encrypted data transmission. To facilitate management of ATMs spreading around the island, banks usually conduct remote maintenance and updates on the machines directly through computer networks, generating another latent information security loophole.

Chiang suggested that ATMs adopt both whitelist and blacklist antivirus technologies to complement each other’s limitations, building a powerful firewall against identified viruses with the blacklist mode and barring unidentified ones with the whitelist mode.

In line with the high variability of banking business operations, the McAfee Change Control software should be incorporated into total information security solutions to set up policy norms governing updates of authorized lists, prevent whitelists from being falsified, and monitor the consistency of system compliance of files. Meanwhile, the ePolicy Orchestrator (ePO) software for remote control and central management should be employed to enable system managers to manage ATMs, update programs and conduct setups through computer networks at the central management or monitoring centers.

Categories: IT + CE Server, IPC, cloud computing

Tags: embedded

Related stories
• Advantech cooperates with Korea Telecom in industrial IoT (Jun 20)
• China market: Advantech offers SPMS for cloud-computing management of distributed PV systems (May 23)
• Beijing BOE Energy Technology adopts Advantech-developed SPMS (May 22)
• Smart PV management systems help maximize power-generating efficiency (May 19)
• China market: Advantech offers online pollution monitoring solutions (May 16)
• Advantech to invest in Vietnam for Industry 4.0 business opportunity (May 11)
• Advantech offers iFactory SRP to boost industrial IoT application (May 3)
• Advantech pushing ELAA for IoT solutions (Apr 14)
• Advantech identifies key growth drivers for company (Apr 6)
• Advantech and partners form Embedded Linux & Android Alliance (Mar 17)
• Advantech offers WISE-PaaS Marketplace (Mar 16)