Software is becoming more critical and complex, and it is becoming central to design and security.
IoT software is becoming much more sophisticated and complex as vendors seek to optimize it for specific applications, and far more essential for vendors looking to deliver devices on-time and on-budget across multiple market segments.
That complexity varies widely across the IoT. For example, the sensor monitoring for a simple sprinkler system is far different than the preventive maintenance in a sophisticated smart factory. But unlike initial IoT devices, which were unsophisticated chips with basic functionality, the new devices can include everything from operating systems and software frameworks, to network protocol stacks, middleware, firmware, AI/ML, and more. Some designs include a full software stack, while others may deploy only one or two levels of software. And in some cases, different levels can be combined, such as a middleware framework that is plugged into the operating system.
Adding to the complexity, vendors are being much choosier about where data gets processed for both performance and power reasons. Processing closer to the source of data is much more efficient, but it also requires a more complex software framework.
“A framework, working in conjunction with the OS, would allow easy plug-in and chaining of the multiple data processing steps that may be required to extract information or insights from the raw data acquired by the device,” said Prakash Madhvapathy, director of product marketing for Tensilica audio/voice DSPs at Cadence. “There also can be times of network outages when the device may not be able to transmit the raw data. Processing the data with signal processing algorithms to extract salient features and events in the data is more valuable in providing insights than the raw data itself. Transmitting these features to the cloud takes much less energy than sending raw data. With billions of IoT devices expected to be in operation over the next decade, IoT software has a large role to play in keeping our planet green.”
Software plays a central role in AI/ML, as well. “Detection and signaling of such conditions can make intervention or pre-emptive action possible by warning about potential undesirable outcomes. Delay or latency in this detection and signaling can make the difference between a successful or ineffective operator intervention. Hence, it is best to run these ML algorithms on the device rather than in the cloud,” Madhvapathy noted. “Here, current machine learning models for condition-based monitoring are simple and small, and can predict gross failures before they happen. As time goes on, the desire to catch the onset of any mechanical failures well before they happen will lead to more sophisticated models, requiring more compute power and better memory management. Software to manage this will necessarily grow in complexity.”
At the supervisory software layers, in the paradigm of Factory 4.0, IoT devices autonomously monitor and control the factory processes, thereby reducing human intervention and striving to eliminate human error. “The swarm of IoT devices are managed via the cloud or an on-premises edge processor. Supervisory software running on the edge processor help the human operator with visualization of the states of individual and the swarm of IoT devices, for monitoring and control of their operation. Via this software, the operator sets policies and limits for the devices to adhere to. Typical supervisory software is built on web technologies embellished with a convenient graphical user interface,” he added.
At the operating system level, there may be an OS designed specifically to manage limited resources, including power, memory, and other resources to enable data transfer in an efficient manner.
“The perfect OS is lightweight, resource-efficient, and supports over-the-air (OTA) updates,” said Frank Schirrmeister, vice president of solutions and business development at Arteris IP. “Security and privacy features in an effective OS would include encryption, authentication, access control, and various communication protocols, such as MQTT, CoAP, and HTTP. Some examples of IoT operating systems are TinyOS, Contiki, RIOT, Windows 10 IoT, Android Things, Ubuntu Core, Fuchsia OS, Tizen, and FreeRTOS. There are a lot of discussions these days about Matter and Thread as communication mechanisms to ensure interoperability between different vendors.”
Another consideration is that a typical IoT device is connected to a network, but it also performs sensing or control functions. An operating system can greatly ease the development of software that coordinates these tasks.
“Operating systems typically supply the base networking functions, as well, and allow for higher-level protocols to be plugged in to complete the communication stack,” Madhvapathy explained. “By adhering to standards-based communication protocols, the device will maintain compatibility for plugging into a large variety of networks. Further, the typical OS includes a scheduler that can time-multiplex all the tasks on the CPU or DSP, such as data acquisition, logging, processing, inferencing, controlling, as well as communicating. The OS also supplies device drivers for commonly used peripherals. That said, it is possible to eliminate the OS entirely and implement all functionality with bare metal code. But this would make all but the most trivial IoT systems inflexible and unserviceable, and likely take an exponentially long time to deploy. On the other hand, an OS makes for rapid deployment and relatively pain-free field serviceability. An OS pays for itself, and more.”
Deployment considerations
The key to IoT software deployment is to create a design that supplies what is needed, but which is scalable with reusable IP whenever possible. Ideally, this is small footprint software that is efficient and low power. OSes can be useful for the right applications, but the tradeoff is they’re not always the most efficient solution. And above all, the design must be secure against all kinds of cyberattacks.
Scalability is also highly important in IoT software, and is one more consideration. It’s not unusual for IoT deployments to start out small and grow over time. As a result, supervisory software needs to be scalable, and it needs to be cognizant of different versions of hardware in the field as new devices are introduced over time.
Balancing act
Some IoT chips have embedded software built in already. Adding more software depends on what is already there, and what the needs are for a particular application
“There are a few factors that will influence the balance between running firmware and connectivity stacks on an IoT connectivity device versus running it cooperatively with a host microprocessor,” said Brad Rex, director of systems and solutions at Renesas. “If the host MCU is limited in resources such as flash and RAM, then it makes sense to offload the host MCU and use the capabilities of the IoT connectivity device to handle wireless communications. This assumes that the connectivity device has the capability to run in hosted and host-less modes. Another factor that could push more of the connectivity software toward the host MCU would be usage of networking stacks built into RTOSes like AWS and FreeRTOS. If you are making use of these stacks for other networking services like Ethernet, then it will be easier to treat the wireless connectivity device as a transceiver only and use the host MCU to maintain network connectivity. This could be beneficial if you have situations where your product has multiple connectivity options (Ethernet, Wi-Fi, cellular) that are based on a common networking protocol like IPv4 and you are implementing a fallback mechanism in case one fails. In this situation, you’d want to maintain your networking protocol but just change the low level physical layer.”
Further, system performance is more than just being fast. Overall efficiency and power saving is also important.
“Higher power efficiency and high communication bit rates are two main goals IoT developers are trying to achieve,” said Geoff Tate, CEO of Flex Logix. “Using eFPGAs will make the task of software development easier. For example, Morning Core, a subsidiary of Datung Telecom, has used eFPGAs in an SoC to increase communication efficiency in automotive IoT. Additionally, by combining eFPGA and DSP IP, 5G radio unit developers are able to deliver higher bit rates at lower cost and power.”
IoT endpoints must be affordable while consuming as little power as possible, so it is crucial to balance these requirements. “In addition, the system aspects, i.e., how the various endpoints interact with computing at the different edges and the data center, including where to store data, are vital considerations,” said Arteris IP’s Schirrmeister.
Cybersecurity is critical
There is no end to the cyberattacks on IoT and other targets. Those attacks continue to increase in both frequency and degree of disruption. A successful attack on a smart sensor or gateway may lead to compromising the entire network. Ransomware traditionally locks up victims’ files and demands a ransom. Doxware (doxing ransomware), another form of ransomware, goes one step further of releasing the stolen confidential data if the ransom is not paid.
There also are no consistent ways to deal with security, or any regulations to ensure that at least some security will be included in devices.
“The lack of even basic requirements that manufacturers must meet to provide secure products means there’s a huge range of approaches and expectations for security,” said Mike Borza, a Synopsys scientist. “Many of the highest-volume, lowest-cost products are among the least secure and most poorly set up to address vulnerabilities as they are found. Bigger vulnerabilities arise when these ill-prepared devices are introduced into parts of the network where security breaches can do the most damage. These devices become the weak links that can be exploited as the port of entry for more ambitious attacks on nearby devices in the network. These kinds of escalating attacks are seen over and over, starting with a low complexity compromise as the staging point for a more involved attack.”
AI, and particularly generative AI, raise the threat of a breach to a whole new level.
“We’re already normalizing extending our local environment to the cloud by connecting local agents to much more powerful AI in the cloud,” Borza continued. “So it’s reasonable that these tools will be used in the next few years. They bring with them their own complex risks and vulnerabilities, and new opportunities. A great tool for both defense and offense would be a ChatGPT-style vulnerability scanner. ‘Tell me about the unpatched vulnerabilities in the network near me.’ ‘How could an attack on that succeed?’ ‘Help me fix that.’ ‘Help me exploit that.’”
Fig. 1: The smart factory is interconnected. When a note such as a sensor or a machine is hacked, the whole enterprise may be affected. Source: GlobalSign and ABI Research white paper.
Overall, the chip industry is getting serious about IoT security. In particular, the Trusted Computing Group (TCG) has published industry-wide hardware/firmware standards, the Device Identity Composition Engine (DICE), which provides cryptographical device identity and device attestation for IoT devices. The final draft of the TCG DICE Protection Environment Specification is now available for public viewing.
Given the many considerations in IoT security, where to start? Scott Morrison, vice president and general manager, Embedded Platform Solutions at Siemens Digital Industries Software said there is a process the company goes through with customers to help them define the security solutions they need.
“First, they need to do a detailed analysis of their threat environment and how the solutions will be deployed,” Morrison said. “Connected devices are at a higher threat level than unconnected ones. The threat environment and related security requirements will drive the requirements for secure boot, mechanisms to store keys such as utilization of a TPM or secure element, network intrusion detection and prevention, etc. Many of these must be addressed outside of the operating system, but need to be implemented to work in coordination with the operating system and applications.”
Functional requirements also add to the threat environment and resulting security requirements. For example, if remote login is required, there will be security requirements related to it, including concepts of managing (and requiring changes to) default logins/passwords and other considerations.
Setting up security in a device is only half of the battle. Once devices have been deployed in the field, they are open to attacks. Hackers constantly develop new attacks by analyzing the standard networking protocols in practice today. Even though a device is secure today, it will not remain secure forever.
“It’s important to continually monitor and detect threats, and then perform risk mitigation,” Morrison explained. “Security vulnerability management and monitoring are no trivial tasks and the chosen approach must align with the company policy which should specify the required level of security of the enterprise, system, or devices. For example, what are the requirements in terms of time frame to implement a patch for a known vulnerability? Is it within 24 hours, a week, or is it acceptable to have no real policy? If such a policy is required, then there has to be the ability to implement it, which leads to requirements for capabilities to securely update the system. If not carefully considered, one successful ransomware attack can take the whole enterprise down.”
As always, security is a risk/reward equation. It doesn’t make sense to spend millions of dollars on security for a smart sprinkler, but it’s a very different story for a factory process that can idle an entire operation.
The lowest level is pure software-based protection. “First, by employing safe programming techniques, one can reduce the possibility of buffer overflow attacks that are the most common hacking methods,” Madhvapathy said. “Software-based authentication, encryption, and decryption can protect against the more casual attacks, where every transaction over communication channels is encrypted and includes the signature of the requester. These are not particularly strong, as spoofing and phishing can be used to reveal the keys and signatures. The next level may require a modicum of hardware support, such as the use of hardware to generate random encryption keys. Use of well-studied, widely deployed schemes such as AES128 can provide well proven security. For even more security, a root of trust managed by the chip can be implemented. Lastly, software must allow upgradeability to plug security holes after breaches are discovered.”
What should developers look for in securing IoT software? Marc Witteman, CEO of Riscure, noted that IoT devices are susceptible to attacks, because it is easy to get access to these products and reverse-engineer them. “It is important that the software is hardened. And since many devices will be battery powered, therefore the software should be designed to minimize power consumption. Finally, since the products are in the field, they should have an easy or automated software update mechanism. The base software is nonvolatile BootROM. This is typically small (<500kB). On top of that you will find the firmware, which may include bootloaders (<50MB) and OS (<500MB). The application software that runs on the OS can be any size depending on the product complexity, but is typically smaller than the OS.”
End-to-end security is important, but before that’s possible, the endpoints themselves need to be secure and trustworthy, Synopsys’ Borza noted. “Engineering teams should test the integrity and authenticity of their firmware and software, and take a reasonable response to a failure of those tests. Those tests are the foundation on which the rest of the platform relies. Ideally, the system then measures its integrity and security status on an ongoing basis. Then you have a strong basis for the things communicating at each end of the conversation to trust that they’re talking to the peer they think they are. To make that work, the foundations need to be baked right into the silicon, right into the chip. It’s hard to design and build those things well, to make them secure on day one, and allow them to evolve as attacks improve. Those are some of the ideas that DARPA’s Automatic Implementation of Secure Silicon (AISS) is trying to address, and there are other examples that are similar.”
Fig. 2: A product development cycle typically includes an idea stage, validation, creation, and launch. With the right tools, software codes can be generated in much shorter time. Source: Renesas
Traditionally, software developers wait for the availability of hardware to test the software codes and begin the test-redesign-retest cycle. This type of sequential scheduling may take a longer time if tasks cannot be performed in parallel. Product development is about quality and efficiency. Using the right tool may accomplish both.
Tools from Renesas and others enables developers to graphically drag and drop device and subsystem blocks from the cloud to build the prototype product. From the library, source codes are available to generate, compile, and build software automatically to ultimately shorten the development cycle time.
Conclusion
IoT designs vary in complexity depends on the applications, and the software directly impacts the performance of the devices. Approaches vary in terms of types of software, chips, software, and firmware used, and opinions vary as to whether an OS is needed or not.
Cybersecurity is always critical in system design, and it is important to figure out how to deploy security techniques to prevent disasters from happening, with perpetual updates built into the software. Choosing the right tools increase the quality of that software, and they can shorten the development time.
Leave a Reply