Rajesh Kakde Senior Windows Embedded Consultant Adeneo Corporation Session Code: WEM302

Agenda Adeneo at a glance Securing a Windows Embedded CE device Security markets: overview and trends System architecture for secured devices using Windows Embedded CE

Gold partner with MSFT on firmware and application development Adeneo at a Glance Involved in CE development since 1998 Strong partnership with SVs and board manufacturers Edition of BSP with maintenance & support to secure reliability Training and consultation services BSP, drivers, application development & turnkey services 2007 Excellence Awards Systems Integrator ISV/Software Solutions Mobility Solutions

Securing a Windows Embedded Device Trusted environment features Secured shells Windows Embedded CE Secured Devices Open platforms Semi-open platforms Closed platforms

Windows CE Trusted Environment Modules execute either in user or kernel mode Critical APIs available only for kernel mode modules All applications (.exe) executed in user mode Only libraries (.dll) can execute in kernel mode Certification function implemented in a dedicated module of the kernel Allow restricting execution to certified application CertMod.dll in public\common\oak\drivers\security\certmod

Windows Embedded CE Secured Shells Handles user interaction with the system Command shellGraphical shell Local shell Mono applicationsMulti applications Remote shell vs. Components of a typical graphical multi applications shell Desktop windowTaskbarTask manager

Windows Embedded CE Secured Shell Standard Windows shell Final application shell Secured application shell Full open platform Multi applications Closed platform Mono applications Closed or semi-opened platform Multiple applications support

Open platform device Windows Embedded CE Secured Shell Typical application – PDA like device Characteristics Standard shell allowing max user interaction No trusted environment for max flexi Benefits Lots of flexibility for end user/third party Security risks Malware when connected to external world 3rd party malware apps installed locally End user wrong usage

Windows Embedded CE Secured Shell Closed platform device Typical application – dedicated device Characteristics Direct application shell; mono application Fully trusted environment Benefits Completely secured Security risks None, if well designed

Windows Embedded CE Secured Shell Semi-opened platform device Typical application – dedicated device with 3 rd party expansion Characteristics Direct application shell Trusted environment Benefits Completely secured with some flexibility Security risks None, if well designed

Security Markets Overview Different types of markets Key characteristics: Norm driven FDADO178BPCIPED

Security Markets Overview Typical requirements Performance – real time / deterministic Completely secured against external access Software piracy Hardware piracy 100% test coverage Need for specific certified software and hardware Secured communication – authentication/cryptography

Security Markets Overview Emerging Needs More connectivity Wired and wireless More multimedia Audio, video etc… More openness New markets access through third party add-ons Incompatibility with specific certified software Huge work to develop from ground-up Requires complete re-certification of the system

Designing Secured Devices System architecture Identify critical and non-critical functions Hardware and software isolation between critical and non-critical parts Secure the interfaces

Designing Secured Devices Identification Which hardware and which peripherals Medical – all peripherals handling vital functions Payment terminal – peripherals related to pin entry & identification Which CPU Dedicated certified ASIC for critical features Dedicated MCUs with specific security features Which software Proprietary or dedicated certified OS Proprietary or dedicated certified application Identify critical software functions

Designing Secured Devices Isolation Be certain critical part of the design cannot be corrupted by non-critical part Hardware based isolation Dedicated secured ASIC for critical part Hardware design to ensure hardware security ASIC/CPU with secured storage area for encryption keys Violation detections (mechanical access, tamper detections…) Software based isolation SW Hypervisor/ Virtual Machine manager

Secured Device System Architecture Securing the interfaces Control all communication between critical and non-critical parts Full independence between critical and non-critical peripherals Only one interface, certified as part of critical part Dedicated ASIC when using h/w isolation Role of Hypervisor when using s/w isolation Startup and update of non-secured part is controlled by secured part

Case Study: Payment Terminal Compliant with PCIPED certification Allowing PIN based bank transactions Playing advertisement videos Wireless communication support (Bluetooth, Wi-Fi…)

CPU Keypad Battery Printer SAM Modem Display Touchscree n USBDev USBHost Bluetooth Wi-Fi EthernetSDIO Camera Serial Audio GPRS ASIC Prop.O S ARM CE 6.0 FPGA Case Study: Payment Terminal Block diagram

Case Study: Payment Terminal Securing the interfaces Only one communication interface, handled by FPGA FPGA is critical part of the design Communication using mailbox mechanism Interfaces available Access to secure peripherals from Windows CE Access to non-secure peripherals from certified OS Windows CE firmware update FPGA driver on Windows CE side, with trust environment enabled JTAG controlled by certified OS through FPGA Windows CE firmware update handled by certified side

WEB server Stock Mgt Appli Windows Embedde d CE ARM Based Platform w/Security capabilities LCD Touchscreen Ethernet / Wi-Fi Secured Payment VM HID Secured VM TS driver LCD driver Windows Embedded CE VM vTS driver vLCD driver Hypervisor Ordering Appli.NET CF 3.5 Case Study: Payment Terminal System architecture

Summary Windows Embedded CE provides all the mechanism needed to build secure devices. These mechanisms are also a key part of the design of devices for security markets, where strong certification requirements apply. Strong system architecture using hardware or software isolation is required.

Resources Windows Embedded: Books for reference:

Windows Embedded Resources Website: Social Channels: Social Channels: blogs.msdn.com/mikehallblogs.msdn.com/obloch Technical Resources: Tools evaluations: Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub.

Sessions On-Demand & Community Resources for IT Professionals Resources for Developers Microsoft Certification & Training Resources Resources Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online.

Complete an evaluation on CommNet and enter to win! Required Slide

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Required Slide