The following blog is written by Joe Byrne, a senior strategic marketing manager for NXP's Digital Networking Group. The original article can be found here.

 

NXP, Microsoft, and Sequitur Labs Pave Path to IoT and Edge Computing Security Paradise

Big yellow machines move earth today, but soon they may also move bits to improve productivity and reduce cost thanks to the Internet of Things and edge computing. Imagine a construction site with dozens of pieces of equipment. The construction company wants to know how productive the equipment is, such as how many hours it operates, how many loads it lifts, and precisely how it traverses the site. The company also wants to know how well the various components of each equipment piece is performing: are the bearings in the wheels vibrating? Is the hydraulic pump overheating? With this knowledge, the company can avoid over- or under-provisioning equipment and minimize downtime for unneeded periodic maintenance or unexpected machine failure.

To implement this vision, the construction company could deploy an edge-computing node onsite connected to a Microsoft Azure Cloud via a slow and expensive satellite link. Various sensors on each machine use a local wireless technology to send data to the edge-computing node, which handles the bulk of analysis locally to minimize processing latency and uploads only selected data to minimize bandwidth use.

Taking this vision one step closer to reality, NXP, Microsoft, and Sequitur Labs have developed a secure edge-computing solution that ties together edge computing and platform security technologies I’ve blogged about this past year. This solution is easy to deploy, resistant to attack, and reduces processing latency. As such, it addresses key concerns holding back IoT deployment and creates new market opportunities, ushering in the new secure and responsive IoT era.

Once considered to be at odds with each other, provisioning ease and security are now aligned in the collaborators’ solution. As in the insecure era, IoT nodes and gateways are simply plugged in and turned on. But now, the gateway boots securely, autonomously and securely registers with the cloud, and downloads from the cloud the containers providing the services hosted locally. It’s these services that elevate the gateway to a fully-fledged edge-computing node. Constrained in capability compared with the gateway, the IoT leaf nodes have a simpler startup process but still must authenticate themselves, which they do with the gateway before coming online. Here’s a video demonstrating all of this in action.

To make this all work, the gateway must securely manage keys and communicate with the cloud. To keep everything working securely, the gateway must continually monitor the integrity of its code and data while it runs. Such real-time integrity checking is a key part of the new solution. This video shows an attacker injecting code into the edge-computing container. Detecting this attack, the gateway displays a notification and restarts, relying on the secure boot process to purge itself of the foreign code.

A key benefit of edge computing generally is the reduction in processing latency by running cloud services close to the IoT leaf nodes. This solution uses Microsoft’s Azure IoT Edge, a service that delivers cloud capabilities at the edge. The edge-computing nodes are not unanchored but instead cooperate with services hosted in the Azure data center, forming a hybrid cloud. This yields additional benefits. Companies can manage IoT and edge/gateway nodes from the cloud. IoT applications run even when nodes have intermittent WAN connectivity, relying solely on the local edge node for cloud services. With data digested locally, less needs to be transmitted over the WAN to an Azure data center. With its greater capacity, the data center can accumulate received data and perform larger scale analysis than the edge-computing nodes.

Enabled by the ease of use of solutions like that collaboratively developed by NXP, Microsoft, and Sequitur and not deferred owing to security concerns, innumerable other uses will emerge for IoT and edge-computing technologies beyond the construction-site example. NXP is pleased to collaborate with Sequitur Labs on enabling these platform-trust capabilities for system developers and with Microsoft on edge computing. For their take on this new edge-computing platform, see securing-the-intelligent-edge. The three companies are ready to plow forward with customers ready to dig into secure IoT and edge computing.

NXP’s Role

Readers of my other blog posts will have a good idea of NXP’s role in this collaboration. We make the secure processing hardware. The demonstrations above use the company’s QorIQ Layerscape LS1012A processor. It’s the entry-level processor in the Layerscape family, less costly than other Layerscape processors owing to reduced “speeds and feeds” but without skimping on compatibility and security. It is a 64-bit Arm V8 processor with cryptography accelerators and implementing NXP’s Trust Architecture. Arm compatibility means the Arm ecosystem is available to system developers, including standard Linux distributions and Azure IoT Edge. Accelerated cryptography enables secure SSL or IPsec connections to the cloud without unduly robbing IoT applications of CPU cycles. The Trust Architecture enables platform security features, including the secure boot and run-time integrity checker discussed above.