Prpl Device Security Requirements
This document describes requirements to assure security of CPE Devices. The requirements span both hardware and software components, and their suppliers, such as SoC silicon vendors, BSPs, OEM system integrators, middleware providers, router operating systems, and high-level application developers.
prpl Low-Level API Recommendation Version 1.2
This document identifies low-level APIs recommended by prpl to promote harmonization and convergence among SW platforms.The recommended APIs should be supported by BSPs in order to best leverage the efforts from open-source software communities.
prpl Proposal for Enabling Micro/Internal Services with USP
The CPE WAN Management Protocol (CWMP/TR-069) offered a standard mechanism for service providers to manage their devices remotely, ranging from basic device identification, firmware management or configuration of individual services, but mostly focused on provisioning and activation.
Having a well-established protocol, with a rich set of data-models, it rapidly started to be adopted for other purposes, including analytics, telemetry, troubleshooting and even in some cases Mobile Applications. However, despite the increasing number of use-cases, the solution was not scalable as all communication has to be managed by a central unit the ACS, or alternatively proxied by an intermediate entity often provided by proprietary means.
In order to cope with this problem, USP/TR-369 (the natural successor of CWMP/TR-069) hosts the ability for the CPE to be remotely managed by multiple controllers, whilst also introducing other important optimisation and security mechanisms, such as ACLs. All these additions, resulted into the creation of a solid foundation, named the “User Services Platform”, which enables third-party software companies to build services on top of CPEs managed by ISPs.
Popular use-cases include Wi-Fi Cloud Controllers, enhanced device type recognition capabilities, Smart-Home, Parental Controls and Security related propositions, i.e. a set of services, which typically require significant computing power, seldom available on constrained devices such as the CPE.
prpl LCM Proposal v1.0.A
This document aims to describe how carriers can enable their already existing set of remote managed home-gateways to support the Software Life Cycle Management (LCM) of services residing within their Home-Gateways, whilst maintaining the ability to:
1) Dynamically launch and manage new services without having to replace the existing firmware or breaking core functionalities.
2) Run services in isolated and constrained environments, without coming across security or stability issues.
3) TakeadvantageofstandardizedAPIsandmodulararchitectures,whichpromotereusability and ease of integration across different software stacks.
4) Trigger these operations both remotely and locally.
Prpl High Level API Principles
Customer demand for ever more features has led carriers, manufacturers and retail brands to apply more and more software customization to gateways, access points, and routers.
Unfortunately, keeping all this software customization in sync across different devices and models quickly turns into a technical nightmare. The main reason is the large fragmentation of embedded operating systems and middleware stacks across the different manufacturers and suppliers.
To overcome this, the prpl membership, a diverse group of industry players ranging from carriers to middleware vendors, from manufacturers to test laboratories, has come together to address this issue and finally standardize intra-device communication with a common API and data model.
Smart Home Report 2016
Even just a decade ago, few people could have predicted the impact the Internet of Things (IoT) would have on our lives. Networks of ‘smart’ internet-connected sensors and embedded computers exchanging information with each other may not sound particularly exciting to those outside the technology industry, but the use cases are virtually limitless.
prplSecurity Framework Application Note, July 2016
This technical note describes how to build and run a secure application according to the principles set forth by the prpl Security Guidance for Critical Areas of Embedded Computing – see here. It demonstrates a real world implementation of the multi-domain security provided by the prplSecurity™ framework including: the prplHypervisor™, prplSecureInterVM™ communications, and prplPUF™ APIs.
Security Guidance Report
Security is a core requirement for manufacturers, developers, service providers and other stakeholders who produce and use connected devices.Securing these is a major challenge, and failure to do so can result in significant harm to individuals, businesses and to nations. This guidance focuses on a new hardware-led approach to create stronger security for embedded systems. We propose three general areas of guidance. These are not the only areas that require attention, but they will help to establish a base of action as stakeholders begin addressing security in earnest.