Secure Edge Gateway Platform with NXP Layerscape LS1012
Home / Secure Edge Gateway Platform with NXP Layerscape LS1012
Assured Security at the Edge
Securing IoT at the Edge
NXP and Sequitur Labs have joined forces with Microsoft Azure to create a reference implementation of a secure IoT edge gateway for Azure IoT Edge based gateways running Docker containers and microservices.
Microsoft’s Azure IoT Edge brings intelligence and cloud technology to edge devices such as IoT gateways. Docker containers on edge devices gives Azure developers the flexibility and ease of deploying microservices and pushing cloud compute capability to the edge. With critical information, data and analytics being handled at the edge, securing these edge devices is a high priority. Device makers, application developers and customers who deploy such devices must have assurance that these devices will operate as designed and in a secure, trustworthy manner.
Challenges to Securing Docker and Microservices
Securing containers and microservices on edge devices presents unique challenges:
Devices are typically constrained in terms of compute capability, available memory and other resources. As a result, security must be foundational to edge node design.
Edge nodes such as gateways must provide reliable and authenticated connections with a diverse set of sensors. This is impossible without the underlying security architecture built into the device.
Data stored on edge devices for analysis, or simply as records, needs to be secured.
Edge devices need the ability to update firmware. Such updates must follow secure processes with payloads verified against some trustworthy measure
Secure Architecture for an Edge Gateway
Sequitur Labs' solution leverages NXP’s Trust Architecture to deliver a strong security foundation for devices deploying Docker containers and microservices. Trust Architecture is available on the entire NXP Layerscape line of SoCs. The solution simplifies the process of establishing a hardware-based secure domain to isolate security critical functions, resources and peripherals. Sequitur’s EmSPARKTM Security Suite software supports hardware isolation technology from Arm that is critical to building a secure edge gateway.
Sequitur’s security framework enables the following functions critical to securing edge gateways:
Edge node attestation
HW crypto operations
Certificate and key management in secured key store
Secure IoT Edge Gateway Demonstration
The demonstration comprises a temperature sensor that connects to an IoT gateway running Azure IoT Edge and Sequitur’s EmSPARKTM Security Suite. The Suite handles establishing the secure domain and implementing Sequitur’s trusted execution environment CoreTEETM. CoreTEE provides a programmable, isolated environment for executing security critical functions and storing sensitive material such as keys and certificates. The solution also includes Sequitur’s CoreLockrTM—a software “middleware” layer comprising easy to use APIs for developers to access services and peripherals isolated by CoreTEE.
Monitoring Docker Containers for Malware
In the demonstration, Docker containers are deployed directly from Azure on to the gateway. Once deployed, CoreTEE monitors the Docker container runtime to ensure container integrity. The demo simulates injecting malware into the container, which results in an interrupt in the secure domain (CoreTEE). Upon detection, the secure domain implements the necessary remedy. In this case, restarts Linux from a secured, known image and restarts the Docker container. Customers enjoy a greater degree of assurance as a result.
Secure Connectivity to Azure Cloud and Leaf Node Authentication
A critical requirement for any IoT device is to have secure connectivity to IoT clouds such as Azure. For gateways in particular, an equally important function involves authentication of sensor (a.k.a. Leaf) nodes. In the first case, the gateway connects to Azure IoT cloud securely via TLS using cryptography assets and key material implemented in the secure domain. This effectively makes the connection tamper-proof. The secure domain is also instrumental in securely exchanging key material between the leaf node and the gateway delivering a high assurance authentication mechanism.
The demonstration uses LS1012’s Real-time Integrity Check (RTIC) to monitor the integrity of the OS hosting the Docker container by responding to and remediating a malicious code injection into the kernel. In this scenario, the malicious code injection invokes the RTIC, causing an interrupt in the secure enclave that is detected by Sequitur’s CoreTEE. CoreTEE solves the security breach by rolling the kernel back to a known and trusted image. A second scenario demonstrates using hardware security to authenticate the leaf node using TrustZone based secure enclave on the LS1012 and the hardware crypto engine on the LPCZpresso43S67.