End-to-End Security Ensures Virtualization is Viable for Critical Industrial Control and Telecom Applications
By Charlie Ashton
The business-level benefits of virtualization are becoming well understood in applications such as industrial control and telecom. Companies worldwide have analyzed real-world use cases and concluded that major savings in lifetime operational costs are achievable by deploying software-based, virtualized systems compatible with open standards, instead of traditional fixed-function physical equipment based on proprietary, vertically integrated architectures. There is unstoppable momentum behind industry initiatives like Open Process Automation Forum (OPA) for industrial control and Open Platform for NFV (OPNFV) for telecom.
This move to virtualized infrastructure, however, has brought justifiable concerns about security. Software-based systems are increasingly deployed in network edge locations that are unattended and/or where physical security cannot be guaranteed.
A control system for a wind turbine on a hillside and a basestation at a remote antenna site are both vulnerable to malicious attacks and attempts to infiltrate the software. If a hacker can enter the network via one of these edge locations, the potential effects throughout the wider network can be financially damaging to a telecom service provider and potentially catastrophic in the case of industrial control applications.
At the same time, the long lifetime of systems deployed in these industries means that they become vulnerable to new threats over time that were not anticipated and protected against when the software was originally installed.
For all kinds of critical infrastructure applications, companies need to be certain that the software-based systems they deploy are protected by a robust security architecture that prevents unauthorized software from being installed, whether maliciously or unintentionally, protects the entire system as soon as it is powered on and enables properly-authenticated remote software updates to address new threats as they emerge.
Recognizing these challenges, Wind River has incorporated a comprehensive set of security enhancements into the latest release of the Wind River Titanium Cloud portfolio of virtualization platforms for critical infrastructure. For industrial control applications, these enhancements are integrated into the Titanium Control product, while telecom companies will select either Titanium Core, Titanium Edge or Titanium Edge SX, depending on the deployment location and configuration.
During update or patching cycles, Titanium Cloud now uses cryptographic signatures to validate both the integrity and authenticity of files when patches and ISO images are imported. Only patches and ISOs that have been cryptographically signed by Wind River can be applied to a Titanium Cloud installation. When the Titanium Cloud patches are developed by Wind River, they are signed at build time with a private key stored on a secure signing server and subsequently validated with a public key that’s built into the deployed Titanium Cloud platform. The signature for the patch is included in the patch archive and validated when the patch is uploaded. A similar process applies to Titanium Cloud ISO images, with the signature being stored in a separate file in this case. This use of cryptographic signatures ensures comprehensive protection of the software platform during maintenance operations.
The Titanium Cloud Integrity Measurement Architecture (IMA) uses a secure boot process to ensure the integrity of the initial boot loaders and the kernel for the host platform, guaranteeing the integrity of the user space environment while detecting and reporting executable files that have been maliciously or accidentally changed. IMA continuously monitors the integrity of a key subset of the hosts’ files, measuring and storing the hashed value of files as they are accessed in order to detect if files have been altered while logging any file integrity issues that may indicate that the host platform has been compromised.
The virtual Trusted Platform Module (vTPM) function within Titanium Cloud ensures that virtualized functions achieve a level of security at least as high as that provided by the latest hardware technologies. TPM is an international standard, based on the Intel® Trusted Execution Technology (Intel® TXT) specification, for a secure crypto processor, originally viewed as a dedicated microcontroller designed to secure hardware by integrating cryptographic data into devices. Software uses TPM to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in during manufacturing, it is capable of performing platform authentication.
As companies adopt virtualization for their critical infrastructure, they expect to be able to deploy industry-standard servers that may not include hardware TPM. To address this challenge, the Titanium Cloud vTPM comprises a complete software-based implementation of TPM, which enables Titanium Cloud to manage the vTPM device and its non-volatile data securely through a Virtual Machine’s lifecycle, including migrating it along with the relevant VM. The vTPM device is configured exactly the same as a physical TPM and no changes are required to the application itself, which behaves exactly as if it had booted from a physical TPM.
For critical infrastructure applications, the Titanium Cloud vTPM function ensures an end-to-end boot process that is fully secure.
One of the benefits in moving from fixed-function physical equipment to software implementations based around open standards is that companies can leverage a wide range of security products available from innovative software companies. Through the Titanium Cloud partner ecosystem, Wind River collaborates with providers of functions like firewalls, security gateways, Deep Packet Inspection (DPI) and Intrusion Prevention Systems (IPS). By validating the correct operation of our partners’ products with Titanium Cloud, Wind River enables our customers to take advantage of security software from industry-leading companies with the confidence of pre-validated, joint solutions.
This post has only scratched the surface of the features in the latest version of Titanium Cloud, focusing on those that ensure the end-to-end security of software-based critical infrastructure systems. Other innovations address areas like simplified installation, cost reduction for edge deployments and distributed cloud architectures. If you’d like to know more about Titanium Cloud, please browse the information available online or contact Wind River to arrange a face-to-face discussion.