Remedies for the Broken IoT Ecosystem
Welcome to the inaugural post of prpl Matters – an ongoing series of perspectives by myself and other prpl Foundation members, addressing the challenges of bringing the Internet of things (IoT) ecosystem to fruition. The posts will address how technologists from a range of sectors and business interests can more rapidly move toward far greater success through collaborative efforts on key underlying areas of interest and value to all.
The over-reported promise of IoT technology is stuck in first gear. Lack of basic standards makes the days of designing compatible add-in PC adapter cards look like a picnic. If all this web-connected stuff is going to work together, this modern day Tower of Babel must be overcome. Fragmentation of connectivity solutions along with multiple OSs, topologies and security approaches are bogging innovation to a crawl.
Toward Everything Connected
New cities, such as Songdo International Business District in South Korea are IoT-enabled from the start. Traffic signals, power grid, water, sewer, and most of the region’s infrastructure are now web-connected to track and manage the systems.
Perhaps more significantly, people are now becoming used to machine-to-human communication. What’s different is machines are actively communicating with us and generating Internet data we can use. All this data becomes indexed, just as pages of the New York Times are. Today the cloud perhaps knows more about me than I know about myself. We’re basically becoming a cluster of servers ourselves.
Integration and data mining are desirable to make sense of the data we’re generating. Big Data will allow for improved business practices, automation and machine learning at unprecedented levels. Silicon footprint and costs will go down as will cost of ownership, as devices become pervasive. So far so good.
The Security Gotcha
On the other side of the race toward pervasive connectivity are challenges around security and privacy, data integrity, and reliability – all resulting in higher costs – a classic battle. Unfortunately, creators of today’s connected devices and systems aren’t thinking about overcoming these issues as a primary need.
The popular belief is that the industry can commoditize quickly, as most industries do. However, in the case of IoT, personal data is being handled, and recent snafus such as those at Target and Home Depot, show that the industry is not paying enough attention to security.
Today there are no regulations saying that systems must be segmented from one another. Home Depot’s $110M account hack was caused by failed segmentation and a lack of manual intervention. Enterprise losses due to cloning of hardware and software were in excess of $10 billion in 2010. The value of portable device IP content is beyond estimation.
This isn’t news, but as an industry, we are continuing to build what’s been termed a hacker’s playground. A digital Armageddon is approaching, and not enough is being done to prevent it.
Remedies That Work
Only in one tech industry segment – set-top boxes – does security come first, and this is because IP content must be protected when distributed. The IoT ecosystem can learn from this. In fact, unified architecture approaches are essential to effective security solutions, and to limiting siloed design behavior.
Firstly, IoT security must be embedded. There’s a popular belief that software alone can protect the system. This is simply not true. There’s underlying hardware (CPUs with virtualization hardware, e-fuses, root-of-trust, trusted execution environments, secure elements, crypto boundaries and more) which are essential building blocks that must be in place in order to secure the whole system. Of course there’s variability in this – security only needs to be as strong as the data you’re protecting. Over-engineering it will lead to wasted costs; under-engineering it will lead to excessive costs. That’s security rule #1.
Secondly, once platform security is established, a robust boot mechanism is put in place in software, with the help of ROM, key management, and a trusted execution environment. The process starts with a bootloader (which is in read-only memory) which successively loads the next process after hash verification (generally involving initialization of hardware and I/O), followed by successive stages (all hash verified) until the operating system is loaded.
Finally, we need to create and apply portable tools at the foundation level for security. This includes secure hypervisors, secure messaging channels, security firewalls and rules, and even possibly a network element. Let’s build them!
I’m often asked if embedded security can be compromised. For example, can ROM be replaced? Yes it can! But this comes at a cost that is quite prohibitive. That said, if the data that is being protected exceeds this cost, sometimes other protection schemes such as Physical Unclonable Functions (PUFs) need to be put in place. PUFs act as a digital fingerprint, inherent to the hardware memory cells.
Virtualization is Key
Virtualization itself isn’t a novel solution. Multicore virtualization is widely used and accepted in the data center to maximize hardware use. Its use allows for multiple environments to sit isolated next to one another, and yet share resources. The same architecture can be scaled down to IoT with the same premise – multi-tenant services enabled on shared hardware, with isolation provided by virtualization. CPUs such MIPS Warrior cores already enable virtualization all the way down to the microcontroller with the M5150 CPU and all the way up to networking and high-end consumer equipment with the I6400 and P5600 CPUs.
And while separate processors or processing entities could also create a secure environment (generally the mode accepted by banks and content providers), this drives up costs. With so much data being processed in the secure parts of the system now, the security subsystem requires a more “elastic” processing engine than just fixed function hardware. Hardware virtualization allows for this elasticity, allowing the security subsystem to scale up or down depending upon needs.
Virtualization allows for data and execution related to one service to be protected from another. This means a compromise to one service has no impact to the other.
The beginning of this must occur deep inside the architecture. There’s no way of solving this at the software layer alone. Designers should start with an understanding of what assets need to be protected and ensure the necessary building blocks are there to support virtualization. Expect that your hardware will be used in multi-tenant environments in the future!
And this is where prpl comes in. prpl is an open-source, community-driven, collaborative non-profit foundation targeting and supporting the MIPS architecture—and open to others—with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures. prpl represents leaders in the technology industry investing in innovation in efficiency, portability and compatibility for the good of a broad community of developers, businesses and consumers. Initial domains targeted by prpl include datacenter, networking & storage, connected consumer and embedded/IoT.
So where are we heading? The way forward for major IoT breakthroughs will come from industry agreements on independent portability, security and virtualization. Bringing this type of virtualization-based security technology to a wide array of devices is essential – if the IoT is not secure, it will have barriers to implementation and adoption.