The prpl Foundation has come up with a solution that demonstrates how an open, hardware based approach provides an ideal foundation for securing Internet of Things (IoT) and other connected embedded devices.
After detailing the concept in its recently released Security Guidance for Critical Areas of Embedded Computing, prpl showed a proof-of-concept demonstration on the MIPS-based Baikal-T1 SoC at Mobile World Congress in Barcelona recently (22-25 February 2016).
In addition to security, the technology opens up opportunities for operators and service providers to provision new services and applications to their customers. For example, home gateways and other devices can be designed with distinct containers to enable add-on services such as home automation, health monitoring, security and more.
The prpl Foundation’s guidance aims to help developers, service providers and manufacturers design security for embedded systems from the ground-up, starting at the hardware level root of trust that is impervious to attack, and establishing a chain of trust for all sub-systems.
It utilizes open source methods whereby SoC, system and service providers can come together around a common architecture, APIs and standards to benefit from a more robust approach.
“The IoT and the emergence of new categories of connected devices hold a great deal of promise for everything from agriculture to health and wellness to the connected home, smart cities and beyond,” said Art Swift, president, prpl Foundation.
“While it is easy to get wrapped up in the excitement of the possibilities, we must not forget the potential consequences of poor security practices in device development. From theft of personal information and financial data to remote takeover of devices which could bring harm to the public, it’s in the interest of every stakeholder in the connected device supply chain to ensure that these devices are designed first for security.”
prpl demonstrated an early prototype of the prplSecurity framework running on the Baikal-T1 SoC from Baikal Electronics, which leverages a MIPS Warrior P-class CPU with hardware virtualisation technology.
The prplSecurity framework is a collection of open source APIs providing hardware-level security controls such as root of trust, secure boot, secure hypervisor and secure inter-vm communications.
This was one of the first public demonstrations of hardware enforced multi-tenant OpenWrt, the Linux distribution at the heart of most of the world’s home gateways. The prplSecurity framework enables multiple OpenWrt instances to run in parallel on the Baikal hardware, leveraging the power of virtualisation to create distinct secure domains.
Applications and operating systems can operate independently and securely within these domains, eliminating the possibility of lateral movement attacks within the system. All of this can be achieved efficiently thanks to powerful hardware-level virtualization support in the MIPS CPUs.