LibrePlanet

by Eric Schultz, Community Manager

I was recently asked to speak at LibrePlanet about my experiences working with the FCC on WiFi radio regulations. I was delighted to speak on the topic and prpl Foundation was gracious enough to send me.

Eric at LibrePlanetFor those who aren’t aware, LibrePlanet is the Free Software Foundation’s yearly celebration of free and open source software. LibrePlanet is a unique conference in that it mixes socially conscious technology users and creators with leaders in the free and open source software space. Attending LibrePlanet works best when you spend most of your time listening, and that’s exactly what I did. It’s fascinating to see how a diverse set of people look at social problems and see how open source software can be used to address those problems. While there I did find time to share some of the interesting work that prpl Foundation is doing; there’s a lot of interest among many parties about how prpl’s work on an open source secure boot and OpenWrt/LEDE could be used by individuals and smaller manufacturers. Continue reading

EEMBC and prpl align to drive use of hypervisors to create security-by-separation for a more trusted IoT

Collaboration to assess performance overhead of virtualization technologies in embedded devices

SANTA CLARA, CALIF – April 4, 2017 – Today the prpl Foundation and EEMBC announced a formal partnership to advance the use of security-by-separation in Internet of Things (IoT) edge devices. By developing an industry-standard hypervisor benchmark, the collaboration aims to shatter the perception that the use of hardware virtualization in low-power embedded devices comes with big performance and energy overheads.

prpl is a community driven, non-profit organization with a focus on enabling the security and interoperability of embedded devices for the IoT and smart society of the future. EEMBC is an industry alliance that develops benchmarks to help system designers select the optimal processors and understand the performance and energy characteristics of their systems. The partnership will see EEMBC’s Markus Levy alongside Art Swift, president of prpl Foundation, co-chair the joint EEMBC/prpl HyperBench Working Group. The aim of the group will be to assess the performance of new lightweight embedded hypervisors paired with System on Chips (SoCs) with hardware support for virtualization.

Hardware virtualization technology coupled with hypervisors can provide improved security through isolation or ‘separation’ of users, tenants, and applications running on a given device. This approach is well understood and widely used in the datacenter, but not traditionally in deeply embedded, resource-constrained systems such as those in the IoT – primarily due to perceptions of performance limitations or associated ‘overhead’. EEMBC and prpl hope to demonstrate that any such limitations are mitigated through new developments and techniques.

The way software or firmware gets assembled today the maker of the device often has little control over all of the components as a whole. By using hypervisors at the hardware level to create security through separation, supply chain security issues could be greatly reduced while preserving the core functionality of the device – even if a security issue arises with another component of the system or it is compromised by malware such as Mirai.

“EEMBC sees value in HyperBench in two ways. The first way follows our traditional model of creating benchmarks to help system developers select the most optimal processing solution for their applications; in this case, HyperBench will allow processor vendors to fairly demonstrate their performance advantages,” said Markus Levy, EEMBC president. “In the second way, HyperBench will help out the industry in general by demonstrating that with advanced hardware assist for virtualization, the performance impact of hypervisors will be minimal.”

prpl and EEMBC members have considerable expertise in virtualization and hypervisor technologies. prpl has based its peer-reviewed Security Framework in large part on this approach, and many of its members are well-versed in deployment of the technology. EEMBC and its members have previously spent considerable time and energy on assessing how the performance overhead of virtualization technologies can be tested or benchmarked. Together the joint working group will create an architecture and operating system neutral benchmark tool to support vendors of processors, hypervisors, and operating systems, as well as their customers – the IoT system designers.

“Security of IoT is not a problem that any one company or entity can solve on its own,” said Art Swift, president of the prpl Foundation. “It will take cooperation at all levels to work towards best practices and developing universal standards. At prpl we are delighted to collaborate with EEMBC to show how a separation-based approach rooted in hardware can create a more secure IoT without significant performance penalties.”

Initial members from prpl of the new benchmarking working group also include Kernkonzept and Imagination Technologies.

About EEMBC

EEMBC is an industry alliance that develops benchmarks to help system designers select the optimal processors and understand the performance and energy characteristics of their systems. EEMBC has benchmark suites targeting cloud and big data, mobile devices (for phones and tablets), networking, ultra-low power microcontrollers, the Internet of Things (IoT), digital media, automotive, and other application areas. EEMBC also has benchmarks for general-purpose performance analysis including CoreMark, MultiBench (multicore), and FPMark (floating-point).  For more information about EEMBC, please visit: http://eembc.org

About prpl Foundation

prpl (pronounced “Purple”) is a community driven, non-profit organization with a focus on enabling the security and interoperability of embedded devices for the IoT and smart society of the future. prpl represents leaders in the technology industry investing in innovation in efficiency, portability and compatibility for the good of a broad community of developers, businesses and consumers. For more information about the prpl Foundation, please visit: http://prpl.works.

Prpl Foundation tackles how to secure the Internet of Things at Embedded World 2017

Not for profit and its members showcase innovation and push the limits of embedded computing

Santa Clara, Calif. – 9 March 2017 – At Embedded World in Nuremburg, 14-16 March 2017, prpl Foundation and several of its member companies will address of the security concerns presented by embedded computing systems as they become more intertwined in our lives.

During two separate presentations on March 14 at the show, prpl’s chief security strategist, Cesare Garlati, will outline and demonstrate how a new separation-based approach anchored in hardware can create the trust needed across the IoT from node to cloud. How We Can Fix Embedded Computing Through an Open Source, Silicon-Layer Approach will take place at 9:30-10:00 and the Interactive Session: How a New Hardware-Based Approach Can Fix Critical Areas of Embedded Computing Security will take place at 14:30 – 15:00.

Continue reading

prplwrt Weekly Meeting – February 23, 2017

Interested in getting involved in prplwrt? Everyone is welcome to join our meetings, every Thursday at 9AM PT. Learn more here!


LEDE

OpenWrt/LEDE merger discussion

ADB update

  • Emanuele Bovisio will be leading the prpl participation from ADB now that Matteo is moving on. Sorry to see you go Matteo but welcome Emanuele!

SCAL Milestone Wrapup

  • Felix is looking forward to the feedback and feature suggestions for future milestones
  • Interested parties should provide a prioritized list of features and changes on Basecamp

CIG Update

Low-level API

  • Eric is finalizing language of the Wifi recommendation
  • Imagination’s Ensigma Wifi group is interested in participating
  • Open question: Should we evaluate IEEE 1905.1 as part of the common API efforts?
  • Wojtek suggests we hold off on sending the final recommendation to the chipmakers until he gets back from the RDK meeting and gets a sense of the RDK-B interest in working together on these efforts.

Software Stack Independent API update

  • On the CIG Basecamp, Eric will post a set of features for a SSI Wifi API he’s compiled from participants.
  • Eric sent out a Doodle for next CIG meeting

prpl Feed for OpenWrt/LEDE

Boardfarm

  • Joao from Altran is looking into Boardfarm and interested in putting their in-house tests into Boardfarm

OpenWrt Summit

  • Summit Committee had a meeting on February 22
  • Split out summit responsibilities between all of the participants
  • Location recommendation report will be made to the Summit Committee at the next meeting
  • Next meeting is March 8, 7AM PT

prpl IoT Conference in Berkeley

  • Initial plan was for middle of May (prior to these notes coming out, the event was delayed until at least June)
  • Co-organized by prpl Foundation, IoTSF and Tech in Business club from Business School at Berkeley
  • Will be a chance for us all to meet face to face
  • Chance to highlight all of the work in prpl
  • Sent out survey to get feedback from folks
  • Looking for speakers and sponsors!

Next meeting is March 2, 9AM PT

(Not so) Random Musings from RSA Conference 2017

Cesare Garlati, Chief Security Strategist, prpl Foundation

cesare-garlati-rsa-sf-2017The world’s great and good of the information security industry descended on San Francisco this week for RSA Conference 2017. On the surface, it looked like more of the same this year.  There weren’t a huge amount of new companies exhibiting this year and the traditional vendors all seemed to be consolidating and streamlining their product lines in attempt to demystify buyers.  It even saw the McAfee brand back this year after a noticeable absence in the previous “Intel Security” era.

What was extremely apparent, however, was a return to the future.  By this I mean the return of focus on securing  the endpoint.  From laptops, desktops and mobile phones, BYOD reared its head again under a different guise – Bring Your Own Anything.  The reason for this is likely the shift to the cloud and away from traditional on-premises offerings, where RSA vendors have typically focused in the past.  This trend has meant that as applications, services and virtual workloads move to the cloud and third parties, the corporate data centre is becoming less and less central to IT budgets.  As such, we are now seeing a trend where established vendors are following suit and looking once again the endpoint as a source of revenue, albeit from a slightly different perspective this time.

This difference comes in the form of Internet of Things (IoT) – which, based on the amount of presentations at RSA this year, is clearly of major significance within the industry.  Kaspersky jumped on the bandwagon and announced its platform for IoT and AT&T, IBM, Symantec and others announced an IoT Cybersecurity Alliance.

RSA Conference 2017
RSA Conference 2017

But is IoT just another buzzword? The scepticism comes from the fact that traditionally, RSA has been a datacenter/network security event.  Granted, network perimeters are changing significantly with the advent of things like the cloud and IoT, but I’m still unconvinced that people can define IoT successfully in this context.  It simply isn’t a problem that traditional network security is going to fix, as evidenced in prpl’s extensive research into how to secure the IoT. We know that security IoT has to start at the hardware level, and that traditional RSA conference vendors have little understanding of this space

It was encouraging to see a large presence by the not for profit Cloud Security Alliance that was poised to tackle the IoT issues and the crowd for the CSA seminar exceeded 1,400 – with queues out of the door for attendance.  Its approach, which advocates open standards, is one which prpl aligns itself with and it is heartening to see everyone coming together in an organised manner to undertake the problems associated with IoT security.

Finally, the last significant observation for me at RSA was the emerging role of identity  as it relates to securing corporate data.  There was a lot of innovation happening around the idea of making passwords obsolete and start-up UnifyID even took the RSA Innovation Sandbox contest with its implicit authentication platform that combines machine learning and the array of devices around us to match our bodies, and more specifically the way we move, to our identities.

It’s innovations like these and the group mentality of coming together to face security issues head on that mean RSA will be successful for years to come. It just needs scratching away at the surface to get to the real innovation: end to end security cloud to silicon.

prplwrt Weekly Meeting – February 16, 2017

Check out the meeting recording on YouTube

Attendees: Eric, Bruce, Felix, Joao, Kathy, Luka, Matteo, Paul, Pedro, Wojtek, and a couple more

SCAL API improvements

  • Felix — project scope implemented and now just awaiting comments and feedback on the implementation
  • handling events and add/remove objects API was last implementation to be completed
    • events: not fancy on system integration; goal to keep first milestone simple
    • json plug-in still caches things that it shouldn’t, but is just an example (i.e., not yet polished, but demonstrates API) — a restart will fix
    • contract will be complete end of this month
  • everyone should begin implementation now so that feedback comes in asap
  • Luka’s team — hasn’t taken a look yet but will soon

Continue reading

prplwrt Weekly Meeting – February 2, 2017

Watch recording on Youtube

Attendees: Eric, Altran, Art, Bruce, Cesare, John, Kathy, Luka, Mauro, Paul, Pedro, Shailesh, Sukru, other callers

Intro – Elder from Altran, newly involved in prplwrt

ADB TR-069 and CM integration with OpenWrt

  • initial tasks completed
  • follow up is ongoing offline

SCAL API improvements

  •  add/remove objects – hopefully ready to test by end of next week
  •  “eventing” – there will be a simple form of eventing that only covers changes made through SCAL
  • if you have further questions, ask Felix (nbd AT nbd DOT name)

Continue reading