Select and apply the proper certifications to enable system security.

Increased security is essential to the rapid growth occurring across nearly all end-equipment categories. The diverse security requirements are especially apparent in embedded systems where increased connectivity, portability, and pervasive design objectives are implemented. Thus, the need for security and the particulars of its implementation are driven by entirely different mechanisms.

Issues relating to data security and the protection of user identity or encryption keys represent a small portion of considerations now facing designers of next generation systems. Specific security requirements guarding intellectual property (IP), anti-cloning, intra-device/system authentication, as well as threat detection and mitigation schemes, should all be serious considerations. In addition, as pervasive computing and connectivity increase, protection against security threats extends into even further obscure areas requiring consideration of system behavioral characteristics. In a networked environment, even a single malfunctioning node can disrupt the entire connected community.

Addressing these concerns has lead to the formation of a set of standards and certification schemes that provide levels of assurance to designers, manufacturers, and end users of next-generation products and systems.

Pervasive computing is one of the most difficult security challenges to address. It represents the integration of multiple applications, which traditionally were implemented as discrete functions along with specific security requirements. For example, consider Apple's iPhone, which integrates the functions of a cell phone, PC, network client, and media player. Bringing these functions together cohesively provides the user a more feature-rich environment, allowing seamless interaction across multiple applications. However, such integration has potential security implications.

The obvious and controversial aspect of digital rights management (DRM) security is that there's no single standard yet in place. Compound this with the need to provide a trusted computing environment ensuring the protection of the operating system, user data, and digital certificates.

Network security at all levels introduces an ever-growing concern, which is currently leading to the emergence of further standards and security policies. One can't disregard the trend to enable network devices the ability to conduct financial transactions or even act as a digital purse. Once issues as sensitive as those regarding currency and personal identity come into play, a new secure set of standards and certification apply.

From an equipment manufacturers perspective, it's not feasible or practical to obtain certification of standards compliance for each individual subsystem of a highly integrated system. However, the OEM must be aware of emerging standards and take reasonable steps to implement sensible security policies.

Because these issues touch on a significant number of security issues, some of the applicable standards and related technologies warrant reviewing. For example, DRM represents one of the most difficult set of standards to implement. Its current implementation has been limited and tied to specific applications, equipment, and content providers. Although it could continue along that path, nearly all initiatives are heading toward reliance on digital certificates. These define privileges and tie content to a particular user or piece of equipment. In a highly integrated environment, this could lead to problems associated with the management of multiple certificates, as the storage and verification of digital certificates tied to an individual identity begins to impact other standards.

Trusted Computing
The Trusted Computing Group has a goal of establishing a methodology and defining standards upon which a reliable and secure computing environment can be built. This has led to the introduction the Trusted Platform Module (TPM). The TPM is a standalone secure processor, which resides separate from the host CPU and handles the verification, storage, and management of digital certificates. It controls the loading of all software from the boot level forward. Thus, when fully implemented, (as it is in Windows Vista), all software executables and data must be digitally signed and verified by the TPM prior to loading and further processing. There are many controversial aspects to the extent this form of control could lead to. However, that's beyond the scope of this article.

Although TPMs have been in volume production for over two years, their function for the most part has laid dormant in most PCs. As next generation operating systems and media software are implemented, the emergence of this security standard will increase in importance to manufacturers and application developers.

This will be most apparent when considering the costs associated with defining certificate attributes and their necessary maintenance. Issues relating to validation will also play an important role, as policy decisions relating to how and if a root of trust or Public Key Infrastructure (PKI) mechanism needs to supported. In the end, OEM, content providers, and software developers will be faced with making decisions with regard to their security policy and the compatibility of their product in applications where security policies may vary.