feature article
Subscribe Now

Safety ‘n’ Security

The Next Big Thing?

The scene: A hotel breakfast room. There are several groups, mostly of men wearing the same logo-marked polo shirt, or matching ties, speaking English and having breakfast. Out of one group comes, “Their BIOS was rubbish, so we had to write a completely new one.”  Welcome to Nuremberg during embedded world.

For three days all the hotels are packed, despite having doubled their room rates. The U-Bahn (Metro) adds extra services from the city centre to the Exhibition site, and over 900 exhibitors are visited by more than 20,000 people. Amongst them are the editors, rushing around to their long list of press conferences and press briefings.  During three days I spoke to around 4% of the exhibitors in formal meetings and a few more in informal sessions. I also received many, many press releases associated with products being launched at the show. (As I write, my inbox is being flooded with Mobile World Congress releases – in fact, so many, they are even overtaking the spam.) What follows is my attempt to capture the main trends in embedded systems based on those meetings and on the way in which companies were branding their booths.

This year, as you might expect, the emphasis of many companies was again on “The Internet of Things”, with forecasts of tens of billions of devices by 2020 or some other arbitrary time. However, frequently linked with IoT was a new word – safety’n’security.

As with the IoT, exactly what safety’n’security means depends on whom you talk to.

If it is a discussion just within the IoT, it is the realisation that, as soon as you start communicating data over wireless, there is a range of things that can go wrong, including data corruption and data interception, as well as other hacking activities. The problem is that there is already an installed base of M2M-type products that were developed without safety’n’security being considered. Other things, like medical devices, were also developed without thought for hazards – after all, who would want to hack a heart pacemaker that was set up so that it could be adjusted through a Bluetooth signal?

Outside the IoT (if you can be), then we start to move into the realms of safety-critical and high integrity systems; defence, aerospace, automotive, other transportation, process control in nuclear and chemical industries, and so on. There has been a lot of work on developing standards in these areas, but even so, there is still massive debate about what it is reasonable to expect to achieve (let alone the human ability to find ways around even the most stringent of controls, usually for what appear to be entirely sensible reasons.)

Software tools vendors were present in force. They generally reported an increasing recognition of the value of tools – not just for developing safety’n’security projects, but for broader applications, as managers are moving away from their feeling that software was just coding and begin to realise the value of a proper process and appropriate tools in improving development time and quality. These range from requirements specification through code analysis and testing and debugging. All the vendors I spoke to stress that there is a need, not just for isolated tools, but also for a robust process to be in place.

Of course, not all software is developed in-house; there is no point in re-inventing the wheel when you need, say, a TCP/IP stack or a file management system. But these need to be developed to at least the same quality level as the rest of your software, and we are increasingly seeing software vendors certifying their products. HCC Embedded, which provides software stacks and file systems (and also talked about the need for process and tools), were announcing that MISRA C compliance has been extended from their TCP/IP stack to include HTTP, SMTP, SNTP/NTP, and SNMP protocols. They also have security options to work with their encryption manager- safety’n’security again.

Another new-to-me company is Somnium. They are working on “device-aware resequencing” tools. These use knowledge of the target device to optimise the software to make the best use of memory, etc. So far, the tool is available only for Freescale Kinetis, but other targets are planned.

Even with a process in place, there will still be a need for a debugger, and two new names (to me) were at the show: Undo and PLS. Undo has developed what it calls “reversible debugging” tools for C and C++ running on Linux and Android. This records the program’s execution, along with other information, and lets you roll back to find where things started to run in an unplanned way. PLS has its Universal Debug Engine, aimed at developers working with multicore devices.

Sysgo, part of the aerospace and defence company, Thales, sells the PikeOS, a Hypervisor system with separate OS domains. They announced a hook-up with Kaspersky Labs, best known as an anti-virus company. The result is that Kaspersky’s clever algorithms will monitor traffic between the different domains, looking to make sure that only legal traffic is passing. Interesting that a French-owned company is using technology from a Russian-owned company for tools for ultra-sensitive applications.

As always, there were new processor chip announcements. Two threads were interesting: low power and radio integration. Silicon Labs, who have always been a leader in low power, combined both with their Blue Gecko Bluetooth announcement. Putting into a single device an ARM Cortex based Gecko processor (from their acquisition of Energy Micro) and a Bluetooth Smart transceiver (from their acquisition of Bluegiga), they are positioning it as the core of IoT edge devices with low power and communication.  TI also made the same sort of claims with their SimpleLink “wireless microcontroller platform”, which again uses an ARM Cortex-M3 processor. There is a family available with a selection of wireless technologies, including Bluetooth low energy, Zigbee, proprietary network protocols, and 6LoWPAN (IPv6 over Low power Wireless Personal Area Networks – I had to look it up as well.) If you are a processor-node nerd, you’ll want to know that this is being manufactured in a TI-proprietary process at 65 nm.

Actually, if you are a processor-node nerd, you’ll be interested in this: Freescale announced that their next generation Kinetis, a powerful multicore beast, will be manufactured on 28nm FD-SoI. This is the first major chip company other than ST to commit to FD.

Going specifically for very low power is Austin, Texas based Ambiq micro. Their Cortex-M4F-based Apollo family uses sub-threshold technology on a standard TSMC CMOS processor to give 30 µ-amps active power and 100 n-amps in sleep mode. (How on earth do you measure 100 n-amps?) Again, the company is targeting the IoT, including wearables (Fitbit-type things plus medical applications).

Wearables are regularly cited as a target for IoT developers and also as a reason for safety’n’security. There is not really much of a problem with fitness trackers, but the same technology is being used for monitoring heart rates, blood pressure, blood-sugar, and other vital signs, often using the user’s cell phone to transmit the data to a clinician. Clearly, the information has to be transmitted both securely and without corruption.

Once it is in the clinician’s hands, there are other concerns – for example, storage in the cloud, access to third parties, and so on. Normally, one would expect techniques from within the enterprise IT environment to manage these issues, but recent thefts of credit card details and other security breaches don’t create an aura of confidence. When even NSA and GCHQ can’t keep secret things secret, what hope is there for the rest of us?

This year’s embedded world was, as always, exciting, tiring and full of lovely new toys. This year, there were no scantily-clad ladies (or at least, I didn’t see them), no foosball tables, and very few popcorn machines (last years exhibition halls were full of the scent of popcorn). There were driving simulators and two student model-car competitions, sponsored by Freescale and Renesas, and even, on one booth, a farm tractor.

If I spoke to you and you are not quoted here, please forgive me – every conversation was valuable, even one that started in the men’s room. The conversations, the demos (including the beer-mug production line), and the general air of interest, even in the breakfast room, make Nuremberg’s embedded world the go-to conference for the embedded industry.

2 thoughts on “Safety ‘n’ Security”

  1. “What hope is there for the rest of us?” Companies are increasingly outsourcing security, but it is always hard to outsource Trust. Per your reference to the companies sourcing their security solutions from different countries, every end user is going to have to maintain their own matrix of who they trust (or conversely, who to blame when things go wrong).

    As described by Schneier in ‘Liars and Outliers’, this isn’t just a question of security — it is a question of how our society is constructed. Probably not a major ‘booth topic’ at Nuremberg.

  2. How our society is constructed may not have been a booth topic, but it did surface occasionally in after hours conversations in the Bier Halls

Leave a Reply

featured blogs
Nov 27, 2023
Most design teams use the schematic-driven connectivity-aware environment of Virtuoso Layout XL. However, due to the reuse of legacy designs, third-party tools, and the flexibility of the Virtuoso platform, a design can lose binding and connectivity. Despite the layout being ...
Nov 27, 2023
Qualcomm Technologies' SVP, Durga Malladi, talks about the current benefits, challenges, use cases and regulations surrounding artificial intelligence and how AI will evolve in the near future....
Nov 27, 2023
See how we're harnessing generative AI throughout our suite of EDA tools with Synopsys.AI Copilot, the world's first GenAI capability for chip design.The post Meet Synopsys.ai Copilot, Industry's First GenAI Capability for Chip Design appeared first on Chip Design....
Nov 6, 2023
Suffice it to say that everyone and everything in these images was shot in-camera underwater, and that the results truly are haunting....

featured video

Dramatically Improve PPA and Productivity with Generative AI

Sponsored by Cadence Design Systems

Discover how you can quickly optimize flows for many blocks concurrently and use that knowledge for your next design. The Cadence Cerebrus Intelligent Chip Explorer is a revolutionary, AI-driven, automated approach to chip design flow optimization. Block engineers specify the design goals, and generative AI features within Cadence Cerebrus Explorer will intelligently optimize the design to meet the power, performance, and area (PPA) goals in a completely automated way.

Click here for more information

featured webinar

Rapid Learning: Purpose-Built MCU Software Tools for Data-Driven Embedded IoT Systems

Sponsored by ITTIA

Are you developing an MCU application that captures data of all kinds (metrics, events, logs, traces, etc.)? Are you ready to reduce the difficulties and complications involved in developing an event- and data-centric embedded system? This webinar will quickly introduce you to excellent MCU-specific software options for developing your next-generation data-driven IoT systems. You will also learn how to recognize and overcome data management obstacles. Register today as seats are limited!

Register Now!

featured chalk talk

Optimize Performance: RF Solutions from PCB to Antenna
RF is a ubiquitous design element found in a large variety of electronic designs today. In this episode of Chalk Talk, Amelia Dalton and Rahul Rajan from Amphenol RF discuss how you can optimize your RF performance through each step of the signal chain. They examine how you can utilize Amphenol’s RF wide range of connectors including solutions for PCBs, board to board RF connectivity, board to panel and more!
May 25, 2023
22,746 views