feature article
Subscribe Now

Sequitur Security Is a Package Deal

Software Takes a Soup-to-Nuts Approach to IoT Security

“My greatest pain in life is that I will never be able to see myself perform live.” – Kanye West

When everyone else took Spanish classes in high school, I took Latin. That prepared me for a life of translating classic literature (nope), correcting Catholic priests (not ever), deciphering legal phrases (more often than I’d like), and acing entire Jeopardy! categories (all the time).

It also taught me just enough to know that sequitur means “following in sequence,” a term most often used in the negative, as in non sequitur

The dozen souls toiling at the titular startup company outside of Seattle know that, too, which is why they chose it for their company name. In their view, Sequitur Labs’s security code is the next logical step in the process of securing embedded devices. 

Security, alas, is a never-ending struggle to out-think the bad guys. That’s hard enough on a “real” computer, where you’ve got lots of RAM, lots of CPU horsepower, lots of tools, and lots of examples (good and bad) of how it’s done. It’s harder when you’re securing unique embedded or IoT devices where there’s no one else to turn to for advice. Norton McAfee Kaspersky can’t help you with your HVAC controls, elevator controller, or security cameras. 

Security is also like screen doors on a submarine. Leave even one hatch open and the whole boat sinks. It’s not enough to plug most of the holes. Like Pokémon, you gotta get ’em all. That’s why Sequitur Labs takes a holistic approach and provides an entire package of security features rolled up into one deliverable. 

It’s not a lightweight package for 8-bit MCUs or thermostats. It requires a 32-bit processor – specifically, a Cortex A-series CPU with TrustZone – and several megabytes of RAM. But it shields devices against boot-time attacks, malware intrusions, malicious OTA updates, IP exfiltration, device-to-cloud communication, and more. 

Ah, for the old days. “You used to just be able to lock down the network and prevent malicious traffic” and your device was safe, says Sequitur CEO Philip Attfield. “Nothing was done at the device level.” Not so anymore. Now, attacks come from all angles, including from inside the house. That means there are a lot of different problems to solve. Problems that have nothing in common, apart from the fact they’re all security related. 

One key area that customers worry about is protecting their own intellectual property. With the rise of ML-enabled devices at the edge, a lot of products in consumers’ hands contain the results of original AI research and development. Vendors don’t want that IP to go walkabout. How to protect their models and algorithms from piracy, while still allowing updates, communication, and cloud connectivity? 

Sequitur Labs says its security package covers three broad areas. First, there’s the product’s design phase, which includes a secure dual-stage boot loader, memory partitioning and isolation, its own secure operating system (called CoreTEE), encryption/decryption, unique device IDs, device failover in case of a failed boot, and root of trust. (A general-purpose operating system such as Linux is assumed but is treated as insecure.) 

Second, there’s the day-to-day operating phase that encompasses antipiracy measures, authentication, over-the-air updates, firmware rollbacks, tamper detection, secure APIs, certificate and key provisioning for manufacturing, and device-to-cloud communication. 

Finally, Sequitur’s “lifecycle management” phase takes care of updates, health monitoring, enrollment, metrics, and the company’s own Device Monitor Cloud Service (available in Q4). 

Sequitur’s thorough approach to device security means it’s not invisible. You don’t just slap it on and rest easy in the knowledge that your device is now invulnerable. Programmers have to learn to work with it, a bit like learning a new RTOS with its unique function calls. Naturally, Sequitur says this is a simple process, and “it’s a lot easier than learning and implementing security protocols yourself,” says Attfield. 

The man has a point. Security is a whole new frontier for most developers. We haven’t been trained on security and, for the most part, we don’t have a clue how to develop good security measures. Even if we did have the ambition and the know-how, who has the time? Our bosses expect products to be secure, but deadlines and budgets don’t seem to expand in response. 

That makes third-party security a good bet. Like licensing an RTOS or a CPU architecture, security suites might be one of those things best left to the outside experts. Security vulnerabilities keep changing, so developing in-house countermeasures means never getting off the update treadmill. Once you start, you can never be finished, and all security leaks become your responsibility. Better to hand that headache over to someone else willing and able to accept the pain. 

 

One thought on “Sequitur Security Is a Package Deal”

  1. But how do we trust the 3rd party security company – over time?
    But DIY is heavy as Jim said: see this ETSI Security doc:
    https://bit.ly/3f8xExZ

    A Good Read for embedded guys so you’ll be ready when your bosses panic over their IoT device liabilities.

Leave a Reply

featured blogs
Apr 14, 2021
Hybrid Cloud architecture enables innovation in AI chip design; learn how our partnership with IBM combines the best in EDA & HPC to improve AI performance. The post Synopsys and IBM Research: Driving Real Progress in Large-Scale AI Silicon and Implementing a Hybrid Clou...
Apr 13, 2021
The human brain is very good at understanding the world around us.  An everyday example can be found when driving a car.  An experienced driver will be able to judge how large their car is, and how close they can approach an obstacle.  The driver does not need ...
Apr 13, 2021
If a picture is worth a thousand words, a video tells you the entire story. Cadence's subsystem SoC silicon for PCI Express (PCIe) 5.0 demo video shows you how we put together the latest... [[ Click on the title to access the full blog on the Cadence Community site. ]]...
Apr 12, 2021
The Semiconductor Ecosystem- It is the definition of '€œHigh Tech'€, but it isn'€™t just about… The post Calibre and the Semiconductor Ecosystem appeared first on Design with Calibre....

featured video

The Verification World We Know is About to be Revolutionized

Sponsored by Cadence Design Systems

Designs and software are growing in complexity. With verification, you need the right tool at the right time. Cadence® Palladium® Z2 emulation and Protium™ X2 prototyping dynamic duo address challenges of advanced applications from mobile to consumer and hyperscale computing. With a seamlessly integrated flow, unified debug, common interfaces, and testbench content across the systems, the dynamic duo offers rapid design migration and testing from emulation to prototyping. See them in action.

Click here for more information

featured paper

Understanding the Foundations of Quiescent Current in Linear Power Systems

Sponsored by Texas Instruments

Minimizing power consumption is an important design consideration, especially in battery-powered systems that utilize linear regulators or low-dropout regulators (LDOs). Read this new whitepaper to learn the fundamentals of IQ in linear-power systems, how to predict behavior in dropout conditions, and maintain minimal disturbance during the load transient response.

Click here to download the whitepaper

featured chalk talk

Minitek Microspace

Sponsored by Mouser Electronics and Amphenol ICC

With the incredible pace of automotive innovation these days, it’s important to choose the right connectors for the job. With everything from high-speed data to lighting, connectors have a huge impact on reliability, cost, and design. In this episode of Chalk Talk, Amelia Dalton chats with Glenn Heath from Amphenol ICC about the Minitek MicroSpace line of automotive- and industrial-grade connectors.

Click here for more information about Amphenol FCI Minitek MicroSpace™ Connector System