prpl Foundation reveals vision for a secure Internet of Things

The prpl Foundation, an open-source, community-driven, collaborative, non-profit foundation for driving the next gen of datacentre to device solutions, has announced availability of a new document entitled Security Guidance for Critical Areas of Embedded Computing that lays out its revolutionary vision for a secure Internet of Things. It describes a fresh hardware-led approach that is easy to implement, scalable and interoperable. The prpl Foundation’s guidance aims to improve security for devices in a rapidly expanding connected world where failure to do so can result in significant harm to individuals, businesses and to nations. 

[easy-tweet tweet=”#CloudNews: prpl Foundation has revealed their vision for a #secure #IoT”]

“The Internet of Things is connecting our world in ways not anticipated even a decade ago. This connectivity finds its way into everything from light bulbs and home appliances to critical systems including cars, airlines and even hospitals,” said Art Swift, president of the prpl Foundation. “Security, despite its huge and increasing importance, has so far been addressed in piecemeal and often proprietary ways.

“Given ubiquitous connectivity and the rapid emergence of IoT, the need for a well-designed, structured and comprehensive security architecture has never been greater,” he continued.

Embedded systems and connected devices are already deeply woven into the fabric of our lives, and the footprint is expanding at a staggering rate. Gartner estimates that 4.9 billion connected things were in use by the end of 2015, a 30% increase from 2014. This will rise to 25 billion by 2020 as consumer-facing applications drive volume growth, while enterprise sales account for the majority of revenue.

Security is a core need for manufacturers, developers, service providers and others who produce and use connected devices. Most of these – especially those used on the “Internet of Things” – rely on a complex web of embedded systems. Securing these systems is a major challenge, yet failure to do so can result in catastrophic consequences.

“Under the prpl Foundation, chip, system and service providers can come together on a common platform, architecture, APIs and standards, and benefit from a common and more secure open source approach,” added Cesare Garlati, prpl’s chief security strategist.

The new Security Guidance Document lays out a vision for a new hardware-led approach based on open source and interoperable standards. It proposes to engineer security into connected and embedded devices from the ground up, using three general areas of guidance. These are not the only areas that require attention, but they will help to establish a base of action as developers begin deal with security in earnest.

These areas include:

Addressing fundamental controls for securing devices. The core requirement, according to the document, is a trusted operating environment enabled via a secure boot process that is impervious to attack. This requires a root of trust forged in hardware, which establishes a chain of trust for all subsystems.

Using a Security by Separation approach. Security by Separation is a classic, time-tested approach to protecting computer systems and the data contained therein. The document focuses on embedded systems that can retain their security attributes even when connected to open networks. It is based on the use of logical separation created by hardware-enforced virtualization, and also supports technologies such as para-virtualization, hybrid virtualization and other methods.

Enforcing secure development and testing. Developers must provide an infrastructure that enables secure debug during product development and testing. Rather than allowing users to see an entire system while conducting hardware debug, the document proposes a secure system to maintain the separation of assets.

By embracing these initial areas of focus, stakeholders can take action to create secure operating environments in embedded devices by means of secure application programming interfaces (APIs). The APIs will create the glue to enable secure inter-process communications between disparate system-on-chip processors, software and applications. Open, secure APIs thus are at the centre of securing newer multi-tenant devices. In the document, the prplFoundation offers guidance defining a framework for creating secure APIs to implement hardware-based security for embedded devices.

The report is available at: http://prpl.works/security-guidance/.

+ posts

Meet Stella

Newsletter

Related articles

Data is the key to unlocking investment for emerging markets

It should be clear then that data, and transport data in particular, is crucial to securing the kinds of public and private investment that will take emerging market economies from recovery, towards sustained (and sustainable) growth.

A New Journey to the Cloud

ERP implementation has changed. And for those companies facing the 2027 maintenance deadline for SAP ECC 6, that is good news. In today’s cloud-first, ‘adopt not adapt model, there are no more white boards.

How to add AI to your cybersecurity toolkit 

A successful implementation of AI in cyber defense requires a solid data governance system, reimagined incident response frameworks, sufficient talent and expertise to manage the new system, and established documentation practices.

The Metaverse: Virtually a reality?

Metaverses have the potential to enable virtual worlds to expand beyond the gaming genre to encompass all manner of social and commercial activities.

Cybersecurity and Cloud: A Look Back at 2022 and What to Expect in 2023

Businesses are continuously reassessing their resources and options to fill their tech stack. In this competitive digital landscape, the innovative use of technology will be something that would generate a competitive advantage for organisations.

Subscribe to our Newsletter