You are here

Is the Internet of Things Driving Us Toward a Security Armageddon?

At the Semico Impact conference on November 6th, Kent Shimasaki of Infinitedge led a panel titled “Designing for New World Applications.” The panelists’ discussion revolved around system security and managing power efficiency. Panel participants included John O'Neill, Vice President of Marketing, Skyworks; Grant Pierce, CEO, Sonics; Ron Moore, Director of Strategic Accounts Marketing for PIPD, ARM; and Steve Singer, Director of Systems Engineering, Embedded Security Solutions, INSIDE Secure.

Mr. Shimasaki started things off by asking the panelists what are their customers’ biggest challenges in addressing the Internet of Things? Grant Pierce said that his customers look for the scalability of IP to support integration onto a single IC. With very personalized devices like wearables, you need to exploit every opportunity to extend battery life. For example, it’s not just delivering the most power efficient app, it also involves being able to control the total power budget of a device as it relates to the overall operation. Mr. Pierce said that security has to be raised to appropriate levels, depending on the device, to coincide with an application; the security level for a watch that tells you the time is vastly different from the security in a pacemaker.

Steve Singer of INSIDE Secure noted that security is a generic word, and can have several definitions depending on the use case. He segments security into two categories. The first is protocols to protect data in motion, bits of data that travel from one device to another using some form of communication protocol. The second involves protecting the device and the assets within the device. Internet of Things devices are out in the wild and more likely to be attacked and compromised (as opposed to larger more costly devices like routers that are usually in physically secure locations).

Ron Moore of ARM sees three general demands from customers:
1. Low power processors (from the very smallest that can be swallowed, all the way up to those that power the IoT)
2. Manufacturing processes need to be power efficient for a wide range of devices, from the FinFETs to 180nm/90nm technologies. Even for the mature technologies, we can redo the physical IP to make them power efficient because there are new design techniques that have come into play there.
3. Secure transmission from each of these devices through standards.

John O’Neill of Skyworks noted that the ability to tailor a solution to the customer’s needs is what’s driving this very rapid customization of products. Customization provides a lot of opportunities but also a lot of challenges.
The panel ended with a discussion about security. Mr. Singer talked about the difference between the “normal world”, which includes GUIs and apps, and the “trusted world” where everything is protected. He gave the example of Digital Rights Management for video. At video resolution rates of 720p or above, the Hollywood studios are demanding a hardware component to protect their content. A user browses their device using the normal world with apps. However, when the video content starts streaming, it streams into a trusted world where there’s a protected path through the hardware. At no point is the path compromised; this is accomplished using software application separation. Other security measures that need to be taken for the Internet of Things include:

• key management
• software, secure booting
• secure debug
• runtime integrity checking
• software anti rollback protection
• hardware mechanism to create a “trusted anchor” in the silicon.

Grant Pierce suggested on-chip firewalling at every point in the device where communication could take place; this has to then tie into the trust zone. Ron Moore went further and asked what is really trusted; can we really trust our phones, which have so much critical and personal data on them? Mr. Shimasaki questioned whether we are headed for a security armageddon, with all the billions of devices that will be connected into the Internet of Things? Where is the trust boundary? A layered approach, combined with an understanding of one’s customer and what they’re trying to achieve, will work best.

Mr. Moore summed things up well by stating that we have all the pieces of the puzzle on the hardware side, but what’s missing is a software developer ecosystem. The guys that can develop applications will drive innovation in the hardware as well. There is a need to create an ecosystem that involves the developers, in addition to the IP ecosystem we are familiar with today.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Monthly archive