ARM TechCon Processor designer ARM will squirt security fixes directly into internet-connected gadgets to hopefully keep them defended from hackers.
Manufacturers of Internet-of-Things gizmos and other embedded products have complained that updating gear in the field is too much hard work. That means devices are rarely patched when security bugs are found, clearing the way for hackers to hijack vulnerable hardware to spy on people, flood websites offline, and cause other havoc.
So ARM has come up with mbed Cloud, a software-as-a-service platform that securely communicates with firmware in devices to install fixes and feature updates. Product makers pay to remotely manage all their sold kit. Crucially, they pay for what they use – whether it's pushing updates, or connecting millions of units, and so on.
It's similar to the cloud Next Thing Co has set up for its C.H.I.P. Pro: a web-based management interface for updating firmware over the internet, plus controls on the data leaving the devices.
Announced today, mbed Cloud 1.0 is due to reach general availability in the first quarter of 2017. Toshiba is already testing the system with its smart factory applications, Advantech is using it with its industrial control products, and Zebra is checking out ARM's tech with its asset-tracking and healthcare gear.
ARM designs the CPU cores at the heart of millions upon millions of smartphones, tablets, cameras, home electronics, handheld games, microcontrollers, embedded devices, pretty much anything battery powered. If anyone has the clout to form a one-cloud-to-rule-them-all, it's Blighty-based ARM.
This centralized approach has good and bad sides – let's take a look at them.
Looking at the illustration below, you get the basic structure: you have your device on the left running ARM's open-source mbed OS and then your application on top. The middle layer communicates securely with ARM's cloud which distributes updates and manages data flows. These services then plug into other backend systems that process and control the devices. Manufacturers control the grey righthand side and log into the blue device services portion hosted by ARM. They tell the Softbank-owned biz how they want their devices managed which updates to push, and then the software takes over.
Here's a closer look at how the layers plug together. The top layer is running in ARM's mbed Cloud, the bottom layer is the actual device. According to Michael Horne, ARM's veep for IoT sales, mbed Cloud can work with backends running on any platform – from Amazon AWS and Microsoft Azure to IBM's Bluemix – and you can use multiple cloud providers for whatever reason. You may want to send system telemetry from gadgets to one provider, and sensor data to another, for example; there is the ability to control where data goes and limit what software and services are allowed to access it.
The bottom layer is also supposed to work on any device and with any operating system, not just ARM, so that vendors who want to stick with MIPS or x86 and Linux or some real-time operating system can do so. All communications are sent automatically encrypted via the open-source mbed TLS library which was once PolarSSL. And yes, it does have a bug bounty program. mbed also uses CoAP to package up data exchanged over the web; this is more lightweight than HTTP and less taxing for battery-powered widgets that may have constricted network access. It also supports OMA LWM2M with caching to avoid having to constantly shuttle sensor data back to base – if there's no change to a reading, the last value is cached in the cloud.
"Everything is built around the idea that you have to have a trustworthy device, trustworthy communications, and the ability to manage those trust relationships," said Horne.
"When a new IoT device is put online, typically it'll have a key that will have been injected into it during manufacturing and it will reach out and phone home, if you will, to mbed Cloud to get new credentials and a new key to establish a secure channel between the device and the cloud.
"The firmware update component is an important part of that as well. Typically in the bootstrapping process you may want to load a new OS, or maybe the OS needs updating because it's out of date – that is seamlessly taken care of via a simple and easy to use interface for controlling all of that."
Horne added that the factory-set security key could be held in some kind of secure storage or in a TrustZone Cryptocell. One scenario in our mind is that the device holds a public key that is used to verify it really is talking to its legit backend servers, which hold the corresponding private key. From this trusted base, the device builds a secure channel and update mechanism.
"As table stakes, you've got to be able to update the firmware on these devices in a fail-safe, robust way to make sure that when devices need a security update or feature enhancements, you can do that," said Horne. He also said ARM is working on and investing in developing efficient ways to distribute updates across mesh networks and other forms of deployment topology, and to devices with limited memory or are bandwidth constricted.
"It's a bit new for ARM," admitted Horne on the subject of the mbed Cloud software-as-a-service approach. "In terms of a business model, it's something that's pretty well understood in the marketplace. In feedback, our customers are quite comfortable with that model, with ARM delivering device management as a service. It's very modular so you use what you want.
"We also have an API that makes it very, very easy for a manufacturer to develop an application in the cloud that will integrate with mbed Cloud to manage their devices."
mbed Cloud comes in four components: Connect, which handles secure comms; Provision, which works with built-in keys to establish trust with the backend; Update, which installs software enhancements on devices; and Client, which connects the device application to the manufacturer's backend and other trusted providers.
So far, so good. The idea is securely push patches and new features to devices over the internet from a web browser or API in a way that's so simple manufacturers will fall over themselves to jump onboard – and, bam, no more vulnerabilities for hackers to exploit to create vast armies of hijacked devices. If patch distribution is such a PITA for IoT makers, maybe mbed Cloud is the solution they're looking for, allowing them market their gear as secure, trustworthy and all that jazz. They rely on ARM for their processor cores, why not go the whole hog and use them for device management.
Regulations and laws could be about to hit the industry that makes automatic patching mandatory – and if so, this robust approach suddenly looks appealing. No manufacturer wants to end up recalling devices that have been mass hacked because there's no easy way to fix them in the field, as China's Xiongmai just had to do. Pushing firmware fixes from the cloud sounds like a great way to avoid future pain, you may think.