How to Secure an Embedded Computing System When Connecting Remotely

Press Office, VersaLogic Corporation, 01/27/21

The Best SBC for Secure Embedded Systems – Part 3

In our first two blogs on the subject of secure embedded computing, we covered processor-based security measures and Trusted Partner Module (TPM). In this, our third and final blog in the current series on security, we’ll cover the security aspects of remote access. Before getting to those security measures, we’ll start with the topic of remote access.

Examples of Remote Access Applications

There are many situations where it is necessary to access an embedded system remotely. These can range from:

  • Connecting with a vending machine, to see if it needs more supplies, to
  • Control of, and data retrieval from, military UAVs during the course of a mission

In all cases, it is important that the ability to remotely access the system is restricted to authorized users.

Embedded systems present unique challenges compared to those faced by regular desktop or server systems. In many cases the embedded system is operated in remote locations and/or has to operate 24/7. This means that, in addition to control and data retrieval, it is also necessary to perform many aspects of system maintenance remotely.

embedded computer application example unmanned aerial vehicle in the sky
Many applications are beyond the reach of direct local control!

Remote Access Security Measures

We’ll consider two remote access measures and their security features: Intel vPRO® and Intelligent Platform Management Interface (IPMI).

Intel vPRO provides features associated with out of band (OOB) management and security. The hardware-based security features provide protection against attacks below the OS as well as threat detection capability.

Intel Active Management Technology is also part of the Intel vPRO platform. Its capabilities include:

  • Keyboard-video-mouse (KVM) remote control over IP
  • Hardware-based OOB management (no need for the OS to be booted)

Intel Active Management Technology enables remote access to recover an infected system or push critical security updates.

Some of the Intel vPRO features require activation. More details on the Intel vPRO platform here.

VersaLogic Lion featuring Kaby Lake processor
The“Lion’s “Kaby Lake” processor” features Intel vPRO

For edge servers, such as VersaLogic’s Grizzly, it is also important to consider Intelligent Platform Management Interface (IPMI). Originally conceived on 1998 by a group of companies including Intel, Dell, Hewlett Packard, and NEC, the specification is now at version 2.0.

IPMI provides the following capabilities for servers:

  • Server health monitoring
  • Making BIOS changes
  • Recovery and restart
  • State logging
  • Server inventory listing

OOB capabilities mean that IPMI functions can be accessed remotely without the OS being booted. Security is enhanced by the use of Remote Management Control Protocol, RMCP+, which includes encryption capabilities.

Grizzly embedded server
VersaLogic’s Grizzly edge server supports IPMI 2.0

This concludes our three-blog series on embedded security. Subscribe to VersaLogic’s newsletter to be notified about new blogs related to embedded computing.

Need additional Information?

Want to know more about VersaLogic’s range of secure embedded products? Let’s start a conversation.