Image

Security Emerges At The International CES

Dec. 20, 2013
Get ready for the annual International CES in Las Vegas. Connectivity is the name of the game but will all those devices be secure?

Get ready for the annual International CES in Las Vegas. The glitz and glitter will surround the latest 4K Ultra HD HDTVs, smart phones, tablets, cars, and intelligent household appliances. Connectivity is the name of the game with all of these products.

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.

Thanks to the Internet of Things (IoT), connectivity will enable devices to access other devices. Smart TVs can stream content from the Internet and, if they have a built-in camera like Samsung’s UN55F9000 3K Ultra HD, host video conferences (Fig. 1). Of course, connectivity also enables companies to sell more services. Companies can watch how consumers use these electronics too, whether the consumers know it or not.

Figure 1. Samsung’s 120-Hz, 55-in., UN55F9000 4K Ultra HD display has a built-in camera. It supports gesture controls and streaming media.



Unfortunately, this type of connectivity exposes devices to third parties. Security is now on the minds of most developers. Many standards such as ZigBee incorporate encryption and authentication. These devices will be more difficult to compromise, but not impossible. If the device can load an app or receive a remote update, then it is susceptible to attack.

Related Articles

Securing Mobile Devices

A secured device is a good thing, and it security is easier if the functionality is locked down. Unfortunately for developers, many devices like smart phones, tablets, and HDTVs are user-programmable, as apps can be installed at the user’s discretion. I have almost a hundred apps on my smart phone and use at least a quarter of them on a regular basis.

Apps can be isolated by sandboxing them, but most implementations can be bypassed, often through bugs exploited by nefarious software. That’s one reason why enterprise devices like smart phones are often locked down so no new apps can be loaded. It isn’t just an issue of whether the device could be compromised. Rather, it may provide a vector of attack on the enterprise network through the linkage that the smart phone may have to that network, possibly through a virtual private network (VPN).

Operating systems like Android and iOS have security built into them, but not isolation on the order of what a hypervisor will provide. It is easier to verify that a separation-kernel hypervisor with hardware support can isolate two operating systems from each versus isolating apps running on the same operating system.  

A Smart Solution

Green Hills Software and ViaSat partnered to deliver military-grade security for Android smart phones and tablets (Fig. 2). ViaSat Secured is built on the Green Hills Integrity Multivisor separation-kernel hypervisor (see “Embedded Devices Gird Up Against Cyber Threats” on electronicdesign.com). It targets dual-use smart phones and tablets in the enterprise. It would turn my wife’s two smart phones into one device.
Figure 2. Green Hills Software and ViaSat are delivering military-grade security for Android smart phones and tablets. A little red lock indicates the locked apps in the secured version of Android. Tapping them runs them in the unsecured version of Android.

The enterprise manager has control of the hypervisor and one of the partitions that runs the enterprise version of Android populated with approved applications. The other partition runs Android as well. Switching is just a button-click away with the status LED color indicating which partition is active.

Green Hills also added a feature whereby an icon for an app that runs on the user’s Android partition can appear on the secured side. This status is noted via a red lock on part of the icon. Tapping the icon runs the application as expected, but it switches to the user’s partition to do so. There is not a matching mechanism for switching to apps on the secured side.

I would like a version of this where I could provide an enterprise partition that could be managed remotely. Bring-your-own-device (BYOD) will work likely work this way in the future. I will not have to worry if the enterprise wants to reconfigure or trash its partition since it will not affect mine. 

About the Author

William Wong Blog | Senior Content Director

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column. Bill is a Georgia Tech alumni with a B.S in Electrical Engineering and a master's degree in computer science for Rutgers, The State University of New Jersey.

He has written a dozen books and was the first Director of PC Labs at PC Magazine. He has worked in the computer and publication industry for almost 40 years and has been with Electronic Design since 2000. He helps run the Mercer Science and Engineering Fair in Mercer County, NJ.

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!