EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

Similar documents
MAXIMIZE YOUR IOT INVESTMENT WITH SCALABLE SOLUTIONS FROM AWS AND NXP

Computing at the Edge

QorIQ P4080 Software Development Kit

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

SmartNICs: Giving Rise To Smarter Offload at The Edge and In The Data Center

An Introduction to the QorIQ Data Path Acceleration Architecture (DPAA) AN129

Accelerating intelligence at the edge for embedded and IoT applications

IoT It s All About Security

Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust

Cloud & container monitoring , Lars Michelsen Check_MK Conference #4

Securing IoT with the ARM mbed ecosystem

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

NXP MICROCONTROLLER INNOVATION CLOUD CONNECTIVITY WITH AWS & LPC54018

LINUX CONTAINERS. Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER

Freescale s definition:

Connecting Securely to the Cloud

Trustzone Security IP for IoT

Designing Security & Trust into Connected Devices


The Next Steps in the Evolution of Embedded Processors

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Designing Security & Trust into Connected Devices

ARM Security Solutions and Numonyx Authenticated Flash

Introduction to Device Trust Architecture

Designing Security & Trust into Connected Devices

How to Route Internet Traffic between A Mobile Application and IoT Device?

Performance Analysis with Hybrid Simulation

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Windows 10 IoT Core Azure Connectivity and Security

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Resilient IoT Security: The end of flat security models

AWS IoT Overview. July 2016 Thomas Jones, Partner Solutions Architect

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

An Intelligent NIC Design Xin Song

High-Performance, Highly Secure Networking for Industrial and IoT Applications

Maximizing heterogeneous system performance with ARM interconnect and CCIX

ARM mbed Towards Secure, Scalable, Efficient IoT of Scale

Developing Microsoft Azure Solutions (70-532) Syllabus

OpenNebula on VMware: Cloud Reference Architecture

New Approaches to Connected Device Security

Security and Performance Benefits of Virtualization

Industry-leading Application PaaS Platform

Qualys Cloud Platform

SYMANTEC DATA CENTER SECURITY

A Developer's Guide to Security on Cortex-M based MCUs

Building a chain of trust from the device to the cloud Christian Kuhn, Senior Director, Business Development DNAC - 16 November 2017

IoT Edge within the IoT Framework

Creating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software

On-Chip Debugging of Multicore Systems

IEEE Sec Dev Conference

Cloud has become the New Normal

#techsummitch

Windows IoT Security. Jackie Chang Sr. Program Manager

Deployment Patterns using Docker and Chef

Provisioning secure Identity for Microcontroller based IoT Devices

OSIsoft Technologies for the Industrial IoT and Industry 4.0 Chris Felts, Sr. Product Manager Houston Regional Seminar, October 4, 2017

S Implementing DevOps and Hybrid Cloud

How SD-WAN will Transform the Network. And lead to innovative, profitable business outcomes

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Strong Security Elements for IoT Manufacturing

Accelerating IoT with ARM mbed

The Zentri Secure IoT Platform

.org. IoT Development Platform

How to protect Automotive systems with ARM Security Architecture

Akraino & Starlingx: A Technical Overview

Cisco Cloud Strategy. Uwe Müller. Leader PreSales Cloud & Datacenter Germany

Full Scalable Media Cloud Solution with Kubernetes Orchestration. Zhenyu Wang, Xin(Owen)Zhang

IOT DEVICE MANAGEMENT: SECURE AND SCALABLE DEPLOYMENTS WITH DIGI REMOTE MANAGER

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

ARM mbed Technical Overview

Securing Microservices Containerized Security in AWS

Developing Microsoft Azure Solutions (70-532) Syllabus

DevOps and Continuous Delivery USE CASE

CCIX: a new coherent multichip interconnect for accelerated use cases

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

Agenda. AWS Database Services Traditional vs AWS Data services model Amazon RDS Redshift DynamoDB ElastiCache

ARM mbed mbed OS mbed Cloud

São Paulo. August,

The Integrated Smart & Security Platform Powered the Developing of IOT

Profiling and Debugging OpenCL Applications with ARM Development Tools. October 2014

Cloud I - Introduction

Powerful Insights with Every Click. FixStream. Agentless Infrastructure Auto-Discovery for Modern IT Operations

TEN LAYERS OF CONTAINER SECURITY

POWER-ONE ITALY, 5 TH JUNE 2018 Cloud, Big Data & Cyber Security. Business, Opportunities and Risks

Energy Management with AWS

Technical Brief Distributed Trusted Computing

CONTAINERS AND MICROSERVICES WITH CONTRAIL

AWS Integration Guide

Accelerating IoT with ARM mbed

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

Security in NFC Readers

2013 Cisco and/or its affiliates. All rights reserved. 1

Lecture 3 MOBILE PLATFORM SECURITY

Google on BeyondCorp: Empowering employees with security for the cloud era

Enabling Flexible Network FPGA Clusters in a Heterogeneous Cloud Data Center

Accelerating IoT with ARM mbed

Enabling the Next Generation of SDN

P a g e 1. Teknologisk Institut. Online kursus k SysAdmin & DevOps Collection

VARIABILITY IN OPERATING SYSTEMS

Transcription:

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE 6 2018 PUBLIC

PUBLIC 2

Key concerns with IoT.. PUBLIC 3

Why Edge Computing? CLOUD Too far away Expensive connectivity EDGE Real-time Increased privacy Offline operation IoT NODES Massive data Mission-critical PUBLIC 4

Edge Compute use-cases Security, Building automation Face-recognition, object recognition, pattern detection, temperature, lighting controls Fleet Management Tracking, location, temperature, road conditions, optimized routing Cloud-based Deployment & Management Industrial Analytics Real-time data acquisition, analytics, inventory control, Real-time object recognition, asset tracking. Retail (Inventory Management) Analytics, monitoring, inventory tracking, warehouse management. Healthcare Tracking, analysis, privacy-filtering, emergency response. Retail (Consumer personalization) Face recognition, pattern identification, personalized shopping, targeted ad insertion, product recommendations. PUBLIC 5

E.g. Home and Building Automation Services Stream Analytics AI / ML Voice Triggers & Instant translation Service Media-server Home automation & security Network Security Services Analytics, Content insertion Virtual Assistant (e.g. Alexa) Benefits Eliminate need for separate equipment. DRM management simplified Eliminate need for separate Automation/IoT gateway. Better credential management, critical operations control, privacy control. Offer value added service to generate additional revenue Real-time action based on usage pattern detection. Data collection restricted to customer (privacy). Centralize information within gateway, real-time response, privacy. 3 rd Party Applications Create infrastructure for value-added services PUBLIC 6

Where is the Edge? Media Nodes AWS App Customer Solution Azure App SW Platform Application Framework Linux Platform Firmware Aliyun App Edge computing is the application of cloud technology outside a large data center. Network Cloud Amazon AWS Smart Nodes (Control) Microsoft Azure Smart-nodes can run targeted Edge applications Edge Gateway (Control, Analytics, Machine-Learning) Network Infrastructure (Aggregation, Analytics) Google Cloud Sensor Nodes Gateways are a natural host for Edge computing right balance of Compute, Connectivity and Storage Edge applications can also run on access e.g. Basestations, Central Office costlier pipe, higher latency. AliYun PUBLIC 7

Management and Security Challenges SOLUTION: CLOUD-BASED MANAGEMENT AND SECURITY FOR EDGE Manage devices, apps remotely provisioning, upgrades TRADITIONAL PC, MOBILE DEVICES Multiple authentication mechanisms Cloud-based security and application management EDGE COMPUTING DEVICES Traditionally embedded devices Not physically accessible, or lack display Can be many (10s, 100s, 1000s) per user PUBLIC 8

Device Mgmt Applications Device vs. Application Management Cloud Cloud Applications Applications Edge Applications AliYun Google Cloud Amazon AWS Microsoft Azure Embedded Applications Edge Compute Framework Operating System Application Management Service Customer have choice for Application Management AWS, Azure, Aliyun, Google Home-grown or 3 rd Party Device Management Device Provisioning Device Management Service EdgeScale provides Device Management Security via Hardware Root of Trust Edge Gateway Cloud PUBLIC 9

EdgeScale Device Management EdgeScale Device Management Remotely Manage Edge Compute nodes deployed anywhere in the world Common Portal Enrollment, Firmware updates, Container Deployment, Device Monitoring & More PUBLIC 10

Virtualization Technologies Best Suited for Edge Computing Container Container Container CPUs I/O Guest OS Virtual Hardware Memory CPUs Linux Kernel I/O Guest OS Virtual Hardware Memory App App App LXC Docker Docker Linux Kernel CPUs I/O Memory CPUs I/O Memory Hardware Hardware KVM Linux kernel driver to spin up VMs Complete CPU, Memory, I/O virtualization. Ability to run Multiple OS within VMs Requires significant memory, CPU Orchestration via OpenStack, ONF Linux Containers Docker, LXC Application-level virtualization Leverages underlying Linux kernel for IO, storage. Lightweight overhead compared to KVM Orchestration via Kubernetes or OpenStack. Best Suited for Cloud Computing PUBLIC 11

Edge Computing Frameworks IBM Cloud AliYun Google Cloud Microsoft Azure Private Cloud Amazon AWS IBM Apps AliYun Apps Google Apps Azure Apps Customer Apps AWS Apps AWS Apps IBM IoT SDK Docker Alibaba IoT SDK Docker Google IoT SDK Docker Azure IoT SDK Docker Private IoT SDK Docker AWS IoT SDK Docker Greengrass Docker Engine Protocol Adaptor Data processing Data filter Cgroup, Namespace File-System Network Stack Ethernet, Crypto Kernel Trust Zone Device Mgmt Common Platform... PUBLIC 12

Security Requirements for the Edge CHAIN OF TRUST Security starts with hardware root of trust End-to-end security is a chain of inter-locked security elements 01 Manufacturing 02 Enrollment 03 Device Monitoring Credentials may be installed in on-chip Layerscape fused memory or via external Element 04 Container Deployment 05 Application Deployment SECURE DEVICE MANAGEMENT manufacturing enrollment device monitoring and firmware management container deployment app management and deployment PUBLIC 13

Hardware Root of Trust Hardware based security features to ease the development of trustworthy systems All Layerscape SoCs support Trust Architecture General Purpose Processor General Purpose Processor DDR Controller Manufacturing Protection Boot Battery Back-up Security Fuses PreBoot Loader HV MMU ARM TrustZone HV MMU Coherent Interconnect Strong Partitioning 7 8 1 2 Storage Security Monitor IOMMU IOMMU Tamper Detect(s) Internal BootROM Power Mgmt SD/MMC SPI DUART I 2 C IFC USB SATA Clocks/Reset SEC Engine Crypto, RNG Keys UID, Runtime Integrity Check Mgmt Control QMan BMan AIOP FMAN WRIOP Eth, PCI Debug Controller Real Time Debug Watchpoint Perf Monitor Aurora CoreNet Trace Tamper Detection 6 5 Debug 4 3 Key Revocation Key Protection CCSR GPIO Security sub-system Data-path sub-system PUBLIC 14

Chain of Trust Unique ID Public/Private Key Signed Provisioning Image Enrollment Device Certificate Signed Firmware Image Signed Firmware updates Containers AWS/Azure certificate Signed Containers Payment Signed Applications Manufacturing Device Monitoring Applications Hardware forms the Root of trust. Multiple layers of tamper-detection - each level validates the next. Multiple levels of secrets can revoke at any layer. Mutual authentication between device and cloud using Asymmetric cryptography. PUBLIC 15

NXP Solutions for Edge Computing IoT Nodes Edge Gateways Cloud Infrastructure HOME GATEWAY ETHERNET SWITCH Data Analytics Machine Learning WIRELESS ROUTER INDUSTRIAL CONTROLLER Customer Solution App App App NXP SW Platform Middleware RTOS, Linux, Android Application Management Device Management Multiple Cloud Frameworks NXP Kinetis, i.mx Family NXP Layerscape, i.mx Family NXP EdgeScale Suite PUBLIC 16

Summary IoT deployments are driving Edge Computing. Edge Computing provides real-time, offline operation, privacy and cost-reduction. Edge Gateways need to be securely managed from the cloud. Edge Gateways need to support multiple Edge compute frameworks. Security is a chain of trust starting from the Hardware. EdgeScale provides a solution for securely managing Edge Gateways. PUBLIC 17

NXP and the NXP logo are trademarks of NXP B.V. All other product or service names are the property of their respective owners. 2017 NXP B.V.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback