Securing SoCs in the IoT Era

By Kevin McDermott

I was recently at a luncheon where the topic of conversation was around the possibilities and promise of the IoT. Can a connected world ensure better health and wellness for the masses? Can we bring about a green future with smart energy across the globe? Closer to home, can we help California through the drought?

The possibilities of the IoT are endless and quite exciting. But each day we see reports of data and system breaches – hacked lightbulbs, vehicles, baby monitors, HVAC systems and more. And with each report, every player in the value chain begins to worry more and more about the integrity and safety of their data and their customers’ data, and as a result about the overall viability of their business in the long term.

Federal and other agencies are already stepping in to regulate this increasingly connected world. The FTC has recommended that Congress enact strong legislation to strengthen existing data security enforcement and notification tools on a federal level. Closer to the hearts of many in the embedded world, it’s been reported that new FCC rules may prevent installing OpenWRT, DD-WRT or other third party firmware on Wi-Fi routers and access-points.

Because of the dozens of governmental agencies vying for a lead role in IoT regulation, large companies are already lobbying to ensure that enacted legislation goes their way. As such, we can see that it’s possible that the IoT could actually become an IoT controlled by a few large companies who have ensured that their platforms and operating systems can play, but potentially leaving the rich ecosystem of open source and embedded tools providers/developers out in the cold.

Legislation and regulation are clearly important in the development of new industries, especially one so fraught with security risks as the IoT, but it’s possible to build IoT products that inherently ensure security while leaving the ecosystem open to all players.

One of the best practices recommended by the FTC is “security by design,” building security into an IoT product early in the design process and at each stage of development. We believe this begins in the embedded system.

Traditional embedded systems are largely closed systems, so security has to date been a fairly straightforward challenge. Static-based approaches have been generally effective, but these approaches are generally CPU-centric, binary (with one secure zone / one non-secure zone), and are complicated to implement. They won’t scale to address the sophisticated types of applications and services being enabled by next-generation connected devices and the Cloud. A more scalable and cost-effective approach is required.

The answer is building multi-domain security into the SoC. Such an approach enables multi-tenant services to work on shared hardware, with isolation provided by hardware assisted virtualization. Virtualization allows for data and execution related to one service to be protected from another. By creating multiple secure domains, each application or operating system can operate independently and reliably in its own separate, trusted environment. This means a compromise affecting one service has no impact to the other.

Such a multi-domain separation-based architecture also eases development and deployment of applications and services. With this approach, developers will be able to securely develop and debug code in a virtualized environment, and operators and other service providers can configure devices for provisioning of services in the field.

Imagine a sensor hub in a home. With multi-domain security, virtualized containers can provide the ability to upgrade each sensor individually – be it home security, door and window actuators, lighting control, appliance management, smart meter aggregation and relay, and more. The system can be designed so that manufacturers and operators can later send software updates to the device, and utility companies can query the device for status – all over the air, and with no possible way for the others to be compromised or to access the other data in the system.

Importantly, such a system can enable separation of networking stacks – Wi-Fi and 6LoWPAN (for example) from the applications running in the other containers. The separation-based approach enables each to be isolated so that certifications remain uncompromised, while keeping power and area to a minimum through integration.

To keep the IoT ecosystem thriving, we need to create and apply portable tools at the foundation level for security. This includes trusted hypervisors, secure messaging channels, security firewalls and more – all built for a multi-domain architecture. The open source prpl Foundation is taking this as its mandate with support from leading companies in the ecosystem, and is progressing this through its Security PEG (prpl Engineering Group). Through an approach called OpenSecurity, the prpl Security PEG is creating open standards and APIs that will help ensure a free and open market for everyone in the IoT value chain, while ensuring security of data and information.

This approach doesn’t address ownership of personal data or other privacy issues (there is still room for legislation!) and we can’t stop hackers from practicing their craft. But with a multi-domain approach to embedded security, we can limit the effects of the hackers by isolating their hacks. And we can let the IoT industry develop organically and robustly through the work of a wide range of innovators and technologies.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s