IoT, Architectures, And Security

Mike Muller, CTO of ARM, sat down with Semiconductor Engineering to talk about security, IoT market changes, and future technology requirements. What follows are excerpts of that conversation.

SE: Security is a growing problem. How do we deal with it?

Muller: However fast the world is moving, if you look at fundamental hardware and system design, it’s running on a two- to three-year development cycle. And if you look at the devices that have been hacked, it’s five to eight years old. Maybe it was three years old. But there’s a real time lag, and the old stuff doesn’t go away. That’s one of the real challenges.

SE: That’s particularly true for cars, right? The average time people hold onto a car is 11 years.

Muller: People are listening. They are starting to build better products. But this is a story that’s going to repeat itself a lot of times before it becomes old and stale news. There is no sudden, rapid fix. It’s not as if all the devices out there have appalling security. You can buy modern IoT devices that are secure and do handle security well. Everything has flaws. But one of the things we think is important for devices going forward is the ability to make them securely upgradeable in the field. Once you’ve lost control of an IoT device, it’s really important to be able to get that control back. You can do everything you can to try to prevent losing control, but if there is a flaw you need to be able to securely re-flash a device even if you’ve lost control of the application at the top level. Architecturally, that’s one of the important things to press on.

SE: In 7 to 10 years, the state of hacking will be radically different than it is today. Are we looking down the road at more disposable electronics with a more limited lifespan?

Muller: In some ways, it’s the opposite. You have to make sure things are more upgradeable and more protectable. But your environment also has to modify around that. At the moment, if there is an attack, you fix that quite late in the day in terms of building protection against that. The networks that we have today provide fairly dumb pipes until you get close to where the problem is, and then people try to stop a denial of service attack there. What’s missing is a system to allow you to push that back so you have more network protection closer to the edge in a distributed way. The only way to effectively fight these things is to have a distributed defense. What we’ve got today is that once it gets down to some critical part of the core fabric, we try to block it there. Networks will evolve to respond, because however good you make it, when you have 1 trillion devices out there at any one time there will be millions or billions of devices that have been compromised. Whatever system you put in place, however good you make it, there are always going to be compromises.

SE: And you’re connecting devices that may not be as secure as the ones you’re building, right?

Muller: Yes, in 10 years when you look back, they’ll look primitive.

SE: But you also have companies cutting costs and not adding security because it costs money.

Muller: And that’s one of the challenges. Who bears the cost of doing this, because nothing comes for free? And how much do you have to make it compliant with regulations? How much do you have to have some degree of compliance to allow these devices to connect to the Internet? The mobile industry has coped well. They manage their networks very tightly. They control what devices can attach to a mobile network, whereas with an unregulated WiFi network you can attach any device you want. It’s clear that if you have certification regulations you can control, to some degree, the quality. It’s a tradeoff of who pays for that and how much you stifle innovation by preventing random devices from connecting.

SE: What’s your vision of how that will play out?

Muller: You need to push intelligence into the network as well as the devices. Our role is to provide an easy way to deploy a secure platform that allows you to update devices with secure communication and with high-quality provisioning. It’s a question of how you get those provisioning secrets into a device so you can say this really is the device you think it is, the software has been signed by the author, and this isn’t a hacker trying to put into a rogue image—it really is a valid image. Our role is to provide the platform to enable all of that. But we also have to develop as an industry with the network providers so that we can deal with attacks in a more distributed way.

SE: Security can be cumbersome to use, though. Most people don’t like to reset their passwords.

Muller: The only way that changes is failure in the field. That changes attitudes. There will be waves of attacks. So what does it take what they’re doing with the right investment to move up the bar? There is no perfect. It’s a matter of moving up the bar.

SE: Isn’t it all about what’s good enough?

Muller: The challenge is that what’s good enough today may not be good enough tomorrow. So how do you keep that bar moving through time?

SE: What does that do to the user experience? With multi-factor authentication it can be painful to log onto online banking, for example. Will that improve?

Muller: We will only get mass deployment of IoT if we also make it simpler. I may have to do three- or four-factor authentication to make sure I am who I say I am, but once I’m done with that I can control my devices, change all of their passwords and update them. But you will have to have that kind of system to make sure you can control your devices. If you have to go around and individually press the button on your phone at the same time you are pressing the button on a device and running downstairs to press the button on your router to change the password, that’s not going to scale. That’s where we are at the moment. That’s fine for the millions and billions of devices, but you won’t get to trillions of devices if that’s how you manage them.

SE: Let’s change topics. We’ve talked about medical in the past, but it has been slow to pick up. What’s changing that will drive this market?

Muller: When I talked with health care providers and clinicians a few years ago, they said they didn’t know what to trust with consumer devices, and that in the future it would require medical-grade devices. That has completely changed. If I go to my doctor and say, ‘Here are my blood pressure readings for the last two months,’ he doesn’t care how I got those. It doesn’t need to be a medically approved device. He’s quite happy to take any data I can give him to help with diagnosis. There has been a change from, ‘This is medical,’ to ‘Any data I get can help.’ Obviously, if you’re in the operating theater, you have a different level of requirement for certification of medical equipment. But there is starting to be a breakdown of two different worlds that don’t interact, to a world where getting the best outcome for patients uses whatever is available to make that happen. There has been a change in attitude about how you bring consumer devices into a professional world. That opens a lot of opportunities beyond the opportunities in approved medical devices.

SE: That’s a fundamental change. The other piece that goes with this is there is much more data from many sources, which can be analyzed by more sources.

Muller: Yes, and that could be advertisers or your insurance company. So there is all of this data. Now the question is who gets to use it. Do I own my data? Does my doctor own it? Does my health care provider own it? Does the government own it? The answer to that will be very different in different countries.

SE: Are we getting to the point where we can add this level of privacy? And does privacy deter adoption of IoT?

Muller: At the moment, people aren’t making those choices. Those choices are being expressed by providers. I don’t have the ability yet to say I like this provider over this provider because I like the privacy terms of this one versus another. That nuance isn’t there yet. As people become more aware of this data, who’s making money out of it, how it impacts their lives, and whether their data is pushing up or taking down their insurance costs, then that will become part of what the product offering is.

SE: So what you’re looking at is who has the financial stake?

Muller: Yes, and how do they market that stake.

SE: That has always been one of the big fears about the IoT, namely that the more data that’s out there the more people have access to that data. How does that get regulated?

Muller: Our role is to architect platforms that enable users to take ownership of that data. I hope they do. But as with any security system, you can still leave the front door open, however sophisticated your locks might be. Whatever you do to make it possible for people to own their data, they can still give it all away.

SE: One issue that is cropping up with the IoT is you don’t know ultimately what will be connected to what. There are vertical market delineations now, but some of these will go horizontal. Are those breaking down yet?

Muller: At the moment, those walls are vertical. It’s difficult to implement systems and standardization is poor, so you have a value chain that links the service provided to the device providing the data. And they both come from the same organization. When things start to break down is when the service provided and the devices come from different people. Where that is probably going to play out earliest is within industrial IoT rather than consumer. With consumer IoT, you buy a product and a service and they come together. In industrial, whether it’s smart factory or smart city, you have a service provision quite clearly becoming differentiated from who makes the lamppost, who makes the traffic light, who makes the parking sensor detector. You cannot provide all of the pieces. That will drive a lot of the horizontalization of these industries.

SE: There are some IEEE standards groups that are creating basic frameworks for various markets. Security is a horizontal layer across these markets.

Muller: The challenge with security is that it’s not a static thing. So you can do a lot with standardization. But you need to keep it dynamic and figure out a way to improve it over time, rather than creating a minimum-level certification that goes out of date in no time.

SE: Where do you see the bottlenecks in the future?

Muller: Some of it involves how you integrate with existing systems. If you build a brand new city, it’s a very different problem than saying you want to retrofit San Francisco into a world where everything is already there. The operating practices and the computer systems are already there. That’s a very different challenge. That systems integration piece is a bottleneck. You can’t just wave a magic wand and say, ‘We all comply with Standard X so everything talks to each other.’ You have to deal with legacy. Legacy is the bottleneck.

SE: How about on the performance side? Is it in the network, the memory, the processor?

Muller: From a hardware perspective, it’s fairly easy to see what you need and it’s not that expensive to provide it. The extra hardware functionality is not that great. The bottleneck is how you architect secure systems. There are not many people who know how to do that. What we’re trying to do is figure out how can you abstract a lot of the security out of the system and provide it in a platform, so you as a developer don’t need to understand how to build secure systems. The system is secure as you pick up and add around it.

SE: Just like you don’t have to understand Bluetooth to use it?

Muller: Right. But at the moment, the whole systems architecture team needs to understand security, and there are not many people who do. The developer community is one of the biggest bottlenecks. And the only way we’re going to fix that is to develop platforms that enable that, so the developer community can worry about innovating a UI or the business model.

SE: Will that plug in as a separate chip?

Muller: It doesn’t matter if it’s a separate chip or a subsystem within an SoC. They are architecturally very similar, because by the time you get to the apps developer you have to abstract away the horror of the hardware. So the software developer community is a bottleneck.

SE: At all levels, or just at the apps level?

Muller: The OS guys know it, do it, understand it. There aren’t many OS developers. There are tends of thousands of developers working on that level of the stack. It’s the millions of people writing Python and Java that are writing the apps. That’s where the bottleneck is. And at the other extreme, it’s the systems integrators and installers. It’s the people who will install these systems, configure them correctly, and integrate them into the existing world. You need professional services for systems integration at the architecture level, and then it’s about physically installing the systems.

SE: As the industry consolidates, does it solve some of these problems or does that make it worse?

Muller: Not all of the industry is consolidating. In the mobile industry there has been a lot of consolidation over the past 15 years. But with the IoT, there isn’t any industry consolidation. There is phenomenal growth of small companies and big companies. There are all of the industrial providers out there today. If you look at any meeting room, there are a dozen different lighting companies. They’re all becoming IoT providers. And then there are small startups that think they have a better way of doing LED lighting technology. That market is going through a great expansion. But you’re probably not looking at that. We used to call some of this market embedded control. It’s not very exciting to many people and it’s highly fragmented, so it’s hard to pick up on the one big story or one big product or one big technology trend. It disaggregates into lots of different components and players. There is no mobile phone or PC that everyone can talk about. So it’s happening with players you’ll probably never talk to.

SE: This is also the part of the market that is not following , right?

Muller: Yes, but the world doesn’t need 100 million different microcontrollers. It can get by with hundreds or thousands of microcontrollers that enable 100 million different products. The economics become a question of whether you can take standard hardware product, write software and apps, and create the system you want to deploy. It’s not a question of whether you can build a custom SoC. Most of the applications out there don’t need a custom SoC.

SE: Let’s talk about the enterprise space. What’s changing there and how do you see things like neural networking and machine learning coming into all of this?

Muller: It’s a blur between network and servers. It used to be fairly clear between what was the network and what were the servers. As you the number of end points going up, it’s not as simple as cloud and network. People have been pushing communications down the network and closer to the edge. When you look at all the servers in all the base stations, it adds up to a bigger distributed cloud network than what you see in some of the big server facilities. And then there is a push to get more and more out of the computing as you push it into the network. That market is becoming a dynamic market and, for us, that’s a good thing. It’s less about the one standard product.

SE: This is part of the rethinking of edge nodes underway today, right?

Muller: Yes, and there is a limit to how much bandwidth is out there. No matter how small you make your base stations, there is a limit. There is not enough out there to move all of the data all of the time.

SE: This is one of the big shifts. You have distributed processing everywhere, and when you think about edge devices you need to think about security and power and throughput and how to process all of the data.

Muller: And from ARM’s perspective, we’re interested in how you do machine learning in the cloud and in the device. It’s not just about really fast accelerators you can put into the cloud. You have to develop architectures to allow that to scale all the way down to your microcontroller.

SE: So as these paradigms roll out, does that change the mix of what you sell, how you approach the market, and how you interface with the market?

Muller: Yes, the mix has changed over the past 20 to 30 years. But we’ve always tried to offer a fairly wide portfolio. We have three different architectural components. We’re adding vision and other things with it. It’s more evolution, not a sudden change.

Related Stories
What’s Next For IoT Security?
The recent cyberattacks highlighted the security lacking in many IoT devices. Solutions are on the way.
Side-Channel Attacks Make Devices Vulnerable
The number and type of attack vectors are increasing as more of the world becomes connected and vulnerable to hackers.
Cars, Security, And HW-SW Co-Design
Experts at the table, part two: Standards are helping address some issues in concurrently designing hardware and software. More challenges are ahead as automotive electronics and cybersecurity issues enter into the equation.