Acrosser provides high quality network server hardware/network appliance for network security applications such as UTM, firewall, VPN, gateway security and VOIP. Products include multiple Giga bit Ethernet ports in 1U/2U rack mount, micro box and desktop form factors. Scalable performance includes Intel Atom, Core 2 Duo, Core i with single core up to quad core.
ACROSSER Technology, a world-leading embedded single-board computer manufacturer, is pleased to unveil the product video for our COM Express Type 6 module, ACM-B6360. Thisembedded board features third generation Intel® Core ™ i7 Processor with QM77 chipset, targeting the performance-based niche market. For laboratory device applications, ACM-B6360 is a steady COM-E module that delivers reliable performance even in demanding environments.
Removing and replacing the COM-Express module is a smooth and simple process, making it a popular choice among embedded application. Take the gaming market for example: given the high demand for I/O interfaces, system developers can choose a carrier board with multiple I/O connectors. Developers then have the flexibility to upgrade the module at any time simply by replacing the COM express module on the baseboard, enabling them focus on game development without sacrificing time-to-market.
The two DDR3 SO ECC-DIMM sockets support DDR3 SDRAM, with a memory capacity of up to 16GB. Windows® 7, Windows® XP, LINUX Fedora 14, and Ubuntu 10 are all supported. With support for multiple OSs, ACM-B6360 satisfies the needs of engineers from all industries regardless of the OS they use. Samples are available now, so contact your nearest ACROSSER sales team for a sales quote, or send us an inquiry at one the following websites!
No longer just gizmos and gadgets for the wealthy, devices for the smart home are fast becoming the purview of the every man. Estimates embedded Linux project that within the next 10 years the average household will consist of 100 connected devices, networking everything from lights and motion sensors to thermostats and smoke detectors.
With every passing day it seems more and more otherwise-mundane household items are being outfitted with connectivity. From refrigerators and washing machines to toasters and light bulbs, appliances of all kinds are being networked and marketed as elements of the impending smart home.
While the smart home architectures of tomorrow will indeed be comprised of numerous networked devices, however, simply Internet-enabling a door lock or light switch doesn't make it inherently "smart." The key to the smart home is harnessing embedded system based on behavior and usage patterns, and using that intelligence to autonomously improve the residents' quality of life. But when comparing today's smart homes with those of the future that operate independently and behind the scenes, Paul O'Donovan, Principal Research Analyst of the Semiconductor Group at Gartner (www.gartner.com) says it's "similar to where the mobile phone was in the 1990s to where it is now – functional, but by no means smart."
"Basically, there is little or no computing or learning going on in the systems available today," O'Donovan says. "There is some limited decision making, such as turning off heating or lights when the home owner leaves the building, but otherwise there is little 'processing' of the data locally or in the cloud."
"The smart home is still in its infancy," says Ryan Maley, Director of Strategic Marketing at the ZigBee Alliance (www.zigbee.org). "There are many products available and these are well deployed extending comfort and efficiency for home owners. However, these products tend to be single-purpose applications such as lighting, security, or energy efficiency. These installations probably reflect where the homeowner has interest or where there is some easily understood value. However, the smart home should be much more.
"As more devices are connected, embedded Linux consumers will see more value than simply extending control of their network communication appliance to mobile devices," Maley continues. "The smart home should be optimizing efficiency and making decisions for us automatically rather than simply allowing us turn things on and off via a mobile device instead of a light switch. As more everyday objects are connected and become smart, many new interesting applications may arise, such as balancing the needs of lighting and energy management by opening window coverings instead of turning on a light when we enter a room."
To enable analytics for new smart home applications and services such as energy management, embedded software development companies like DSR (www.dsr-company.com) design architectures that amass sensor data from connected devices (Figure 1). In addition, new technologies and techniques are emerging that will add value and make home automation more transparent to the end user, says Genie Peshkova, Vice President of Operations at DSR.
"Consumers expect the smart home to be truly smart – don't ask me about embedded system that you can determine, learn my behavior and adapt," Peshkova says. "Don't unnecessarily disturb me, but do let me know when something is wrong or out of the ordinary. The idea is for the smart home to fit perfectly into the consumer's lifestyle, adapt to his or her likes or dislikes, simplify life, add convenience, and provide much needed security and peace of mind.
"Without analytics and data intelligence, smart home systems cannot learn, intelligently respond, and truly adapt to the consumer," she continues. "As the network security market continues to grow, data will become a more and more powerful component of the equation. We are working in collaboration with partners that provide behavior analysis engines, content analysis, and voice control – a large degree of automation for the user's lifestyle, social preferences, behavior analysis, and prediction, a lot of which already exists but will become even more sophisticated. Pulling all these together will lead to providing a truly smart solution that will deliver a lot of value to the consumer."
But at the network communication appliance layer underlying this infrastructure, interoperability challenges still exist that limit the potential of the connected home.
Application-level interoperability and the fight for the smart home – ZigBee 3.0
Though architectures such as those depicted in Figure 1 generally abstract the application layer through a gateway or router that connects sensors directly to the cloud, network security application-level interoperability is still key for the many subdomains and devices that make up a fully outfitted smart home. For instance, while standardization at the network-level allows for commonality around packet forwarding, interoperability at the application layer establishes consistent rules for exchanging data between devices (Figure 2). As a point of reference, the latter is similar to how HTML is used across the Internet.
refer to: http://embedded-computing.com/articles/building-smarter-home-zigbee-3-0/
Kirill Marinushkin is an Embedded Software Developer at Argus-Spectr. He designs embedded systems for sensor networks. Kirill has developed devices with secure remote access over TCP/IP and wireless protocols. Embedded systems' ability to access devices over the Internet or local networks facilitates a wide range of convenient interactions. The evolution of the Internet of Things (IoT) means fast growth of embedded networks. For these applications, network communication appliance has become a great issue. The resources of embedded systems are too limited and may hardly provide reliable protection against cyber attacks. High-performance devices with Linux may have advantages for secure network access.
Scripts and techniques can improve the security level of network access for these Linux-based devices. The goal is to access a device as a network security for remote control and administration. This can be conducted in two levels: the SSH-level for secure remote shell access and SFTP file transfer, and IP-level protection.
Configuring user permissions for SSH access
The SSH server options include a number of methods to limit user permissions. For both secured shell and SFTP services, the options "PermitRootLogin", "AllowUsers", or "DenyUsers" limit the logins able to connect to the device over SSH. For SFTP, more parameters are available to change the root directory paths. This method is important to protect the system parts that include critical and confidential data. This option allows the configured users to operate only inside their directories and sub-directories, so you can leave them in their "sandbox." The option "Subsystem SFTP internal-SFTP" combined with "ChrootDirectory" allow to change the root directory for specified users. The "ChrootDirectory" section for all configured logins should be placed at the end of the configuration file. When setting up the directories for different users, the owner of that directories should be a root user.
To configure the network security SSH permissions, edit the file /etc/init.d/sshd_config as in the example:
A common way is to run your service as a server listening to the specified TCP port. To provide the SSH connection, you may use "libssh" – an open-source project licensed under the LGPL. The project has several examples including the sshd source code that provides a great basis to build your server application. Note: this solution is not connected to the OpenSSH server and requires its own port number and user management.
Another option is to use the existing running OpenSSH server for your service. The idea is to replace the shell utility with your own application for specified users. This time users would interact with the remote system over the standard input/output interface like a terminal. This solution is a more efficient way to organize secure remote access with the exact functionality you need. To replace the shell for users, edit their parameters in the "/etc/passwd" file by replacing the last option with the path to your application.
"Iptables" is a powerful tool for protecting remote access to the target Linux system at the IP level. Iptables allows the system to filter the traffic independently of the application-level network protocol. It is the most universal option that may work for almost every platform.
Iptables support should be turned on during the Linux kernel configuration. Pay network communication appliance that some necessary iptables options like "conntrack" or "connlimit" may be turned off in the kernel by default so turn them on to use more iptables possibilities.
Launching iptables script on system start The iptables utility embedded Linux works as a network traffic filter. The filter is performed as chains of rules applied by running the "iptables" command with different parameters. The rules are set together in a script file. To put the iptables to the initial state, begin the script with the example rules below.
Prevent brute force attacks Brute force is the biggest security problem when using the SSH protocol. A simple firewall can be set up using iptables to prevent brute force attacks. The idea is to block the IP addresses that flood the SSH port and limit the maximum number of opened connections. The script below serves this purpose.
Whitelist/blacklist IP addresses If the clients' IP addresses are static, the best way to perform network communication appliance is to allow access for certain IP addresses only. That means no other user except the specified ones would be able to access the target embedded system remotely. This may be done by creating a whitelist of legal IP addresses. For the example script below, the admitted IP addresses are written down in the file line by line like this. The described services and methods use the IPv4 protocol. The secure configuration of the IPv6 protocol is ignored, which makes it unsafe to keep enabled. If IPv6 support is turned on in the kernel, then it should have additional protection. Or, if you don't need it, you may just turn it off by adding this line in the /etc/sysctl.conf file.
SSH-level security Remote access over SSH shell and SFTP presents the greatest opportunity of controlling the target embedded system with Linux. Enabling this function is a convenient way for administrating the device. The SSH protocol performs a high level of security and cryptography. There are several possible configurations of the "sshd" utility associated with the SSH shell and SFTP server services to improve SSH-level security.
Among popular Linux distributions for embedded systems (such as Angstrom or Arago-project), the "Dropbear" utility is a default SSH server. Unfortunately, it provides a limited set of configuration options. Important configuration possibilities such as users' permissions are disabled in this utility. So if the target device is going to have remote access, installing "OpenSSH" server would be a better idea. To change the SSH servers, remove the Dropbear starting script (or move it, like in the example below) and install the OpenSSH package:
refer to: http://embedded-computing.com/articles/improving-security-for-network-connected-linux-based-systems/#
California has strict rules about who can pilot the network security of experimental autonomous vehicles cruising its public roads. Prospective test drivers have to pass a defensive driving course, have near-spotless records, and have at least a decade without a drunk-driving conviction. Crucially, they must also complete a special training program for autonomous vehicles, some of which can be as buggy as any Silicon Valley prototype.
But an investigation by IEEE Spectrum has uncovered that these embedded computer programs vary considerably in content, intensity, and duration. Drivers hoping to operate one of Google’s autonomous Lexus SUVs will spend at least five weeks on classroom lessons, in-car observations, hands-on sessions, and evaluations. Those itching to get behind the wheel of a computer-controlled Audi A7, however, could complete the carmaker’s training program in less than 2 hours. This is because manufacturers are allowed to design and conduct their own autonomous training programs. California law [pdf] requires the courses to feature behind-the-wheel lessons and information about automated technologies, including their limitations. What in-vehicle pc do not mention are specific procedures to teach or network security to meet, nor how long any such training must last.
Documents obtained by IEEE Spectrum under Public Records Act legislation show that the seven companies currently holding experimental self-driving car-testing permits for California have interpreted the law very differently. "Today’s ‘autonomous’ cars still require a great deal of human judgment and skill to operate safely, and that’s unlikely to change for some time."
In-vehicle pc, which pays its autonomous safety drivers US $20 an hour, initially pushed back against needing trained test drivers at all. Last year, Ron Medford, the company’s driverless-car safety director, complained to the DMV:
We request that the embedded computer provide…flexibility for manufacturers to demonstrate their autonomous technology to policymakers, regulators, and other key stakeholders who have not completed a full driver-training program and received a testing permit.
The department disagreed, and a year later, the technology giant has a comprehensive autonomous training program in place. Its five-week course trains test drivers in both software operation (from the passenger seat) and driving, with separate modules for highways and urban streets. “Freeway and surface-street driving are very different, and thus require different skills,” says a Google document outlining the program.
refer to: http://spectrum.ieee.org/cars-that-think/transportation/human-factors/how-much-training-do-you-need-to-be-a-robocar-test-driver-it-depends-on-whom-you-work-for
Acrosser’s in-vehicle computer is capable of multitasking during the drive, enabling the realization of numerous advanced commercial applications. The advance in public transportation technology greatly benefits both passengers and carriers.
For example, the installed counter collects and sends passenger information to the data center, enabling carriers to determine suitable advertisements for passengers and increase potential revenue. In the safety aspect, the GPS can provide instant vehicle location, and remind drivers to stay cautious in certain traffic congestion areas. Surveillance centers may also monitor drivers and passengers instantly via the IP camera, ensuring a safer transportation environment. In addition, the connected Wi-Fi module receives signals coming from the bus stop to provide an accurate arrival information display to waiting passengers.