Blogs

Can IoT security win on all fronts?

April 20, 2017

Posted by: Avadhoot Patil

Art Swift, president, prpl Foundation

The Internet of Things is rapidly turning a new generation of products ‘smart’ by adding computing power, network connectivity and sophisticated software. So says Art Swift, president of prpl Foundation.

From cars to routers and drug infusion pumps to drones, they now offer a wealth of possibilities for tech-savvy owners keen to push their device capabilities to the limits. But at the same time there are logical reasons why lawmakers and regulators need to lock down certain functionality – for the safety and well-being of their citizens.

Joseph Steinberg’s recent assessment of IoT security being one of the biggest tech battles that will be fought in the year ahead is very astute and an issue which the prpl Foundation has been helping to settle by working with manufacturers and developers, regulators and educating the public.

While the rules laid out by regulators effectively work to lock down the firmware on consumer devices so it can’t be altered, sending them on a collision course with consumers, there has been little in the way of technology innovation to address this conundrum.

Joseph Steinberg

Joseph Steinberg

But there doesn’t have to be this divide. Regulators can get what they want to be able to control safety aspects and equally, consumers should be able to tweak and customise technology that they buy to get what they want. And it can be done securely.

The problem at the moment is that current IoT systems simply aren’t architected in a way which will allow for this kind of granularity. With open source development, secure boot based on a root of trust anchored in the silicon and hardware virtualisation that are all laid out in the prpl Security framework, it can keep both regulators and consumers happy.

The framework covers three major areas:

With the help of a secure hypervisor it can provide a foundation to containerise each software element, keeping critical components secure and isolated from the rest. Secure inter-process communication allows instructions to travel across this secure separation in a strictly controlled mode.

Building security into the hardware of embedded systems in this way will help regulators lock down specific harmful functions whilst allowing consumers free reign to tweak other parts of their product. Technology advances only if innovation is allowed to thrive. And with a blueprint for an open, hardware-led approach to securing embedded computing, we can finally achieve it.

It’s a win-win for innovation and regulation.

The author of this blog is Art Swift, president, prpl Foundation

Comment on this article below or via Twitter @IoTGN