California has strict rules about who can pilot the network security of experimental autonomous vehicles cruising its public roads. Prospective test drivers have to pass a defensive driving course, have near-spotless records, and have at least a decade without a drunk-driving conviction. Crucially, they must also complete a special training program for autonomous vehicles, some of which can be as buggy as any Silicon Valley prototype.
But an investigation by IEEE Spectrum has uncovered that these embedded computer programs vary considerably in content, intensity, and duration. Drivers hoping to operate one of Google’s autonomous Lexus SUVs will spend at least five weeks on classroom lessons, in-car observations, hands-on sessions, and evaluations. Those itching to get behind the wheel of a computer-controlled Audi A7, however, could complete the carmaker’s training program in less than 2 hours. This is because manufacturers are allowed to design and conduct their own autonomous training programs. California law [pdf] requires the courses to feature behind-the-wheel lessons and information about automated technologies, including their limitations. What in-vehicle pc do not mention are specific procedures to teach or network security to meet, nor how long any such training must last.
Documents obtained by IEEE Spectrum under Public Records Act legislation show that the seven companies currently holding experimental self-driving car-testing permits for California have interpreted the law very differently. “Today’s ‘autonomous’ cars still require a great deal of human judgment and skill to operate safely, and that’s unlikely to change for some time.”
In-vehicle pc, which pays its autonomous safety drivers US $20 an hour, initially pushed back against needing trained test drivers at all. Last year, Ron Medford, the company’s driverless-car safety director, complained to the DMV:
We request that the embedded computer provide…flexibility for manufacturers to demonstrate their autonomous technology to policymakers, regulators, and other key stakeholders who have not completed a full driver-training program and received a testing permit.
The department disagreed, and a year later, the technology giant has a comprehensive autonomous training program in place. Its five-week course trains test drivers in both software operation (from the passenger seat) and driving, with separate modules for highways and urban streets. “Freeway and surface-street driving are very different, and thus require different skills,” says a Google document outlining the program.
refer to: http://spectrum.ieee.org/cars-that-think/transportation/human-factors/how-much-training-do-you-need-to-be-a-robocar-test-driver-it-depends-on-whom-you-work-for
Open source products are generalized in order to fit the widest array of users and can force designers to modify the embedded computer hardware configuration, resulting in higher recurring cost for the embedded device. Although a commercial OS can be expensive, cost savings is an important reason to purchase an off-the-shelf product. If you can purchase and therefore eliminate the coding, debug, and documentation of the most complicated portion of the software, you should give it careful consideration. Vendors promote product technical support as a major benefit of a commercial OS. They are able to provide continuous support for the embedded computer operating system portion of the software by spreading the cost over all customers.
IDC is predicting that 15 billion intelligent devices will be connected to the Internet by 2015. This explosion in connected embedded devices has spawned a new generation of hackers targeting mobile devices, automobiles, medical equipment, and other systems. Alan discusses what these latest security threats to embedded devices look like and what steps companies should take to protect their devices from attacks launched via the Internet.
ECD: What are some common threats and attacks against connected embedded devices?
GRAU: We are seeing a surge in attacks against embedded devices. Attacks range from simple automated probes to sophisticated attacks targeting specific features of the embedded devices.
IP and Web attacks that have long been used against enterprise networks and Web servers are now being used to attack embedded devices. Hackers have compromised medical devices, reprogrammed printers, and even hacked antitheft and vehicle control systems in cars. The list of possible attacks is limited only by the creativity of hackers.
A few other common threats are dictionary attacks, where hackers attempt to log in and gain control of the embedded device using weak or default passwords, and insider attacks, where disgruntled employees steal passwords and sell them to hackers.
ECD: What steps can designers take to protect their devices from these attacks?
GRAU: Security needs to be considered from the very beginning of the design phase. Engineers must assess the possible attack vectors available to hackers. Each interface provided by the device is a potential attack vector for hackers. Wi-Fi, Ethernet, Bluetooth, serial communication, and even debug ports have been targeted by hackers. Once the risks are determined, engineers can begin designing security measures for the identified risks.
Many embedded devices include security protocols such as Secure Shell (SSH) or Secure Socket Layer (SSL) to ensure secure communication with the device. While that is an important step, it is not sufficient. A firewall is the critical layer of security that is missing in most embedded devices. A firewall allows the creation of policies that define and enforce what communication is allowed with the device. The policies define, at a minimum, with whom the device communicates, which protocols are supported, and which ports are open. An embedded firewall is integrated into the communication stack and blocks packets at the lowest layers of the stack. By enforcing communication policies, many attacks are blocked before a connection is even established.
Consider a Supervisory Control and Data Acquisition (SCADA) controller that incorporates the Icon Labs Floodgate firewall and is configured with communication policies that define a set of trusted senders and block all ports and protocols not used by the device (see Figure 1). If hackers attack the device, they will be blocked because the communication is not originating from a trusted sender. Even if hackers steal passwords from an insider, they will not be able to log in to the device because they are not trusted senders. The firewall will block packets at the IP layer before a log-in is attempted.
Figure 1: The Icon Labs Floodgate embedded firewall enforces communication policies, blocking unwanted packets and protecting embedded devices from attack.
ECD: How difficult is it to port security software to an embedded system? What are the impacts on performance and memory size?
GRAU: Most Embedded Systems require security software that is designed for use with the specific requirements of embedded systems in mind. Security systems for Linux or Windows are generally large, slow, and not easily ported. A product like Floodgate that is designed to be small, fast, and portable between Real-Time Operating Systems (RTOSs), on the other hand, can be easily ported between embedded systems. Floodgate has been ported to devices as small as 8-bit MCUs and can be configured to as little as 15 KB of RAM and 15 KB of ROM.
Performance is another reason to use security software designed for embedded systems. These solutions will be faster and use fewer memory resources than desktop solutions.
ECD: If embedded devices are to be deployed on a closed network, should designers consider security?
GRAU: Security needs to be designed into all embedded devices, regardless of how they will be deployed initially. Many devices originally designed for use on closed systems are later repurposed, and subsequently may be deployed on open networks. For example, many legacy SCADA systems were designed without security because they were built solely for use on closed networks. Today, many of these devices are connected to the Internet and have few, if any, security features to protect them from hackers. The result is scary; embedded devices are serving critical functions in our infrastructure and remain easy targets for hackers.
Stuxnet showed us that closed networks can still be compromised. Hackers can penetrate the network, or, as with Stuxnet, viruses, worms, and other attacks can be introduced through USB drives and other physical media. In addition, there is always the risk of insider attacks. Someone with authorized access to the network could launch an attack against devices on the network.
Enterprise networks are designed using multiple layers of security. Network firewalls protect against attacks from the Internet, security protocols protect communication, and endpoint firewalls and antivirus/antimalware software protect individual nodes on the network. Embedded devices need to follow a similar approach, adding a firewall to the device to provide an extra layer of protection, regardless of how the device will be deployed at the outset.
ECD: Are the built-in security provisions in OSs such as Android adequate for embedded applications?
GRAU: As we all know, Android runs on the Linux OS. However, many people are surprised to learn that in various Android distributions, some Linux security features have been stripped out to reduce memory usage. For example, support for packet filtering using iptables is not included in many Android distributions, meaning that firewall support is not included. So Android may not be as secure as many people believe it to be.
Security is about risk management. Hackers will break into a device or network for many reasons. Some are politically or financially motivated. Others just want to prove they can do it. The number and sophistication of attacks continue to rise. Any device with a network interface, even a device on a private network, is a potential target for attack. If the device has a Wi-Fi interface or is connected to the Internet, it almost certainly will be attacked. Devices with a Web interface will likely be targeted by automated Web hacking tools. Reports estimate that between 20 to 30 percent of all Web traffic is from hackers or other malicious packets.
Intel H61 with CoreTM i7/ i5/ i3 Mini-ITX Motherboard, DDR3-1333,SATA II, USB 2.0, PCIe x4, DVI-D, VGA, COM, GbE
in-vehicle computer, Industrial PC, single board computer
AMB-IH61T1 has two DDR3 SO-DIMM sockets to support up to 16GB of system memory. Onboard 18/24-bit dual channels LVDS interface support HD resolution LCD panel directly made it suitable for digital signage and Panel PC applications.
Coming with acrosser’s 7 years product longevity service, AMB-IH61T1 is the perfect solution to deliver high computing power for a wide range of applications such as industrial automation,kiosk, digital signage, and ATM machines.
1. Intel LGA1155 Socket supports cross compatible with Intel Core i7/ i5/ i3 desktop processors
2. Supports Intel Xeon SP processors
3. Two 204-pin SO-DIMM sockets support DDR3 1333/ 1066 SDRAM up to 16GB
4. 6 x COM, 8 x USB2.0, 3 x SATA II, 8-bit GPIO, 1 x PCI-E x4, 1 x Mini-PCI-E
AR-V6002FL features:
● Intel Atom D425/D525 processor
● Intelligent Power module with API for delay timing customization
● Fan less design with Heat pipe
● Display: VGA,
● Serial port:2*RS-232, 2*RS-232/422/485
● USB x 4, Mic-in/Audio, Remote power switch,
● Storage: CF card slot/ 2.5’’ HDD bracket
● GPIO: 4 in / 4 out
● 1 x GbE RJ45 LAN port with LED
● 2 x mini-PCIe expansion slot
● Optional module: GPS / WiFi/ Bluetooth / 3.5G module
● Changeable Fuse design
● can bus support CAN 2.0A/2.0B
● Windows and Linux device driver and API for GPIO and CAN bus.
● Standard vehicle certification: CE, FCC class B, E-Mark
in-vehicle computer AIV-HM76V0FL features Intel HM76 mobile chipset and FCPGA 988 socket for 3rd generation Core i mobile computer platform. AIV-HM76V0FL adopts acrosser’s expertise of design for in-vehicle applications. These designs include smart power management, high efficient thermal module, and diversity of integrated communication technology such as 4 USB 3.0, can bus, Wi-Fi, 3.5G wireless WAN, Bluetooth and GPS.
AIV-HM76V0FL is protected with the most complete power input protection to adapt the harsh electrical environment in any kind of vehicle. Such protections are automotive transient voltage suppression, over/under voltage protection, over current protection, reverse voltage protection and automotive fuse. These designs enable AIV-HM76V0FL to pass the strict ISO-7637-2 test what is specifically defined for equipments installed in various vehicles.
The smart power management subsystem enables user to define the power on and off sequences through software interface or BIOS setting to meet any requirement of in-vehicle applications.
The AIV-HM76V0FL’s fanless thermal design provides the high reliability in vehicle applications. It utilizes advanced heat pipe, heat sink, and thermal pad to solve the problem of heat generated by CPU, Chipset, DRAM and power devices. This is a big challenge for designing a fanless computer what supports up to 45 Watts quad core of core i7-3720QM processors. All components used in AIV-HM76V0FL are industrial proven and only solid state capacitors are utilized for high MTBF.
The AIV-HM76V0FL is available in October, 2012. For more product information, please visit Acrosser product pages.
New 3.5” SBC, AMB-N280S1, which carries Intel dual- core 1.8 GHz Atom Processor N2800. acrosser takes advantage of Atom Cedar Trail N2000 series processor in design, such as low power consumption and small footprint as former Atom series.
Focusing on embedded and industrial applications, AMB-N280S1 has variety I/O ports like 6 x serial ports (one is RS-232/485 selectable), 4 x USB2.0, 2 x GbE, and one Mini-PCIe expansion. It also offers 1 x SATA interface and power connector for the customers have large storage capacity request.
AMB-N280S1 can support both two displays to maximum resolution 1920 x 1200. It also offers the 18-bit LVDS interface for small size LCD panel.
The smart power management subsystem enables user to define the power on and off sequences through software interface or BIOS setting to meet any requirement of in vehicle applications. Driver of vehicle can trigger the power on and off sequences by either ignition switch or a remote switch.
AR-V6100FL fanless thermal design provides the high reliability in vehicle applications. The AR-V6100FLutilize advanced heat pipe, heat sink, thermal pad to solve the problem of heat generated by CPU, Chipset, DRAM and power devices. This is a big challenge for designing a Fanless Computer which supports 45 Watts Quad Core Core i7 processor. All components used in AR-V6100FL are industrial proven and only solid state capacitors are utilized for high MTBF.
acrosser also integrated two new useful features to the AR-V6100FL. The one-wire (i-Button) interface provides system integrators a low cost solution for driver ID, temperature and humidity sensors. The combo connector combines VGA, audio, USB and DC 12V power output all in one connector so significantly simplify the harness between the computer and Accrosser’s in vehicle touch monitors.
AR-ES5630FL is the most powerful embedded computer that overcome high heat problem to achieve fanless design and output great graphic acceleration and meet crucial computing demand.
AR-ES5630FL features 4 USB ports (2 onboard and 2 internal), 4 high speed RS-232 (one of them can be set as RS-422/485), dual Giga LAN, 1x IDE, 1xSATA, 5.1CH audio, 8 bit GPIO, PS2 KB/MS and one Compact Flash Type II Socket
AR-ES5630FL is a fanless design embedded box computer, with form factor 165x251x67 mm (DxWxH), Its advanced thermal heat-sink module design with heat-pipe efficiently vent the high temperature heat from Core 2 Duo 2.2GHz and make system cool remain its perfect computing performance. The high performance throughput makes AR-ES5630FL system easily be applied in every application such as gaming, gambling, high-end multimedia, POS/POI/Kiosk and Digital Signage,..etc.
AR-V5403FLCore 2 Duo in vehicle computers as the hardware platform to install in their 40 thousands service trucks. This project integrated the RF ID reader, OBD2 terminal, sensors and hand held terminals to improve the operation efficiency of the huge fleet.
The AR-V5403FL in vehicle computer collects real time data from RF ID reader, OBD2, sensors, GPS and held data terminal. The processed data are connected directly to cloud server through build in 3.5G module. Drivers are able to receive real time dispatching information from the server.
Acrosser Technology provides a complete scalable line of in vehicle computers ranges from Intel Atom E640, D525, Core 2 Duo up to Core i5 and i7. In addition to standard industrial PC I/O interfaces such as VGA/DVI, Ethernet, USB, WiFi, Bluetooth and RS-232/485, these ruggedized in vehicle computers also feature intelligent in vehicle power management, can bus, Digital I/O, i-Button(One Wire), GPS and 3.5G wireless.
To meet the harsh power environment in the vehicles, acrosser’s in vehicle computers power subsystem are all protected by over-voltage, over-current and surge protection which make them comply with E-Mark and ISO-7637 in-vehicle power standard. All these features make Acrosser’s in vehicle computer the most suitable platform for all kind of vehicles such as Taxi, cab, truck, bus and heavy duty vehicles.
in vehicle computer ,Industrial PC ,single board computer
