eNews Letter Q2 2014 Advantech Applied Computing Technology Communications - Security Column - Gaming Column Issue: June 2014 By Applied Computing Group Advantech www.advantech.com.tw/dms
Mar 16, 2016
eNews Letter Q2 2014
Advantech Applied Computing
Technology Communications
- Security Column
- Gaming Column
Issue: June 2014
By Applied Computing
Group
Advantech www.advantech.com.tw/dms
About the eNews Letter
We at Advantech Applied Computing Group (ACG, formerly AC-
DMS), are glad to share with you, our premier customers, our
latest technology focus and industry highlights.
Advantech has been delivering ePlatform and eAutomation
products for over 30 years. To best serve its outsourcing
customers, ACG was built to focus on customer-oriented
services & cost-effective solutions, with domain market know-
how, innovative technology, and solid expertise.
Embracing the company value of “Altruism”, ACG sees itself as a
long-term partner to help our customers continue to build
lasting prosperity. Not only do we offer collaborative design,
flexible manufacturing and global services, but we also strive to
go beyond customer expectations. The eNews is part of our
commitment toward Enabling customers’ success.
Technology Highlights 4 Secure Boot Introduction 8 Secure Boot Implementation
Vertical Market Focus – Gaming 10 Gaming Market Snapshot 11 Gaming Jurisdiction: GLI-11 12 Security Solutions for Gaming Applications
ACG Gaming DMS Core Competency 16 Mechatronics Capability 19 Focused Gaming Features 20 One-stop Shopping Services & Longevity Support
22 Contacts at Advantech Applied Computing Group
Table of Contents
Secure Boot is a security standard designed by members in the PC industry to make sure that a PC boots using only firmware that is trusted by the PC manufacturer.
Secure Boot is a firmware validation process defined in UEFI; it requires a PC that meets the UEFI Specifications Ver. 2.3.1, Errata C or higher.
The next generation firmware interface (vs. Legacy BIOS) managed through the UEFI forum, a collection of chipset, hardware, system, firmware, and operating system vendors. Since UEFI 2.2 specification, the Secure Boot
protocol has been added.
Technology Highlights
UEFI: Unified Extensible Firmware Interface
When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system.
If the signatures are valid, the PC boots, and the firmware gives control to the operating system.
In this way, Secure Boot protects the PC from low-level exploits and rootkits and bootloaders, making the attempt to compromise the start up sequence much harder for attackers.
Secure Boot : Gatekeeper Before the Operating System
Without Secure Boot
vs. UEFI Secure Boot Flow
Native UEFI Verified OS
Loader (e.g. Win 8)
OS Start
BIOS Any OS Loader (Malware/Fake
included) OS Start
Secure Boot : Gatekeeper Before the Operating System Technology Highlights I 05
Secure Boot is a security standard designed by members in the PC industry to make sure that a PC boots using only firmware that is trusted by the PC manufacturer.
Secure Boot is a firmware validation process defined in UEFI; it requires a PC that meets the UEFI Specifications Ver. 2.3.1, Errata C or higher.
When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system.
If the signatures are valid, the PC boots, and the firmware gives control to the operating system.
In this way, Secure Boot protects the PC from low-level exploits and rootkits and bootloaders, making the attempt to compromise the start up sequence much harder for attackers.
The Security Keys and How They Work
Platform
Key
Key Exchange
Key
Signature
Database
Forbidden
Database
Protection
Protection
A series of keys and databases are used to manage and protect the signatures needed to verify code before it is executed. As shown in the figure, from top, each key is used to protect the next key from uncontrolled modification.
UEFI spec focuses on the mechanisms for signing code images and managing keys and signatures. The way it is managed, enabled or disabled is a decision of the platform manufacturer and the system owner.
Platform Key (PK)
One PK in each system
Typically set by the platform manufacturer when a system is built in the factory
May be replaceable by an end user or enterprise IT services
Database (db)
Two lists of signatures are maintained: signatures of code that is authorized to run on the platform and signatures of code that is forbidden
Key Exchange Key (KEK)
There can be multiple KEKs provided by the operating system and other trusted third party application vendors
No changes can be made to the signature database without the private portion of this key.
Technology Highlights I 07
Secure Boot Implementation
TPM
Solution SDK to protect software from copying or cloning, to validate downloadable contents and authenticate users and clients.
iButton
Simple one-wire or two-wire device connected by GPIO to authenticate computer system, available for a number of different functions and supplied drivers and SDK.
How These Features Function in Secure Boot
Option
ROM
Designate a piece of binary code intended to be run under the control of the BIOS in order to provide services to the BIOS to help the system boot from add-in hardware devices.
Technology Highlights I 09
Gaming
Military
Finance
Public
Safety
Retail
Network/
Telecom
Any time a PC needs protection to resist attacks and malware infection during the booting process, Secure Boot can serve as gatekeeper.
The Worldwide Casino Business is Booming
Vertical Market Focus
From:
Segasammy 2013 Annual Report
Bloomberg news 2013-0909
Bloomberg news 2013-1205
Casino Market Size is expected to be USD182.8B in 2015. Main growing market is Asia-Pacific region.
“Sands to MGM Scout Casino Sites in Japan as Tokyo Gets Games.”
“Japan’s LDP Lawmakers Submit Parliament Bill to Legalize Casinos.”
To name some important sections in GLI-11 Control Program Verification (Section 2.17)
This regulation requires that any programs running on gaming machines are verified before execution especially if the program could affect the game outcomes
Physical Access Control (Section 2.10/2.11/2.12/2.16) Access to the interior of the gaming machine has to be controlled, monitored, event/error logged, including devices such as CPU electronic boards, gaming storage devices and money handling devices
The Worldwide Casino Business is Booming, and GLI-11 Plays a Critical Role in it
Casino Market Size is expected to be USD182.8B in 2015. Main growing market is Asia-Pacific region.
“Sands to MGM Scout Casino Sites in Japan as Tokyo Gets Games.”
“Japan’s LDP Lawmakers Submit Parliament Bill to Legalize Casinos.”
Vertical Market Focus I 11
To name some important sections in GLI-11 Control Program Verification (Section 2.17)
This regulation requires that any programs running on gaming machines are verified before execution especially if the program could affect the game outcomes
Physical Access Control (Section 2.10/2.11/2.12/2.16) Access to the interior of the gaming machine has to be controlled, monitored, event/error logged, including devices such as CPU electronic boards, gaming storage devices and money handling devices
• GLI-11 is a regulation released by Gaming Laboratories International.
• The main purpose is to create a standard that ensures gaming devices in casinos are fair, secure, and able to be audited and operated correctly.
Advantech Offers the Most Up-to-date SW Package
Board Support Security Firmware/BIOS Utility/Development
Drivers & Utilities
DirectPCI SDK & Run-Time
Embedded OS Support
Custom Embedded Linux
Secure Boot
TPM Suite
Custom Logo & Settings
TCG CRTM BIOS (TPM)
Custom BIOS Code
DirectPCI API
Custom Utility/ Development Kits
The Emphasis on Security:
Secure Boot
Vertical Market Focus I 13
The Emphasis on Security:
TPM Suite
Board Support Security Firmware/BIOS Utility/Development
Drivers & Utilities
DirectPCI SDK & Run-Time
Embedded OS Support
Custom Embedded Linux
Secure Boot
TPM Suite
Custom Logo & Settings
TCG CRTM BIOS (TPM)
Custom BIOS Code
DirectPCI API
Custom Utility/ Development Kits
Advantech Offers the Most Up-to-date SW Package
Advantech Hardware Security Features
Monitoring
Firmware
Security ID
Proprietary format, highly integrated SBC
Intrusion Detection Logging Processor(IDLP)
Non-volatile RAM (battery back-up SRAM)
Power Fail Detect
System Health Monitoring
Meter Cut Detect
Security (“Jurisdiction”) ROM sockets
Write Protect BIOS, custom BIOS
IDROM, EEPROM
iButton®
Trusted Platform Module
Digital Inputs/Outputs
Vertical Market Focus I 15
Proprietary format, highly integrated SBC
Intrusion Detection Logging Processor(IDLP)
Non-volatile RAM (battery back-up SRAM)
Power Fail Detect
System Health Monitoring
Meter Cut Detect
Security (“Jurisdiction”) ROM sockets
Write Protect BIOS, custom BIOS
IDROM, EEPROM
iButton®
Trusted Platform Module
Digital Inputs/Outputs
The Emphasis on Security:
IDLP and Digital I/O
Gaming DMS Core Competency I 17
Gaming DMS Core Competency
Gaming DMS Core Competency I 19
Gaming DMS Core Competency
Gaming DMS Core Competency I 21
Contacts at Advantech Applied Computing Group
Jason.Lu
@advantech.com.tw
• Embedded Computing KA Services
• Mobile POS • Vehicle &
Transportation Applications
Jimmy.Hsu @advantech.com.tw
• Gaming KA Services • Gaming Portable &
Server Applications • Arcade, AWP, Casino,
Pachislot & Recreation Applications
Gaming
Pablo.Lin
@advantech.com.tw
• Medical KA Services • Medical Tablet &
Portable • Ultrasound, Patient
Monitor • Medical Server
Applications • Fitness Console
Hawaii.Tseng @advantech.com.tw
• China DMS KA Services • Point of Sales Solutions • Self Services
Applications
Medical
Retail/ China
Alexyc.Chen @advantech.com.tw
• Portable & Tablet KA
Services • Rugged, Warehousing &
Field Services • Mobile Resources
Management (In-Vehicle)
Mobile Embedded Systems
ACG BU Head [email protected]
Jason.Kuo
@advantech.com.tw
+886 2 2792 7818 ext.8002
Business Development
Selena.Wang
@advantech.com.tw
+886 2 2792 7818 ext.8013
Business Development