RSA Conference 2016 – A New Hardware-Based Approach to Secure the Internet of Things

Live Demo: A New Hardware-Based Approach to Secure the Internet of Things
RSA Conference 2016 – Abu Dhabi
November 16, 2016 | 11.20 – 12.10 hrs | Level 1 | Room: Etihad Ballroom 2

rsa-2016-garlati-clip

 

Quick look – This session will address four key elements that have introduced serious weaknesses into the IoT: proprietary systems, connectivity, unsigned firmware and lateral movement. Discussion will showcase a new approach to IoT security demonstrating how SoC virtualization and security through separation can address these vulnerabilities, which have already been shown to have potentially life-threatening consequences.

From hospitals dispensing life-saving drugs, to connected cars – embedded computing is transforming the way we live and work. But underlying weaknesses have introduced potentially life-threatening vulnerabilities into the Internet of Things.

Continue reading

IoT Evolution Wrap Up

UPDATE : Application Note posted at https://prpl.works/application-note-july-2016/

Last week, the prpl Foundation took to the stage at IoT Evolution Expo in Las Vegas to present a workshop on the prpl Security Framework, during which we revealed a demonstration of the framework in practice. It was a series of firsts, as the use of the prplHypervisor™ was put into practice as well as prplPUF™ and prplSecureInterVM™.

Cesare Garlati, chief security strategist at prpl Foundation demonstrated the prplHypervisor™ on Thursday July 14th at 9AM, as part of a prplSecurity™ workshop on the IoT Developer track. The demo was a joint development effort of three key prpl members: Intrinsic-ID, Altran and the Pontifical Catholic University of Rio Grande do Sul (PUCRS).

Garlati showed three virtual machines connecting to the Internet and securely controlling a robotic arm. A MIPS M5150 CPU powers the PIC32 microcontroller to run the prplDSC_5023 hypervisor and thus securely isolates each application in its own virtual machine (VM). VM #1 receives commands from the Internet via Altran’s picoTCP listener, VM #2 authenticates the request via Intrinsic-ID’s implementation of the prplPUF™ API, and then relies authenticated valid command to VM #3, which is responsible for the real time control of the robotic arm via USB. The three VMs are completely separated and communicate within the system via the prplSecureInterVM™ communications APIs.

Continue reading

Open source and virtualization provide a powerful combination for wireless routers

By , Imagination Technologies

Back in March 2015, the Federal Communications Commission (FCC) – a government agency tasked with regulating interstate communications in the United States – issued a security document that included a series of provisions related to the use of wireless devices that operate in the U-NII radio bands.

In essence, the FCC wanted the manufacturers of routers and other networking equipment to provide tightly defined access paths to all wireless transmission devices. Unfortunately, the FCC proposal is likely to result in OEMs locking down the whole firmware of their routers and thus preventing consumers from installing the open source operating system or software of their choice (e.g. OpenWrt or DD-WRT.)

Continue reading

prpl Foundation demonstrates security by separation at Mobile World Congress 2016

prpl Foundation demonstrates security by separation for IoT and other connected embedded devices at Mobile World Congress 2016

Hall 6 Stand 6E30 (Imagination Technologies), Barcelona, 22-25 February 2016

London, UK – 18 February 2016 – The prpl Foundation is demonstrating how an open, hardware based approach provides an ideal foundation for securing Internet of Things (IoT) and other connected embedded devices. After detailing the concept in its recently released Security Guidance for Critical Areas of Embedded Computing, prpl is showing a groundbreaking proof-of-concept demonstration on the MIPS-based Baikal-T1 SoC at Mobile World Congress in Barcelona.

Continue reading

The Journey to a Secure Internet of Things Starts Here

The prpl Foundation announces its visionary document for an open, hardware-led approach to make life-threatening flaws in connected devices a thing of the past

Click here to download the PDFprpl Security Guidance

As the Internet of Things finds its way into ever more critical environments – from cars, to airlines to hospitals – the potentially life-threatening cyber security implications must be addressed. Over the past few months, real world examples have emerged showing how proprietary connected systems relying on outdated notions of ‘security-by-obscurity’ can in fact be reverse engineered and chip firmware modified to give hackers complete remote control. The consequences could be deadly.

A new approach is needed to secure connected devices, which is exactly what the prpl Foundation is proposing in its new document: Security Guidance for Critical Areas of Embedded Computing. It lays out a vision for a new hardware-led approach based on open source and interoperable standards. At its core is a secure boot enabled by a “root of trust” anchored in the silicon, and hardware-based virtualization to restrict lateral movement.

Continue reading

Securing The Internet of (broken) Things: A Matter of Life and Death

If you’re like me you’ll probably be getting desensitized by now to the ever-lengthening list of data breach headlines which have saturated the news for the past 24 months or more. Targeted attacks, Advanced Persistent Threats and the like usually end up in the capture of sensitive IP, customer information or trade secrets. The result? Economic damage, board level sackings and a heap of bad publicity for the breached organization. But that’s usually where it ends.

Continue reading