Open security for IoT
March 11, 2016
Let's put aside the hype that's been dogging the IoT market. I know that those billions of predicted IoT devices haven't hit the shelves yet. But if w...
Let’s put aside the hype that’s been dogging the IoT market. I know that those billions of predicted IoT devices haven’t hit the shelves yet. But if we focus on just that, we’re missing the real story.
The IoT wave is indeed happening—not yet in the end markets as expected, but in design houses and product R&D labs around the world. Every company and research group across just about every industry is developing new IoT strategies. The resulting production and deployment ramp-up may be slow, but there’s tremendous momentum around the design start activity. Not to be left behind, the maker community is using its ever growing access to low-cost development boards to tackle projects that just a few years ago would have required large and specialist teams.
As the IoT industry is being created from the ground-up, we need to ensure that we’re selecting the right foundational elements for long-term success. One of the most important considerations is security. Security underpins every aspect of an IoT device, from its initial concept to a lifetime of maintenance, which could be many years. In designing such products, developers must factor in how to protect user information and device data against attacks; make sure that third-party applications are supported and secured; and plan for software maintenance/updates/patches in edge devices.
With the rapid expansion of IoT, we’re seeing the emergence of self-interest specialist groups that are trying to push for closed and proprietary systems, which is a complete anathema to what the industry needs today. If we look at the software industry, we’ve seen the rise of open-source development across the board. It’s been a tremendous force for change, bringing not just new business models, but enabling collaboration across company borders while changing the vendor-supplier relationships.
To be truly secure, systems must be open too. Just like sunlight is considered the best disinfectant, “open security” offers the widest possible exposure across the IoT ecosystem to minimize security risks. IoT developers need open platforms that let them explore product concepts and ideas enabling the greatest freedom of movement. As the industry works toward open, interoperable standards and APIs to drive innovation in IoT, transparency and flexibility are also critical in addressing the security challenges.
To achieve this level of “open security,” the prpl Foundation, created in collaboration with industry leaders like Broadcom, Qualcomm, and Imagination, have formed the prpl Security Working Group to define a roadmap for “open security,” to identify common APIs, and to develop reference implementations. The goal of this group is to promote the development of the prplSecurity framework: a comprehensive collection of open source APIs providing hardware-level security controls such as root of trust, secure boot, secure hypervisor, and secure inter-vm communications.
prplSecurity enables multi-domain security across processors (CPUs, GPUs, NPUs), heterogeneous SoCs, and systems built on these technologies, including connected devices, routers, and hubs. In fact, the group recently announced the publication of a new Security Guidance for Critical Areas of Embedded Computing that lays down guidance for the foundation for these security components. At the recent Mobile World Congress, the prpl Foundation showed how an open, hardware-based approach provides an ideal foundation for securing IoT and other connected embedded devices, with an industry-first proof-of-concept demonstration on a MIPS-based Baikal-T1 SoC.
It’s important for IoT developers to understand that the potential consequences of poor security practices in device development are far reaching. If IoT devices aren’t future-proofed, users can lose their personal and financial data, hackers can remotely takeover devices, and governments and enterprises can be crippled. It’s in the interest of every stakeholder in the IoT and connected-device supply chain to ensure that these devices are designed with longevity and an open security approach.
Kevin McDermott is Director of IoT Segment Marketing for Imagination Technologies. He’s responsible for promoting the company’s class-leading processor, graphics, display, communications, and software IP, identifying future market opportunities and establishing partnerships with OEMs, service operators and technology companies within IoT market segments.