IoT Software Security with AWS: IoT Security Relies on the Cloud to “prevent scalable attacks”
Richard Barry, Founder of the FreeRTOS Project and Senior Principal Engineer at Amazon, is the latest guest to join David on the #beyondthenow IoT security podcast. They discuss the security challenges of an internet-connected device, IoT software security, and how the cloud can detect abnormal behavior patterns and prevent scalable attacks.
Understanding more about what an RTOS is, and it’s role in securing devices and it’s interaction with the Root of Trust.
How we can overcome knowledge gaps in a multi-disciplinary IoT.
Key developer considerations for lifecycle security and the importance of demonstrating and educating best practice
Key talking points in this episode:
- Introducing Richard Barry and the FreeRTOS project. [00:57]: “I’m an embedded engineer by trade and I’ve been working well for the last 20 years on the FreeRTOS projects as the original founder of FreeRTOS. I’ve always worked in real-time systems. So, I’ve got some experience working in safety, critical systems, and prior to that various different contract jobs in electronic devices and programming electronic devices.”
- Breaking down what an RTOS is. [2:04]: “As far as FreeRTOS is concerned that is an open-source project, originally just an operating system kernel- the OS in RTOS meaning operating system. Here we’re specifically talking about multi-threading and RT standing for the class of operating system: real time. Real time means it’s deterministic. A lot of people think is to do a speed, but really it’s about making promises between time bounding and events occurring and the system being able to respond to that event. lots of applications will have real time requirements and there’s different classes of application. There are different classes of real time requirements. Of course, most systems have a lot of requirements, but only a subset of those are real time. So, the real time operating system is making sure that those real time requirements happen at the right time.”
- Real-time use cases – the variety of real-time requirements [4:10]: “There’s a variety of different real time requirements. FreeRTOS is really designed for small systems: microcontrollers and small microprocessors, but now there are larger real-time operating systems that have a lot more functionality. You can’t build that functionality into such a small device, but also in larger devices requirements for making sure that critical processes get enough execution time as well. You have like time separation and all these different things. For us, this doesn’t do that kind of thing. It’s really designed for the small microcontrollers that are kind of surrounding you as you go about your daily life.”
- FreeRTOS and the IoT. [5:16]: “FreeRTOS has been around long before the internet of things. Although interestingly, some of the first jobs I did were doing very, very similar things with protocols and remote devices like radio modems and this kind of thing, but they were very, very localized. Now of course they’re geographically dispersed around the world over the internet, but the big difference, I think, is the requirement for security.”
FreeRTOS has been around long before the internet of things. Although interestingly, some of the first jobs I did were doing very, very similar things with protocols and remote devices like radio modems and this kind of thing, but they were very, very localized. Now of course they’re geographically dispersed around the world over the internet, but the big difference, I think, is the requirement for security.
- The increase in remote accessibility and the security challenges it brings. [5:40]: “Now, when you have this remote accessibility, I think FreeRTOS is always evolved. It’s kind of very user-driven as the markets change, then FreeRTOS gets used in new areas. And of course, the trend over the last few years is very much IoT and the additional challenges that that brings. So we’re working on trying to make the integrations easier and simpler for people as these things get more complex..”
- RTOS as the undifferentiating factor in devices. [6:48]: “I think the operating system is providing the undifferentiating functionality. Theres always a time to market pressure and those pressures are probably greater as time goes on. So if you think back to a decade ago the undifferentiating functionality then, beyond the kernel, beyond the scheduler, were things like USB. USB, for a microcontroller, is a relatively complex thing because of the timing. But you were just interfacing it to the application and interfacing it to the hardware. And that was kind of it because the connectivity was local. When you start having internet connectivity into there, then the complexity increases for a few reasons. One of which is you need a lot more libraries, right? If you kind of look at a diagram of how these libraries fit together. One of the things which to me at least is kind of immediately noticeable is that part of the complexity comes from the fact that these libraries have to integrate with each other. With USB, you are integrating with the application, you were integrating with the hardware. Now, as soon as you bring internet connectivity, and then you are having to think a lot more about security.”
- Internet connectivity and the increasing security complexities it brings [8:10]: “There’s security of data in flight with TLS. Now you have things like TLS which has to interface with TCP, and there are lots of different TCP stacks, different TLS stacks. And also, when you are having to bring in security and authentication, you are also having to do secrets management. So, you have to be able to store private keys, for example. Your TLS stack is then having to integrate with the APIs for secure storage. So, you can see the number of libraries you require is increasing. So the amount of what we call undifferentiating functionality (by which, I mean, it’s not your business logic, it’s just the stuff that has to be there in order for you to get the business benefit of connecting your device to the internet) is increasing.”
- The role of Amazon in FreeRTOS – making development as quick and secure as possible. [9:18]: “We are increasing the number of integrations that we provide, and this is where Amazon comes into the picture as well. There are many devices running FreeRTOS, which are connecting to Amazon’s IoT services. And I should say all IoT services and not just Amazon. So, Amazon then obviously have an interest in making sure that people can do this as quickly and as securely as possible. So, they’re providing resources so that we can build out these additional libraries. And of course, all the software is MIT licensed as well. So, you can use it for anything. There’s nothing which tides you to Amazon, but it’s kind of increasing what we are providingg, the amount of functionality.”
- Knowledge gaps in a multi-disciplinary IoT. [10:50]: “When you are looking at IoT in particular, it’s very multidisciplinary. The example I often give for this is you take something like motor control. And there’s a lot of experts in motor control, people who are the geniuses that getting very tight control, very high-quality control loops running. And then they want to get it into an application by saying, okay, we’re going to have predictive maintenance on this. So, now as the mathematical expert the programming expert, you can do the algorithms. That’s fine. But if you are now tasked with sending this data to the cloud- either streaming data to the cloud or doing a lot more edge compute and just sending the results to the cloud- all of a sudden you’re outside of your comfort zone, right. You’ve got to understand the protocols. You’ve got to understand the cloud side as well, which is going to be completely new. You have to understand the security and all the complexities of how you make sure the device is secure.”
- The relationship between the RTOS and Root of Trust [13:22]: “One of the interesting challenges is that systems like FreeRTOS are used on a very, very wide range of hardware and wide range of different use cases where perhaps you have your networking protocols might be offloaded to a separate chip, or they might be actually running as part of your application, or in the network, the implementations of those networking protocols may be different. So there’s a very large variety of these things. And in the hardware at the moment, you know, there’s a lot of innovation around providing Roots of Trust, actually in the hardware.”
- Reference integrations and standardized interfaces to ease the porting to hardware security. [14:28]: “The FreeRTOS approach is to try and provide two things. One is a set of reference integrations where we have examples that you can actually refer to in using or copy but on the understanding that there is an infinite number of combinations of these things. And also, to provide a kind of standardized interface with the ability for people to actually port that interface to whatever Roots of Trust their hardware provides. There we have PSA Certified and the trusted firmware M (TF-M) running on things like Arm V8 M architectures. We’ve integrated with trusted firmware M running on other typologies as well, where you have multiple processes where one of the processes is running the TFM code just like the secure enclave. We have a standardized API, which is the PKCS 11 API. One implementation of that PKCS 11 API is an interface to the PSA API as well. By trying to provide these interfaces, these building blocks, these jigsaw puzzle pieces we enable use on this huge variety of hardware that people run on.”
By trying to provide these interfaces [to projects list PSA Certified and Trusted Firmware-M), we give developers these building blocks, these jigsaw puzzle pieces we enable use on this huge variety of hardware that people run on
- Developer security expertise – the challenge of new concepts, terminology and requirements. [15:55]: “There are some people who are very familiar with the way the interfaces come together. And I think the type of developer that is using systems like FreeRTOS tend to come from much smaller systems, few are used to programming Linux systems or larger processes. And these things are probably relatively simple to you. But if you are coming from people who are writing bare metal applications, by which, I mean, they’re not using an operating system at all, then they’re actually new concepts and just understanding the terminology and the requirements is hard. And then getting new hardware with quite innovative roots of trust built into the hardware adds to the challenge and the knowledge gaps that we were talking about before. But I think there is a growing awareness and sometimes I talk about the kind of second wave almost where people are first moving from unconnected or locally connected to internet connected, there are some things which are fairly obvious: you need the protocol that you’re going to use to connect, then you need the security on top of that- TLS being the normal way to go”
- Practical challenges that come with scale. [17:35]: “Once you get that kind of basic connectivity, then you’re also then faced with the more practical challenges- IoT is all about scale. So, then you having to look at how you’re going to interface to these hardware Roots of Trust as well, which when it’s on your bench is fine. You can program it with a private key when there’s like a one-to-one relationship with you. But then when you actually put that into production if you want to do that to a hundred thousand devices or a million devices, then there are these other challenges. So, it’s not just interfacing with the Roots of Trust, but it’s also how do you do that in a production scenario?
- Developer considerations for lifecycle security and the importance of demonstrating and educating best practice [18:40] “These things are inherently complex but try and present them in the simplest way. And I think secure by default would be what you aim for and trying to guide people away from making mistakes. But ultimately systems like FreeRTOS are open source and people can mix and match, and there’s a lot of scope for getting it wrong. So, there’s a lot to do with trying to demonstrate best practice and educate. First trying to simplify it, but also making people appreciate the things that they have to consider in these internet connected applications.”
- Awareness of the consequences of getting it wrong, the increased legislation and, inevitably, the increased use of the Root of Trust. [21:36]: “The use cases are expanding all the time, but the other angle to that of course is more awareness of the consequences of getting things wrong. And that’s in itself is leading to increased legislation and increased legislation is going to mean that more people are going to be thinking about all these privacy concerns if nothing else. Being able to incorrect and hardened devices will drive more use of the Roots of Trust as well and quite rightly.”
- The importance of security being the mindset from the beginning. [22:37]: “ I used to work in the safety critical field as well. And we would always say that you can’t put safety on afterwards. Not very easily anyway, but I think it’s the same with security. It’s a mindset from the beginning of the design. It’s very hard to put it on afterwards.”
- Evolution of Open-Source projects – being driven by market requirements, enabling scalability. [23:30]: “I wouldn’t say the open-source nature of FreeRTOS is critical. I think the open-source nature means that we are very much driven by people’s requirements of the day. I was talking before about the whole product evolving as the market changes. I think the open-source nature gives people the ability to scrutinize of course. And that’s always a positive thing. I think as far as scalability is concerned, then the open-source nature obviously helps there as well. We have engagements from not just the people using the software, but the hardware manufacturers as well.”
- Building confidence in FreeRTOS, with backing and credibility from Amazon. [24:30]: “ I think this is again where having a company like Amazon investing in the product helps a lot because with open-source software you want to make sure that the business risk is mitigated if you’d like. So having a global company investing in backing gives you a lot of credibility. So, I think that having both open source and the backing of a company like Amazon who are investing in new functionality and new security whilst keeping everything completely open really helps. Yeah. It gives people a lot of confidence.”
- Simplifying the FreeRTOS software – making it smaller and decoupled to suit the diversified use cases. [25:11]: “A really good example is that we have access to the automated reasoning group at Amazon. So, a lot of the work we’re doing now is actually trying to simplify the software because the use cases are widening. And by simplify the software I mean we’re making it smaller and decoupled from everything else. Because of the diversity of used cases, now, if you want to use a TCP stack, which is offloaded or your own proprietary one, we still want the libraries to work. So that’s software is all open-source. So, people get that in an open-source way and that’s great. But at the same time, we are also working with some of the automated reasoning group in Amazon and they’re doing things like formal memory safety proofs on the code as well. Open source is important, but I think we’re providing more than open source.”
I think as time goes on there’ll be more coordination between device and cloud for layered security. And the reason I say this is because the cloud-side plays a pivotal role. A single device can only look at itself whereas the cloud-side can look across a whole fleet of devices and notice patterns.
- Futureproofed strategy for developers – reuse undifferentiating factors. [26:42]: “We’ve spoken a lot about increasing complexity and more undifferentiating functionality. So I suppose a big piece of advice would be to reuse anything that is not differentiating and hopefully in a way you can then use that from one project to the next as well. So if you can select preexisting, robust and supported integrations of libraries, hopefully without any kind of lock into any particular ecosystem, be that on the device or elsewhere, that’s going to be quite a future-proofing strategy. Theres not just FreeRTOS, of course there’s other options.”
- Coordinating cloud and device security to prevent scalable attacks. [27:33]: “I also think more forward-looking again I think there’s a kind of growing realization that the device-side security by itself is maybe not enough. You could see the growing coordination between device-side security and cloud side security to detect the tech threats and isolate misbehaving or compromised devices on the network. So, I think as time goes on there’ll be more coordination between device and cloud for layered security. And the reason I say the cloud side play plays a pivotal role in that is because a single device can own only look at itself. Whereas the cloud side can look across the whole fleet of devices and notice patterns and actually have the ability to do something about it.”
More About Your Podcast Host David Maidment
David Maidment (Senior Director of the Secure Device Ecosystem at Arm- a PSA Certified Co-founder) leads our discussions on the latest trends and developments from the world of IoT security.
Based in Cambridge UK, David brings over 25 years of experience in the embedded and IoT industry. He specializes in the intersection between device security and business assurance to drive best practice security adoption across the electronics industry. In his role at Arm, David leads device security ecosystem activities including the widely adopted PSA Certified initiative.