Companies Have Finally Attended To The Development Of IoT Devices And Their Security

IoT is an extremely young segment of the market, just trying to take the first serious steps. Of course, IP cameras and other sensors have been around for a long time, but it’s impossible to call them fully “smart” language.

In this case, one of the problems of the market is, oddly enough, the development cycle, since it includes not only the creation of a physical device, but also the writing of software for it with extremely limited resources. This 20 years ago, several megabytes of memory under the application was the norm. Now, when optimizing resource consumption for users (and developers) is only dreaming, and for top memory products or unreal voracity (hi, Chrome) are normal, they work in conditions of a couple hundred kilobytes of flash memory on an Effective microcontroller seems like a punishment who misbehaved last year.

• But this is not the only IoT issue. It’s not for me to tell you how helpless smart devices are in terms of information security. Beginning in 2015, stories about bot networks with IP cameras, refrigerators and other microwaves periodically appear in the media. Add to this “dish” also “sauce” from all sorts of smart speakers and helpers, such as Alexa or Alice, and we will get a frightening picture; Since the days of the Chinese nouveau cameras, products from Amazon and Yandex have also acquired the ability to make online orders upon request of the owner. In fact, these are features of the new generation of IoT devices and forced the software manufacturers to start working, namely, to strengthen the digital protection lines of our conference boxes and other sensors.

But, as is usually the case with all sorts of standards in the young segment, there is no unity of approach. In the end, the device can be protected in at least three ways: by deploying the IoT cloud management platform, increasing security at the device firmware level and the so-called gateway boundary, that is, protecting the IoT network at the router level. and internal intranet gateway on the border with the outside world.

At least three giant companies from three different segments of the IT market are now working in these areas – they are trying to simplify development and at the same time strengthen digital security lines.

Google SDK and Cloud Platforms

How does the search giant usually do when it comes to entering a market? Well, we all know very well about the tactics of “buy, copy the best, close”, but in the case of IoT devices there is no one to buy. Here we are deserted, only the company ARM towers over this whole wasteland with a rock. So Google went the second favorite way – building a platform and then creating an ecosystem around it.

Google loves self-contained ecosystems. If you omit glaring failures on the path of social networks, the company creates ecosystems and builds communities around them with enviable stability. And most importantly – she knows how to support and develop them. But while it is impossible to show ads through smart refrigerators and other IoT devices, the ecosystem for Google in this direction is interesting only in the long term. This is the Google Cloud IoT platform for processing, analyzing and storing data of smart devices. But this was not enough, because the data from the devices must somehow be removed. Given the lack of a universal standard, this is not so easy.

• That is why the search giant went even the third to its most beloved path and announced its own developer SDK for IoT devices written in Embedded C. Why was this the third typical path for Google? Well, if the search giant cannot “buy and close”, or quickly build an ecosystem, tie it up with already existing services and platforms of the company and run ads, then it releases tools for developers. And waiting. Moreover, the platform as a tool is already there, why not release the SDK?

The product, called the Cloud IoT Device SDK, was developed jointly with ARM, Microchip Technology and NXP Semiconductors. Of course, the open source tool. The goal of the Cloud IoT Device SDK is to assist in prototyping and testing prior to the commercialization of the product. The SDK supports a wide range of microcontroller devices. The advantages of the SDK are that the development is applicable to devices with extremely low power consumption and flash memory from 25 KB. In general, Venturebeat writes that the development turned out to be juicy: the SDK includes compatibility with realtime OS, such as Zephyr, ARM Mbed OS, FreeRTOS kernel (and many others), compatibility with POSIX systems, there is an asynchronous API that allows you to work at all without the OS, but there is also an event scheduler and so on.

• GitHub Repository

What does this mean for the industry? First of all, Google attended to consistent work in this direction. Given the dominant position of Android and the prospects for remote control of devices via smartphones and tablets, the release of a dedicated SDK was only a matter of time.

The fact that manufacturers such as ARM were involved in the work only adds confidence that we will not get another “chrome” that eats as much resources as it is given, and a real workable product that takes into account the specifics of the architecture of modern IoT. The presence of a full-fledged platform and the possibility of “running on the table” of software solutions before their commercial implementation will only increase the level of final products and speed up their entry into the market.

Information security of smart devices

It is difficult to talk about what really does not exist. No matter how much the individual characters are crucified, that IoT-Security is real, we all understand that IoT devices themselves are completely defenseless and are 100% dependent on the network to which they are connected. Actually, because of the devil-may-care attitude to security in the field, we observed hundreds of thousands of botnets from IP cameras several years ago. For example, you can remember the botnet Mirai.

But this issue must be addressed. Earlier, I mentioned Alexa and Alice – these two madam earnestly claim to have access to the credit cards of their owners to order pizza for them or another trinket from Amazon, eBay or Yandex.Market.

On the path of the struggle for security, ARM was again noted.

The Platform Security Architecture Certified project is, in essence, a certification program for IoT devices. There are two ways to use PSA: these are multi-level security schemes and API test suites for developers. To create a PSA, ARM has attracted several independent research laboratories in the field of information security.

The project simply grew from a set of documentation on the topic of IoT security, which contained recommendations for development. However, now there is much more information in the project, for example, models of cyber attacks, documentation on security analysis, certification on the hardware and software architecture of devices, and more have been added.

Another significant project in the field of security IoT has domestic roots, he is engaged in “Kaspersky Lab”. This company chose the most obvious path for itself and drew attention to the vulnerability of intranets mentioned earlier, in which IoT devices exist. The most effective way to protect the network is to defend the “locks with the outside world”, which is what the LK did. Specifically, they are currently working on the IoT Gateway project, which is a firmware for routers and routers. The entire project is based on Kaspersky OS and, apparently, is its subset.

According to the LC prospectuses, direct manufacturers of routers take an active part in the development, who went to conscious cooperation with the company to increase the safety of their devices at the conveyor stage. At a minimum, Advantech, a major equipment manufacturer with whom Laboratories previously collaborated on the KICS for Networks project to ensure information security at work, must participate in the development.

Conclusion

With all the attention of technology giants and other companies to the IoT segment, ARM is the most active manufacturer of microchips, on which all these cameras, sensors and other energy efficient devices work. Now ARM’s dominance and the company’s desire to make the market wider plays into everyone’s hands: it willingly cooperates with Google, hires private laboratories for specific projects and tries in every way to restore the confidence of the general public, which has been badly undermined by the same story with Mirai and other botnets.

However, ARM is not all IoT. The market still lacks medium and frankly unknown electronics manufacturers who wanted to spit on the Google SDK, test tools and security checks and so on and so forth. Kaspersky Lab is doing a serious job, and I am sure that not only they are moving in the direction of increasing the security of routers and routers. But in the developments of LC there is one big problem – its focus, first of all, on the industrial segment, as evidenced by other projects of the company in this direction and the joint past with Advantech. In addition, these commercial products include delivery in a package with the rest of the company’s software, which is not all and need.

How long did we go to the Micro-USB Type-B as a standard charging connector? But not a couple of years of silence and tranquility passed, as USB Type-C came, and Lightining did not disappear at all. In terms of security and the development of IoT devices, a compromise is needed that is comparable to the choice of “standard USB”. That’s just to achieve this will be almost impossible, because now IoT is developing at a pace that any standards become obsolete in a year or two. It is hoped that ARM and Google will be able to consolidate developers around themselves and achieve a certain standard in the development and information security, but then the consumer will face another monopoly, which is already sick.

However, in any case, some kind of movement is better than stagnation. Because IoT is a development for a variety of areas of knowledge adjacent to it, for example, in the field of speech recognition, AI and so on. And behind these technologies is the future.