CloudConnect 云计算大会 China 2016
Securing the Internet of broken things
prplSecurity™ framework across hardware and software components in both single tenant and multitenant use cases
cesare@prplFoundation.org
http://prpl.works/
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
A New Hardware-Level Approach to Fix the Internet of Broken Things
1. A New Hardware-Level
Approach to Fix the
Internet of Broken
Things
C e s a r e G a r l a t i , C h i e f S e c u r i t y S t r a t e g i s t , p r p l
F o u n d a t i o n
2. A New Hardware-Level Approach to
Fix the Internet of Broken Things
Cloud Connect China 2016
Cesare Garlati, Chief Security Strategist, prpl Foundation
3. Securing the Internet of broken things
Source: Remote Exploitation of an Unaltered Passenger Vehicle, Dr. Charlie Miller and Chris Valasek, August 2015
1.4M
FIAT CHRYSLER
RECALLS 1.4
MILLION
VEHICLES
AUGUST 2015
FDA
STRONGLY
ENCOURAGE TO
DISCONTINUE
USE OF THESE
PUMPS - MAY 2015
CHARLIE & CHRIS HOSPIRA
DRUG PUMP
FBI
Reverse engineer
proprietary software to
expose vulnerabilities
[Uconnect 8.4AN/RA4]
Exploit weak
implementations of
network protocols
[D-BUS service port 6667]
Modify firmware and re-
flash image to execute
arbitrary code
[TI OMAP-DM3730]
Laterally move from the
compromised head unit
to the target CAN system
[CAN mcu Renesas v850]
OPEN SOURCE INTEROPERABILITY ROOT OF TRUST VIRTUALIZATION
BOEING
737/800
4. prpl Open Security Framework (prplSecurity™)
prplSecureBoot™
Root of Trust
prplSecureJTAG™
In-circuit Debug
prplInterVM™
Communications
prplHypervisor™
HW Virtualization
prplPUF™
Identity & Key
management
prplSecurity™ framework across hardware and software components
in both single tenant and multitenant use cases
5. IoT Multitenancy Requirements
Provider #1
Commercial Wi-Fi
public hotspot
1
Provider #2
Utility company
eMeter / IoT
21
Provider #1
Base services
LTE/DSL/Wi-Fi
3
Provider #3
pay per view
video streaming
?
Available
to next
provider
6. Multidomain Security
New multitenant use cases – not
just trusted/not-trusted islands
Strong security model perfectly
fits new multicore scenarios
Hypervisor based – does not
require OS modifications
Open source framework and
APIs – no royalties
Reference framework open to
ecosystem partners development
WAN
prplHypervisor™
ISOLATED GUEST ISOLATED GUEST ISOLATED GUEST
prpSecureInterVM™ communications API
AVAILABLE
[Hot Plugin]
Commercial HotspotHome Network
Linux Kernel 3.x Linux Kernel 4.x
Heterogeneous Hardware SoC
prplSecurity™ Framework – Linux Application
7. prplSecurity™ Framework – IoT Application
Ethernet USB / UART
prplHypervisor™
ISOLATED GUEST #1 ISOLATED GUEST #2 ISOLATED GUEST #3
prpSecureInterVM™ communications API
USB / UART
Robotic Arm Control
Real time I/O
Key Management
[Intrinsic-ID]
TCP Listener
[Altran picoTCP]
Ethernet / SPI prplPUF™ API
IEEE SOCC Conference
Sep 2016, Seattle
8. prpl Foundation – Open source non-profit
About prpl Foundation
Truly open community
Heterogeneous open source
Providing guidance
Developing new standard APIs and
reference implementations
Making advanced functionality as
portable as possible
Working with regulators to protect
consumer choice and innovation
Cross-collaboration initiatives
prpl Leadership
Dan Artusi
VP and GM, Lantiq - an Intel Company
Sherman Chen
Vice President Engineering, Broadcom
Matt Grob
Executive VP and CTO, Qualcomm
Jim Nicholas
EVP & MIPS B.U. GM, Imagination
Art Swift
President, prpl Foundation
9. Takeaways
IoT is already here but its security is
fundamentally broken - and could
soon result in human fatalities
IoT security challenges include
proprietary software, connectivity,
firmware updates, lack of separation
A new hardware security approach:
open source APIs, interoperable
protocols, secure boot, virtualization
Security, more than anything else,
will drive the next wave of IoT
adoption1
If the industry doesn’t fix the IoT
security issue, regulators will step in
– and this may hinder innovation2
prpl is leading the charge with
guidance, open source APIs and
reference implementations3