Prpl Foundation tackles how to secure the Internet of Things at Embedded World 2017

Not for profit and its members showcase innovation and push the limits of embedded computing

Santa Clara, Calif. – 9 March 2017 – At Embedded World in Nuremburg, 14-16 March 2017, prpl Foundation and several of its member companies will address of the security concerns presented by embedded computing systems as they become more intertwined in our lives.

During two separate presentations on March 14 at the show, prpl’s chief security strategist, Cesare Garlati, will outline and demonstrate how a new separation-based approach anchored in hardware can create the trust needed across the IoT from node to cloud. How We Can Fix Embedded Computing Through an Open Source, Silicon-Layer Approach will take place at 9:30-10:00 and the Interactive Session: How a New Hardware-Based Approach Can Fix Critical Areas of Embedded Computing Security will take place at 14:30 – 15:00.

“prpl Foundation is delighted to have such a strong presence this year at Embedded World from not only prpl itself, but its innovative members, from small start-ups to large corporations,” said Art Swift, president of the prpl Foundation. “It’s all about raising awareness about the inherit security issues in the Internet of Things where, in a worst case scenario, these flaws can result in human fatalities. prpl’s proposed new hardware-security model based on open source APIs, interoperable standards and hardware virtualization demonstrates a real life application of these principles to control an embedded device connected to the Internet.”

prpl will be putting into practice its highly acclaimed Securing Critical Areas of Embedded Computing guidance with a ground-breaking demonstration of the prplSecurity™ framework that helps developers, service providers and manufacturers design security for embedded systems from the ground-up. The prplSecurity™ framework is a comprehensive collection of open source APIs providing hardware-level security controls such as secure boot, secure hypervisor, secure inter-vm communications and PUF (Physically Unclonable Functions). Garlati will show the application of the prplSecurity™ framework to a real word scenario: a MIPS 5150 microcontroller (MCU) that controls the movement of a robotic arm connected to the Internet.

“Security is becoming increasingly important to the IoT,” said Rich Hoefle, MCU32 director of marketing at Microchip, the company behind PIC32 microcontrollers. “We are pleased the prpl Foundation security framework has been able to successfully leverage the hardware capabilities of the PIC32MZ platform showcasing that strong security starts at the hardware level.”

“IoT and automotive electronics in particular are placing increasing stringent demands on software and system reliability, safety and security,” said Larry Lapides from Imperas Software. “Embedded World presents an ideal opportunity for end users, vendors and the open source community to come together to collaborate on the critical aspects of embedded computing such as software testing and technology that make up the embedded software ecosystem.”

David Harold, VP Marketing Communications, Imagination Technologies, said: “I expect this year’s Embedded World will be a continuation of the themes of last year; how do we make devices safe and secure; how do we keep pushing capability up while keeping power low; how do we embed ‘smartness’ and then connect that to the cloud? I’m delighted to see that the prpl Foundation and its members are starting to have a broad and credible answer to the fundamental issue of IoT security.”

Other prpl members will be making their mark at the event with their own presentations tackling the advancement of embedded computing systems including:

For a full line up of presentations, including those given by prpl and its Members, please visit: http://www.embedded-world.eu/program.html

To arrange a briefing with Art Swift, president of the prpl Foundation or Cesare Garlati, chief security strategist, or if you’re interested in speaking to any of the companies highlighted above, please contact:

Beth Smith
beth@eskenzipr.com

About prpl Foundation

prpl (pronounced “Purple”), is an open-source, community-driven, collaborative, non-profit foundation targeting and supporting the MIPS architecture – and open to others – with a focus on enabling next-generation datacenter-to-device portable software and virtualised architectures. prpl represents leaders in the technology industry investing in innovation in efficiency, portability and compatibility for the good of a broad community of developers, businesses and consumers. Initial domains targeted by prpl include datacenter, networking & storage, connected consumer and embedded/IoT.

For more information about the prpl Foundation, please visit: https://prpl.works.

prpl Press Contact:
Beth Smith
beth@eskenzipr.com
+44(0)2071832843

(Not so) Random Musings from RSA Conference 2017

Cesare Garlati, Chief Security Strategist, prpl Foundation

cesare-garlati-rsa-sf-2017The world’s great and good of the information security industry descended on San Francisco this week for RSA Conference 2017. On the surface, it looked like more of the same this year.  There weren’t a huge amount of new companies exhibiting this year and the traditional vendors all seemed to be consolidating and streamlining their product lines in attempt to demystify buyers.  It even saw the McAfee brand back this year after a noticeable absence in the previous “Intel Security” era.

What was extremely apparent, however, was a return to the future.  By this I mean the return of focus on securing  the endpoint.  From laptops, desktops and mobile phones, BYOD reared its head again under a different guise – Bring Your Own Anything.  The reason for this is likely the shift to the cloud and away from traditional on-premises offerings, where RSA vendors have typically focused in the past.  This trend has meant that as applications, services and virtual workloads move to the cloud and third parties, the corporate data centre is becoming less and less central to IT budgets.  As such, we are now seeing a trend where established vendors are following suit and looking once again the endpoint as a source of revenue, albeit from a slightly different perspective this time.

This difference comes in the form of Internet of Things (IoT) – which, based on the amount of presentations at RSA this year, is clearly of major significance within the industry.  Kaspersky jumped on the bandwagon and announced its platform for IoT and AT&T, IBM, Symantec and others announced an IoT Cybersecurity Alliance.

RSA Conference 2017
RSA Conference 2017

But is IoT just another buzzword? The scepticism comes from the fact that traditionally, RSA has been a datacenter/network security event.  Granted, network perimeters are changing significantly with the advent of things like the cloud and IoT, but I’m still unconvinced that people can define IoT successfully in this context.  It simply isn’t a problem that traditional network security is going to fix, as evidenced in prpl’s extensive research into how to secure the IoT. We know that security IoT has to start at the hardware level, and that traditional RSA conference vendors have little understanding of this space

It was encouraging to see a large presence by the not for profit Cloud Security Alliance that was poised to tackle the IoT issues and the crowd for the CSA seminar exceeded 1,400 – with queues out of the door for attendance.  Its approach, which advocates open standards, is one which prpl aligns itself with and it is heartening to see everyone coming together in an organised manner to undertake the problems associated with IoT security.

Finally, the last significant observation for me at RSA was the emerging role of identity  as it relates to securing corporate data.  There was a lot of innovation happening around the idea of making passwords obsolete and start-up UnifyID even took the RSA Innovation Sandbox contest with its implicit authentication platform that combines machine learning and the array of devices around us to match our bodies, and more specifically the way we move, to our identities.

It’s innovations like these and the group mentality of coming together to face security issues head on that mean RSA will be successful for years to come. It just needs scratching away at the surface to get to the real innovation: end to end security cloud to silicon.

Prpl interviewed by Share Radio on smart home security

While Cesare Garlati, prpl’s chief security strategist, was in London in December, he visited the Share Radio studios to pre-record an interview on the prpl Smart Home Security Report. His interview was aired on the 13th of December as part of the Share Radio Evening Show.

Cesare Garlati at Share Radio studiosCesare tackles the issue of whether smart homes are as secure as they should be and refers to prpl’s one of a kind global study that found that while there was more adoption of smart devices people were failing to secure their smart home. Jinan Rahma of Share Radio spoke to Cesare and began by asking whether the smart home was a thing of the future and dove deeper into what users should be doing to protect their connected homes.

shareradioThe full podcast is available to listen to here: https://www.shareradio.co.uk/podcasts/are-smart-homes-as-secure-as-they-could-be-13-dec-16/

Prpl takes part in IoTSF discussions on industry collaboration

Last Tuesday the prpl Foundation took part in the annual IoTSF conference in London. Art Swift, President on the prpl Foundation, took part in a panel Tuesday afternoon on “United We Stand; Addressing the Bigger Challenges of IoT Security with Collaboration”. The panel centered around the idea of the building an “Internet of Trust” and how security through collaboration can help. Along with Art, the panel featured John Hayne, chairman of the IoTSF, Paul Wilson of the Multos Consortium, Hugh Boyes of the IET, Idris Jahn from IoTUK and Aapo Markkanen, principle Analyst at Machina Research.iotsf

The panel began by asking each member how they see the IoT terrain changing over the next few years, and how can the current work being done by the IoTSF in promoting best practices in security could help this. The main theme throughout all answers was simple: trust. The IoT needs to invest in a supply chain of trust between manufacturers and consumers,with consumers being able to trust that the security of the products is up to standard, and that manufacturers will take the security of their products more seriously. Continue reading

Alliance between prpl Foundation and IoTSF puts ‘security by design’ at the heart of embedded computing

New collaboration to transform security of the Internet of Things

LONDON, UK – 5 December 2016 – The prpl Foundation and the IoT Security Foundation (IoTSF), two influential not-for-profit organizations working to promote security and openness in the Internet of Things (IoT), today announced that they have entered into a formal agreement to cooperate on projects that put ‘security by design’ into the IoT.  One element of the collaboration, around the IoTSF Self Certification Working Group, will be discussed tomorrow in London at the IoTSF Conference 2016 entitled Building an Internet of Trust.

”The prpl Foundation and the IoTSF share a belief that security is a fundamental requirement to the enablement and adoption of connected devices,” said Art Swift, president of the prpl Foundation.  “We are delighted to work together to advance the many aspects of IoT security to make its widespread use less risky so consumers can use the IoT to its full potential safely.” Continue reading

prpl Foundation and CABA create important alliance to advance smart home security

Open source foundation joins forces with leading smart home and building organization

November 28, 2016 – SANTA CLARA, CA

Today, the not for profit prpl Foundation, an open-source, community-driven, collaborative, foundation with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures, announced a significant collaboration with the Continental Automated Buildings Association (CABA), an international not-for-profit industry association dedicated to the advancement of intelligent home and intelligent building technologies. The mutual alliance will see both membership groups working together on research projects and whitepapers to improve standards in smart home security.

“prpl’s alliance with CABA is an incredibly important step in the advancement of smart home technology,” said Art Swift, president of the prpl Foundation. “By collaborating with CABA’s wealth of smart home security experts and members, we will work together to provide high quality research and guidance that will push IoT industry standards to make sure that consumers are kept safe as connected device usage in their homes grows.”
Continue reading

RSA Conference 2016 – A New Hardware-Based Approach to Secure the Internet of Things

Live Demo: A New Hardware-Based Approach to Secure the Internet of Things
RSA Conference 2016 – Abu Dhabi
November 16, 2016 | 11.20 – 12.10 hrs | Level 1 | Room: Etihad Ballroom 2

rsa-2016-garlati-clip

 

Quick look – This session will address four key elements that have introduced serious weaknesses into the IoT: proprietary systems, connectivity, unsigned firmware and lateral movement. Discussion will showcase a new approach to IoT security demonstrating how SoC virtualization and security through separation can address these vulnerabilities, which have already been shown to have potentially life-threatening consequences.

From hospitals dispensing life-saving drugs, to connected cars – embedded computing is transforming the way we live and work. But underlying weaknesses have introduced potentially life-threatening vulnerabilities into the Internet of Things.

Continue reading