Securing the IoT from the Chipset Up
April 15, 2019
In this article, we?ll look at virtualization technologies being adopted and what kinds of features and functions are important for increasing security around IoT endpoints.
The breadth of IoT systems is diverse resulting in broad vulnerabilities at the sensor, gateway, and cloud environments. Thanks to the rich history of enterprise cloud computing and applications, securing cloud systems has matured significantly. However, at the sensors and edge, security has been stagnant.
As IoT devices become more sophisticated and intelligent edge becomes more widely deployed, these end devices become attractive targets for attack and entrance into the larger IoT system.
Qualcomm Technologies and Cog Systems recently released the announcement of an interesting partnership where Cog’s security and virtualization software will be available on Snapdragon compute platforms. In this article, we’ll look at virtualization technologies being adopted and what kinds of features and functions are important for increasing security around IoT endpoints.
Embedded Devices and Real-Time OS Roots
IoT devices didn’t just appear recently. These devices have evolved from traditional embedded systems that have been around for over 50 years. Embedded systems have hard real-time requirements and typically employ some kind of real-time operating system (RTOS) although more recently these systems are split into a Linux (non-real-time) environment and an RTOS that handles the time-critical functions of the device. These newer embedded systems typically use a virtualization layer between the chip and the Linux/RTOS environments in order to share the embedded resources on one physical device.
Initially these embedded systems didn’t consider security as a high priority since they were isolated and without connectivity. As embedded systems became connected, there was increased concern, but still proprietary RTOS or “to-the-metal” software embedded in the device made attacks difficult without much value if a breach was achieved, while reducing the BOM cost associated with an additional chipset to support the individual separate RTOS.
Today, an IoT device breach has far reaching financial and threat-to-life implications. Given IoT in automotive, medical, and industrial, the threat is real and must be taken seriously.
Secure Virtualization & IoT Devices
Cog Systems was founded in 2014 from Open Kernel Labs where the focus research area was microkernels and low-level software based technologies. This long-term experience with embedded and mobile devices provided insight into the security risks of this new IoT enabled world.
“Cog started with an embedded microkernel and hypervisor, then focused on security and hardening aspects needed to make devices ready for IoT,” Dan Potts, CEO of Cog Systems described. “We saw that if people continued building their devices with the status quo, if you look at predicted growth trends, there is a huge problem looming due to the massive increase in scale.”
Part of the problem is that many embedded software designs tend to be a monolithic system. Cog recognized early that a more modular design was critical to identify and manage security issues.
In addition, Linux attack surfaces can be large and bypassing security mechanisms isn’t difficult due to familiarity and open source access. As Cog started working with systems integrators, they advanced their enabling technology significantly to address attack surfaces and security issues.
“By leveraging our initial experiences, we are now able to focus on providing more off the shelf mass-market software solutions for IoT device development,” Potts said. “We offer an SDK to help device makers incorporate a secure virtualization/hypervisor based design. It enables them to move from monolithic to modular with the underpinning of a type 1 hypervisor.”
The SDK is known as D4 Secure. The hypervisor provides the first layer. On top of that, there are additional utilities and modules that can be used to build the secure IoT device more easily and securely. The tools include:
- Hypervisor based technology
- Virtual drivers with policy and sharing control
- Device management for over-the-air update
- A suite of security modules: VPN, secure communications, and authentication
The solutions roadmap also includes looking at next generation hypervisor technology to scale from large to small embedded chipsets. The intellectual property in the solution is about maximizing performance while still providing virtualization.
Qualcomm® Snapdragon™ Security and D4 Secure
Snapdragon is a high performance chip that scales from the 200 series to 800 with diverse applications – from simple sensors to smartphones, tablets, robotics, and autonomous vehicles. The security posture of the Qualcomm 855 is especially attractive and it has a number of features relating to IoT and potential 5G connectivity.
The combined solution stack starts with chain of trust and secure boot. The chip supports this with a unique key for each chip. This feature provides the foundation of trust.
The Hypervisor layer relies on secure boot. Once booted, the hypervisor takes over to maintain the security chain. The multi-stage boot process allows updates to the entire software image or individual modules (or virtual machines) on the fly.
Integrity and multi-layer security is also built in. For example, Snapdragon provides the root key, but disk encryption is separate. The applications also have the ability to leverage security utilities, but provide additional keys for independent security.
Consumer/companion robots use cases need high performance for machine learning and visual processing. Usually these things are included with the OS. There may also exist legacy code involving a motor controller for movement. The virtualization stack allows these functions to run on separate VMs on a single chipset. The benefits are cost reduction and footprint, but the modularity also allows for a “divide and conquer” approach to implementing security features and separation of critical functions.
Automotive applications are another area where mixing and matching real-time (power train, driver assist/detection) and non-real time (infotainment systems) systems can be made easier.
The Snapdragon X50 modem provides support for 5G networks and enables true edge computing with reduced latency.
IoT device security has become a critical requirement for today’s IoT. Leveraging new tools and development kits can help reduce learning curves and development time.
Daniel Potts summarized the process of adding security to IoT devices. “It’s exciting for me as an engineer, when we introduce the concept [productized security] to customers. We tell them to start simple – get the hypervisor running under your existing code base. Then separate out or add one thing in a separate VM. Once that simple exercise has been performed, we’ve seen developers go crazy with new and innovative ways to separate and organize their IoT device software. Our goal is to productize security. Cut the attack surface into small, simple things so it’s easy and manageable to address the issues, then implement, test, and manage the devices.”