New working group to advance IoT security and produce digital chain of trust framework
SANTA CLARA, CA — The prpl Foundation, the open-source, community-driven, collaborative, non-profit foundation with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures, today announced the formation of the Trust Continuum working group. The new prpl initiative will be chaired by Nick Cook, CIO of digital trust specialist and prpl member company, Intercede. The purpose of the Trust Continuum is to provide the guidance, APIs and framework needed for developers and manufacturers to establish end-to-end trust in embedded devices, critical to the security of IoT.
“In a highly connected world, it is vital that a chain of trust can be established from the silicon of an embedded device right through to the provisioning of the service itself in order for mutual trust to be achieved,” said Art Swift, president of the prpl Foundation. “We call this the Trust Continuum, and it ensures the high integrity of these digital exchanges required to stop malware or other subversive actors from compromising them. This trust is a critical element missing from IoT as it stands today and why threats, such as the Mirai IoT malware that has infected nearly half of a million devices, have been so successful.”
The Trust Continuum working group brings together numerous prpl member companies including Intercede, Intrinsic ID, Imagination Technologies, Kern Konzept and Synopsys to define the “trust” stack that must be achieved to then break it down into the APIs needed within an embedded device. Once the APIs are agreed, the Trust Continuum group will define the interface specification to enable interoperability between the different components of an embedded device and cloud services.
“IoT will become ubiquitous and has the potential to dramatically change the way we live our lives. But if the security of IoT is not properly architected, the invasion into our privacy and the threat to our safety by malicious actors could cripple the connected society,” said Nick Cook, CIO of Intercede and chair of the prpl Trust Continuum working group. “An open and interoperable Trust Continuum is at the heart of securing these systems, enabling strong digital trust to be built between entities and importantly enabling the management of trust relationships securely throughout the lifetime of devices.”
Art Swift presented “Building Trust Continuum in the IoT” at the Intrinsic ID Security Summit that took place on Monday, 24th October in Mountain View, California.
prpl (pronounced “Purple”), is an open-source, community-driven, collaborative, non-profit foundation targeting and supporting the MIPS architecture – and open to others – with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures. prpl represents leaders in the technology industry investing in innovation in efficiency, portability and compatibility for the good of a broad community of developers, businesses and consumers. Initial domains targeted by prpl include datacenter, networking & storage, connected consumer and embedded/IoT.