picoTCP becomes part of the IoT security landscape

picoTCP has joined forces with the Prpl Foundation, the open-source, community-driven, collaborative, non-profit foundation supporting the next generation connected devices industry.

This Thursday, July 14th, Prpl will give a workshop about “Hands-on Security by Separation for Connected Embedded Devices” on the IoT Evolution conference in Las Vegas. In this interactive development session, Prpl Foundation will analyze the technical details of recent high-profile IoT incidents, identify common attack patterns and propose technical solutions.

This diagram shows multiple VMs running on the embedded target. One of the VMs is running picoTCP

This diagram shows multiple VMs running on the embedded target. One of the VMs is running picoTCP

During this workshop, participants will learn how open source software like picoTCP and interoperable standards address serious IoT security flaws. As illustrated above, picoTCP will provide connectivity and open the application to the Internet, while remaining in its own isolated guest VM.

The prplHypervisor™ is the industry-first light-weight open source hypervisor, specifically designed to provide security through separation for the billions of embedded connected devices that power the Internet of Things. It leverages the power of hardware virtualization to create multiple distinct secure domains. Bare metal applications and rich operating systems can operate independently and securely within these domains; the prplHypervisor™ eliminates the possibility of lateral movement within the system while allowing secure high-speed inter-VM communications. It is a key component of the prplSecurity™ framework: a comprehensive collection of open source APIs providing hardware-level security controls such as root of trust, secure boot, secure hypervisor (prplHypervisor™), secure inter-vm communications (prplSecureInterVM APIs), key management and authentication (prplPUF™).

A PIC32 eval board with a crypto engine will be used during the workshop to run the cryptography that the prplPUF™ requires and, for connectivity, an external SPI Ethernet module, where all SPI accesses go through the prplHypervisor™.

The true power of Prpl’s “Hands-on Security by Separation for Connected Embedded Devices” workshop is that any VM has its own environment on an embedded target. The picoTCP VM is the only one that can access the SPI registers. In case of a security breach in one VM, the others are safe to keep operating due to RAM separation.

The source code for this workshop is available on Prpl's Github.  The different isolated VMs can be found in the bare-metal-apps/apps folder and the picoTCP sources in our own repository, due to license compatibility.