LibrePlanet

by Eric Schultz, Community Manager

I was recently asked to speak at LibrePlanet about my experiences working with the FCC on WiFi radio regulations. I was delighted to speak on the topic and prpl Foundation was gracious enough to send me.

Eric at LibrePlanetFor those who aren’t aware, LibrePlanet is the Free Software Foundation’s yearly celebration of free and open source software. LibrePlanet is a unique conference in that it mixes socially conscious technology users and creators with leaders in the free and open source software space. Attending LibrePlanet works best when you spend most of your time listening, and that’s exactly what I did. It’s fascinating to see how a diverse set of people look at social problems and see how open source software can be used to address those problems. While there I did find time to share some of the interesting work that prpl Foundation is doing; there’s a lot of interest among many parties about how prpl’s work on an open source secure boot and OpenWrt/LEDE could be used by individuals and smaller manufacturers. Continue reading

EEMBC and prpl align to drive use of hypervisors to create security-by-separation for a more trusted IoT

Collaboration to assess performance overhead of virtualization technologies in embedded devices

SANTA CLARA, CALIF – April 4, 2017 – Today the prpl Foundation and EEMBC announced a formal partnership to advance the use of security-by-separation in Internet of Things (IoT) edge devices. By developing an industry-standard hypervisor benchmark, the collaboration aims to shatter the perception that the use of hardware virtualization in low-power embedded devices comes with big performance and energy overheads.

prpl is a community driven, non-profit organization with a focus on enabling the security and interoperability of embedded devices for the IoT and smart society of the future. EEMBC is an industry alliance that develops benchmarks to help system designers select the optimal processors and understand the performance and energy characteristics of their systems. The partnership will see EEMBC’s Markus Levy alongside Art Swift, president of prpl Foundation, co-chair the joint EEMBC/prpl HyperBench Working Group. The aim of the group will be to assess the performance of new lightweight embedded hypervisors paired with System on Chips (SoCs) with hardware support for virtualization.

Hardware virtualization technology coupled with hypervisors can provide improved security through isolation or ‘separation’ of users, tenants, and applications running on a given device. This approach is well understood and widely used in the datacenter, but not traditionally in deeply embedded, resource-constrained systems such as those in the IoT – primarily due to perceptions of performance limitations or associated ‘overhead’. EEMBC and prpl hope to demonstrate that any such limitations are mitigated through new developments and techniques.

The way software or firmware gets assembled today the maker of the device often has little control over all of the components as a whole. By using hypervisors at the hardware level to create security through separation, supply chain security issues could be greatly reduced while preserving the core functionality of the device – even if a security issue arises with another component of the system or it is compromised by malware such as Mirai.

“EEMBC sees value in HyperBench in two ways. The first way follows our traditional model of creating benchmarks to help system developers select the most optimal processing solution for their applications; in this case, HyperBench will allow processor vendors to fairly demonstrate their performance advantages,” said Markus Levy, EEMBC president. “In the second way, HyperBench will help out the industry in general by demonstrating that with advanced hardware assist for virtualization, the performance impact of hypervisors will be minimal.”

prpl and EEMBC members have considerable expertise in virtualization and hypervisor technologies. prpl has based its peer-reviewed Security Framework in large part on this approach, and many of its members are well-versed in deployment of the technology. EEMBC and its members have previously spent considerable time and energy on assessing how the performance overhead of virtualization technologies can be tested or benchmarked. Together the joint working group will create an architecture and operating system neutral benchmark tool to support vendors of processors, hypervisors, and operating systems, as well as their customers – the IoT system designers.

“Security of IoT is not a problem that any one company or entity can solve on its own,” said Art Swift, president of the prpl Foundation. “It will take cooperation at all levels to work towards best practices and developing universal standards. At prpl we are delighted to collaborate with EEMBC to show how a separation-based approach rooted in hardware can create a more secure IoT without significant performance penalties.”

Initial members from prpl of the new benchmarking working group also include Kernkonzept and Imagination Technologies.

About EEMBC

EEMBC is an industry alliance that develops benchmarks to help system designers select the optimal processors and understand the performance and energy characteristics of their systems. EEMBC has benchmark suites targeting cloud and big data, mobile devices (for phones and tablets), networking, ultra-low power microcontrollers, the Internet of Things (IoT), digital media, automotive, and other application areas. EEMBC also has benchmarks for general-purpose performance analysis including CoreMark, MultiBench (multicore), and FPMark (floating-point).  For more information about EEMBC, please visit: http://eembc.org

About prpl Foundation

prpl (pronounced “Purple”) is a community driven, non-profit organization with a focus on enabling the security and interoperability of embedded devices for the IoT and smart society of the future. prpl represents leaders in the technology industry investing in innovation in efficiency, portability and compatibility for the good of a broad community of developers, businesses and consumers. For more information about the prpl Foundation, please visit: http://prpl.works.

Embedded World 2017 – IoT coming of age.

by Cesare Garlati – Chief Security Strategist, prpl Foundation

Last week I had the pleasure of attending Embedded World 2017 in Germany as I was invited to give a couple of presentations on the pioneering work we have been doing at the prpl Foundation with regards to the prplHypervisor™ and prplPUF™ APIs for securing IoT. As it turns out, IoT was the top line at the conference that drew in more than 30,000 trade visitors – and the event solidified the notion that embedded computing is now synonymous with IoT.

IoT Security: Pushing the boundaries of resource constrained devices

The main theme running throughout was the challenge of pushing resource constrained devices to the limits. From a tech provider’s perspective, this was the most pervasive, well-defined issue being tackled at the show – how do we push the capabilities when it comes to functionality and security in low power devices with limited memory and minimal CPU resources?

With IoT, applying security technology after the fact or using encryption as used in a traditional security model is simply not an option in devices that don’t have the battery power, memory or CPU to support such measures, much less being able to afford the expense when the device itself costs so little. Yet, the fact that these are physical devices makes them so much more dangerous to human life and therefore the security should be taken just as seriously as that of a data centre.

Open Source as (one) answer

The answer for much of these basic security questions meant that more and more vendors are adopting – or seriously considering – the use of open source software. Though not everyone was aligned with the true value of open source, some even felt opportunistic, it was encouraging that the message of using open source, with all the extra eyes on it, is getting through.

Having said that, and knowing that open source software is notoriously more resilient than proprietary, closed source software – it does have its issues that vendors and manufacturers need to be aware of. Namely, though it is open and freely available, open source is not free. Yes, there is no licensing fee, but that is not to say it doesn’t come with the expenses of developing expertise, ensuring the organisation using it has the right liability cover, maintenance and working with open source communities to get the best out of it. As with anything in life, using open source requires upkeep to get the most from it.

In silicon we trust

Using open source protocols to get the basics right in IoT means that embedded devices can truly be interoperable with each other. What stops this from being a security risk is trust. The other element I discussed and which received over an hour of questions from the audience was the prplPUF™ API, the Physical Unclonable Funtions implementation of the prplSecurity™framework. I think everyone can agree that we’ve established that embedding secrets in a device is just not a good idea – and if you need proof, look no further than the Vault 7 revelations; not even the CIA can hide such secrets. Instead, what if you could extract a unique identifier from the silicon itself, something that is exclusive and repeatable and unable to be cloned?

This could have all sorts of applications for improving and strengthening security in embedded devices and the real genius of it is that it’s something that already exists with in the hardware itself – much like a digital fingerprint.

By using the prpl platform which combines open source with the use of a light-weight hypervisor for security by separation and PUF to establish trust in embedded systems, we’re looking at a much safer future for IoT.

 *   *   *

For more information or to get involved in the groundbreaking work prpl is doing with improving embedded computing security, visit us at http://prpl.works or contact me directly at @CesareGarlati

Prpl Foundation tackles how to secure the Internet of Things at Embedded World 2017

Not for profit and its members showcase innovation and push the limits of embedded computing

Santa Clara, Calif. – 9 March 2017 – At Embedded World in Nuremburg, 14-16 March 2017, prpl Foundation and several of its member companies will address of the security concerns presented by embedded computing systems as they become more intertwined in our lives.

During two separate presentations on March 14 at the show, prpl’s chief security strategist, Cesare Garlati, will outline and demonstrate how a new separation-based approach anchored in hardware can create the trust needed across the IoT from node to cloud. How We Can Fix Embedded Computing Through an Open Source, Silicon-Layer Approach will take place at 9:30-10:00 and the Interactive Session: How a New Hardware-Based Approach Can Fix Critical Areas of Embedded Computing Security will take place at 14:30 – 15:00.

Continue reading

Integrate dynamic voltage and frequency scaling into instruction-accurate virtual platforms

New article in Embedded Computing Design: Integrate dynamic voltage and frequency scaling into instruction-accurate virtual platforms.

In embedded systems, extra-functional requirements, such as power consumption, have been increasing in importance. In a cooperative effort between OFFIS and Imperas Software, the Open Virtual Platforms (OVP) technology has been equipped with support to express and execute dynamic voltage and frequency scaling (DVFS) compatible power models. Software on the virtual platform can access the actual power consumption and perform power management through DVFS. The technology has been successfully demonstrated for an ARM-based multi-core platform, running a synthetic bare-metal DVFS test application and Linux power management.

Read the full article at 

fig1

prplwrt Weekly Meeting – February 23, 2017

Interested in getting involved in prplwrt? Everyone is welcome to join our meetings, every Thursday at 9AM PT. Learn more here!


LEDE

OpenWrt/LEDE merger discussion

ADB update

  • Emanuele Bovisio will be leading the prpl participation from ADB now that Matteo is moving on. Sorry to see you go Matteo but welcome Emanuele!

SCAL Milestone Wrapup

  • Felix is looking forward to the feedback and feature suggestions for future milestones
  • Interested parties should provide a prioritized list of features and changes on Basecamp

CIG Update

Low-level API

  • Eric is finalizing language of the Wifi recommendation
  • Imagination’s Ensigma Wifi group is interested in participating
  • Open question: Should we evaluate IEEE 1905.1 as part of the common API efforts?
  • Wojtek suggests we hold off on sending the final recommendation to the chipmakers until he gets back from the RDK meeting and gets a sense of the RDK-B interest in working together on these efforts.

Software Stack Independent API update

  • On the CIG Basecamp, Eric will post a set of features for a SSI Wifi API he’s compiled from participants.
  • Eric sent out a Doodle for next CIG meeting

prpl Feed for OpenWrt/LEDE

Boardfarm

  • Joao from Altran is looking into Boardfarm and interested in putting their in-house tests into Boardfarm

OpenWrt Summit

  • Summit Committee had a meeting on February 22
  • Split out summit responsibilities between all of the participants
  • Location recommendation report will be made to the Summit Committee at the next meeting
  • Next meeting is March 8, 7AM PT

prpl IoT Conference in Berkeley

  • Initial plan was for middle of May (prior to these notes coming out, the event was delayed until at least June)
  • Co-organized by prpl Foundation, IoTSF and Tech in Business club from Business School at Berkeley
  • Will be a chance for us all to meet face to face
  • Chance to highlight all of the work in prpl
  • Sent out survey to get feedback from folks
  • Looking for speakers and sponsors!

Next meeting is March 2, 9AM PT