Global provider of Embedded Computing Technology (ECT) Kontron earlier this year at Embedded world, presented for the first time its trend-setting Kontron Secure Systems concept. This concept makes Kontron one of the first embedded computing providers to offer a holistic approach to protecting embedded systems on three device levels relevant to security: BIOS (Secure BIOS), operating system (Secure OS), and application (Secure Application).
Kontron uses proven standards by Unified EFI Forum and Trusted Computer Group (TCG) for protection of the BIOS level. Kontron Secure/Trusted Boot offers a unified feature set on all platforms with secure firmware updates and a protected boot mechanism through TPM 2.0 hardware.
The new solution is available for all Kontron products with 7th generation Intel Core(TM) and Intel Xeon processors (formerly known as Kaby Lake) as well as latest generation Intel Atom, Celeron and Pentium processors (formerly known as Apollo Lake).
Kontron Secure/Trusted Boot ensures that only programmes that have been signed and verified are run during boot. Unauthorised and therefore potentially harmful code that may be used to manipulate the device does not stand a chance. Unwanted changes to the BIOS or the OS loader are no longer possible. Kontron Secure/Trusted Boot does not only protect the BIOS level but paves the way for and guarantees the execution of a secure OS.
Kontron's Secure OS is Windows 10 IoT; further secure OS alternatives are planned for the future. The specific version is Windows 10 IoT Long Term Servicing Branch (LTSB), a Windows 10 version developed specifically for IoT environments. It offers comprehensive security mechanisms for the system itself and for safeguarding corporate data. Security functions such as Secure Boot, BitLocker, Device Guard, and Credential Guard make sure that the system is always protected, from boot to shutdown.
On an application level, the Kontron Secure Systems concept relies on the proven Security Solution Kontron APPROTECT. Introduced in 2016, it combines a software framework with an integrated security chip in addition to the TPM 2.0 to provide comprehensive protection for the application software.
Kontron APPROTECT encrypts an application's source code in a way that makes reverse engineering impossible (IP Protection/Reverse Engineering Protection). The integrated security chip constantly checks the application encryption to make sure it is only run on the intended devices (Copy Protection).
At the same time, its integrity is monitored and protected to prevent the execution of manipulated applications. In addition to its safety features, Kontron APPROTECT Licensing enables users to realise new business models. It is for example, possible to limit individual application features to a specific time span or number of executions. Trial scenarios, license or subscription models benefit from this approach.
"Security is becoming more and more important across industries. Solution providers are facing tough challenges, especially in the embedded market: They have to make sure that security always remains intact despite long product life cycles," explained Kontron Software Product Manager Stefan Eberhardt. "The Kontron Secure Systems concept is a comprehensive security system from a single source that exactly meets these requirements and can be tailored exactly to our customers' individual needs".