More feature stories by year:
Return to: 2016 Feature Stories
CLIENT: PRPL FOUNDATION
May 11, 2016: EE Catalog
By Art Swift, prpl Foundation
Collaboration is a powerful change agent for good for embedded security, device interoperability, and software portability—and that's just for starters.
To catch EECatalog readers up on the initiatives of the prpl Foundation, a collaborative open source community that is driving innovation in areas ranging from big data, cloud computing and analytics to embedded devices, IoT hubs and residential gateways, I've come up with a set of questions—ones I hope you will find similar to one or more you might have posed. I'll begin with question and answer sets related to recent news from the prpl foundation, but you will also find information helpful to anyone not yet familiar with the organization and its key objectives at the end of this article.
Our "Security Guidance for Critical Areas of Embedded Computing" report lays out a vision for a new hardware-led security approach that is based on open source and interoperable standards. It proposes to engineer security for connected and embedded devices from the ground up, using three general areas of guidance.
First, we are addressing the fundamental controls for securing devices. This includes a trusted operating environment enabled via a secure boot process that is impervious to attack. This requires a root of trust forged in hardware, which establishes a chain of trust for all subsystems.
We have also outlined the need for a Security by Separation approach in embedded systems. This approach—already proven to protect computer systems and their data—can enable embedded systems to retain their security attributes even when connected to open networks. This is based on the use of logical separation created by hardware-enforced virtualization, and also supports technologies such as paravirtualization, hybrid virtualization and other methods.
Finally, we believe it's important to support secure product development and testing, with an infrastructure that enables secure debug. Rather than allowing users to see an entire system while conducting hardware debug, the document proposes a secure system to maintain the separation of assets.
Through focusing on these three areas, stakeholders can take action to create secure development environments, operating environments and APIs in embedded devices.
The reaction to our peer-reviewed Security Guidance document has been overwhelmingly positive, with comments from the reviewers on the comprehensiveness of the report, and the helpful nature of the highlighted case studies. The VP of engineering of one leading broadband and connectivity group indicated that by "using detailed examples of recent hacks in embedded computing…the reader is taken step by step though weaknesses and shown how they can be overcome using methods like root of trust, secure boot process, separation of duties and secure development and testing."
Yes. We are seeing the rapid rise of a new generation of smart, connected products that feature computing power, network connectivity and sophisticated software. And while it's logical that lawmakers and regulators must lock down certain functionality of these products in order to ensure the safety and well being of their citizens, this has the potential to stifle innovation.
In our Security Guidance document, we outline how open source development, secure boot based on a root of trust anchored in the silicon, and hardware virtualization can keep both regulators and consumers happy. By building security-by-separation into the hardware of embedded systems, regulators can control specific functions under their regulatory purview, while allowing consumers free reign to tweak other parts of their product.
Take, for example, regulations that the FCC is considering for the domestic router market. The goal is to prevent users adapting their devices in a way that could interfere with the device's Wi-Fi capabilities. Since radio frequency parameters are controlled in drivers inside the Linux kernel, the only way to guarantee that a third party—or the router owner—can't touch the Wi-Fi in these devices is to prevent modification or replacement of the driver itself. This effectively means restricting modifications to the OS as a whole—locking down the entire system.
This is bad news for home Internet users who could otherwise leverage open source operating systems like OpenWRT (the Linux distribution at the heart of most routers) to add new functionality —for example a print server or parental control application.
The way to solve this challenge is by containerizing separate software components at a hardware level. In this way, the FCC could enforce control over the elements that manage radio frequency parameters, and consumers have the ability to modify other functionality in the router. With such an approach, we're preserving the rights of the consumer, addressing regulator concerns and protecting innovation—which occurs when current technologies can be tweaked and adapted.
Collaboration not just within the prpl Foundation, but across the entire industry, is the key here, as this infographic shows. With the IoT, more and more devices will be deployed to monitor and collect data in just about every environment from homes to cars to farms to hospitals and beyond. The sheer amount of data that will be generated by these billions of devices is staggering. Finding new ways to analyze and synthesize this 'Big Data' presents an enormous array of opportunities on which companies, organizations and individuals across the world are looking to capitalize. But there are many challenges in the realization of this vision. 'Marrying the IoT with Big Data' requires that we solve challenges such as embedded security, device interoperability and software portability. Many of the projects on which prpl is focused are aimed at helping the industry to realize this vision.
We're focused on enabling next-generation datacenter-to-device portable software and virtualized architectures. As such, the Foundation brings together a variety of new and existing community open source projects to help address these issues.
One of these existing open source projects is OpenWrt—an important community project that is attracting a great deal of new interest from network operators and manufacturers of residential gateways and CPE systems. The goals of our prplWrt PEG (prpl Engineering Group) are to provide active support to the existing OpenWrt community while helping to define and implement a set of new carrier-grade features which will expand the reach and use of OpenWrt. These features include such items as carrier-grade containers, secure updates and better package management for next-generation residential gateways.
Driving better embedded security is a key objective for prpl. Our Security PEG is defining an open software security framework and methodology for secured and authenticated virtualized services. The group is developing a security roadmap and related open APIs that will lead from today's software-virtualized solutions to full hardware supported virtualization. This will enable multi-domain security across processors, heterogeneous SoCs and the systems built on these technologies.
Another key initiative is around the principle of portability. To help avoid fragmentation across products – a real risk with the dawn of the IoT—it's key that the ecosystem reduce its dependency on instruction set architecture (ISA) compatibility. We believe that code should be written once, and deployed to many devices – regardless of architecture. By pushing portable software (JITs, emulation, binary translation), prpl enables developers to innovate on their core strengths.
Our prpl.works online community—by and for open source developers and users—has already reached over 40,000 developers worldwide. Some of the key subgroups in which prpl and community members are engaged include prplSecurity, Android MIPS, Linux MIPS, prplWrt (supporting OpenWrt), OVP (Open Virtual Platform) and QEMU for developers needing Quick Emulator and virtualizer technology.
The prpl Foundation currently has more than 25 members comprised of companies and individuals that design and market wireless telecommunication products and services, data storage solutions, virtual platform simplification, cloud based security services, analog and digital semiconductor connectivity solutions, and more. And there are a number of leading global higher education institutions as well. The members are all leaders in the technology industry investing in innovation in efficiency, portability and compatibility for the good of a broad community of developers, businesses and consumers.
Art Swift is president of the prpl Foundation. He has more than 20 years of marketing and executive management for semiconductor and processor IP companies and has spent most of the last decade building innovative chips and IP for the mobile PC, tablet and smartphone industries. He holds a Bachelor of Science degree in electrical engineering from Pennsylvania State University and is a co-inventor of three U.S. patents. firstname.lastname@example.org.
Return to: 2016 Feature Stories