eNews Letter Q2 2014 Advantech Applied Computing Technology Communications - Security Column - Gaming Column
Issue: June 2014 By Applied Computing Group Advantech www.advantech.com.tw/dms
About the eNews Letter We at Advantech Applied Computing Group (ACG, formerly ACDMS), are glad to share with you, our premier customers, our latest technology focus and industry highlights. Advantech has been delivering ePlatform and eAutomation products for over 30 years. To best serve its outsourcing customers, ACG was built to focus on customer-oriented services & cost-effective solutions, with domain market knowhow, innovative technology, and solid expertise. Embracing the company value of “Altruism”, ACG sees itself as a long-term partner to help our customers continue to build lasting prosperity. Not only do we offer collaborative design, flexible manufacturing and global services, but we also strive to go beyond customer expectations. The eNews is part of our commitment toward Enabling customers’ success.
Table of Contents Technology Highlights 4 8
Secure Boot Introduction Secure Boot Implementation
Vertical Market Focus – Gaming 10 Gaming Market Snapshot 11 Gaming Jurisdiction: GLI-11 12 Security Solutions for Gaming Applications
ACG Gaming DMS Core Competency 16 Mechatronics Capability 19 Focused Gaming Features 20 One-stop Shopping Services & Longevity Support
22 Contacts at Advantech Applied Computing Group
Secure Boot : Gatekeeper Before the Opera Technology Highlights
Secure Boot is a security standard designed by members in the PC indu firmware that is trusted by the PC manufacturer.
Secure Boot is a firmware validation process defined in UEFI; it require 2.3.1, Errata C or higher.
UEFI: Unified Extensible Firmware Interface The next generation firmware interface (vs. Legacy BIOS) managed through the UEFI forum, a collection of chipset, hardware, system, firmware, and operating system vendors. Since UEFI 2.2 specification, the Secure Boot protocol has been added.
When the PC starts, the firmware checks the firmware drivers (Option ROMs) and the operat If the signatures are valid, the PC boots, and
In this way, Secure Boot protects the PC from the attempt to compromise the start up sequen
ating System Technology Highlights I 05
ustry to make sure that a PC boots using only
es a PC that meets the UEFI Specifications Ver.
ď Ž
Without Secure Boot BIOS
Any OS Loader (Malware/Fake included)
OS Start
vs. UEFI Secure Boot Flow
Native UEFI
Verified OS Loader (e.g. Win 8)
OS Start
signature of each piece of boot software, including ting system.
the firmware gives control to the operating system.
low-level exploits and rootkits and bootloaders, making nce much harder for attackers.
The Security Keys and How They Work
A series of keys and databases are used to manage and protect the signatures needed to verify code before it is executed. As shown in the figure, from top, each key is used to protect the next key from uncontrolled modification. Platform Key (PK) One PK in each system Typically set by the platform manufacturer when a system is built in the factory May be replaceable by an end user or enterprise IT services
Platform Key Protection
Key Exchange Key
Key Exchange Key (KEK) There can be multiple KEKs provided by the operating system and other trusted third party application vendors No changes can be made to the signature database without the private portion of this key.
Protection Database (db) Two lists of signatures are maintained: signatures of code that is authorized to run on the platform and signatures of code that is forbidden Signature Database
Forbidden Database
UEFI spec focuses on the mechanisms for signing code images and managing keys and signatures. The way it is managed, enabled or disabled is a decision of the platform manufacturer and the system owner.
Technology Highlights I 07
Secure Boot Implementation
How These Features Function in Secure Boot
iButton
Simple one-wire or two-wire device connected by GPIO to authenticate computer system, available for a number of different functions and supplied drivers and SDK.
TPM
Solution SDK to protect software from copying or cloning, to validate downloadable contents and authenticate users and clients.
Option ROM
Designate a piece of binary code intended to be run under the control of the BIOS in order to provide services to the BIOS to help the system boot from add-in hardware devices.
Technology Highlights I 09
Gaming
Military
Network/ Telecom
Finance
Retail
Public Safety
ď Ž
Any time a PC needs protection to resist attacks and malware infection during the booting process, Secure Boot can serve as gatekeeper.
The Worldwide Casino Business is Boomin Vertical Market Focus
Casino Market Size is expected to be USD182.8B in 2015. Ma “Sands to MGM Scout Casino Sites in Japan as Tokyo Gets Ga “Japan’s LDP Lawmakers Submit Parliament Bill to Legalize Ca
From: Segasammy 2013 Annual Report Bloomberg news 2013-0909 Bloomberg news 2013-1205
To name some important section Control Program Verification ( This regulation requires th before execution especially Physical Access Control (Sect Access to the interior of th event/error logged, includin devices and money handlin
ng, and GLI-11 Plays a Critical Role in it Vertical Market Focus I 11
ain growing market is Asia-Pacific region. ames.” asinos.”
• GLI-11 is a regulation released by Gaming Laboratories International. • The main purpose is to create a standard that ensures gaming devices in casinos are fair, secure, and able to be audited and operated correctly.
ns in GLI-11 (Section 2.17) hat any programs running on gaming machines are verified if the program could affect the game outcomes ion 2.10/2.11/2.12/2.16) he gaming machine has to be controlled, monitored, ng devices such as CPU electronic boards, gaming storage g devices
Advantech Offers the Most Up-to-date SW
Board Support
Security
Drivers & Utilities
Secure Boot
DirectPCI SDK & Run-Time
TPM Suite
Embedded OS Support Custom Embedded Linux The Emphasis on Security: Secure Boot
Package Vertical Market Focus I 13
Firmware/BIOS
Utility/Development
Custom Logo & Settings
DirectPCI API
TCG CRTM BIOS (TPM)
Custom Utility/ Development Kits
Custom BIOS Code
The Emphasis on Security: TPM Suite
Advantech Hardware Security Features
Intrusion
Digital Inp
Security (“
Non-volati
Proprietary
Power Fail
System He
Meter Cut
Trusted Pl
Write Prot
Firmware
Monitoring
Security ID
IDROM, E iButton®
Vertical Market Focus I 15
Detection Logging Processor(IDLP)
puts/Outputs
“Jurisdiction”) ROM sockets
le RAM (battery back-up SRAM)
y format, highly integrated SBC
l Detect
ealth Monitoring
Detect
atform Module
ect BIOS, custom BIOS
EPROM
The Emphasis on Security: IDLP and Digital I/O
Gaming DMS Core Competency I 17
Gaming DMS Core Competency
Gaming DMS Core Competency I 19
Gaming DMS Core Competency
Gaming DMS Core Competency I 21
Contacts at Advantech Applied Computing Group ACG BU Head Kenny.Deng@advantech.com.tw
Retail/ China
Hawaii.Tseng @advantech.com.tw • China DMS KA Services • Point of Sales Solutions • Self Services Applications
Embedded Systems
Mobile
Jason.Lu @advantech.com.tw
Alexyc.Chen @advantech.com.tw
• Embedded Computing KA Services • Mobile POS • Vehicle & Transportation Applications
• Portable & Tablet KA Services • Rugged, Warehousing & Field Services • Mobile Resources Management (InVehicle)
Gaming
Medical
Jimmy.Hsu @advantech.com.tw
Pablo.Lin @advantech.com.tw
• Gaming KA Services • Gaming Portable & Server Applications • Arcade, AWP, Casino, Pachislot & Recreation Applications
• Medical KA Services • Medical Tablet & Portable • Ultrasound, Patient Monitor • Medical Server Applications • Fitness Console
Business Development
Jason.Kuo @advantech.com.tw +886 2 2792 7818 ext.8002
Business Development
Selena.Wang @advantech.com.tw +886 2 2792 7818 ext.8013