Nikhil Chauhan

A recent report  describes potential security vulnerabilities in devices running VxWorks. Researcher HD Moore claimed during a recent talk (slides) that a quarter million devices accessible directly from the Internet were found to be vulnerable.

VxWorks has a very strong track record of offering secure products. However, we also realize that vulnerabilities can affect VxWorks, even if very infrequently. In those cases, Wind River will act quickly to address any issues. Regarding recent vulnerabilities, Wind River responded rapidly with patches and remediation steps in conjunction with a public announcement by the CERT Coordination Center on August 2, 2010. Once CERT notified Wind River, Wind River immediately assessed the alert and was instructed by CERT to release a synchronous public response. We’re confident that our customers know that Wind River is committed to supporting its products with the highest quality and security standards.

VxWorks continues to be the most widely deployed real-time operating system in mission-critical embedded systems. I am sure you will agree that security is not just about the underlying technology and features, how the technology is configured and deployed is equally important. VxWorks is a highly configurable RTOS. Device builders can fine-tune which features to add or remove from the RTOS. This includes debug services such as WDB. To efficiently debug embedded devices, developers must have full access to the entire device. They must be able to read, write to any memory location, as well as interact with the I/O controllers. Without this powerful tool, developers would not be able to build highly reliable devices in a short period of time. However, this powerful and valuable tool can be manipulated for more malicious intents. By changing the RTOS configuration, these debug services could be removed. Wind River’s response for the debug agent vulnerability references the VxWorks Kernel Programmer's Guide regarding removal of the WDB agent for deployed systems. As explained in Wind River’s response, the hooks/agents included in the kernel are to enable connectivity for the developer and should either be removed prior to deployment in line with the security policy for the customer's product/system or appropriate firewall rules be used to restrict access to the debug service. Wind River’s response for the default hashing algorithm recommends customers use a trusted encryption API instead along with patches for various VxWorks versions. VxWorks can easily be configured to be highly secure.

Let me also take a moment to shed additional light around the various security components provided by VxWorks. Below, I will cover security monitoring and response policies, network security, operating system security and testing/certifications.

Wind River is committed to delivering secure reliable products and offerings. To combat vulnerabilities, Wind River is committed to active threat monitoring, rapid assessment, threat prioritization, expedited remediation, response and proactive customer contact in each of the detected cases.

Wind River has a Security Response team to monitor, assess and address security vulnerabilities. The team follows a proven policy for tracking, categorizing, and responding quickly to security vulnerabilities. The overall process is broken into four stages:

• Monitoring: Active monitoring of security alerts from reliable external sources, customers and any other external submitters.
• Assessment / Prioritization: Assess and prioritize vulnerabilities based on severity, difficulty and avoid’ ability of alert.
• Notification: Notify customers and submitter of the level of susceptibility within short time target.
• Remediation: Posting of remediation action based on classification of susceptibility and within short time target.

As shown in the graphic below, let’s now review the various components within VxWorks network security that deliver security to developers and device manufacturers who use the VxWorks networking stack.

• Device Drivers:  Enhanced Network Drivers (END) use their own isolated transmit and receive buffer pools.  These descriptors are loaned to the network stack. Each END driver pool is private and isolated from another END driver pool.
• Multiplex (MUX) Layer: The MUX is a useful isolation layer between the network stack and the END drivers.  This layer also provides a framework for developers to write their own custom packet filter or network sniffer that can be used to prevent packet storms or filter packets based on incoming IP address, MAC address, port number, etc.
• Firewall: VxWorks platforms include a full-featured firewall that may be used out of the box without any additional code development.  For instance, it may be used to filter traffic based on many different rule-sets, and it also includes logging features and Stateful Packet Inspection (SPI) for either TCP or UDP traffic. There are optional reference packet filters available as an alternative to customers who opt not to use the firewall.
• IPsec/IKE: VxWorks platforms also provide IP Security (IPsec) and Internet Key Exchange (IKEv1/v2) support.  These protocols may be easily configured and used without any additional code development.  IPsec/IKE allows users to setup security associations between various end-points. Some or all traffic may be encrypted, while other traffic types may be bypassed which gives developers flexibility.
• Secure Sockets Layer (SSL):  VxWorks platforms include a cryptographic library utilizing OpenSSL. This provides developers with the ability to secure individual TLS (over TCP), or DTLS (over UDP) applications.
• FIPS 140-2: VxWorks platforms support FIPS 140-2 mode. When compiled in FIPS 140-2 mode, a number of algorithms including the MD5 hash algorithm are compiled out because they are not FIPS approved.
• Secure Shell (SSH) & Secure FTP (SFTP) : SSH server and SFTP are also supplied with the networking stack.  These protocols are secure replacements for Telnet, FTP or TFTP. Again, these protocols may be used out-of-the box without any additional code development.
• Network Applications: Traditional network applications may be used in either kernel tasks or run in memory protected user-space within Real-Time processes. They may run as secure applications (e.g. SSL), or they may be run as traditional socket applications. The security may be provided via either IPSec/IKE or Firewall.
• Cryptography: VxWorks platforms include a variety of cryptographic algorithms and supporting utilities that can be used in developing secure applications. These include algorithms such as AES, SHA, MD5, DES, etc.

The slides from HD Moore includes remarks such as "little memory protection" and "everything runs with the highest privileges." On the contrary, VxWorks enables manufacturers to increase their device reliability through MMU-based state-of-the-art memory protection. VxWorks introduced process-based, user-mode application execution in addition to its traditional kernel-mode execution. There are customers who prefer to run applications in kernel space for the sheer advantage of better performance, responsiveness and other real-time characteristics. The kernel is protected from user-mode applications running in VxWorks real-time processes (RTPs). User-mode applications are also protected from each other. 

Features of memory protection include the following:

• MMU-based memory protection provides isolation of the kernel from user-mode applications and of applications from each other, increasing device reliability.
• The standard, process-based programming model simplifies application development.
• VxWorks' preemptive, priority-based global task scheduler ensures real-time deterministic behavior.
• The ability to create private or public objects in the kernel and in RTPs offers flexibility to use objects that are protected from manipulation or that can easily be shared among kernel and process tasks.
• The extensible system call interface enables application developers to employ custom-developed kernel services from user-mode execution.
• Support for shared libraries among RTPs improves code efficiency and re-usability as well as speeding code development and debugging.

Wind River realizes that no matter how robust security features may be, there is tremendous value in also testing and certifying capabilities. This gives our customers peace of mind that the networking stack is con-formant to standards and interoperable with other network devices. For this reason, the VxWorks networking stack is regularly tested against some of the industry’s top security test suites and has consistently achieved certifications that assure customers of its interoperability.

Let’s explore additional details through the above graphic and following text:

• Nessus Scans/Reports readily available for our customers.
• Independent Achilles Certification, along with Application Note 400 readily available for customers to configure/certify their systems. My colleague Bill Graham described the details in his informative post available here.
• Independent certification by the VPNC (Virtual Private Network Consortium) on basic, AES ad IKEv2 interoperability assuring customers that the stack is interoperable with other leading vendors and solutions.
• Network Stack is one of the first few TCP/IP stacks in the industry to receive the IPv6 Ready Phase II logo certifications.

I hope this helps to clarify some questions, although it’s always good to hear your comments. Please feel free to chime in.

Taiwan's high tech industry is dominant in PC-IT, Broadband CPE products like Wireless AP Routers, DSL/Cable modems, Portable Media Players, Low End Routers, Switches, Smart Phone and IP-STB/IPTVs. Some of the reasons for this prowess are explained here.

Ever wondered just how big some of these Taiwan and APAC based OEM (Original Equipment Manufacturers), ODM (Original Design Manufacturers) and EMS (Electronic Manufacturing Service) companies are?

This report states that Hewlett-Packard (HP)is the top OEM semiconductor spender in 2010, a position it will retain after taking the No.-1 spot away from Nokia. HP will spend an estimated $12.6 billion this year on semiconductors, compared to $10.99 billion in 2009.  On the other hand, the top EMS spenders in 2010 will include Foxconn, Flextronics, Jabil Circuit and Celestica. For No.-1 Foxconn, spending will reach $22.6 billion in 2010, up 18.7 percent from $19.0 billion in 2009, boosted by the company's manufacturing of HP products, Nintendo's Wii, Sony's PlayStation 3 and Apple's iPod, iPhone and the soon-to-be-released iPad. The point is, Foxconn spends approximately 80% more on semiconductors than the world's top OEM. Taiwan is home to several EMS, ODM and OEM companies that makes devices sitting across the globe. 

Increasingly, OEMs are dependent on ODM's and EMS's. The main intent is cost reduction. This trend is particularly noticeable in the case of Taiwan, China, India, and some SEA countries to a lesser extent. The reducing time-to-market and cut-throat competition in the consumer electronics industry is forcing these companies to rely on their suppliers not just for design, manufacturing and maintenance, but also for managing the supply chain; thereby allowing the customer to focus solely on branding. Though OEMs benefit by a reduced cost of product ownership and flexibility to fast-changing market trends, ODMs now have unprecedented influence in influencing technology, making them perhaps the single largest foreign stakeholder in the product.

The strategic focus of Taiwanese companies is on manufacturing and not so much in software design. Most of the designs are done by semi’s (Reference Design) or their customers while a majority of the production is being done in their China based factories. The profit margins are extremely low with most products having profit margins in the order of 5-10%. Hence, there is a lot of focus on BOM (Bill of Materials) cost. The big players in Taiwan are getting bigger through M&A and are also acting like vertically integrated suppliers from components, cabling, PCB, power supply to enclosures, etc. In several cases, like the Wireless AP Router market, Wind River has helped these customers reduce the software code size that has helped address customer challenge to drive down the BOM cost based on VxWorks.

My colleague Markus Koehler and I recently had a first hand experience visiting Taiwan. We took this opportunity to present high level vision and product strategy for digital living and also shared it with several press representatives and an event for several OEM/ODM/EMS's. One of the press report is available here.

The one I am referring to is an abbreviation of Machine to Machine.

It's simply a communication mechanism between machines or devices. The communication is done with minimal or no human intervention, hence the term machine. If interested, Wikipedia has a much more elaborate definition here.

M2M is getting a lot of traction within the connected device community because it touches many industry verticals spanning from industrial, consumer, energy, automotive and medical to name a few. A simple use case of this technology is a vending machine that automatically sends a signal to remote vendor to restock, as and when needed. Another one can be a smart meter sending energy consumption to utility company through a wireless or wired connection thereby saving operational expenditure of sending a person to read the meter readings. The consumers, in this case, benefit because they'll be better educated about their energy consumption, will be able to control devices remotely. You can find a number of these use cases on the internet.

On the utility front, smart grid investment grants were awarded by President Barack Obama that does infuse capital to bolster the utility use cases of M2M.

In a connected home, a residential gateway equipped with M2M protocols can play the role of deploying, maintaining and monitoring service/applications. Amongst others, these include remote monitoring for security, smart metering, e-health.

ETSI has a technical committee focused on M2M. If you are interested, a slide deck from ETSI is available here.

From a software stand point, M2M capable devices will have varying requirements ranging from simple low bit-rate connectivity, maintaining 99.999% availability, meeting the real time characteristics, minimal footprint, support for open source, etc. Multicore and Multi-OS's will also have a play here. If interested, my good friend Mark has been writing several educational posts on multicore here.

I would love to hear your comments because I am excited, are you?

The new buzzword in wired networking is G.hn, pronounced as "G dot hn".

I know, it does add another word to the alphabet soup of technologies, but I do think that it solves a fundamental lingering problem.

Our homes have various types of wiring available today; these constitute power, cable, phone, etc. The problem is that all of these satisfy their own purposes. The technologies today are fragmented; big time! There are MOCA (adopted in Verizon's fiber network) and HomePNA (AT&T's U-Verse network is based on this) that use coaxial wiring for CPE devices. However, there's no 1 wiring technology that can provide ubiquitous connectivity for CPE devices.

G.hn strikes at the heart of this issue and is the result of International Telecommunication Union's (ITU-T) G.9960 standardization project. It provides a unified wired networking technology that operates over almost all types of in-home wiring.

ITU-T recently ratified G.hn specification. The approved specification contains the Physical (PHY) and architecture portion of the standard. IEEE Communications Magazine recently published a paper, available for download, which describes an overview along with an architecture description. The Data Layer can use a number of existing components provided by Wind River's Advanced Networking Technology.

Harnessing the existing home wires and offering services on top of them with enhanced security and architectural capabilities of G.hn will mean significant reduction in the CAPEX and increase in ARPU's for service providers.

The good news is that there's already an ecosystem of semiconductor and software companies working to support G.hn. Some of these can be found at HomeGrid Forum's member page.

I believe that the war's on for THE in-home networking solution. Does G.hn get the crown?

Wi-Fi Alliance launches a specification called Wi-Fi Direct that allows WLAN (Wireless LAN) devices to connect directly without an Access Point in between. Well, well, this appears to be a war of worlds between the WLAN and Bluetooth camps because this surely will fit the use cases of Bluetooth users. Does this also mean the end of WLAN Access Points (AP)? That's yet to be seen.

802.11 WLAN technology, as you might be aware of, offers two types of WLANs: 'Ad Hoc' and 'Infrastructure'. The 'Ad Hoc', termed as IBSS (Independent Basic Service Set), allows two WLAN stations to talk to each other directly. In other words, this is technology that exists today. So, what's the new hoopla around Wi-Fi Direct.

As per the FAQs, Wi-Fi Direct will offer discovery as a compelling feature that will make it easy to enable applications. Wi-Fi Direct incorporates several important innovations in Wi-Fi technology, such as higher data rates, enterprise manageability, WMM Quality of Service mechanisms, and power management protocols to peer-to-peer connectivity. The details of which station will initiate the connection is till to be defined in the final specification.

Also, the Ad-hoc wireless networking offers up to 11Mbps which is expected to be beefed up to approximately 250 Mbps with Wi-Fi Direct. There are no hardware upgrades necessary to use this new specification. It'll be turned on using a software upgrade.

This specification surely provides consumers to use a Personal Area Networking (PAN) technology at data rates and physical ranges that are synonymous with WLAN. Additionally, existing security aspects such as WPA2 will be part of this specification, which bolsters the security concerns drastically.

Do you agree with Tony Bradley's comment, "I think Bluetooth's days could be numbered"?

Comcast is all set to launch their HomePoint service. The service converges VoIP handset and router functionality. The devices that come with the service are a base unit that functions as a cable modem and wireless router, and a portable handset that you can connect to additional handsets.

Vonage recently launched their Vonage Mobile service, which is a free download that gives consumers international calling capabilities on their smart-phones. The service allows users to use either their existing cellular networks or any Wi-Fi hotspot. Vonage also lets you to forward calls to any number, which is a classic example of fixed mobile convergence (FMC).

Do you think any of these serve your needs?

Ever wondered what it would be like without access to ever increasing means of connection?

Thanks to social networking sites that I am now in touch with my friends who used to exchange bicycles while riding to my fifth grade class.

In the past decade or so, we have come a long way. The social norms have been re-defined with applications such as social networking, M-commerce, E-Commerce, virtual world, remote health monitoring, E-readers, media streaming and storage, etc. All of these are resulting in an explosion in global internet traffic. Cisco forecasts that the annual global IP traffic will reach half a zettabyte in 2012.

The paradigm is shifting to an "all-IP" based network deployment where various advanced physical layer technologies such as FTTx are being deployed to support dynamic services. The devices need seamless connectivity in order to share services, content and network monitoring.

Global warming is necessitating regulations for reducing power consumption of devices.

Let's try to analyze the effects on the ecosystem.

On one side of the spectrum, the entire ecosystem including CE device manufacturers, operators, OEMs, ODMs, service and content providers would like to bank on these new services to increase their respective revenue streams.

On the other side, the devices are converging. A few examples are Smart-phone/navigation/MID, Set Top Boxes/Media Players, Router/Modem/Access Point/Media Gateway, etc. WLAN devices are shifting from stand alone products to an embedded utility in digital homes. Generally, devices are increasingly focusing on design, quality of experience (QoE), and user interfaces where a legacy GUI is not an option. This is because consumers demand touch-screen and motion to make their lives simpler and effective. This trend is as true in consumer vertical as it is in industrial, automotive and networking vertical markets.

From an operator standpoint, they need to provide better infrastructure and support for new applications and services. One of their challenges is to keep the costs to an optimal level without requesting subscribers an arm and a leg for service offerings. I did mention this in my white-paper. All of these are leading to an increase in remote configuration, monitoring and setup of devices which provides the option for quick device provisioning and also handle support issues remotely. One of the most interesting technologies around this is the Machine to Machine (M2M). I'll share my musings on M2M in a separate post later.

In order to keep up the pace with the network back-haul, semiconductor companies are rolling out multi-core chips which help with hardware offload engines for providing an efficient mechanism to support IP, NAT, cryptographic, content inspection, IPsec, etc protocols. There are various multi-core options available for device manufacturers which are described in this white-paper.

There are a plethora of technologies that need to be defined, optimized, deployed and used. The key is in finding the right solution to meet the time to market. Agree?