Stand-alone systems are extinct, a trend that has put developers under increasing pressure on security issues. This problem involves almost all electronic products such as mobile phones and digital photo frames with Wi-Fi capabilities. Using a firewall or encrypting several data files is not enough. System security needs to be protected like the most vulnerable links. This article refers to the address: http:// Basic security concept Information can be transmitted in clear text, authenticated or encrypted (Figure 1). Authentication is readable text information, but it is often used to refer to unsigned or encrypted information. The authenticated information is digitally signed information. Modifying the information will invalidate the signature, which can be used to determine if the information has been tampered with. At this time, the information is still accessible, which is different from the encrypted information, and the encrypted information is unrecognizable before decryption. Digital signatures typically use a piece of information called a message to encrypt a tag attached to this message, also known as a message digest or simply a digest. If the signature was created after the information was modified, the two tags will no longer match. Discovering changes usually does not provide information on who modified, how, or modified. Digital signatures can use encryption, but more often use hash functions. The difference between a hash function and encryption is that the hash function is a one-way operation, and encryption is usually a two-way process because the original plaintext can be reconstructed with the correct key and algorithm. In general, hash functions are faster than encryption, and they are used in a wide range of applications from password storage to communication handshake. For example, Linux stores the username and password in a "passwd" file. This is a plaintext file, but accessing this file only gives the username and password processed by the hash algorithm. You can use this information to authenticate a user by using a password to generate a new hash value and then comparing the result to the contents of the passwd file. Of course, leaking passwd files will create a security hole. In fact, most Linux implementations store the hashed password in a shadow file. The passwd file is simply an image file with the hashed password removed. Encryption usually uses one or two keys. A single key is used in a symmetric encryption algorithm, ie the same key is used for encryption and decryption. Symmetric encryption speeds are generally faster than systems with asymmetric or two keys. In asymmetrical systems, one key is used for encryption and the other key is used for decryption. In this dual key case, one of the keys cannot be reconstructed with another key. Most public key systems use two keys (a public key, a private key) for two-way data exchange, which means that the information encrypted by the owner of one key can be decrypted by the owner of the other key. A one-way system allows one key to be used for encryption and another key for decryption. In a two-way system, the same key cannot be used for encryption but also for decrypting encrypted data. If both keys are kept secret, they can be used to identify the owner during the exchange of information. The RSA public key algorithm was proposed by MIT's Ron Rivest, Adi Shamir, and Leonard Adleman in 1978. This algorithm is based on two large prime numbers and the fact that it is very time consuming to decompose large prime numbers, making brute force attacks very difficult. In a public key environment, there is usually a key available to interested parties. Similarly, each party usually has its own key (multiple keys are used in subsequent key exchanges). Some popular hashing algorithms include MD4, MD5, SHA-1, and SHA-256. Common encryption systems include DES (Data Encryption Standard), RSA, and AES (Advanced Encryption Standard). The DES encryption key is 56 bits long, and brute force attacks are not easy for current processor performance. This algorithm was quite safe in the 1970s when DES was released. Triple DES (3DES) also uses the DES algorithm and key, but makes up for the shortcomings of DES. 3DES uses three keys and the data is encrypted three times. The AES key can be 128 bits, 192 bits, or 256 bits long. AES has become the standard configuration on microcontrollers. AES is widely used in wireless standards such as ZigBee and can be used for full disk encryption and a host of other applications. Another method is called Elliptic Curve Cryptography (ECC), which uses a small key to achieve the same security as other technologies that use large keys. This efficient algorithm can be easily implemented in hardware. Security software typically supports one or more encryption and hashing algorithms, while many communication standards allow for different algorithms and key lengths. These parameters are typically selected during the initial handshake. Safety must start from the most basic Security needs to start from the most basic. If any layer is not secure, then all layers above it will become unsafe. This is why the depth of security is important. Similarly, partitioning can isolate problems, but only if the partitioning mechanism is not compromised. Destructive attacks are often made by looking for vulnerabilities in security mechanisms, which is the practice of worms and viruses exploiting flaws in operating systems, applications, or system configurations. For most computer systems, the physical security and boot process is the starting point. One way to ensure system security is to boot the system using Trusted Computing Group's (TCG) Trusted Platform Module (TPM). The TPM contains a secure microcontroller and memory that is common in personal computers (Figure 2). Tamper-proof hardware can physically protect the device, and destructive opening of the device will result in the loss of the stored security key. The TPM self-tests at system startup and then completes the rest of the system, including processing the PIN code entered by the user, authenticating the program that is typically stored in another device and digitally signed or encrypted. In general, the TPM will transfer security control to the host, but it can also be used for other security-related operations. The TPM also contains a unique RSA private key for TPM identification. The TPM allows the system to digitally sign the information to enable other systems to authenticate itself. In addition, the TPM can be used to remotely authenticate or identify devices on the machine by obtaining digital features of the hardware and software and then signing the information. The signed information can then be sent to a third party. This method can generally be used to ensure that a specific version of the music player is being used. To address the lack of anonymity for basic remote authentication, TCG has developed a slightly different approach called Direct Anonymous Authentication (DAA). The DAA performs a similar process, but the result only verifies the state of the target hardware or software, it does not recognize the TPM module itself. The TPM also provides secure key storage and performs encryption and digital signature work. The key does not need to be stored on the TPM because the encrypted version can be stored in other system memory. The TPM can use this information to extract and decrypt keys for use. The TPM function can be integrated into a microcontroller, not just a personal computer, opening up the broader consumer device market. Many TPM functions can be accessed using a secure serial memory with an I 2 C/SMBus interface. These memories are usually a subset of the functional classes that are common in TPM, but with lower power requirements and a simpler interface. Guarantee node security Secure boot is the starting point, and secure communication can be implemented starting with a key that is certified by CA. For embedded microcontrollers, the next step might be directly to the application, but for most applications there is at least one operating system between the two. In the simplest case, there is also memory protection, and further includes virtual memory support. In theory, a secure operating system can completely isolate applications from this memory protection support. Of course, the operating system architecture and scale may provide a number of vulnerabilities for attackers seeking to bypass this security mechanism. Another possible step is virtual machine support. This virtual machine supports the use of additional hardware that provides the same type of protection as memory protection or virtual memory support, but it is more detailed because it emulates all the hardware. A hypervisor is essentially an operating system that manages a virtual machine environment. This method is used to manage multiple systems, but it also provides additional security. The approach is to isolate the operating system and further isolate the application. A "thin" hypervisor is usually much simpler than a traditional operating system or real-time operating system (RTOS), so it has fewer defects and is easier to verify when applying formal methods. Some virtual machine systems use a host operating system, such as Linux, making such verification very difficult. Another method is to create a virtual machine that will be used to process the user interface to the virtual machine system. The virtual machine controls the underlying system by communicating with the hypervisor. In theory, this method can provide better isolation performance. Â Develop a security policy The hypervisor provides independent multi-level security (MILS) or domain separation for the system. MILS can be a component of a multi-layer security (MLS) system. However, MLS implementations do not require virtual machine support, provided the system (including the secure boot process) is secured. Operating systems such as SELinux use the MLS security model, which provides finer-grained access control than Linux alone. In general, Linux uses the Linux Security Module (LSM) framework. LSM can support multiple security models including SELinux, and the other is Smack (simplified mandatory access control kernel). The basic Linux security module provides user/group model based authentication and access control, and it is built around the file system. Files can be manipulated from a group, user, or anonymous perspective, and read, write, and execute attributes are individually controllable. Access control inherits the concept of a directory tree. SELinux is more like a feature-oriented system, and its strategy can become quite complex. This mandatory access control system separates policies from execution, not only controlling access to files and directories, but also controlling access to network interfaces and messages. Access can be linked to the application, not just the user. For example, a file server can only provide access to files or directories that are properly labeled as shared. It tracks applications and any subroutines generated by one of these applications. In this way, policies can prevent information from flowing from a higher security level to a lower security level. Without the right permissions, higher-level applications cannot simply provide access to lower levels. One of the problems with this complexity is how to use it correctly. Poor strategies may open vulnerabilities, allowing data or control to move to places that should not be allowed. This is why most systems start with one or more basic policy definitions and then gradually modify them to meet system requirements. Display system security The secure boot of a secure operating system is sufficient for some environments, but interaction with the user brings with it the need for identification and user-related I/O. A security display is a feature that is common in military security systems (Figure 3). The security of the display system can be implemented in software or hardware. For example, you can set the security device driver to display only the display information from the security application at the bottom of the display. Applications that use full-screen display do not override this secure area. Other techniques include performing the same operations with display hardware. The ctrl-alt-delete that people often use is also a related interface item. In theory, this key combination should only call the system application. When using the Windows operating system, pressing this key combination will bring up a dialog box with startup options such as Task Manager. With a secure display, feedback can be displayed through the secure display area, making it impossible for any application to simulate a response. Switching Residual Current Transformer Switching Residual Current Transformer,Switching Transformer,Open Residual Current Transformer,Busbar Open Residual Current Transformer Zibo Tongyue Electronics Co., Ltd , https://www.tongyueelectron.com
Figure 1: The communication link highlights different types of data exchange, from authenticated data exchange to encrypted data exchange.
 
Figure 2: The Trusted Platform Module (TPM) is designed to provide a secure boot environment. 
Figure 3: It is important to leave a safe area on the screen, which is often combined with other forms of security infrastructure.