Page 1

The magazine of record for the embedded computing industry

September 2013

Communication and Security Boost the Smart Grid Lock Down Security for Multicore

An RTC Group Publication

4th Generation ™ Intel Core i7 from ®

VPX · cPCI · VME · XMC · COM Express · Custom High-performance, rugged, and versatile 4th Generation Intel® Core™ i7 solutions from X-ES

Extreme Engineering Solutions 608.833.1155

100% Designed, manufactured, and supported in the USA


44 MicroTCA AMC Carrier for an FPGA Mezzanine Card per VITA 57

46 Dual-Port SFP+ SR Network Adapter with Board-toBoard Bypass Fiber Module


48 Fourth Generation Core i7-based 3U VPX SBC Offers Enhanced Graphics/Data Performance



6Editorial OK, We Don’t Have a Flying Car Just Yet, But...

Technology in Context


Managing the Internet of Things

Hypervisors and Virtualization for Multicore

Thomas Barber, Silicon Labs

David Kleidermacher, Green Hills Software

Internet of Things: More Than Approaches to Combating 12 The 36New the Sum of Its Parts Rootkits

Build IT: The Internet of Things Insider 18 8Industry Latest Developments in the Embedded Marketplace W. Gordon Kruberg, M.D. and Andrew Simpson, PhD, Gumstix

Form Factor Forum 10Small Buh Bye, PCI & Technology Newest Embedded Technology Used by 44Products Industry Leaders

the Needs of Today’s 40Facing Connected Embedded Devices Robert Day, LynuxWorks

TECHNOLOGY CONNECTED Communication and Security for the Smart Grid

Key to Smart Energy Software Development 22 Security: Mark Pitchford, LDRA

the Smart Grid: Security for Legacy Endpoint 28 Protecting Devices Alan Grau, Icon Laboratories

the Smart Grid Smart with Hardware and Software32 Keeping Based Security and Standards

Christine Van De Graaf, Aaeon Electronics Digital Subscriptions Available at



SEPTEMBER 2013 Publisher MSC Embedded Inc. Tel. +1 650 616 4068

Qseven™ -

MSC Q7-IMX6 Compatible Modules from Single-Core to Quad-Core

ƒ Freescale i.MX6 Quad-, Dualor Single-Core ARM Cortex-A9 up to 1.2 GHz ƒ up to 4 GB DDR3 SDRAM ƒ up to 64 GB Flash ƒ GbE, PCIe x1, SATA-II, USB ƒ Triple independent display support

The MSC Q7-IMX6 with ARM

ƒ HDMI/DVI + LVDS up to 1920x1200

Cortex™-A9 CPU is a compatible

ƒ Dual-channel LVDS also usable

module with economic single-core CPU, strong dual-core processor or a powerful quad-core CPU with

as 2x LVDS up to 1280x720 ƒ OpenGL® ES 1.1/2.0, OpenVG™ 1.1, OpenCL™ 1.1 EP

up to 1.2 GHz, and provides a very

ƒ UART, Audio, CAN, SPI, I2C

high-performance graphics.

ƒ Industrial temperature range


Untitled-3 1

8/14/13 2:16 PM

PRESIDENT John Reardon,

Editorial EDITOR-IN-CHIEF Tom Williams, SENIOR EDITOR Clarence Peckham, CONTRIBUTING EDITORS Colin McCracken and Paul Rosenfeld MANAGING EDITOR/ASSOCIATE PUBLISHER Sandra Sillion, COPY EDITOR Rochelle Cohn

Art/Production ART DIRECTOR Kirsten Wyatt, GRAPHIC DESIGNER Michael Farina, LEAD WEB DEVELOPER Justin Herter,


Billing Cindy Muir, (949) 226-2021

To Contact RTC magazine: HOME OFFICE The RTC Group, 905 Calle Amanecer, Suite 250, San Clemente, CA 92673 Phone: (949) 226-2000 Fax: (949) 226-2050, Editorial Office Tom Williams, Editor-in-Chief 1669 Nelson Road, No. 2, Scotts Valley, CA 95066 Phone: (831) 335-1509

Published by The RTC Group Copyright 2013, The RTC Group. Printed in the United States. All rights reserved. All related graphics are trademarks of The RTC Group. All other brand and product names are the property of their holders.




OK, We Don’t Have a Flying Car Just Yet, But...


et us speculate a bit on the future of the automobile in relation to embedded and connected intelligence. I recently bought a new car, and during the process the service manager told me, “You’ll really be driving a computer.” Needless to say, that didn’t dissuade me. However, a few days after I took delivery, there was a problem with a rear door window. When I pulled the switch to raise it, it would reach the top and then roll back down halfway. When I took the car back, it turned out to be a software problem. The manager said, “We just reinitialized the windows routine.” To this I could only answer, “That’s OK. I’m used to dealing with windows.” For some time there was not a lot of third-party interest in the automotive market because most of the systems on cars were designed and built by the automobile manufacturers. Gradually, aftermarket infotainment systems and other accessories have appeared. Today, however, it is looking like the aftermarket will continue to grow and there will be companies who sell specialized systems directly to manufacturers. Additionally, automotive connectivity with the outside world via the Internet will offer a wide range of future business opportunities. It is, of course, no big news that modern automobiles are completely infested with embedded processors from power train control to air bags to GPS systems, displays, sensors, ABS, infotainment and all the rest. But ideas that succeed give birth to bigger ideas and that appears to be taking place in the automotive industry big time. We are now seeing automated parallel parking, blind spot alert modes, sensors that can brake automatically in emergencies and workable driverless vehicles. And there are myriad potential uses for Internet connectivity as well as intervehicle communication. And then, of course, there is the brewing revolution in electric vehicles and the infrastructure changes they will bring about. Since Internet connectivity seems to be rolling ahead unabated creating the issue of increased driver distraction, it is perhaps appropriate that the development of autonomous vehicles should be accelerated as well. California is one of three states with laws that allow for manufacturers to test driverless vehicles on its roadways, and its Department of Motor Vehicles is in the



Tom Williams Editor-in-Chief

process of establishing regulations. That does not mean the public will get its hands on them right away; it does mean that this is a real thing on the way. Internet and inter-vehicle connectivity can actually assist autonomous vehicles with traffic and road condition information linked to GPS data. Inter-vehicle communication has many potentials, such as linking with other vehicles in groups like fish schools on Interstate highways to coordinate speeds and distances between vehicles or guiding a car safely to the right lane in anticipation of an exit. Already there are cruise control options that match speed and keep a safe distance from the vehicle ahead. Of course, there are also liability issues to be resolved such as who is responsible for an accident—the driver or the manufacturer? Guess who will win out on that one. Then there is the coming world of electric vehicles, and we are prepared here to make our “Fearless Forecast” that they are the wave of the future. Well, actually they date from the second half of the 19th century. Advances in both embedded control and in battery technology have enabled the Tesla Model S to achieve a range of close to 300 miles, and founder Elon Musk recently demonstrated a battery swap technology that replaced the battery in a Model S in half the time it took to fill an Audi with gasoline. Tesla is currently setting up an infrastructure of charging stations, which will be free, and battery swap facilities, which will charge a fee. Thanks to embedded processors, GPS and the Internet, drivers are able to track their available range, locate charging stations, monitor energy consumptions and recharge (as happens when going downhill or braking). We don’t even need to go into tree-hugging topics like global warming and the price of oil to see many advantages to electric vehicles. The engines are simpler and easier to maintain. They are cheaper to operate. Oh yes, and the infrastructure. When the gasoline automobile was in its infancy, drivers had “range anxiety” as well. Rather than a liability, we should see an opportunity for another layer of service industry to grow up around the electric vehicle. And we can also remember that condemning judgment of long ago, “Nothing will ever replace mule power.”


INSIDER SEPTEMBER 2013 Working Group to Enable Tools to Optimize and Manage Multicore Software The Multicore Association, a global non-profit organization that develops standards to speed time-to-market for products with multicore processor implementations, has announced its latest program to turbocharge the development of complex multicore and manycore applications. The effort launches a new working group, the Software-Hardware Interface for Multi-Many Core (SHIM), which will provide a common interface to abstract the hardware properties that matter to multicore tools. Multicore and manycore system development often gets sidetracked because development tool vendors and runtime systems for these programs are challenged to support the virtually unlimited number of processor configurations. The Multicore Association is initiating the SHIM to facilitate better tool support and quicker timeto-market. The primary goal of the SHIM working group is to define an architecture description standard useful for software design. For example, the processor cores, the inter-core communication channels (in support of message passing protocols such as the Multicore Association’s MCAPI), the memory system (including hierarchy, topology, coherency, memory size, latency), the network-on-chip (NoC) and routing protocol, and hardware virtualization features are among the architectural features that SHIM will either directly or indirectly describe. The SHIM standard will be flexible enough to allow vendor-specific, non-standard architectural information for customized tools. And while the SHIM standard itself will be publicly available, the vendor-specific information can remain confidential between a processor vendor and its development tool partners. The Multicore Association’s SHIM standard will be beneficial for many types of tools, including performance estimation, system configuration and hardware modeling. Performance information is critical for most software development tools, including performance analysis tools, auto-parallelizing compilers and other parallelizing tools. Moreover, operating systems, middleware and other runtime libraries require basic architectural information for system configuration. In addition, the SHIM standard can be used with hardware modeling to support architecture exploration. An important goal for SHIM is to align with work underway in the Multicore Association’s Tools Infrastructure Working Group (TIWG).

Fleet Management Systems to Reach 6.1 Million in Russia and Eastern Europe

According to a new report from the analyst firm Berg Insight, the number of active fleet management research systems deployed in commercial vehicle fleets in Russia/CIS and Eastern Europe was 2.2 million in Q42012. Growing at a compound annual growth rate (CAGR) of 22.6 percent, this number is expected to reach 6.1 million by 2017. The leading fleet management providers in terms of installed base in the CIS and Eastern Europe include diverse players from a number of countries. Belarus-based Gurtam is established as the leading fleet



management software provider active across most countries in the region with more than 220,000 vehicles managed through its Wialon platform. Arvento Mobile Systems from Turkey and TechnoKom from Russia are also top-ranking telematics players on their respective domestic markets. Other major Russian solution providers include M2M Telematics, ENDS and Russian Navigation Technologies. These have all estimated installed bases in the range of 60,000 - 85,000 active units. Berg Insight anticipates that the fleet management market in Eastern Europe and the CIS gradually will converge

with the developments in Western Europe. “Eastern Europe is already tracing the most developed European markets closely in terms of system functionality and service models,” said Rickard Andersson, Telecom Analyst, Berg Insight. “The major Russian solution providers are on the other hand still primarily serving large corporations with standalone systems whereas subscription services are mainly adopted by SMBs.” Mr. Andersson anticipates that web-based services based on recurring service fees will become the primary focus also for major enterprise fleets on the Russian market.

Honey! The New Vacuum Cleans up Running Linux!

Enea has announced the signing of a strategic Linux agreement with the global R&D organization within Electrolux Small Appliances, the business sector for vacuum cleaners and small domestic appliances. “This agreement is of strategic importance, since Electrolux Small Appliances are early adopters of the Enea Linux 3.0 offering from Enea,” said Anders Lidbeck, president and CEO, Enea. “The agreement proves the applicability and technological relevance of Enea Linux in demanding products, not only in telecom but in other verticals. Further, as the Linux market is developing very quickly, the agreement is a testament that Enea’s technology roadmap and business model bring the capacity, flexibility and cost-effectiveness that customers need in order to succeed.” “We want to be able to fulfill increasing demands on functionality, system robustness and stability, and our appliances are growing more technically advanced, interacting with the world around us,” said Curt Nyberg, chief technology officer at Electrolux Small Appliances. “We are happy to have made this agreement with Enea as we have similar common interests in making the best products and breaking new technology grounds. Together, we are building a future-proof platform with a fast feature growth, allowing us to innovate and incorporate new technologies into our products.”

Rochester Electronics Selected as Authorized Source of Discontinued Atmel Semiconductor Devices

Rochester Electronics has announced that it has entered into a continuing solution agreement with Atmel that will provide customers a continuing supply of end-of-life products discontinued by Atmel. As products reach the end of their normal lifecycle, there are many industries that critically require extended product support. Many industries often need to support programs for 10, 20 or more years. With the average lifecycle of a semiconductor being less than five years, customers could face massive redesign and requalification costs. “This agreement with Rochester gives our customers confidence to continue designing with Atmel products regardless of the product lifecycle,” said Dave Esto, senior director of channel sales, Atmel Corporation. “Rochester will continue supporting all customers that are currently using Atmel devices, even if the products have reached their end-of-life.” “We are committed to giving the very best product support, service and programs to Atmel and their customers,” said Chris Gerrish, president of Rochester Electronics. “We are continuing to expand all of our operations, including recent key developments in technology, packaging and test. For those industries that require continuing production and maintenance support, we will do everything possible to have it in stock or manufacture it.”

Digital License Plates May Leak Location Data

California license plates may become digital display boards if one state legislator gets his way, but privacy advocates aren’t so sure. Senate Bill 806 would authorize a test of new digital license plates in the Golden State made by San Francisco-based Smart Plate Mobile. The bill’s sponsor estimates the state could save $20 million spent each year in postage for renewals. Previous proposals have included revenue generation through ads displayed on the license plates when the vehicle is stopped for four seconds or more. Advertisements are not in the current bill. The idea is that registration could be done virtually without the need to stand in line at the DMV or send in a form to get new plates. In California, plates stay with the car, not the owner. But groups such as the Electronic Frontier Foundation are paying attention to the bill. The concern by opponents is that the state may be able to monitor the location of any of its digital plates. Additionally, tracking vehicles under a court order will be easier in the future since the tracking device (the license plate) will already be installed on the vehicle.

Clarion Selects Averna for Testing In-Vehicle Infotainment Systems

Averna, a developer of test solutions and services for communications and electronics device makers, has announced that Clarion has selected Averna’s Record & Playback solution to validate upcoming in-vehicle entertainment systems and certify

that the devices perform well in real-world conditions. The R&D Division, Experiment and Evaluation Team at Clarion will use Averna’s R&P platform to record radio signals such as AM, FM, HD Radio and DAB from key locations around the world and replay them in the Tokyo-based lab where the design team is located. The R&P platform selected by Clarion features a compact 2-channel RF recorder designed to record live RF signals in the field, and URT-5000, a softwaredefined RF player and signal generator. In addition it offers RF Studio, high-performance RF record-and-playback software for RF product designers and researchers to facilitate recording, analysis and storage of RF signals. The Averna RP-5100 RF Recorder is specifically designed to capture real-world RF signals, with impairments, for navigation as well as broadcast radio and video receiver validation, testing and support. The system has two 20 MHz wide channels that can be tuned on any frequencies from 250 kHz to 2.65 GHz. To address the challenges of validating the RF response with the physical environment, Averna has developed DriveView, a plug-in for the proprietary RF Studio software, offering visual verification by video-recording drive tests.

ing from the most advanced 4th generation core through previous generation core and Atom processors. Also available are Express Chipsets, Ethernet controllers, System controllers and Intel’s Next Unit of Computing (NUC) to round out the Intel lineup. “We are extremely excited to announce our agreement with Intel,” says Jeff Newell, Mouser Electronics’ senior vice president. “This partnership enables Mouser to expand our line card with one of the world’s largest and most advanced manufacturers of semiconductor products. Offering the newest Intel products at Mouser will allow design engineers to build tomorrow’s electronic products using today’s most advanced semiconductor technologies.” “With Intel’s robust product portfolio and Mouser’s global network of design engineers, the new partnership enables innovative designs for the future,” says CJ Bruno, Intel VP, GM of Americas. “Mouser has a long history as an authorized distributor with tremendous scale and effective reach. We look forward to a successful collaboration with Mouser to deliver stunning innovation to customers worldwide.”

Mouser and Intel Announce Global Distribution Agreement

Mouser Electronics has signed a global agreement with Intel. Included in Mouser’s Intel portfolio are the latest 22 nm Core i7, i5, i3, Pentium, Celeron and Xeon processors—rang-




FORUM Colin McCracken

Buh Bye, PCI


he long run of the parallel PCI bus may be over from a design point of view. We’ve reached the beginning of the end, at least. While the desktop PC market moved quickly from PCI to PCI Express many years ago, certain processors and chipsets are kept in production for extended lifecycles—5 or 7 years or more. FPGAs and specialty I/O cards give embedded system OEMs added longevity and control of their own destiny. PCI even became widely used in other architectures too like PowerPC and MIPS for networking applications such as core routers running RTOSs like VxWorks. Often, reliable connectivity and real-time precision weigh in as higher priorities than raw I/O bandwidth. Even overall board space and sometimes power efficiency are relegated to nice-tohave goals, when push comes to shove. Unique I/O requirements for each application in medical, communications, military, transportation and other markets means that “perfect fit” boards rarely exist. Outside of simple kiosk and signage and touch panel systems that use vanilla motherboards, the challenge to designers becomes how to round out the I/O. It took so many years to build up large ecosystems of special PCI cards and carrier boards. Embedded Rome wasn’t built in a day. Usually there isn’t a direct replacement that uses PCI Express. Many choices of form factors and bus connectors exacerbate this problem. Cobbling together a solution with bridge cards and adapters isn’t going to make the pointy-hair boss happy. Changes involve extensive redesign, requalification and recertification cycles. Fortunately, many embedded CPU card vendors are sympathetic to their customers’ needs. As long as chips are available, and even beyond that thanks to last-time buys and stocking programs, these vendors can keep the system OEMs in production. As an example, even though the Intel fourth generation Core i7 “Haswell” modules are only in Type 6 pinout, last year’s third generation “Ivy Bridge” modules are available in Type 2 pinout with only one year depleted of the 7-year lifecycle. A brand new design start with a Type 2 module is just fine for most OEMs if PCI is required, even for some medical and military product design cycles. Some board vendors go the extra mile



by implementing legacy I/O (Compact Flash) and PCI bridges in FPGAs on their boards. This level of commitment and investment gets rewarded by customer loyalty for many more years to come. It’s truly a win-win scenario when the heartbreak of obsolescence is redirected toward longer-term healthy relationships. With a few more years of supply arranged, designers can turn their attention toward next-generation platforms and architectures. From a software point of view, moving from PCI to PCI Express is straightforward. Moving from PCI 10/100 LAN to PCIe GigE has been very smooth, almost transparent, and the same is true for other PCI devices. Firmware initialization enumerates peripheral devices and circuits and assigns resources in much the same way as before—“config space,” interrupts, base addresses and so on. The hardware often takes longer to sort out, so “buying time” is the key. Sometimes the hiccups include availability of industrial temperature versions of a chip, power consumption, BGA ball pitch, noise from PLLs, additional or unusual core voltages, or other things that don’t affect software. Another glitch to watch for is low-volume specialty SBCs that are much more expensive with PCIe than their predecessors, so researching prices and getting quotes is imperative up front, before getting too far down any one path. With COM Express, the more “legacy free” (i.e., Type 6), the lower the price due to fewer bus bridges and legacy I/O controllers. Full custom SBCs take the most time to redesign. Fully offthe-shelf board stacks can be much simpler as long as the right processors and I/O exist, which is not a given. The middle ground of using an off-the-shelf processor module with a custom carrier allows OEMs to get to market quickly while focusing only on the I/O migration without re-inventing the processor, chipset, RAM and LAN wheels. In the embedded market, “buh bye” doesn’t have to mean the bitter end, but it is a signal that it’s time to start planning for a smooth migration that might take years to complete. The sooner you start, the less obligated your purchasing department will be with supply chain commitments and inventory. You just might make a new best friend.

Long Life Cycle . High-Efficiency . Compact Form Factor . High Performance . Worldwide Services

High-Performance Application-Optimized C7B75, X9DRD-EF, X9DR7-TF+,

Small Form Factor

Compact Form Factor Short-Depth



t t t t t t t

SC512F-203B SC505-203B

Standard Form Factor and High Performance Motherboards Optimized Short-Depth Industrial Rackmount Platforms Energy Efficient Platinum and Gold Level Power Supplies Fully Optimized SuperServers Ready to Deploy Solutions Remote Management by IPMI or Intel® AMT Worldwide Service with Extended Product Life Cycle Support Supports Intel® Xeon® Processor E5-2600 product family

Compact, Mini-ITX Box PC SC101i

Industrial PC Short-Depth SC842XTQ-R606B

PLATINUM © Super Micro Computer, Inc. Specifications subject to change without notice. Intel®, the Intel® logo are trademarks of Intel Corporation in the US and /or other countries.

Technology in


Managing the Internet of Things

The Internet of Things: More Than the Sum of Its Parts As the Internet of Things continues to grow, a huge portion of it will consist of small, single-purpose devices communicating autonomously but also accessible by users and creative software applications via the Internet. At this level, a mesh protocol such as Zigbee offers opportunities as long as it can be seamlessly integrated with the Internet. by Thomas Barber, Silicon Labs




Metcalfe’s Law $




Critical Mass Crossover


wenty years ago, technology forecaster George Gilder brought to public attention a fundamental idea behind the growth of the Internet. It was formulated by Ethernet co-inventor Bob Metcalfe at the start of the 1980s. Metcalfe argued that the value of a network is proportional to the square of the number of devices interconnected within it (Figure 1). The Internet has already changed numerous industries and created new markets. In the next phase of development, the Internet is set to do much more. Industry leaders predict that the number of Internet-connected devices will surpass 15 billion nodes by 2015 and reach over 50 billion by 2020. This new phase is rapidly giving rise to the Internet of Things (IoT). Most of the connected devices will not be traditional PCs, servers or even smartphones, but much smaller, cheaper, singlefunction embedded devices. Metcalfe’s Law will allow them to deliver far more value than would be possible if these devices were not connected to the Internet. The majority of connected devices for the IoT are nodes located at the so-called “last inch” of the network. Using micro-


e Valu


Figure 1 The value of a network is equal to the square of the number of devices connected to it.

controllers (MCUs) as the programmable “brains” of the IoT, embedded sensors and actuators serve as its virtual eyes, ears and fingers, monitoring and reacting to changes in temperature, humidity, light, physical intrusions and other environmental conditions. Machine-to-machine (M2M) connectivity, rather than continuous end-user interaction, is vital to the IoT architecture. Users

do not want to have to monitor 50 or more sensors placed throughout their homes to see if they’ve left the air conditioner on with a window open. They would prefer to be alerted by the air-conditioning system itself. The distributed intelligence of the IoT can unlock this power, using the many virtual interconnections between devices to provide real-time data. Connected devices can act au-

technology in context


Utility Network

Multi Network Device

Door Lock




Figure 2



Home Area Networks often contain numerous connected devices.

tonomously on our behalf either through direct communication with each other, interaction with a smart gateway, or interaction with the cloud. The devices can also be controlled by end users using smartphones, tablets, PCs and even device interfaces (Figure 2). Smart metering represents a prime example of a high-profile IoT application. Rather than simply measuring power consumption, smart meters enable utility companies to communicate in near realtime with consumers or, through opt-in programs, proactively shut down the operation of heavy load appliances, such as air conditioners, during peak-demand times. Smart meters are just one aspect of the emerging smart home (Figure 3). The availability of even a few sensors—temperature, motion, humidity, light or glass breakage, for example—enables a powerful mesh network that extends the capabilities of all devices connected to it. One way in which the influence of Metcalfe’s Law is evident lies in devices that are not effective on their own but can add tremendous value when they leverage existing infrastructure. Consider the reduction of “vampire power” within homes and businesses. Vampire power refers to devices such as TVs and set-top boxes that consume power when they are not being used. Experts estimate vampire power represents 7-15 percent of total electricity used in the home. Installing motion sensors to detect if a person is in a room so that power to the TV



or set-top box can be turned off would clearly be cost-prohibitive. However, when a TV can leverage motion sensors already installed as part of a home security system, then with the right software support, vampire-power management can be added as simply as downloading a new “app” to the home network. The sensors of a home security system can be used for a wide range of other applications as well. For example, the lighting system can be engaged to turn lights on when a person enters a room and automatically turn them off when no one is present. With each sensor or actuator added to the home or building network, the overall value of the installation increases dramatically because new applications can be used to extend the network’s capabilities. Greater efficiency is possible when smart-home systems are capable of recognizing changes in end-user schedules. Today, users can set the air conditioner to run for when they plan to return home from work. If they are late, the AC system will continue to operate even when no one is home, thus wasting energy. Smart-home systems enable remote control of climate-control systems, allowing end users to instruct their home systems to delay activation. As the interaction between devices becomes more sophisticated, smart-home systems may receive alerts from the GPS subsystems of the users’ mobile phones to let them know that one of the occupants will be home shortly and to activate the air conditioning.

Using the IoT, intelligent devices can monitor their own operating health and notify users or OEMs of potential issues. For example, a dishwasher may exhibit a recognized wear pattern. If treated early by a parts swap or changes to the control algorithm, it is possible to avoid an outage and improve overall reliability. This can also reduce the number of warranty service calls for OEMs. When devices can be managed over a network, users have the ability to control the network from anywhere they want, using the applications they want. Troubleshooting is greatly simplified as well. For example, instead of a dishwasher lighting up several LEDs to signal an error code, the device can describe any operational failures or issues. The IoT approach provides users with greater flexibility of control over their devices. A control application can run on any smartphone, tablet or computer from any geographic location. By choosing a consistent user interface for the control application, the user does not need to learn new commands for each new function. And the application makes it possible to provide helpful interfaces for devices that have traditionally not been provided with more than a few buttons and LEDs. The power of Metcalfe’s Law means opportunities for companies in every industry. Although a security company might find it difficult to expand its reach into the lighting and home automation markets, it could instead partner with established lighting and home automation vendors to create value-added services. This is the power of an ecosystem. The IoT enables electronic component suppliers, software vendors, OEMs and service providers to focus on their core competencies and leverage the strengths of partnerships to create compelling applications for end users.

Interoperability through Standard Protocols

For the IoT to work, all devices must be able to connect seamlessly and interact without human intervention. The key to this device interoperability is through open standards, enabling a wide range of devices to communicate with each other. The capability of device-to-device communication enhances the value of the network as predicted by Metcalfe’s Law. Once the

technology in context

Total Addressable Market

Healthcare · Patient alarm monitoring · Senior activity monitoring

Connected Home Building Automation · HVAC and lighting control systems

Home Area Network · White goods, smart appliances, controller, smart plugs

Smart Meter · 1st large app for ZigBee · 30-35M units/year · 1 device / install


Security, Monitoring & Automation · 115M households (U.S. only) · 8-12 devices / install


Lighting Control · Street, residential and commercial · LED a key area of interest

Retail / Consumer · In-home display and remote control





Figure 3 In the next few years, the IoT will connect tens of millions of devices across numerous industries using the ZigBee Protocol.

network infrastructure has been created, more information and intelligence can be obtained at negligible incremental cost. To achieve this level of sophistication, software needs to abstract specific hardware details by providing a common application layer that can be shared between devices and applications. By giving connected devices a common language that enables them to communicate autonomously, the underlying technology used to transport data becomes irrelevant, freeing the developer to focus on building IoT applications. There is no one wireless or wireline technology that can efficiently serve all application needs across an entire network. To develop cost-effective IoT products, engineers need to be able to select the optimal communications channel and protocol for their application. As a result, the IoT will be based on a variety of protocols. For devices to be able to reach out across the Internet, they will also need to support IP somewhere along the communications channel. Although Wi-Fi natively supports IP and works with smartphones, tablets and PCs, it consumes too much power for connected devices that must be able to operate for many years on a single battery charge or that harvest energy from the environment. Connected devices must able to use protocols that are lightweight and have data rates that reflect their requirements. Devices that connect to the IoT through a centralized controller can employ proprietary standards given that their data is

aggregated and converted to a standard format before being passed onto the Internet via a gateway device. For low-bandwidth applications that do not require direct user interaction, 2.4 GHz ZigBee and sub-GHz low-power radio technologies present a lower power wireless link that is easily integrated into embedded systems. For simple applications, such as garage door openers or systems requiring longdistance connectivity like irrigation systems, a sub-GHz radio is likely to provide the optimal approach. If two-way communication, security or a large number of devices need to be connected in a mesh network, ZigBee offers a robust implementation. Employing a mesh topology is a big advantage for many IoT applications. A Wi-Fi router may not be able to provide whole-house coverage. But the ZigBee protocol supports mesh topologies that allow nodes far from a network gateway to be reached indirectly through peer devices used as stepping stones. In addition, meshes can automatically configure new devices so that they leverage usage patterns that the system has already learned. Scalability is an important factor as well. Bluetooth, for example, is limited to just seven devices on a network and Wi-Fi to 32. Networks based on Silicon Labs’ EmberZNet Pro ZigBee stack provide selfconfiguring and self-healing mesh connectivity that can be extended to interconnect hundreds or potentially thousands of devices on a single network.

The ZigBee protocol, pioneered by the ZigBee Alliance, exemplifies a framework that gives connected device manufacturers a straightforward way to develop standardsbased products capable of interoperable M2M communications. ZigBee standard profiles, such as ZigBee Smart Energy, ZigBee Home Automation, ZigBee Building Automation, ZigBee Light Link and now ZigBee IP, provide interoperable platforms that simplify the development of IoT applications for smart homes and commercial buildings, intelligent lighting control systems, smart meters and inhome energy monitoring systems.

Accelerating IoT Application Development

Software plays a critical role in enabling the features and capabilities required by IoT applications. Software makes wireless networks robust, ensures that messages have been received and acted upon, and enables developers to add greater intelligence and flexibility to connected devices so they can identify problems and potentially resolve issues without the need for human intervention. Developers can also implement advanced functionality through software. For example, while it is useful to be able to turn on an LED light remotely, it is even more useful when an LED lighting system can alert a user that the bulb needs replacing. Software extends the range of autonomous control to further improve efficiency and convenience. Consider that with an intelliRTC MAGAZINE SEPTEMBER 2013


technology in context

gent wireless sensor network, a smart home could determine when no one is home and power down all electronic devices. The result of this simple change of operation, multiplied over hundreds of millions of households, is a considerable saving in energy. To help engineers bring their IoT applications to market faster, semiconductor suppliers must provide a wide range of production software including drivers, applications profiles and production-quality communication stacks that provide a ZigBee-compliant solution for the IoT. Production software should be integrated into a comprehensive integrated development environment (IDE) that provides designers with the tools they need to add their code to applications profiles and to analyze network traffic to optimize latency and throughput. To ease network debugging, developers require tools that enable them to see all of the activity in the network presented as a single view. Packet sniffers are inherently unreliable for this task because they can only see the activity in their local area and not the full mesh network. And their receivers can introduce false errors that are not present in the real network. Ideally the developer must be able to see the data that a transmitter intended to transmit as well as the data that was received for every transaction. Hardware development tools are also available to help designers, including those with little to no RF design ex-


advertisement_multicore_7,375x3,375.indd 1


perience, develop robust, cost-effective wireless applications for the IoT. With the availability of a wide variety of development boards for evaluating the connectivity and performance of various wireless protocols, engineers can simultaneously design and debug application code and firmware, begin RF design, and optimization and finalize network and protocol stack development while hardware prototypes are still under development.

Implementing the IoT

Traditionally, networking has been the domain of specialist vendors with depth of experience in communications technologies. The IoT, however, will be driven by organizations with experience in the world of control and automation. Lighting and appliance OEMs, for example, will need to bring in new networking, wireless and embedded software technology beyond their current core competencies. They can either develop these technologies themselves or partner with companies that have already created products that can be easily introduced into systems. An understanding of power efficiency is also critical as these devices are often not connected to power supplies and have to operate using energy harvesting sources or a single battery for several years without maintenance or battery replacement. In addition to power consumption, connected device developers must

consider factors such as system cost, component count, MCU performance, system size, standards, interoperability, security, ease-of-use and in-field troubleshooting. Adding wireless connectivity to remote devices not easily reached by Ethernet cable or powerline communications is another IoT design challenge that can be addressed by embedded developers with RF expertise. Finally, software is required to bridge connected devices, aggregate sensor data and present information to end users in an intuitive way via displays or over the Internet to their computers, tablets or smartphones. As it expands, the IoT will open new markets and drive new applications and opportunities for OEMs and application developers across all industries. The IoT has become a tangible reality with commercially successful deployments in several markets, including connected home and green energy applications. The fundamental technologies, products, software and tools necessary to create efficient, ultra-low-power connected devices for the last inch are available today. The next step in the build-out of the IoT is to bring these elements together and deliver on the promise of Metcalfe’s Law. Silicon Labs Austin, TX. (512) 416-8500. [].

30.01.2012 13:34:54

Rugged SBC & Real-Time Development Tool Showcase Featuring the latest in Rugged SBC & Real-Time Development Tool technologies ADLQM67PC – Industry’s Only PC/104 2nd Gen Intel Core Quad Platform

F22P: CompactPCI PlusIO SBC MEN Micro’s versatile, highperformance F22P uses Intel’s 3rd generation Core i7 processor with processing speeds of up to 3.3 GHz. Delivers excellent graphics performance for computing environments requiring intense data throughput. Includes 16 GB of DDR3 DRAM memory with ECC functionality and 64 Mbits of boot Flash.

Intel® Core™ i7 Gen2 Quad and Duo Core 2.1GHz – 2.2GHz Up to 8GB DDR3-1333 DRAM Type 1 Bottom-Stacking PCIe/104 V2.01 Gen2 protocol 2x SATA 6Gb/s with RAID 2x GLAN Ethernet 2x RS232 COM Ports, 8x USB2.0 Ports Video - VGA/DVI/HDMI/DisplayPort/ LVDS Standard -25C to +70C, -40C to +85C Option

ADL Embedded Solutions Inc. Phone: (858) 490-0597 Fax: (858) 490-0599

E-mail: Web:

MEN Micro E-mail: Web:

Phone: (215) 542-9575 Fax: (215) 542-9577

Long-term Embedded Intel Solution

USB Wi-Fi Modules 802.11b/g/n Compliant

up to 3rd. Generation i7 Core ext. temp. -40°C up to +85°C no fan & full power 8 - 36/48 VDC Openframe up to IP67 housing OEM and customized solutions 10+ years availability 20+ years repairable Think Long-Term - Think MPL

MPL AG Switzerland Phone: +41 56 483 34 34 Fax: +41 56 493 30 20

Radicom Research, Inc. E-mail: Web:

Phone: (408) 383-9006 Fax: (408) 383-9007

DDR3 / DDR4 Protocol Analyzer Supports ECC SODIMM

Phone: (408) 653-1262 Fax: (408) 727-6622

E-mail: Web:

Fanless, Extended Temperature Atom™ Powered PC/104-Plus SBC Module: PPM-C393-S

Kibra 480 protocol analyzer - test and debug DDR3/DDR4 Easy setup - no calibration needed Analyzes and triggers on JEDEC timing violations Supports DDR3 ECC SODIMM as well as U-DIMM / R-DIMM Allows faster DDR test and integration for real-time and embedded applications

Teledyne LeCroy

USB 2.0 hot swappable interface Compatible with USB1.1 and USB2.0 host controllers Up to 300Mbps receive and 150Mbps transmit rate using 40MHz bandwidth Up to 150Mbps receive and 75Mbps transmit rate using 20MHz bandwidth 1 x 2 MIMO technology for exceptional reception and throughput 2 U.FL TX/RX antenna ports Wi-Fi security using WEP, WPA and WPA2 Compact size: 1.0” x 1.0” x 0.25” (Modules) Windows 2K, XP, Vista, Win7 support Linux 2.4/2.6 support

1.66GHz N455 Intel® Atom™ processor Runs Linux, Windows® and other x86compatible operating systems Up to 2GB of DDR3 SODIMM supported Simultaneous LVDS and CRT video Intel® Gigabit Ethernet controller Four serial COM ports (two RS-232, two RS-232/422/485) PC/104-Plus and PC/104 expansion Long-term product availability

WinSystems, Inc. E-mail: Web:

Phone: (817) 274-7553 Fax: (817) 548-1358

E-mail: Web:

Technology in


Managing the Internet of Things

Build IT: The Internet of Things Today’s small networked devices increasingly are based on 32-bit microcomputers, which can represent a daunting level of hardware complexity. The use of an intuitive tool to customize such designs at a high level of abstraction can possibly speed the adaption of ever more intelligent devices into the Internet of Things. by W. Gordon Kruberg, M.D. and Andrew Simpson, PhD, Gumstix


urrounding us are hundreds of devices that, once connected, will know a lot about our everyday lives. Think of a light switch in the foyer of a home. An innocuous piece of equipment with a very simple purpose; a light switch reveals much about the homeowner: what time they leave for work in the morning, what time they get home in the evening, and what time they turn in for the night, as examples. If all the light switches in that house could be networked together and connected to a smart enough computer, all that data would give a reasonably clear picture of the homeowner’s life as they move from room to room. That same data not only illustrates the occupants’ lives, but could also be used to make their house smarter. In fact, this is exactly what the Nest Learning Thermostat does for climate control. While programmable thermostats have certainly existed for a long time, they are usually complicated to program and difficult to adjust. FIND the products mentioned in this article and more at



Figure 1 A conceptualization of the Internet of Things, where many everyday devices talk to each other.

The Nest is a thermostat that can “program itself” by learning from the user, who simply turns a dial to adjust the temperature. The Nest remembers what temperatures were set at what time. It can be controlled from the Internet and can also detect when

no one is home for automatic shutoff, leading to cost savings and reduced energy use.

The Internet of Things

The Nest is a device that is one node in the “Internet of Things.” The Internet of

technology in context

Figure 2

ing infrastructure. More capable embedded computers also allow developers to deploy increasingly sophisticated software solutions on full-fledged operating systems like Linux. The ability to use high-level systems like Linux offers greater flexibility for developers to create a more intelligent, more capable and more connected solution than otherwise possible in hardware alone. While the focus has shifted away from expensive hardware development to more flexible software development, the need to customize hardware for specific functionality remains. With hardware design out of the grasp of many software developers—and vice versa—innovation on devices that could become part of the Internet of Things is currently constrained by the considerable resources needed for both hardware and software development.

The Geppetto design platform user interface showing a design. The green blocks represent modules that contain specific hardware functionality.

Intuitive Embedded Design

Things means different things to different people, but it originally referred to ubiquitous RFID tags used to track items within a supply chain. Today the things in the Internet of Things are not limited to passive technology being incorporated into realworld objects—like RFID tags on supply chain components—but are now being used in smaller and smarter devices with processors and networking directly onboard (Figure 1). A teardown of the Nest thermostat, for example, revealed support for Wi-Fi, ZigBee and an ARM Cortex-A8 processor. The addition of high-level computing capabilities to “dumb” objects in our physical environment makes the potential of the Internet of Things even greater than before. Bill Wasik’s article in Wired magazine earlier this year welcomes us to the “Programmable World” by giving us a tour of SmartThings CEO Alex Hawkinson’s smart house, enabled by devices that can be controlled over the web. Devices like those in Hawkinson’s smart house comprise the next generation of the Internet of things, where tiny, full-fledged computers collect data, analyze it and send it to other such devices for the process to repeat, when necessary. For example, your phone could let your house know when you’re on you’re way home from work; your house would then know the exact moment to turn on the lights, turn the thermostat up, even unlock



the door, to maximize not only convenience, but things like energy savings and enhanced security.

Embedding Intelligence: Software Is King

Small, ubiquitous computers in our everyday physical world are nothing new. For years, embedded computers have been used in many things from home appliances like washing machines and microwave ovens, to our cars and on buses, to building security systems and innumerable other applications. These systems, however, have always relied on hardware tailor-made to the specific application and oftentimes do not include even a microprocessor, opting for cheaper, easier to work with, but ultimately less-capable, microcontrollers. With such a limited scope for their hardware, these “things” have historically never been able to “talk” to each other, even when that might have been useful. In recent years, however, embedded computers have become much more powerful. Platforms based on ARM’s architecture have come to dominate this space, offering incredible performance with very low power requirements. Embedded computers also frequently include wireless networking capabilities, whether Bluetooth or Wi-Fi, allowing them to communicate with each other using existing network-

Embedded design has always been a complex field. Embedded engineers are required to make numerous decisions with long-ranging consequences when specifying a device—for example, ARM or Intel? Low-power or performance? Answering questions like these culminates in a series of trade-offs, not only in terms of specifications, but also in terms of cost. Developing a solution using a microcontroller, for example, may be cheaper and easier than using a microprocessor when possible, but microcontrollers also offer no room for further expansion should the need arise. However, while microprocessors are the more capable choice, they are significantly more complex and require more expertise. For these reasons, laying out the specifications for an embedded device ultimately locks the engineer into a long-term manufacturing path that is difficult and expensive to change later on. Development kits exist to mitigate some of these factors, allowing engineers to begin developing with existing, generic hardware that meets their needs, but suffer from the problem of being equally complicated to customize once the engineer is ready to do so. With the introduction of intuitive embedded design tools, however, pre-built development kits designed with a tool can also be easily customized using high-level specifications, and the manufacturer can provide such a board at a fraction of the cost otherwise.

technology in context

Intuitive embedded design tools are a new way of designing electronic devices. With an interface that abstracts hardware design to a higher level than electrical components, intuitive embedded design tools let users without extensive electrical design knowledge create hardware solutions on which comprehensive software solutions can be deployed. By removing the hardware barrier and providing an easy way for anyone to design electronic devices, the new Internet of Things—one that relies on sophisticated computing power coupled with comprehensive software solutions—is being made possible. Gumstix’ Geppetto is one intuitive embedded design platform that launched earlier this year. In Geppetto, users simply drag, drop and connect modules on a board and then order it at the touch of a button. Geppetto-built boards are either small single board computers (SBC) with the processor built in, or a small expansion board that can be used with Gumstix’ Overo and DuoVero computers-on-module. The resulting device made up of an SBC or COM with expansion board runs a full Linux operating system on ARM Cortex-A8 processors, while Wi-Fi, Bluetooth and DSP are just some of the optional features that are included. Geppetto-created designs can also be shared with the Geppetto community, allowing users to build their own features into solutions that already exist.

Online Design Tools

Geppetto is not the only online embedded design tool., Upverter and HackEDA are just three examples of tools that users can use to design, share and order electronic devices with relative ease. All three take a more traditional electronic design application (EDA) approach, where users connect circuit blocks in a schematic to get the functionality they need. Geppetto, however, approaches embedded design conceptually at a high level. Instead of connecting circuit blocks in a schematic, specific functionality is represented on high-level building blocks (e.g., an Ethernet connector, DVI port or a USB hub). Users simply drag the building blocks that offer the functionality they want onto a board and connect them to each other in a way that suits their design. This is different from a schematic in that all routing takes place behind the

Figure 3 The Alto35 development kit designed using Geppetto. Users can expand upon this design at the touch of a button to create their own, custom device.

scenes, leaving users only to worry about high-level connection specifications. By grouping components into modular building blocks while offering specificity over connections, engineers also retain a large degree of control over their design. Completed designs can be shared with other users, cloned by other users for modification, and ordered at the touch of a button for delivery within twenty business days. In this way, Geppetto aims to give users scalability in their designs, while also minimizing time-to-market by cutting development and manufacturing time significantly. Users are also able to order pre-built development kits, the designs for which are customizable on Geppetto, giving embedded developers an even faster way to get started on their design.

Making the Next Generation Internet of Things a Reality

Intuitive embedded design makes the process of creating an electronic device as simple as connecting building blocks available in a standard library. This allows for rapid development of a base configuration and shifts focus from the core functions of a computer to the more complex peripherals. With shared designs, users are able to expand ideas by incorporating their own needs for an even faster design process. An example of this is the Alto35, a Geppetto-designed development kit that

offers a touchscreen, networking and even an RC servo (Figure 3). A Geppetto user could, for example, adapt the Alto35 design to create his or her own smart home control center complete with touchscreen controls and Wi-Fi communication with other custom built devices controlling lighting, heating, security and even window coverings. The devices are simply Linux-powered computers, and so the only limitations lie in software design, which means they are generally easier to deal with than those that exist in hardware. By simplifying the design process and making smarter things easier to design, intuitive design platforms like Geppetto offer enormous potential for experimentation and development in a more connected world. While the first generation Internet of Things relied on “dumb” things like RFID tags, the next generation will increasingly rely on smarter things, such as the Nest thermostat, with better software and networking. Intuitive embedded design allows developers who are experienced in software solutions to design the hardware they need quickly and easily; conversely, it allows hardware developers to bring their designs to life with minimal effort. Gumstix Redwood City, CA. (650) 206-2464. [].




connected Communication and Security for the Smart Grid

Security: Key to Smart Energy Software Development The build-out of the Smart Grid involves many millions of connected devices, large and small. And with that comes increased vulnerability. While adherence to security and safety standards is not yet officially mandated, it will be prudent for developers to build devices and code that can achieve certification when that day arrives. by Mark Pitchford, LDRA


mart Energy—with its intelligent distribution of power and ultraefficient potential—offers hope for a holistic view of energy. Its combination of renewable energies, traditional technology and optimized management promise the ability to meet the economic and environmental challenges inherent in both energy generation and energy consumption. As our reliance on fossil fuels diminishes, transport too will be drawn into this M2M connected world where electricity becomes the only viable option. The emergence of an ever-increasing pool of hybrid and electric cars from Chevrolet, Nissan, Toyota and Tesla portends the new road of travel. Security is the dark cloud hanging over this bright future. While Chevrolet’s Volt is lauded as the first vehicle with its own IP address and ease of Internet access for onboard information systems, the IP address also provides a ready-made access point. Such a standard interface with its welldefined protocol provides an easy target for anyone looking to cause problems or to locate a particular car. Just imagine the gang’s discussion, “Hey, Josh Jones is on vacation. Let’s nail that audio system of his.”



Power Plants

Service Provider



Smart Energy Operation Homes




Figure 1 The more connectivity exists, the more points of system entry there are for potential attackers to leverage. The increasing levels of standardization on particular protocols also make it easier for intrusive strikes that can cripple the whole system.

technology connected The criticality of security for such systems didn’t just start with “Smart Energy.” As long ago as 1982, a Trojan virus inserted into SCADA system software caused a massive natural gas explosion along the Trans-Siberian pipeline. In January 2003, the Davis-Besse Nuclear Power Station’s private network, infected with the “slammer worm” virus, lost safety monitoring for five hours. Clearly, SCADA systems with their roots in the 1970s weren’t written for this connected world where defense against hacker intrusion is foremost. At that time, internal networks similarly were considered safer, less vulnerable to external attack. However, the 2011 crash of a CIA drone in Iran shows that not all systems can withstand hacking even in a presumably more protected environment such as aviation. In that incident, local authorities claimed that they diverted the vehicle by hacking its GPS. Their claim gained credence when Professor Todd Humphreys of the University of Texas and a group of U.S. researchers hacked a UAV in front of representatives of the U.S. Department of Homeland Security. Notably, Humphries was no UAV expert. He simply knew the interface and exploited those vulnerabilities to affect the flight information of the drone. With the advent of a massive connected energy network, there is no room for security complacency. The Smart Grid offers unprecedented opportunity for the unprincipled and fanatical to disrupt, destroy and dominate. Let’s look at what best practices can minimize the chance of your device providing the weak link for intruder attack.

What the Standards Can Bring to the Table

The U.S. National Institute of Standards and Technology (NIST) published “Release 2.0 of the NIST Framework and Roadmap for Smart Grid Interoperability Standards” (Special Publication 1108R2) in February 2012. It outlines the progress made in Phases II and III of NIST’s three-phase plan to establish Smart Grid interoperability. Highlighting the work in progress, it lists 20 standards-setting organizations. Such a list of organizations does little to reassure a team facing the task of developing devices now for a commercial marketplace immediately hungry for products.

Requirements Traceability


Analysis & Design

Programming Standards Checking and Metrication

Planning Initial Planning


Test Verification Test and Metrics Reporting

Test Evaluation Automated Unit Testing


Figure 2 By applying appropriate automation techniques, development teams can minimize overhead, streamline the transition between project phases, and show requirements traceability to development artifacts.

Figure 3 Requirements traceability is a vital factor in meeting security and safety standards. Dynamically linking high-level requirements to source code and verification tasks immediately updates the traceability matrix to provide process transparency.

Some standards, such as references standards developed by the “Object Linking and Embedding for Process Control (OPC) Foundation” may be a mixed blessing. This industry consortium creates and maintains standards for open connectivity of industrial automation devices and systems. While the benefits of open connectivity are clear, its published protocol implies more accessibility than would have been the case 20 years ago when communications to such devices often involved a unique protocol. Other standards ensure that security is central to development in every element of the design. The development process outlined in International Organization for Standardization (ISO) 15408 is designed to

result in a secure finished product. Complementing this process standard are coding standards, such as CERT C, a high-level programming language subset that ensures software is written as securely as possible. Although neither standard is mentioned in the NIST report, to date, NIST has so far adopted best-practice, established standards from elsewhere. It therefore seems inevitable that standards like these will emerge during Smart Grid Interoperability Panel (SGIP) Phases II and III. Developers who adopt such recommended approaches now will position themselves ahead of the game. ISO 15408 (also known as the “Common Criteria”) defines IT security requirements categorized according to RTC MAGAZINE SEPTEMBER 2013


technology connected

Tier 1 High-Level Requirements Graphics to High-Level Requirements Low/High-Level Requirements to Code Static & Dynamic Analysis

Automated Test

Requirements Traceability Matrix Tier 2 Model/Design Concepts

Legacy/ Hand Code

Software Specs

Requirements Traceability Matrix Tier 3

Implementation (Source/Assembly Code) Requirements Traceability Matrix Tier 4

Host Requirements Traceability Matrix

Tier 5


Low Level to High-Level Requirements

Code & Quality Review Defects

Test Cases to Low-Level Requirements Test Cases to Low-Level Requirements

Figure 4 The Requirements Traceability Matrix (RTM) plays a central role in a development lifecycle model. Artifacts at all stages of development directly link to the RTM, and changes within each phase automatically update the RTM so that overall development progress is evident from design through coding and test.

seven Evaluation Testing Assurance Levels (EALs), as displayed in Table 1, with EAL 7 representing the most secured system. Security functional requirements include audit, communications, cryptography, data protection, authentication, security management, privacy and protection of Targets of Evaluation (TOEs). ISO 15408 suggests the use of language subsets, also known as coding standards. Suitable language subsets include CERT C and CWE, both of which help secure code by detailing constructs and practices for developers to avoid.

When Safety Is Also a Concern

It is entirely possible that a safetycritical device might be used within the Smart Energy grid, and that implies a requirement for the software to adhere to safety AND security standards. From a software perspective, securityfocused ISO 15408 and safety-specific IEC 61508 standards do overlap. Both place considerable emphasis on configuration management, software development, quality assurance, verification and planning. Just as ISO 15408 recommends the use of language subsets to enhance software security, IEC 61508 advises that a safety-related coding standard should be used. In this case, appropriate subsets



such as MISRA C consist primarily of lists of constructs and practices for developers to avoid when writing safe code. It is entirely possible to adhere to coding rules from both safety AND security focused language subsets.

Managing Security Compliance Along with Other Standards

Certification management is challenging in any industry, even when standardization is mature and processes defined. The Smart Grid has the potential of increasing that challenge significantly with the likelihood that developers will need to adhere to a multitude of technology and communication protocols as well as security (ISO 15408, CERT C, CWE) and safety (IEC 61508, MISRA C) standards. However, with market pressure to release Smart Grid applications as soon as possible, improvements in time-to-market and development costs are also important. Fortunately, certification management tools now exist that automate and coordinate the processes and programming standards required, even when developers must comply with multiple standards at various levels of safety and security. These tools boil compliance management down to the fundamentals. ISO 15408, for example, demands requirements trace-

ability, static analysis and dynamic analysis. Tools and tool chains now integrate to automate the labor-intensive aspects of all three objectives (Figure 2). The standard directs that high-level requirements are detailed and traced to low-level requirements, design documents, design documents to code, and code to tests—and back up again to gain “bidirectional requirements traceability” end-to-end throughout the software development lifecycle. If requirements could be relied on to never change from their initial version, then traceability would be relatively straightforward. However, that is rarely the case, and consequently the maintenance of a permanently up-to-date requirements traceability matrix (RTM) becomes a very labor-intensive task. To help manage this matrix of relationships, requirements-traceability tools link system requirements to the products of each development phase. The resulting automated bidirectional tracing of requirements ensures that the developed device does exactly what is specified by the final set of requirements—no more, no less, and no matter how often requirements change (Figure 4). Figure 5 shows a more abstract interpretation of how the Requirements Traceability Matrix impacts each phase of the development lifecycle. For example, it illustrates how requirements are traced from high-level requirements (Tier 1), through low-level requirements (Tier 2) to implementation (Tier 3) where the coding rules from the selected language subsets are applied. The “requirements” of how the application is intended to function are often considered distinct from the “objectives” of process standards such as ISO 15408 or IEC 61508, but traceability to both is essential. For example, providing evidence of adherence to a language subset shows adherence to a particular objective specified in the process standard. It is impractical to manually check for compliance to a comprehensive set of rules such as those specified in CERT C, CWE or MISRA. Automated static analysis techniques are therefore used to highlight the precise location of any violations, or to generate artifacts providing evidence that there are none.

technology connected

Another objective will be to prove that the different parts of the code have been executed to a degree appropriate to the criticality of the system. Dynamic analysis tools can be used to gather information on which parts of the code have been exercised during the test process. These dynamic tools also provide traceability to the requirements by showing that the code responds to specified input data in the appropriate manner. The use of “independently developed testing tools and test suites” such as these static test, dynamic test and requirements tracing tools is encouraged by the NIST framework.

Cost-Effective Safety and Security

At present, Smart Grid development projects are not obliged to meet ISO 15408, IEC 61508, MISRA, CERT C, or CWE. Even if they were, those standards do not insist on the use of automated tools or on the automation of the development process. However, especially given the potential of their expanded role to seriously expose the economic and national infrastructure to extensive risk, the need for the Smart Grid and

Common Criteria Evaluation Assurance Level (EAL)

Process rigor required for development of an IT product


Functionally tested


Structurally tested


Methodically tested and checked


Methodically designed, tested and reviewed


Semi-formally designed and tested


Semi-formally verified, designed and tested


Formally designed and tested

TABLE 1 ISO 14508 defines a range of Evaluation Assurance Levels (EALs), which determine the process rigor associated with each software component.

all the devices it entails to be secure is vital to avoid malicious control and manipulation of the network. It therefore seems inevitable that future releases of the “NIST Framework and Roadmap for Smart Grid Interoperability Standards” will advocate adherence to security- and safety-critical standards as necessary steps in protecting national infrastructures while helping countries achieve economies of scale in power generation and management. Companies wanting to get a head start over the competition need to seek out ways

to efficiently implement safety and security processes in their development cycle. Modern tools that automate requirements traceability and analysis while tracking certification/standards compliance ensure teams manage system development in an efficient and cost-effective manner. LDRA Technology Boston, MA. (855) 855-5372. [].

Embed ARM in Automation Ȣ Ȣ Ȣ Ȣ Ȣ Ȣ

Atmel/Freescale ARM SoC SoM/SBC/Box Computer/Automation Controller LAN/Serial/CAN/USB/LCD/AIO/DIO Compact DIN Rail and wall mount Linux 2.6 and WinCE 6.0 support Ultra low power and wide temperature



Box Computer

Automation Controller Distributor: Antaira Technologies, LLC +1 (877) 229-3665

Untitled-2 1



PCI Express, PCI, and ISA Experts RTD Designs and Manufactures a Complete Line of High-Reliability Embedded Products & Accessories

AS9100 and ISO9001 Certified 4JOHMF#PBSE$PNQVUFST t t t t t





t t


1FSJQIFSBM.PEVMFT t t t t t t t t t



t t t


Copyright © 2013 RTD Embedded Technologies, Inc. All rights reserved. All trademarks or registered trademarks are the property of their respective companies.


#VT4USVDUVSFT t t t t t

1$*F 1$*&YQSFTT 1$* 1$Plus 1$

The products above are just a sampling of RTD’s board-level and ruggedized packaging solutions. From low-power to high performance, RTD can tailor a system for your mission-critical application. Visit to see our complete product list.

AS9100 & ISO9001 Certified



connected Communication and Security for the Smart Grid

Protecting the Smart Grid: Security for Legacy Endpoint Devices The Smart Grid has arrived, and with it a new wave of cyber attacks targeting the net-connected devices comprising the grid. To date, Smart Grid security has not maintained pace with the threat. by Alan Grau, Icon Laboratories


fter years of vendors’ selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand. Many attacks simply cannot be defended,” says Bob Lockhart, an analyst at Pike Research. The Smart Grid is a large, diverse network of computing devices ranging from enterprise servers used for management systems, to small specialized devices such as smart meters and control systems. Many of the devices are located in the field, exposing them to cyber attacks without the defenses provided by a corporate firewall. These remote devices play a critical role in the Smart Grid, but also provide attractive and all too often easy targets for the motivated hacker. The impact of a successful attack on the Smart Grid could be severe. Some may argue that the risk of attack on smart meters and other special purpose devices is low since hackers are not yet targeting those systems, that their specialized designs are assumed to make them immune, or that the devices’



Smart Grid FW Appliance Firewall Software Protected Endpoint

Unprotected Endpoint




Secure Enclave

Figure 1 A secure enclave of protected devices can be created using an external “Bump in the Wire” firewall that protects the Smart Grid device from Internet delivered threats.

IP addresses are not readily available. These factors may indeed increase the difficulty faced by a hacker, but the arguments are shortsighted. The FBI has reported that attacks on smart meters could cost utility companies as much as $400 million per year. The Stuxnet worm demonstrated that motivated hackers will go to great lengths to attack embedded devices. Given the consequence of a successful cyber attack on the Smart Grid, it is critical that manufacturers rely on more than “security by obscurity” and temporarily assigned IP addresses to shield devices from attack.

The Smart Grid is an evolving network of new and legacy devices. Many legacy devices were designed years ago without security measures, but are now being connected to the Internet. In most cases, these devices lack the ability to detect and report traffic abnormalities, probes or attacks, or to manage and control security policies. While legacy devices are gradually being replaced by newer systems with improved security, many of the devices remain deployed for 10 years or more, often in remote areas or with difficult access, resulting in very slow turnover to newer, more secure devices.










The Embedded Products Source ZZZZGOV\VWHPVFRP



technology connected

Attacks on the Smart Grid

There is little dispute that additional protection is needed for the Smart Grid. According to a report in the Wall Street Journal’s CIO Journal, more than 40% of the reported cyber attacks in 2012 were directed against energy companies. These attacks were described as being part of a “massive and sustained cyber-espionage campaign.” Examples of reported attacks on utility sys-



ed Tru st




io ess


ck Ha

acke rs a te ur Ha ck er s

Trusted Sender? Trusted Sender

nal H



Embedded Firewall




Packet Floods


“Smart Grid” is a broad term covering many aspects of the electrical energy network. It encompasses energy management systems, distribution management systems, advanced metering infrastructure, power generation management and other systems. Smart Grid networks contain a mix of PCs and special purpose embedded systems running a real-time operating system. However, control PCs used in the Smart Grid were frequently installed when the system was first deployed and have not been updated with newer operating system versions or software patches for improved resistance to attacks. As a result they are often very vulnerable to attack. Many embedded computers in the Smart Grid networks were designed before security was a major concern and contain few, if any, security measures.

Do f



Smart Grid Networks

g ckin

A firewall to protect Smart Grid devices can be implemented as an external “Bump in the Wire” firewall that protects the Smart Grid device from Internet delivered threats.

d Ha

Figure 2


Smart Grid Device



tt SA

Dropped Packets Auto





Smart Grid Firewall



ated H







e ck Pa


Sen d


Rules-Based Filtering

Processed Packets

Figure 3 Rules-based filtering is used to enforce communication policies, blocking packets from non-trusted senders and isolating devices from attack.

tems include malicious software that infected a power plant, delaying the plant startup by three weeks. In another case, malicious software was introduced into a quarantined network via an infected thumb drive. Given the large number of deployed devices and the slow turnover to secure devices, the Smart Grid has an urgent need to add security to both existing legacy devices and to new designs in a cost-effective manner. Even devices located behind a corporate firewall should still be protected by an endpoint or Smart Grid firewall. The security requirements for Smart Grid devices are typically different than for the corporate network as a whole. The endpoint firewall can be configured with communication policies that are more restrictive than those supported by the corporate firewall and that are customized for the individual device, rather than for the entire network. In addition, an endpoint firewall can be used to protect against insider attacks or attacks originating from within the corporate network. PCs located on corporate networks typically include an endpoint firewall to implement an additional layer of security. Smart Grid devices should be afforded the same level of protection.

Smart Grid Security Requirements

A Smart Grid security solution should provide protection against attacks, allow centralized control of security policies

and report status information to a security management system. These capabilities would provide Smart Grid devices with a much higher level of security and protect them from the majority of cyber attacks. Ideally, a Smart Grid firewall would provide control of the packets processed by the device as well as protection from hackers and cyber attacks that may be launched from the Internet, inside the corporate network, or Wi-Fi networks. It would also protect against denial of service (DoS) attacks and packet floods. It should also have the ability to detect and report traffic abnormalities, probes or attacks along with the ability to manage and control changes to filtering policies These capabilities need to be provided for both legacy devices that cannot be upgraded as well as for new devices that are being designed. This can be achieved by providing a software module that can be integrated into new device designs. This same software module can be integrated into a small footprint appliance to protect legacy devices. Unlike enterprise firewalls designed to protect all of the computers on a corporate network, a Smart Grid firewall protects just a single device or small number of devices located within what is known as a “secure enclave.” Since the firewall is only filtering traffic for a small number of Smart Grid devices, it can be customized

technology connected specifically for the requirements of those devices. It only requires two Ethernet ports and can be implemented on low-cost hardware, providing a customized and yet costeffective solution. This kind of “bump in the wire” device is simply plugged into the network in front of the Smart Grid devices, inserting a layer of protection.

Smart Grid Firewalls

Firewall technology is standard in home and corporate networks and is a proven and reliable technology. So why not just use one of these existing solutions to create a Smart Grid firewall? For the same reasons desktop operating systems are not used in embedded devices; they are slow, big, and are not easily ported to a low-cost, special purpose device. To build a Smart Grid firewall requires a small, low-cost solution that will work on inexpensive hardware. In addition, the solution must be customizable to support filtering of Smart Grid protocols. In addition to providing filtering, there are a number of important requirements for a Smart Grid firewall. It is crucial to provide users with a flexible and easy-to-use yet secure configuration interface. If the firewall configuration can be compromised, then the firewall can be reconfigured and bypassed, or possibly even disabled. The firewall should also provide statistics, logging and reporting capability to allow security audits to determine if the device has been attacked, what IP address the attack originated from and other relevant details. Integration with a management system to allow centralized policy management and configuration is also critical for large scale deployments. The “Bump in the Wire” Smart Grid firewall can be used to protect devices located at remote locations without making any modifications to the Smart Grid device. It can also be used to protect devices located at non-remote location. For new Smart Grid devices, the firewall software can be integrated into the device itself to ensure protection (Figure 2).

Blocking Attacks with a Smart Grid Firewall

As stated above, many Smart Grid devices with limited security are now connected to the Internet, exposing their security vulnerabilities. This can be remedied by

Firewall Operation

Received Packet from Network Safe?


Log Event Drop Packet


Log Event Drop Packet


Log Event Drop Packet

Dynamic Filtering Engine Yes Safe? Static Filtering Engine Yes Safe? Threshold Filtering Engine Yes Normal Packet Processing

Figure 4 A multi-stage filtering engine provides fine-grained control over the packets processed by the Smart Grid device.

using a Smart Grid firewall to control communication. Smart Grid devices may only need to communicate with a small number of other devices. This can be enforced using polices that restrict communication to only what is required. Communication policies define who the device is allowed to talk to, what protocols are allowed and what ports are open. The policies are then encoded as firewall rules. The firewall filters messages before the device processes the messages and only allows communication with known, trusted devices. In a system without a firewall, a hacker may attempt to remotely access the device using default passwords, dictionary attacks, or stolen passwords. Such attacks are often automated, allowing a huge number of attempts to break the system’s password. The same system

can be protected by a firewall configured with a whitelist of trusted hosts. The firewall’s filters will block attacks from the hacker before a login is even attempted because the IP or MAC address is not on the whitelist, thereby blocking the attack before it even really begins (Figure 3).

Smart Grid Firewall Design

The firewall must provide the ability to configure communication policies, a set of rules specifying which packets are processed and which are blocked. Rules can be set up to block or allow packets by IP address, port, protocol, or other criteria. Some firewalls support advanced rules allowing additional fine-grained control over the filtering process. A Smart Grid firewall may also provide Stateful Packet Inspection (SPI) and threshold-based filtering. SPI filtering maintains information on the state of the connection and uses that information to distinguish legitimate from malicious packets. Threshold-based filtering maintains statistics on the number of packets received in order to detect and block packet flood DoS attacks. Undetected and unblocked DoS attacks may overload the Smart Grid device, degrading its performance or causing it to fail altogether. Many attacks are blocked before a connection is even established because each packet received by the devices must pass through the firewall for filtering before being processed. This provides a simple, yet effective layer of protection that is currently missing from most Smart Grid devices (Figure 4). Firewalls provide a simple and effective layer of security and have long been used to protect home and enterprise networks. A small Smart Grid firewall can be used to protect devices from a wide range of cyber attacks. By controlling who the device talks to, most attacks can be blocked before a connection is even established. A cost-effective firewall appliance can provide a critical layer of defense for legacy Smart Grid devices, while a software-based Smart Grid firewall can be integrated into new devices, ensuring security is part of the device. Icon Laboratories Des Moines, IA. (515) 226-3443. [].




connected Communication and Security for the Smart Grid

Keeping the Smart Grid Smart with Hardware and Software-Based Security and Standards The Smart Grid and its connected applications are tied into multiple networks carrying vast amounts of information. But with connectivity comes risk. Intelligent M2M solutions serving the Smart Grid need to factor in security as well as seamless communication. These requirements can be served by intelligent systems. by Christine Van De Graaf, Aaeon Electronics


ntelligent systems are all around us, and one that has been getting a great deal of public attention over the last couple of years is the Smart Grid. A frequent question is: What are the requirements of the subsystems that make up the network behind the Smart Grid? Additionally, and especially important, is an understanding of the communications mechanisms for data capture and analysis plus the security measures put in place to safeguard the data and overall network. Past occurrences of hacking and denialof-service attacks via an overlooked and unprotected port have put application solution developers equally on guard with the end user and the public. Security is a key consideration for sensor implementation and data communication for M2M solutions serving the Smart Grid. It is an extremely important factor to consider with regard to sensor implementation in intelligent systems. Sensors used in applications such as FIND the products mentioned in this article and more at



Figure 1 The Aaeon GENE-TC05 3.5-inch SBC supports an onboard TPM (optional) and has been qualified by Intel as an Intelligent Systems Framework Ready product.

technology connected

transportation and energy, which will be discussed here, require a greater level of security as opposed to ones that are of a less sensitive nature. That being said, any sensors that are used for gathering data about a person also require a deep level of security in order to preserve personal privacy. Since the Smart Grid is an example of a machine-to-machine (M2M) application, it helps to first have an understanding of the layers of M2M networks (Table 1). By dissecting each layer, we get a clearer understanding of what communication is happening at each point and what security measures have to be taken into consideration. Though hardware is a key part of each layer, the software portion and overall system integration are becoming increasingly important too. This helps to achieve the greater goal of optimal value both for the end power customer and the utilities themselves. Access is the data capture layer. Edge nodes and sensors are constantly collecting data about use, load, generation, etc. Because it would be detrimental to the overall network if these collection points were tampered with, they have safeguards built into them that indicate types of data to be collected and triggers for when they may or may not communicate to the next layer of the grid. A primary means of security for these sensors and edge nodes is a key that identifies them to the next layer. If these units are not identified with the appropriate trusted identification, then the data they are collecting cannot be allowed to travel to the next layer of the network. A smart meter is one example of an access point for the smart grid. Pre-aggregation and aggregation systems are the gateway to the rest of the grid. Therefore, they must be even more secure than the sensors and edge nodes of the access layer. It is highly important that these systems have both hardwareand software-based security. A key way to do this is to select from solutions that have a built-in trusted platform module (TPM) as well as leverage security technology built into the core computing platform. Together with the TPM as a foundation for security, software-based security with encryption and connection management can be applied. The software security layer also must have a

Vision of the Smart Grid Based on a more detailed overview of the Smart Grid as prepared by, the concept of the Smart Grid reaches far beyond just smart metering. It is an overall way of making the process of energy generation and use far better than it has been in the past, and making it something that everyone can feel a sense of responsibility for as energy is impacted by environment and natural resources, etc., and attempt to make it: Intelligent – Use/load sensing and dynamic adjustment of power routing based on ongoing data collection while keeping in sync with the goals of the customers, regulators and utility companies themselves. Efficient – Adjusting to meet demand without the added cost of increased infrastructure and/or resources. Accommodating – Utilizing power from multiple resources (solar, wind, water, fossil fuel) as seamlessly as from just one with a future-focused design capable of integrating additional power generation sources as they are identified. Motivating – Allows real-time interaction between the user and the utility so that users can tailor their power consumption to their individual preferences. Opportunistic – This equates to the ease of “plug & play both from the perspective of incorporating new power sources and the end users options for services. Quality-focused – Maybe the days of brownouts and blackouts will be behind us as the Smart Grid comes online. This feature is targeted on minimizing power generation and use disruptions. Resilient – Both security from technology attack as well as tolerance to natural disaster are factored into this element of the Smart Grid. “Green” – This keeps in mind good global citizenship and minimizing further global climate change while working to actually improve environmental issues.


Smart Grid Element


Smart meters, Power Generation Sensors, Power Line Load monitors, Voltage Sensors, Fault Detectors

Pre-aggregation & Aggregation Core


Gateway systems in neighborhoods, at power generation facilities, and at utility company distribution sites Cloud servers for each domain: markets, operators, service providers, bulk generation, transmission, distribution and customers. Data warehouse and analytics servers for each of the domains

TABLE 1 Machine-to-Machine (M2M) layers of the Smart Grid.

means for detecting hazards and isolating them as well as confirming that a pushed patch has been properly applied. Board and system level products that are Intel Intelligent Systems Framework (ISF) qualified are well suited to match the needs of the pre-aggregation and aggregation M2M layer for the Smart Grid. One such product is the Aaeon GENETC05 3.5-inch single board computer (Figure 1). Not only does the GENE-

TC05 support onboard TPM as an option, it also has been proven compatible with all the elements of the Intel ISF for connectivity, manageability and security. The core is the layer commonly referred to as the “Cloud.” It is where the vast amounts of Smart Grid Big Data is gathered and put into appropriate and separate sub-clouds (the Smart Grid domains: markets, operators, service providers, bulk generation, transRTC MAGAZINE SEPTEMBER 2013


technology connected

Secure Communication Flows Electrical Flows Domain



Bulk Generation Transmission

Service Provider

Customer Distribution

Figure 2 Smart Grid Framework per the National Institute of Standards and Technology (NIST).

mission, distribution and customers) before being analyzed and having decisions made based upon it at the application layer. The network cloud computing servers that support this layer also need to have built-in security features as well. Such features include TPM and BIOS working together to form “Root of Trust.� They employ 64-bit and 128-bit Advanced Encryption Standard (AES) encryption and powerful policy-based filters. In addition, they use hash-based message authentication code (HMAC), plus Internet Protocol Security (IPsec). Other measures include role-based access control (RBAC) and the use of a signed operating system image. Finally, in the case of the Smart Grid, the application layer is the back office for each of the domains plus key mobile field devices such as tablets and HMI systems that interact directly with the Big Data collected. Depending on the function of each of the domains, there are unique software-based security measures implemented. The data analytics and data warehousing portion of this layer both have to maintain security with respect to the integrity of data collected and how it syncs with business process tools. As this can become quite complex, it is important to work with partners who know and collaborate with the right mix of experienced M2M


Untitled-1 1


8/26/13 10:07 AM

ecosystem members. One slip can result in power outages or data releases that impact millions of customers and have exponential revenue impact. The National Institute of Standards and Technology (NIST) established the Smart Grid Framework, which defines the flow of communications as well as electrical flows. This helps ensure that the key checks and balances are in place to protect communication within the Smart Grid (Figure 2). In addition to security, the standards that are being implemented for the Smart Grid cover material, products, personnel qualifications, processes and services. They also take into consideration the applicability to their purpose and that they ensure compatibility and interoperability for subsystems that need to work together. They must also preserve public health and safety, protect the environment and, of course, optimize cost. The efforts of the NIST Priority Action Plan (PAP01) resulted in a study of the suitability of Internet networking technologies for Smart Grid applications. This work area investigated the capabilities of protocols and technologies in the Internet Protocol Suite to determine the characteristics of each protocol for Smart Grid application areas and types. The Internet technologies consist of a set of protocols to network and transport

technology connected



MDK-ARM™ is the complete software development environment for ARM® Cortex™-M series microcontrollers.

Application Protocol Encoding

Session Control Transport Transport Layer

Network Internet Protocol Lower Network Layers

Media Layers Data Link Layer Physical Layer

ARM DS-5 DS-5™ Professional is a full featured software development solution for all ARM Powered® platforms.

TABLE 2 Internet Protocols for the Smart Grid per PAP01 (June 2011).

data messages using IP packets as well as a set of protocols to manage and control the network, such as routing, mapping of IP addresses, device management, etc. This protocol suite enables distributed applications to run over a set of interconnected networks. It also includes sessionand transaction-oriented mechanisms to provide security services. The Internet Protocol that has been developed for the Smart Grid is shown in Table 2. Also worth noting is that the American National Standards Institute recently approved the ANSI/NEMA (National Electrical Manufacturers Association) SG-IC-1-2013 Smart Grid Interoperable and Conformant Testing and Certification Scheme Operator Guidelines. This now makes it easier for those developers bringing to market solutions for the Smart Grid as they have a means of validating interoperability and security of individual grid elements. This means that there are standardized

checks and balances as well as a clarified description of roles and responsibilities for each of the key points of the overall Smart Grid adoption process. This contributes to the overall goal of ensuring that Smart Grid products are interoperable from day one. Although the Smart Grid is evolving and its future capabilities will someday be far beyond what we think of today, regulatory steps and standards are being put in place to keep the Smart Grid smart and secure. As further intelligent systems come to market, they will have to keep these key elements of hardware- and softwarebased security in mind if they are going to be able to comply with the standards that are coming into play to serve the needs of the advancing energy market.

Aaeon Electronics Orange, CA. (714) 996-1800. []. © ARM Ltd. AD381 | 08.13

Untitled-4 1



9/3/13 9:29 AM

technology deployed Hypervisors and Virtualization for Multicore

New Approaches to Combating Rootkits Rootkits are a pernicious means of invading and attacking computer systems. As operating system complexity increases, the assurance of security drops. Fortunately for embedded and mobile devices, there appear to be effective ways to combat this threat. by David Kleidermacher, Green Hills Software


any computer security problems involve some form of malware that attempts to infiltrate a computer and subvert its security for nefarious purposes. A rootkit is a particular type of malware that has successfully obtained elevated (e.g., root) privilege. Given this command over computer resources, a rootkit often attempts to hide its existence to avoid detection. For example, a rootkit may disable anti-malware applications or internal kernel self-checking services. In 2011, McAfee asserted the existence of over 2 million unique rootkits, and reported that 1200 new rootkits were being detected every single day. Every developer of electronic products should be concerned about ensuring the integrity of the operating system kernel and any other application or service that is designed to operate at kernel privilege. By ensuring that only trusted software is running on the platform, rootkits cannot take hold. And if prevention of rootkits is not practical, then the goal should be at least to detect them and hopefully take some corrective action. There are two ways that kernel integrity can be violated by rootkits. First, the disk or flash blocks that contain the trusted software can be modified to include the rootkit. This is called a permanent rootkit. Rootkit installation can be performed



with a physical attack on the storage system, or by using an operating system vulnerability to gain run-time access to the storage system. The second method is to “hook” into the kernel’s execution pathways during run-time. Installing the rootkit into the volatile memory image of the operating system enables temporary control, but the pristine image is reloaded on the next system boot. Much of the world’s modern operating system security research is centered on making it more difficult for a rootkit to take hold by obfuscating operating system execution (e.g., address space layout randomization), reducing general operating system vulnerabilities, and by designing mechanisms to protect kernel integrity.

Secure Boot and Remote Attestation

Secure boot is the most obvious and effective way to prevent, or at least detect, permanent rootkits. The goal of secure boot is to ensure that the entire platform, including its hardware, ROM boot loaders, application-level boot loaders and operating system—everything that contributes to the establishment of the known, trusted initial state of the system—is measured and found to be authentic. Of course, secure boot does not imply that the system is secure, but rather only that it

is running the expected trusted computing base (TCB). If the hardware and boot loader have the capability to load the system firmware (operating system, hypervisor, entire TCB) from an alternative device, such as USB, rather than the intended, trusted device (e.g., flash), then an attacker with access to the system can boot an evil operating system that may act like the trusted operating system but with malicious behavior, such as disabling network authentication services or adding backdoor logins. But this is only one way to subvert systems that lack secure boot. Instead of a malicious boot loader or operating system, an evil hypervisor can be booted, and the hypervisor can then launch the trusted operating system within a virtual machine. The evil hypervisor, such as the one known as SubVirt, has complete access to RAM and hence can silently observe the trusted environment, stealing encryption keys or modifying the system security policy. Another infamous attack, called the BluePill, extended the SubVirt approach to create a permanent rootkit that could easily be launched on the fly using weaknesses in the factoryinstalled Windows operating system. The typical secure boot method is to verify the authenticity of each component in the boot chain. If any link in the chain is broken, the secure initial state is compromised. The first stage ROM loader must also have a pre-burned cryptographic key used to verify the digital signature of the next level boot loader. This key may be integrated into the ROM loader image itself, installed using a one-time programmable fuse, or stored in a local TPM that may provide enhanced tamper protection. The hardware root of trust must include this initial verification key. The signature key is used to verify the authenticity of the second stage component in the boot chain. The known good signature must therefore also be stored in the hardware-protected area. The verification of the second-level component covers its executable image as well as the known good signature and signature verification key of the third stage, if any. The chain

Technology deployed

of verification can be indefinitely long. It is not uncommon for some sophisticated computing systems to have surprisingly long chains or even trees of verified components that make up the TCB. Figure 1 depicts an example three-level secure boot sequence. When the verification chain begins at system reset and includes all firmware that executes prior to the establishment of the run-time steady state, this is referred to as a static root of trust. A dynamic root of trust, in contrast, allows an already running system (which may not be in a known secure state) to perform a measurement of the TCB chain and then partially reset the computer resources such that only this dynamic chain contributes to the secure initial state. Dynamic root of trust requires specialized hardware, such as Intel’s Trusted Execution Technology (TXT), available on some higher-end embedded Intel Architecture-based chipsets. The primary impetus behind dynamic root of trust is to remove large boot-time components, which must run to initialize a computer, from the TCB. On Intel Architecturebased systems, the BIOS is often an extremely large piece of software and has been proven to contain vulnerabilities that can be exploited to insert rootkits. By performing the dynamic reset—also sometimes referred to as late launch—after the BIOS has initialized the hardware, all privilege is removed from the BIOS execution environment. Therefore, the system in theory has reduced its TCB and improved the probability of a secure initial state. Unfortunately, researchers have found several weaknesses, both in hardware and software that implement the late launch mechanism, bringing into question the ability to achieve a high level of trust in complicated boot environments. The good news for secure boot is that most embedded and mobile computing systems rely on simple boot loaders that lend themselves well to the static root of trust approach that can be implemented without specialized hardware. Secure boot provides embedded system developers with confidence that the deployed product is resistant to low-level,

boot-time firmware attacks. Nevertheless, a risk may persist in which sophisticated attackers can compromise the secure boot process. Furthermore, an attacker may be able to replace the deployed product wholesale with a malicious impersonation. For example, a smart meter can be ripped off of the telephone pole and replaced with a rogue smart meter that looks the same but covertly sends private energy accounting information to a malicious web site. Therefore, even with secure boot, users and administrators may require assurance that a deployed product is actively running the known good TCB. When embedded systems are connected to management networks, remote attestation can be used to provide this important security function. Once again, the Trusted Computing Group (TCG) has standardized a mechanism for TCG-compliant systems to perform remote attestation using trusted platform module (TPM)-based measurements. Network access can be denied when a connecting client fails to provide proper attestation. Within TCG, this function is called Trusted Network Connect (TNC). However, a simple, hardware-independent approach can be used for any computing system by establishing a mutually authenticated connection (e.g., via IKE/ IPsec or TLS). As long as the device’s static private key and secure connection protocol software are included in the TCB validated during secure boot, the attester has assurance that the device is running known good firmware. An improvement to this approach, providing assurance that the device is running a specific set of trusted firmware components, is to have the client transmit the complete set of digital signatures corresponding to the TCB chain to the attester that stores the known good set of signatures locally.


Unfortunately, secure boot and attestation do not protect against run-time subversion via some vulnerability in the TCB. The software security industry is overflowing with snake oil solutions

Boot Loader (A) Signature (B) Verification Key Hardware - Protected Compute signature of B, compare to known, good value. No

FAIL, Stop Boot

Match? Yes

Boot Loader (B) Signature (C) Verification Key Compute signature of C, compare to known, good value. No

FAIL, Stop Boot

Match? Yes

Trusted OS/ Hypervisor (C) Figure 1 Secure boot chain.

claiming to prevent malware. But every day brings a zero-day, and rootkits remain commonplace. Computer security and operating system firms are slowly coming to the realization that modern sophisticated operating systems cannot be adequately protected from within, but rather require some out-of-band mechanism imRTC MAGAZINE SEPTEMBER 2013


technology deployed

Read, Write, Inspect, Enforce Policy Operating System (Android, Linux, Windows, etc.)

Ha Virtu rd ali wa za re tio Tra n ps

Hyperhook Agent Figure 2 Hyperhooking.

Operating System (Android, Linux, Windows, etc.)

Virtual Storage

Hyperhook Agent

Disk Encryption

Virtual Machine Virtual Network

VPN Client

INTEGRITY Multivisor Network


Figure 3 Hyperhosting security functionality.

mune to vulnerabilities in the operating system itself. Due to its wide availability in Intel-based desktop and server microprocessors, and increasing availability in ARM-based mobile and embedded microprocessors, hardware-based virtualization support is rapidly emerging as the mechanism of choice. Hardware virtual-



ization hooks enable a piece of software to take over control of the computer during certain security-sensitive computing operations. These can be such things as operating system exceptions and interrupts, supervisor mode instructions and write accesses to sensitive memory locations. We introduce the term hyperhooking for this general security approach.

The hardware virtualization hooks enable a trusted agent to look for rootkits by examining system state during these trapped operations (Figure 2). These are the same hardware hooks that commercial hypervisors use to provide virtual machine services. The discerning reader will note that these same hardware virtualization hooks were used in the aforementioned hypervisor rootkit attacks; secure boot is required to ensure that only the trusted agent is installed and able to use these capabilities. And the trusted agent itself must be secure against attack. A commercial example of hyperhooking is McAfee’s DeepSAFE technology (Intel VT hardware specific), although little is publicized about what DeepSAFE actually does. Another commercial example that uses Intel VT is Bromium’s vSentry, in which the hyperhook agent’s actions in response to hardware traps can be configured via policy. Both DeepSAFE and vSentry attempt to retrofit rootkit protection to sophisticated operating systems. But as has been proven with other OS-visors like SELinux, there simply is too much complexity in these operating systems to manage and control. The retrofit will only temporarily raise the bar for attackers. In 2009 researchers applying the name HookSafe to their technique demonstrated how thousands of Linux control functions could be protected against rootkit reflection, which attacks by replacing a known good function with a malicious one. The researchers employed hardware virtualization capabilities to detect and prevent attempts to overwrite function pointers used to invoke these control functions. Despite covering thousands of control functions, the researchers admit that the technique fails to address the independent problem of rootkits that manipulate dynamic data objects (vs. control flow) to achieve their purpose. Even the set of control functions covered is not complete; a single vulnerable control point is sufficient to defeat the entire system. As the researchers state, “a fundamental limitation … is that hook access profiles are constructed on dynamic analysis and thus may be incomplete.” The researchers admit that determining the complete set of

Technology deployed


Many computer security experts have already come to the inevitable conclusion that there never will be a method that prevents all rootkits in sophisticated operating systems due to their insurmountable complexity and high rate of change, thus assuring a constant and fertile stream of vulnerability surface area. These experts are applying the same hardware-based virtualization hooks for out-of-band security components. But rather than use these hooks only for protecting the operating system, they are used to isolate those capabilities of the operating system that must be protected in separate virtual memory processes and/ or virtual machines. Regardless of how many rootkits are installed in the operating system, the isolated software components remain unaffected. We call this concept of hosting security components on a hypervisor hyperhosting. The scope of functionality that can be deployed in these isolated containers can range from simple cryptographic functions, such as those commonly found in smart cards, to full-scale secondary operating system environments, such as found in “dual persona” mobile phones (one OS used for personal environment and a second instance used for the enterprise or some other critical environment). The Integrity Multivisor is an example of a bare metal hypervisor that runs on ARM or Intel processors and provides this kind of isolation environment. Unlike typical hypervisors, Integrity Multivisor can hyperhost lightweight processes in addition to full virtual machines containing guest operating systems such as Linux, Android and Windows. This architecture (Figure 3) can be used for rootkit hyperhooking, network security, data encryption, system monitoring and attestation, etc. These hypervisor components are protected against rootkits that subvert the main operating system. The hypervisor is built on top of separation kernel technology that has been certified to numerous security and safety certifications that are far more stringent than what can be met by commercial operating systems alone.

To further differentiate this new approach, we coin the term interspection, which applies to supervisory, health management, anti-X services from outside the main domain of interest instead of from within (introspection). While the coarser-grained division of labor solves security problems that introspection cannot, hyperhosting requires a new way of thinking for system design: the unprotected portions of the system

need well-defined interfaces to the protected portions. Standards organizations such as GlobalPlatform, Trusted Computing Group’s mobile TPM, and AUTOSAR are working to address this requirement. Green Hills Software Santa Barbara, CA. (805) 965-6044. [].

Standards based FPGA Development Platforms for Transportation Management & Control Systems

kernel hooks exploitable by rootkits is an “interesting research problem” with no known solution.

Elma’s SigPro1 is a high performance platform ideal for systems requiring high level data acquisition, processing, and management. Elma’s embedded computing platforms are highly reliable and configurable systems for a variety of transportation applications. Elma’s expert team will help you from initial system development to the final platform housed in a variety of small rugged chassis designed to meet size, weight and power constraints.

Untitled-2 1



technology deployed Hypervisors and Virtualization for Multicore

Facing the Needs of Today’s Connected Embedded Devices With the growth of the Internet of Things, some connected devices will be small, dedicated devices while others will have to combine real-time operation with full OS functionality and secure connectivity. Multicore processors with the proper underlying software offer big opportunities. by Robert Day, LynuxWorks


he embedded device market is exploding, with the “Internet of Things” predicting tens of billions of connected embedded devices being online by 2015. Many of these embedded devices will be relatively low complexity sensor functions, but others, especially when connected to the Internet or directly to humans, will take on personalities that become more like the computers and mobile devices used in the corporate and enterprise world. This means that they need to run more full-functioned operating systems, with connectivity and popular human interfaces; they will require more processing power, including multicore chips; and they are likely to be exposed to the same types of cyber attacks that we are facing in our corporate and personal computers. The problem is that our traditional network and endpoint protection mechanisms are struggling today to protect our corporate IT infrastructure and computers, and adding billions of additional systems will exacerbate the problem dramatically. So, the reality is that we should build extra security and protection into these embedded systems before we connect them. The advantage that the embedded industry has over the traditional computer



world is that the devices are generally being built for a specific purpose, and security and protection could be a design consideration for these systems. Providers of the traditional embedded software platform, the real-time operating system, are already offering additional security functionality to help protect the connected em-

bedded devices. Often, however, as embedded developers use processors that are more like traditional computer and mobile systems (e.g., x86, ARM), they will often use operating systems from that world such as Windows, Linux or Android, to offer a familiar look and feel or connectivity options. At this point, security becomes more difficult to design into the operating system itself, and other protection or isolation mechanisms need to be used to help protect against cyber-attacks. There is a technology available today that allows embedded developers to build security into their systems, regardless of which operating system is used. Originally designed and developed to meet the exacting security needs of the DoD, a separation kernel is a technology that provides isolation of devices and memory on a microprocessor-based system. It is particularly well suited to embedded devices as it is typically a very small and efficient kernel implementation offering real-time properties as well as isolation. In DoD systems, the separation kernel was used to help provide domain isolation for applications running at different security levels on a single hardware system, and protected domains from seeing each other’s data, network and applications.

OS 1

OS 2

Virtual Motherboard 1

Virtual Motherboard 2

Separation Kernel / Hypervisor

Multicore Processor

Physical Devices Figure 1 Type-0 hypervisor offers two secure virtual motherboards to guest operating systems.

Technology deployed

What makes the separation kernel technology really useful for modern embedded systems is the addition of virtualization support using a hypervisor (see sidebar “Hypervisor Types”). This hypervisor runs on top of the separation kernel and gives each isolated domain the opportunity to run whatever operating systems and applications are required. This is a key feature for adding protection to traditional computer and mobile operating systems, without having to make changes to the OS itself. The OS runs in a protected domain, which can have restricted or no access to other parts of the system. Because the separation kernel/hypervisor sits below all the operating systems, it has a privileged position and can control the resources that each domain has access to. So, certain devices, areas of memory and network access can be restricted in a fine-grained manner. The hypervisor essentially provides each of the secure domains a virtual motherboard (vMB) for the “guest” operating system that is running in that domain. The separation kernel interacts with the hypervisor to define what the vMB looks like. The types of parameters that can be configured for each vMB include memory allocation; available physical and virtual devices; how much or how many of the processors are allocated; and which other domains can be communicated with. This can be very useful in helping to isolate any cyber attacks as they enter the embedded device, restricting the view that they have of the overall system, and hence reducing the attack surface available to them. Figure 1 shows an example of a virtualized embedded system, where the type-0 hypervisor has split the system into two isolated virtual motherboards, and has split processors and memory between the 2 vMBs, allocated some of the physical devices directly to vMB 1 (with no access to vMB 2) and then offered device sharing for the network and hard disk, so both vMBs see their own virtual versions of the network and share a virtualized hard disk. Adding virtualization to an embedded system is now particularly interesting as more embedded processors contain two or more cores, and using virtualiza-

Hypervisor Types Traditional hypervisors are widely used in IT environments where they can allow different operating systems and applications to run on the same server or endpoint. The two common types of hypervisor are type-2 and type-1. • The type-2 hypervisors run directly on the native operating system and typically allow the user to run an operating system or applications that do not usually run on the native OS. A good example of this is running Windows OS on a Mac using a hypervisor. These type-2 hypervisors are not really suitable for embedded systems, as they do not have real-time properties, and more importantly they are very large as they are running Native OS+hypervisor+guest OS+ applications. • The type-1 hypervisors are often called “bare metal” and would seem to be more appropriate to be used in embedded systems as the hypervisor runs directly on the hardware. However, the type-1 hypervisor generally has a “helper” OS built into it, typically a variant of Linux, which helps to manage the hardware and devices for the hypervisor. The upshot of this is that the type-1 is almost as large as the type-2, but with better performance. This type of hypervisor is typically found in data centers and runs on server class processors. • Both type-2 and type-1 hypervisors are not typically built with security in mind, and both have large attack vectors for malicious code as they are running either on or with a large OS, which contains attack points such as device drivers. • The separation kernel/hypervisor solution is much better suited to securing embedded systems and can really be seen as a type-0 hypervisor. The separation kernel provides the security and real-time characteristics, and as it doesn’t use either a native or helper OS, its size and attack points are minimized dramatically.

Type-2 Executable = ~30GB Memory = ~4GB Guest OS

Guest OS

Type-2 Hypervisor Native OS Hardware



Executable = ~10GB Memory = ~1-2GB Guest OS

Guest OS

Type-1 Hypervisor Helper/Host OS Hardware

tion is a good way of segmenting a multicore system in an efficient way, and offers consolidation of multiple physical systems onto a single multicore system. A flexible separation kernel/hypervisor solution will allow the embedded developer to look at the requirements of each guest OS and allocate the appropriate number of processors. This could involve sharing processors across multiple OSs, dedicating a single core to a single OS, and allowing OSs

Executable = ~150KB Memory = ~10MB Guest OS

Guest OS

Type-0 Hypervisor Hardware

Guest OS

Guest OS

Type-0 Hypervisor Hardware

that support symmetric multiprocessing to access multiple cores. Figure 2 shows an example of how each of these schemes could be implemented on a single system This flexible provisioning of the physical system also adds another benefit in the ability to select the right operating system for particular parts of the system, especially if real-time capabilities and computer OS capabilities are both required. Normally this issue would require adding RTC MAGAZINE SEPTEMBER 2013


technology deployed

SMP Guest

Multiple Guests Sharing Single Core

ParaVirtualized SMP Linux


Guest with Processor Affinity

ParaVirtualized Linux

Fully Virtualized Windows

Inter-Partition Communication LynxSECURE Separation Kernel and Embedded Hypervisor

Core 1

Core 2

Core 3

Core 4

Multicore Processor

Figure 2 A flexible scheme for provisioning a multicore system using virtualization.

• • • • •

GUI and Storage Applications

Network and Sensor Apps

General Purpose Operating System

Real Time Operating System

Separation Kernel / Hypervisor

Multicore Processor Figure 3 Multi-domain, multi-OS, multicore system using a separation kernel/ hypervisor.

• • • • •


Untitled-2 1

real-time features and determinism to a computer OS. That is very difficult, even if the source code is available. Alternatively, all the facilities of a computer OS could be added to an RTOS, which again is a huge amount of work. With a separation kernel/ hypervisor, the real-time component of the system can be handled by an RTOS running in one domain, and the computer/GUI part handled by a general purpose OS in another domain, with no compromise in performance and functionality and very little effort as neither OS has to be modified. With the wide availability of multicore embedded processors, it is very feasible to run multiple operating systems in a single system, providing the underlying separation kernel can provision the processor core acSEPTEMBER 2013 RTC MAGAZINE

9/4/13 9:36 AM

cordingly, and also be able to facilitate interdomain communication where required. Examples of embedded applications for this type of configuration include networked medical devices, where a user interface is required for the caregiver. The device could be networked to provide information from the device to either remote doctors with a networked user interface or to remote storage systems. There are also industrial control embedded systems where the device needs to be connected both to the control network as well as to the management network. An example of a mixed domain system on a multicore processor is shown in Figure 3. Another key factor of connected embedded devices is network domain isolation, because many embedded devices need to

Technology deployed

be connected to a proprietary internal network, and potentially also to the Internet for remote access. Although encrypted secure communications is the traditional method of communicating sensitive information over the Internet, it is really aimed at protecting the information being transmitted rather than the computer/device that is attached to it. As embedded systems use more traditional computer OSs and then link to the open Internet, they are every bit as vulnerable to stealthy cyber threats as our normal computers. However, unlike our normal computers, these embedded devices could be controlling our critical infrastructure, and when infected, could pose a dramatic security breach, even affecting nation states. The latest super stealth cyber weapons include rootkits and bootkits that infect the system below the OS, residing on hard disks, in devices or in memory, which wait for instructions from a command and control center communicating over the Internet before actually starting the attack. Traditional network and endpoint protections are quite poor at detecting them, and general-purpose operating systems are very susceptible to them. As a result, our new connected embedded systems are vulnerable to them. If there was a way to detect these attacks as they occur, when they are in the early stage of infection, then our infrastructure would be more resilient to attacks than it is currently. The separation kernel/hypervisor has the privileged position of being under the OS and controlling access to the hardware devices, so it actually has a chance of detecting these new stealthy cyber attacks if the right intelligence is built into the implementation. The LynxSecure separation kernel/hypervisor from LynuxWorks is now armed with a rootkit detection feature that has been designed to detect and alert when the rootkit has entered the system and is looking for a place to hide itself. This feature monitors key areas of the system (disc, memory or devices), and when those areas are accessed by an application, the hypervisor reports this activity immediately to either a management or forensic system to investigate this potentially malicious threat and make decisions on what actions to take. This action can include asking the hypervisor to shut down the guest OS to prevent the attack

going any further while a remedy is found. In another case, the hypervisor could actually make repairs to the affected parts of the system, and then restart the system, thus cleaning it. This early warning system is critical to the defense of our connected embedded devices, as they become targets for the next wave of cyber threats. In conclusion, the propagation of connected embedded systems, as predicted as part of the “Internet of Things,� is open-

Untitled-4 1

ing up a potential security hole for cyber criminals and cyber terrorists to take advantage of. By using a military-grade secure separation kernel/hypervisor, these threats could be mitigated and detected before the attack has really started. LynuxWorks San Jose, CA. (408) 979-3900. [].



products &

TECHNOLOGY MicroTCA AMC Carrier for an FPGA Mezzanine Card per VITA 57 A new Advanced Mezzanine Card (AMC) carrier for an FPGA Mezzanine Card (FMC) per VITA-57 allows users to utilize the popular FMCs within the AMC format of the MicroTCA architecture. Compliant to AMC.1, AMC.2 and AMC.4, the AMC515 Carrier for FMC from Vadatech features a Virtex-7 chip in a 1925 package. Multiple AMC carriers can be used in a system holding different FMCs, providing a wealth of serial protocol options and performance features. The FPGA interfaces directly to Ports 4-11 and to the CLK signals, and allows protocols such as PCIe, SRIO and XAUI to be programmed or re-configured. The onboard QorIQ pin peripheral controller (PPC) runs at 1.0 GHz with 2 Gbyte of DDR3 memory at 64-bit wide. This allows for large buffer sizes to be stored during processing and for queuing to the host. The Vadatech AMC515 comes in the single width, mid height (4HP) or full height (6HP) size. It has an onboard jitter clock cleaner. The AMC carrier for FMC also has 8 Mbyte of boot Flash and up to 32 Gbyte of user Flash. Other features include a Serial over LAN with hardware RNG (Random Number Generator) for secure sessions and RoHS compliance. Vadatech, Henderson, NV. (702) 896-3337. [].

OPS-Compliant Signage Players Powered by Core Processors with TPM 1.2 Two new high-performance Open Pluggable Specification (OPS)-compliant signage players are powered by the third Generation Intel Core processors. The OPS871 and OPS871-HM from Axiomtek can be easily slid into OPS-compliant displays, which allow digital signage manufacturers to deploy systems faster, with lower costs for development and implementation. Both signage players significantly provide excellent graphics performance, full HD content playback and dual display presentations. The OPS871 and OPS871-HM deliver greater interoperability and address digital signage market fragmentation. The OPS871 supports Socket G2 Intel Core i7/ i5/ i3 processors with Mobile Intel QM77 Express chipset and includes Intel Active Management Technology 8.0 (iAMT) to enable intelligent remote management. It also offers Trusted Platform Module 1.2 support, which adds security features including boot drive encryption, key and password storage, digital authentication and file protection. The OPS871-HM supports Socket G2 Intel Core i5/i3 processors with Mobile Intel HM76 Express chipset. The feature of Trusted Platform Module 1.2 increases security and reliability and helps reduce deployment costs. The player and the display connect through an 80-pin JAE plug connector that supports HDMI/DVI, DisplayPort, audio, UART and USB 3.0/2.0 signals. Both players also feature a DDR3 SO-DIMM socket with maximum up to 8 Gbyte system memory, one Gigabit Ethernet LAN port, two USB 3.0 ports, HDMI port and a 2.5” SATA hard drive. Pluggable HDD tray and DRAM are for quick and easy installation. One PCI Express Mini Card slot is equipped for graphics-enhanced video card, wireless LAN card for 802.11 b/g/n and 3G/GPRS, and tuner/AV capture card. Axiomtek, City of Industry, CA. (626) 581-3232. [].



Windows/Linux Embedded Computer with Xilinx Kintex-7 FPGA Includes FMC I/O Sites A user-customizable, turnkey embedded instrument includes a full Windows/Linux PC and supports a wide assortment of ultimateperformance FMC modules. With its modular I/O, scalable performance and easy-to-use PC architecture, the ePC-K7 from Innovative Integration reduces time-to-market while providing real-time performance. Applications include embedded instrumentation, remote sensing, autonomous I/O, mobile instrumentation and distributed data acquisition. The ePC-K7 addresses the needs of many customers in a variety of markets such as wireless, industrial control, military hardware, medical imaging, telecom/intelligence and test & measurement. It combines an industry-standard COM Express CPU Type 6 module with dual FMC I/O modules in a compact, stand-alone design and integrates programmable Kintex-7 325T/410T and Spartan 6 FPGAs from Xilinx. Its small 5” H x 8” W x 11” D form factor also offers a conduction-cooled design with fins or cold-plate. Stand-alone operation enables the ePC-K7 to operate headless, booting from SSD, and it offers Windows, Linux and RTOS OS support. The ePC-K7 has dual VITA 57 FMC I/O module sites, which allow adding anything from RF receivers to industrial control modules. I/O sites deliver >3000 Mbyte/s to CPU memory, and there is integrated timing and triggering support for I/O that includes GPS, IEEE1588 or IRIG -disciplined clock. The system supports Innovative and third-party FMC modules for private data channels, triggering and timing features plus USB 3.0 x2, 1 Gbit Ethernet x2, eSATA x2, DisplayPort, touch screen and up to four SSDs or HDDs (2.5 in). Power supply is flexible, accommodating 8 to 36V DC operation. Innovative Integration, Simi Valley, CA. (805) 578-4260. [].


Data Storage Security with Self-Encrypted, Half-Terabyte 2.5” SATA SLC Solid State Drive A secure, half-terabyte (TB) solid state drive (SSD) is targeted for mobile video surveillance operations, storage area networks (SANs) and other high-capacity storage applications requiring superior real-time data protection. The ruggedized TRRUST-Stor Series 200 2.5” SATA SSD from Microsemi operates at sustained 200 Mbyte/s to deliver fast fullhardware-based erase time of less than 10 seconds. The half-terabyte TRRUST-Stor SSD provides military-grade ruggedization as well as safeguards and processes for physical data storage with multiple layers of security features. The suite of features prevents corruption and unauthorized access with hardware- and software-based barriers. The drive features a built-in compact in-line encryptor with hardware-implemented, NIST-certified AES 256 encryption using the XTS block cipher mode. Ruggedization features include superior error correction, 9 petabytes write endurance, power loss protection and more than 2 million hours mean time between failure (MTBF). Enhanced mechanical construction ensures operation in extreme temperatures, humidity, shock and vibration. The TRRUST-Stor Series 200 is powered by Microsemi’s second generation Armor processor, enabling robust performance. The Series 200 SSDs also offer the ability to load encryption keys. Customers can input their own AES-256 keys, purge them and reload as needed. Microsemi’s TRRUST-Purge technology destroys keys in less than 30 milliseconds when activated. Microsemi, Aliso Viejo, CA. (949) 380-6100. [].

Industrial Grade mSATA SSD for Embedded Applications

Multitasking Interface

A removable solid state drive (SSD) uses the manufacturer’s internally developed NAND controller. The mini-SATA (mSATA) ArmourDrive GLS86 from Greenliant is designed for applications that require industrial temperature capability, high reliability and long-life data storage. The GLS86 operates at temperatures between -40 to +85 degrees Celsius with 1-bit-per-cell (SLC) or 2-bits-per-cell (MLC) NAND flash memory, which gives customers a dependPower Interrupt Data Protection Circuitry able, industrial temperature mSATA SSD using cost-effective MLC NAND. AddressEmbedded ing the needs of space-constrained embedFlash File MCU System ded systems, mSATA ArmourDrive meaSRAM Buffer sures 29.85 mm x 50.80 mm x 4.80 mm mSATA (JEDEC MO-300). NAND Host Flash Interface Internal Other benefits include efficient wear DMA leveling management to achieve maximum SSD lifespan for critical applications and PMU SCI ECC built-in power interrupt data protection, which safeguards data by promptly detecting and recovering from sudden power failures. It also provides configurable security for user-selectable protection zones and militarygrade erase commands. The SSD’s SMART command support estimates remaining SSD lifespan and provides alerts to prevent costly data loss, and its TRIM command support improves performance by freeing up available blocks. Greenliant is currently sampling GLS86FB 8, 16, 32 and 64 Gbyte industrial temperature MLC and GLS86FA 8, 16 and 32 Gbyte industrial grade SLCproducts. Greenliant Systems, Santa Clara, CA. (408) 200-8000. [].

New TI Sitara Processor for Custom-Built Board Design Tool Gumstix, a provider of Linux computerson-modules (COMs) for electronics manufacturers, has announced the addition of the Texas Instruments (TI) Sitara AM3354 processor for custom single-board design capabilities to its Geppetto design platform. While Geppetto previously focused on allowing users to design expansion boards for use with Gumstix computers-on-module (COMs), the addition of the TI Sitara AM3354 processor to Geppetto’s library offers greater flexibility for custom, single-board designs. Geppetto-designed boards feature a TI Sitara AM3354 processor running at 720 MHz with 256 Mbyte of DDR2 RAM on board. Users simply drag and drop the processor onto a board and then connect the desired features to implement it. Fully assembled single-board computers are ordered at the touch of a button and arrive within 20 business days. Furthermore, Geppetto’s support for the Yocto Project build system makes it easy for developers to create a complete, portable solution with minimal time and effort. TI’s Sitara processor portfolio provides great flexibility and customization for Geppetto-designed boards. Because of the addition of the AM3354 processor to the Geppetto library, users will be able to quickly and easily design systems based on the AM3354 module. The Sitara AM3354 module, including RAM, is priced at $45 as part of any single-board Geppetto design. Visit for more information and to begin designing a custom single-board computer. Developers can use the Geppetto web application to build custom embedded computers. Designers start with the web design tool and Gumstix ships completed boards in 20 business days. Electrical engineers and industrial designers create devices with its intuitive drag and drop approach to connect USB plugs, network connectors, LEDs or even whole computer-on-modules to meet specifications. Color-based status indicators show design completion while Geppetto manages low-level routing issues behind the scenes. Alternative modules can be suggested for further functionality. Geppetto trims a typical four month process of creating a high-end electronic device to one of less than three weeks. Gumstix, Redwood City, CA. (650) 206-2464. []. FIND the products featured in this section and more at




Dual-Port SFP+ SR Network Adapter with Board-to-Board Bypass Fiber Module A new network adapter uses the dual-port Intel 82599ES 10G Ethernet Controller with a 100 percent software-controlled bypass interface that provides the network module with high-speed connectivity from board to board without exposing wired design. The new BPC54120 from American Portwell also supports Intel VMDq and PIC-SIG SRIOV; IEEE 1588, 802.1AS and Jumbo Frame; PCIe 2.0 interface; and Direct Cache Access (DCA). As a feature of the Intel SR-IOV technology, the BPC-54120 supports virtual machine software including VMware, Microsoft, Dell Citrix Solutions, Oracle and others. American Portwell’s new BPC-54120 network adapter is an attractive solution for high-end server appliances and inline network systems that need to maintain connectivity with a fail-over/bypass functionality. It is targeted at high-end server appliances and inline network systems that need to maintain network connectivity in the event of a system failure or loss of power. It provides an effective solution to these problems through Portwell’s Generation 3 bypass function, which supports Normal Mode, Bypass mode and Open mode during system incidents and is able to maintain system availability without sacrificing performance.

Windows Video Wall Management Software for Digital Signage A software update from Matrox Graphics gives video wall integrators greater control over Mura MPX-based video wall content and layouts. Key new features of MuraControl 2.0 include transparency and color-keying effects, the addition of local inputs and control over them, plus source touring and scheduling functionality. Transparency and color keying that enables blending videos and images with the desktop, a background image, or another video, is now possible by setting transparency levels for one or more windows. Source and

American Portwell, Fremont, CA. (510) 403-3399. [].

USB-Serial Bridge Controllers Integrate Touch Sensing and BatteryCharge Detection A family of USB-Serial bridge controllers from Cypress Semiconductor provides dual-configurable serial channels for UART/SPI/I2C communication along with Cypress’ CapSense capacitive touch-sensing technology, enabling flexible design of human interface solutions. Cypress provides proprietary drivers to support multiple operating systems, adding to the design flexibility of the controllers. The family also integrates efficient battery-charge detection compliant to Version 1.2 of the USB-Implementers Forum (USB-IF) Battery Charging specification. Additionally, the USB-Serial controllers boast a low power consumption of 5 uA (standby current). The new family includes three devices, all of which are certified by the USB-IF. The CY7C65211 and CY7C65215 offer single- and dual-configurable serial channels, respectively, with each capable of UART, I2C and SPI communication. The CY7C65213 provides a low-power USB-to-UART bridge controller. The new controllers target a wide range of applications, including medical equipment, industrial equipment, point-of-sales terminals, USB-to-UART and RS-232 cables, gaming systems, and test and measurement equipment. Cypress provides a software configuration utility for Windows that enables customers to select from multiple serial interfaces and features to create customized designs. This utility also assists customers in modifying various parameters, such as vendor and product IDs, string descriptors, and GPIO configurations, via the USB interface. USB-Serial integrates programmable memory used to store these configuration details. The utility, drivers and application programming interfaces (APIs) provided by Cypress make it very easy for customers to develop complete solutions with shorter design cycles, resulting in quick time-to-market. All of the new controllers are in production and available today from Cypress and authorized distributors, and the software configuration utility is available for download on the Cypress website. Development kits for these parts are also now available. nXRES



Voltage Regulator


Internal 48 MHz OSC Internal 32 KHz OSC


256 Bytes TX Buffer


256 Bytes RX Buffer

Channel 0 UART / SPI / PC


256 Bytes TX Buffer



VBUS Regulator


Battery Charger Detection


USB Transceiver with integrated Resistor


256 Bytes RX Buffer


512 Bytes Flash Memory


Channel 1 UART / SPI / PC



JTAG (Master)



Cypress Semiconductor, San Jose, CA. (408) 943-2600. [].



destination color keying can also be used to enable interesting special effects, such as applying a graphic skin to a logo, or playing a video through it. It is also now possible to capture, display and control local VLC video and RealVNC sessions, along with Microsoft Image Viewer, PowerPoint and Internet Explorer files. VLC videos can be set to “play” or “pause,” and PowerPoint presentations can be delivered by pressing “next” or “back.” Keyboard and mouse functionality can be sent to local applications in order to gain remote control over VNC sessions or to browse the Internet on the video wall. Automated cycling through multiple sources is now supported. This feature is useful in video wall environments such as security control rooms monitoring multiple camera feeds on multiple displays, or digital signage applications featuring back-to-back ads, scaled up to fit all or part of the display wall. MuraControl has always allowed clients to create separate layouts showing different sources and window arrangements. With the new layout scheduling feature, those layouts can now be set to switch at specific times of the day so that the video wall can communicate different data at different times. The Matrox MuraControl 2.0 for Windows software license is now available for purchase. The free 21-day trial version is now available for download from the Matrox website. Matrox Graphics, Dorval, Quebec. (514) 822-6000. [].

Intelligent Solutions Finder Search, Compare & Purchase Intel-Based Boards & Systems Featuring the MinnowBoard The MinnowBoard is an Intel® Atom™ processor based board which introduces Intel® Architecture to the small and low cost embedded market for the developer and maker community. It has exceptional performance, exibility, openness and standards. Find out more at

Purchase the MinnowBoard & many more products at: brought to you by





Are you dealing with obsolete commercial off-the-shelf cycles shorter than your product’s lifespan? If so, contact Raytheon Computer Products for reliable processing solutions. And backed by Raytheon’s 15-year support program, we offer an unmatched level of manufacturing expertise, maintenance and repair.

© 2013 Raytheon Company. All rights reserved. “Customer Success Is Our Mission” is a registered trademark of Raytheon Company.

Untitled-1 1

2/28/13 9:50 AM

Featuring • ATCA System Platform compliant to PICMG 3.0 Rev 3.0 • 15U tall x 19” wide x 15” deep, RoHS compliant • 40G or 10G Dual Star 14-Slot backplane • Superior cooling conguration for airow with empty Slots per NEBS • NEBS-ready front-to-rear airow, over 400W/ Slot cooling performance • 40G backplane based on design principles of IEEE 802.3ba-2010, 10GBASE-KR

Tel (519) 885-5775 | Fax (226) 444-0225 |



pixusadv1.indd 1

9/10/13 1:50 PM

Fourth Generation Core i7-based 3U VPX SBC Offers Enhanced Graphics/Data Performance A rugged SBC based on Intel’s fourth generation, quad-core Core i7 Haswell processor operating at 2.4 GHz is one of the first to integrate this high computing performance into a rugged, 3U OpenVPX platform, offering up to 20% more processing over previous generations of SBCs. The Core i7 processor in the C873 from Aitech Defense Systems includes Turbo Boost Technology 2.0 that enables temporary operation at higher frequencies for enhanced performance. It also features an integrated HD Graphics 4600 core for 2D/3D graphics and video processing and provides RGBHV and HDMI/DVI outputs. The C873 is coupled with a Lynx Point QM87 I/O Platform Controller Hub (PCH) that supports legacy and high-speed interfaces enabling system design flexibility. To best utilize the performance of the Core i7, the C873 incorporates a variety of I/O interfaces as well as large memory arrays that complement the board’s high processing capabilities. Standard I/O includes four GigE ports as well as five USB ports, two SATA ports and two serial I/O interfaces as well as eight general purpose discrete I/O lines. An industry-standard PMC/XMC expansion slot enables

the integration of additional resources, including memory, I/O or multiple-monarch processor PMCs. The C873 offers some of the highest memory capacities available on a 3U OpenVPX SBC to support specific application needs as well as mass storage requirements. Up to 16 Gbyte of fast DDRL3 SDRAM with ECC protection as well as 64 Gbyte of SATA Flash are standard. Two 16 Mbyte Flash BIOS ensure reliable system boot, even if the primary device fails. Capable of communicating with up to eight other PCIe OpenVPX modules without a backplane switch, the C873 is ideal for embedded systems that require a rugged solution coupled with high data and graphics processing requirements. If a switch is used, even more modules can be accommodated. The board can be either air-cooled or conduction-cooled, which can also be provided as a VPX REDI-compliant SBC, depending on user requirements. Supporting seven OpenVPX slot profiles (defined by VITA 65), the new C873 can be incorporated in a variety of applications and environments. An IPMI controller offers system-level monitoring of the C873’s health and status. Three onboard temperature sensors and an elapsed time recorder (ETR) further assist in monitoring board health. Both standard and avionics (windowed) watchdog timers as well as a real-time clock are available on the SBC. Aitech, Chatsworth, CA. (888) 248-3248. [].

FIND the products featured in this section and more at


Exceptional Positioning Accuracy in GNSS-Enabled PCI Express Mini Card A new PCI Express Mini Card uses a global navigation satellite system (GNSS) receiver to handle data transmissions from both GPS and its Russian counterpart, the GLONASS system. The PX1 from Men Micro, which supports both active and passive antennas via a U.FL connector, provides superior satellite-based communication worldwide. A gyroscope sensor on the new Mini Card enables dead reckoning functionality, ensuring accurate position identification even when a satellite signal is interrupted, such as driving through a tunnel. This functionality, combined with the board’s GNSS receiver, makes the PX1 attractive for fleet management applications where commercial vehicles, such as trains, buses, ships and airplanes, travel across wide geographic ranges. Various satellite-based augmentation systems (SBAS) that help improve the accuracy, reliability and availability of the GNSS information are also supported by the PX1 for increased positioning accuracy. In addition to handling data generated from the current GPS and GLONASS satellite systems, the Mini Card has been developed to support communications on the pending European Galileo system, set for launch in 2014, as well as the Chinese Compass system that is on track for global availability in the future. Pricing for the PX1 is $238 USD.

Bridge the gap between ARM and x86 with Qseven Computer-on-Modules

One carrierboard can be equipped with FreescaleŽ ARM, IntelŽ Atom™ or AMDŽ G-Series processor-based Qseven Computer-on-Modules. conga-QMX6



ARM Quad Core

IntelŽ Atom™

AMDÂŽ G-Series

MEN Micro, Ambler, PA. (215) 542-9575. [].


Dual Channel 3G-SDI Video/Audio Capture Card for Uncompressed Video Streaming

congatec, Inc. 6262 Ferris Square | San Diego | CA 92121 USA | Phone 1-858-457-2600 |

A new SDI video/audio capture card based on the PCI Express x4 interface offers features that enable 2-channel acquisition of Untitled-4 3G-SDI for low latency and uncompressed video data signals up to 1920x1080p/60fps. The PCIe-2602 from Adlink Technology provides lossless full color 4:4:4 video and up to 12-bit video data for critical applications such as medical imaging, intelligent video surveillance and analytics, and broadcasting. The PCIe-2602 supports all SD/HD/3G-SDI signals and operates at six times the resolution of regular VGA connections. It also provides unrivaled video quality with lossless full color YUV 4:4:4 images, for sharper and cleaner images. With up to 12-bit pixel depth, the PCIe-2602’s extreme image clarity and smoother transitions from color to color boost image detail for unprecedented support of high-end critical medical imaging, such as PACS (picture archiving and communication system) endoscopy, as well as broadcasting. The PCIe-2602 features low latency uncompressed video streaming, CPU offloading, and support for high-quality live viewing for video analytics of real-time image acquisition, as required in casino and defense environments. When combined with a suitable 75Ί coaxial cable, PCIe2602 signals can be transmitted over 100 meters, requiring no significant modification of existing analog-based CCTV systems, with employment of existing coaxial cable networks representing significant savings. The PCIe-2602 is equipped with RS-485 and digital input & output—accommodating external devices such as PTZ cameras and sensors—supports Windows 7/XP operating systems, and comes with Adlink’s ViewCreator Pro utility to enable setup, configuration, testing and system debugging without requiring any software programming. All Adlink drivers are compatible with Microsoft DirectShow, reducing engineering efforts and accelerating time-to-market. ADLINK Technology, San Jose, CA. (408) 360-0200. [].


8/14/13 2:18 PM

Solid or Spin... we go both ways

Ruggedized VPX Drive Drii v e Storage St Module Whatever your drive mount criteria, criteria everyone knows the reputation reputation, value and endurance of Phoenix products. The new VP1-250X, compatible with both solid state or rotating drives, has direct point-to-point connectivity or uses the PCI Express interface with the on-board SATA controller. It is available in conduction cooled (shown), conduction with REDI covers (VITA 48) and air cooled configurations.

We Put the State of Art to Work


Untitled-6 1



8/6/12 11:56 AM

with an Application Engineer, or jump to a company's technical page, the goal of Get Connected is to put you in touch with the right resource. Whichever level of service you require for whatever type of technology, Get Connected will help you connect with the companies and products you are searching for.

Advertiser Index Get Connected with technology and companies providing solutions now Get Connected is a new resource for further exploration into products, technologies and companies. Whether your goal is to research the latest datasheet from a company, speak directly with an Application Engineer, or jump to a company's technical page, the goal of Get Connected is to put you in touch with the right resource. Whichever level of service you require for whatever type of technology, Get Connected will help you connect with the companies and products you are searching for.

Company Page Website ACCES I/O Products, Inc................................................................................................... ADLINK Technology, Inc.....................................................................................................

End of Article Products American Portwell.............................................................................................................. 5.............................................................................................................

Advanced Micro Devices, Inc............................................................................................. 52................................................................................................

ARM, Ltd.......................................................................................................................... 35.................................................................................................................. Artila Electronics Co., Ltd.................................................................................................. 25................................................................................................................ Get Connected with companies and Get Connected products featured in this section. with companies mentioned in this article. Axiomtek Co., Ltd.............................................................................................................. 42.......................................................................................................... congatec, Inc.................................................................................................................... 49............................................................................................................. Dolphin Interconnect Solutions............................................................................................ 7.......................................................................................................... Elma Electronic, Inc........................................................................................................... Get Connected with companies mentioned in this article. Extreme Engineering Solutions, Inc..................................................................................... 2.............................................................................................................. Get Connected with companies and products featured in this section. General Micro Systems, Inc............................................................................................... 51.......................................................................................................... Innovative Integration......................................................................................................... 43.................................................................................................. Intel Intelligent Solutions Finder.......................................................................................... Lauterbach........................................................................................................................ 16........................................................................................................ MSC Embedded, Inc........................................................................................................... One Stop Systems, Inc...................................................................................................... Phoenix International......................................................................................................... 49........................................................................................................... Pixus Technologies............................................................................................................ 48............................................................................................. Raytheon Company........................................................................................................... 48........................................................................................................... Real-Time & Embedded Computing Conference................................................................... 4................................................................................................................. RTD Embedded Technologies, Inc................................................................................... 26, Rugged SBC & Real-Time Development Tool Showcase...................................................... 17........................................................................................................................................ Super Micro Computer, Inc................................................................................................ 11....................................................................................................... WDL Systems, LLC............................................................................................................

RTC (Issn#1092-1524) magazine is published monthly at 905 Calle Amanecer, Ste. 250, San Clemente, CA 92673. Periodical postage paid at San Clemente and at additional mailing offices. POSTMASTER: Send address changes to RTC, 905 Calle Amanecer, Ste. 250, San Clemente, CA 92673.



RTC magazine  

September 2013

RTC magazine  

September 2013