SUMMER 2021 | VOLUME 8 WWW.EMBEDDED-COMPUTING.COM http://embedded-computing.com/designs/iot_dev_kits/
SECURITY
PG 14 Why Deception is the Achilles’ Heel of IoT
Development Kit Selector
2021 Design Guide PG 24
The Great Compute Migration to the Edge PG 4
Building Smarter, More Secure Cities from the Ground up with Open Standards PG PG 12 10
Summer 2021 | Volume 8
CONTENTS
opsy.st/IoTDesign
FEATURES 4
12
The Great Compute Migration: From Cloud Computing to Edge Supercomputing By Veerbhan Kheterpal, CEO, Quadric
6
Edge Management: The Next Big IoT Challenge By James White, IOTech Systems
8
The Evolution of Edge AI and Cloud Computing By Dan Clement, ON Semiconductor
10
Enabling Long-Range, Low-Power IoT Applications with LoRa and BLE By Charlene Wan, Ambiq Micro
12
By Phil Beecher, Wi-SUN Alliance
14 Why Deception is the Achilles’ Heel of IoT By Pim Tuyls, Intrinsic ID
18 22 24
Security in Short-Range Wireless Solutions and Mesh Networks By Nick Wood, Insight SiP
Got Questions about Date-Based Licensing?
COVER Costs associated with the cloud are becoming insurmountable in many industries and applications, prompting increased interest in edge computing. In this issue of IoT Design, we address the requirements for migrating IoT deployments to the edge, challenges and solutions for edge device management, and ways to secure it all. The 2021 Resource Guide also contains product profiles with information on how to accelerate the design of these systems beginning on page 24.
WEB EXTRAS
14
Building Smarter, More Secure Cities from the Ground up with Open Standards
@iot_guide
18
Ą Mini Series: Seven Steps to Cybersecurity at the Edge By Arlen Baker, Wind River http://bit.ly/CyberSecurityfortheEdge
Ą The Unprecedented Downside of Artificial Intelligence: Proxy Discrimination By Dan Martin, Freelance Technology Writer http://bit.ly/DownsideofAI
Ą IoT Security and the Protection of IP at the Edge By Jake Schaffner, Sequitur Labs http://bit.ly/ProtectIoTEdgeIP
Ą Embedded Insiders Podcast: The New Chips on the Block By Embedded Computing Design Staff http://bit.ly/NewChipsontheBlockPodcast
By Connor Zinanti, KEYLOK
2021 DESIGN GUIDE AI & Edge Compute Development Kits IIoT/industry 4.0 IoT Storage
Published by:
2021 OpenSystems Media® © 2021 Embedded Computing Design All registered brands and trademarks within Embedded Computing Design magazine are the property of their respective owners. ISSN: Print 1542-6408 Online: 1542-6459 enviroink.indd 1
10/1/08 10:44:38 AM
To unsubscribe, email your name, address, and subscription number as it appears on the label to: subscriptions@opensysmedia.com
2
IoT Design Guide 2021
www.embedded-computing.com/iot
Advertiser Index PAGE
ADVERTISER
1
Digi-Key Corporation – Development Kit Selector
31
Tadiran Batteries – IIoT Devices Run Longer on Tadiran Batteries
21
Smart EC (Smart Embedded Computing) – Video Analytics at the Edge
32
Virtium LLC – Industrial Storage and Memory for Today ... and for Tomorrow
EMBEDDED COMPUTING BRAND DIRECTOR Rich Nass rich.nass@opensysmedia.com EDITOR-IN-CHIEF Brandon Lewis brandon.lewis@opensysmedia.com ASSOCIATE EDITOR Perry Cohen perry.cohen@opensysmedia.com ASSISTANT EDITOR Tiera Oliver tiera.oliver@opensysmedia.com TECHNOLOGY EDITOR Curt Schwaderer curt.schwaderer@opensysmedia.com ONLINE EVENTS MANAGER Josh Steiger josh.steiger@opensysmedia.com MARKETING COORDINATOR Katelyn Albani katelyn.albani@opensysmedia.com CREATIVE DIRECTOR Stephanie Sweet stephanie.sweet@opensysmedia.com SENIOR WEB DEVELOPER Aaron Ganschow aaron.ganschow@opensysmedia.com WEB DEVELOPER Paul Nelson paul.nelson@opensysmedia.com CONTRIBUTING DESIGNER Joann Toth joann.toth@opensysmedia.com EMAIL MARKETING SPECIALIST Drew Kaufman drew.kaufman@opensysmedia.com
SALES/MARKETING DIRECTOR OF SALES AND MARKETING Tom Varcie tom.varcie@opensysmedia.com (734) 748-9660 MARKETING MANAGER Eric Henry eric.henry@opensysmedia.com (541) 760-5361 STRATEGIC ACCOUNT MANAGER Rebecca Barker rebecca.barker@opensysmedia.com (281) 724-8021 STRATEGIC ACCOUNT MANAGER Bill Barron bill.barron@opensysmedia.com (516) 376-9838 STRATEGIC ACCOUNT MANAGER Kathleen Wackowski kathleen.wackowski@opensysmedia.com (978) 888-7367 SOUTHERN CAL REGIONAL SALES MANAGER Len Pettek len.pettek@opensysmedia.com (805) 231-9582 ASSISTANT DIRECTOR OF PRODUCT MARKETING/SALES Barbara Quinlan barbara.quinlan@opensysmedia.com (480) 236-8818 STRATEGIC ACCOUNT MANAGER Glen Sundin glen.sundin@opensysmedia.com (973) 723-9672 INSIDE SALES Amy Russell amy.russell@opensysmedia.com TAIWAN SALES ACCOUNT MANAGER Patty Wu patty.wu@opensysmedia.com CHINA SALES ACCOUNT MANAGER Judy Wang judywang2000@vip.126.com EUROPEAN MARKETING SPECIALIST Steven Jameson steven.jameson@opensysmedia.com +44 (0)7708976338
WWW.OPENSYSMEDIA.COM PRESIDENT Patrick Hopper patrick.hopper@opensysmedia.com EXECUTIVE VICE PRESIDENT John McHale john.mchale@opensysmedia.com EXECUTIVE VICE PRESIDENT Rich Nass rich.nass@opensysmedia.com GROUP EDITORIAL DIRECTOR John McHale john.mchale@opensysmedia.com VITA EDITORIAL DIRECTOR Jerry Gipper jerry.gipper@opensysmedia.com ASSISTANT MANAGING EDITOR Lisa Daigle lisa.daigle@opensysmedia.com
WEBCASTS Embedded University: Autonomy Changes Everything Sponsored by Real-Time Innovations http://bit.ly/EmbeddedUniversityAutonomy1
Embedded University: How to Select the Lowest Risk Software Architecture for Building Autonomous Systems Sponsored by Real-Time Innovations http://bit.ly/EmbeddedUniversityAutonomy2
Embedded University: How to Architect an Autonomous System Software Design Sponsored by Real-Time Innovations http://bit.ly/EmbeddedUniversityAutonomy3
Learn to Run Two Wireless Protocols Concurrently with One Device Sponsored by Texas Instruments http://bit.ly/ConcurrentWirelessWebcast
TECHNOLOGY EDITOR Emma Helfrich emma.helfrich@opensysmedia.com SENIOR EDITOR Sally Cole sally.cole@opensysmedia.com CREATIVE PROJECTS Chris Rassiccia chris.rassiccia@opensysmedia.com PROJECT MANAGER Kristine Jennings kristine.jennings@opensysmedia.com FINANCIAL ASSISTANT Emily Verhoeks emily.verhoeks@opensysmedia.com FINANCE Rosemary Kristoff rosemary.kristoff@opensysmedia.com SUBSCRIPTION MANAGER subscriptions@opensysmedia.com CORPORATE OFFICE 1505 N. Hayden Rd. #105 • Scottsdale, AZ 85257 • Tel: (480) 967-5581 REPRINTS WRIGHT’S MEDIA REPRINT COORDINATOR Wyndell Hamilton whamilton@wrightsmedia.com (281) 419-5725
www.embedded-computing.com/iot
Subscribe to a free digital edition of IoT Design magazine or the IoT Design Weekly e-mail newsletter at www.embedded-computing.com/iot IoT Design Guide 2021
3
EDGE COMPUTING
The Great Compute Migration: From Cloud Computing to Edge Supercomputing By Veerbhan Kheterpal, Quadric
Recent advancements in computing performance, software algorithms, connectivity, and deep learning are revolutionizing human-machine interaction. By applying these innovations to consumer products, for example, mobile devices can deliver a more powerful user experience. In transportation, vehicles can encapsulate smart features that make them safer and more efficient. Unmanned aerial vehicles (UAVs), or drones, can perform safety inspections of remote pipelines and infrastructure assets without putting humans at risk. In industrial applications, developers can achieve greater levels of efficiency, precision, and scalability of manufacturing processes with highly intelligent robotics. Consumers also can unlock the benefits of the Internet of Things and smart home automation, freeing up time to do more of the things we enjoy. The proliferation of sensors and cameras in today’s IoT applications, autonomous vehicles, and industrial robots calls for new, high-performance edge processing solutions that improve computational power while consuming less energy and enhancing security and privacy. Although cloud computing has revolutionized how we process and store large data sets, several handicaps, such as performance and bandwidth, limit autonomous applications, as edge-based decisions must be made with minimal latency. With the explosion of IoT technology and sensors in recent years, there is no easy way to manage and leverage all the data generated continuously by billions of connected devices. Realizing the promise of artificial intelligence (AI) requires access to huge amounts of sensor data for virtually instantaneous decision making. Moreover, direct communication among sensors and compute resources is essential for realtime decisions. These new demands are driving the industry toward edge supercomputing, which enables data acquisition and processing to occur at the edge of the access network and much closer to end users.
Managing the Data Deluge
Consider the vast installed base of sensor-laden IoT devices generating a deluge of data. According to Verizon, there are more than one million connected devices per square kilometer. These IoT devices are ubiquitous and growing in number, from security cameras in our homes and offices to personal medical devices and agricultural sensors to the smartphones we carry everywhere. Verizon estimates that a single connected car generates more data than all of Facebook on any given day. Multiply that level of data output by all of the connected devices, wireless sensors, and robots deployed worldwide today, and it’s easy to see that we are facing a tsunami of data that can quickly overwhelm our ability to make real-time decisions.
edge as opposed to relying on dizzying amounts of data uploads to the cloud to perform fully centralized training of deep neural networks. System and network architects have envisioned a solution to this data challenge: Add more computational intelligence to the edge instead of the cloud. As this trend solidifies and expands, new growth in computing infrastructure will arise much closer to end users at the network edge, outside the data center domain. According to Forrester Research, the following factors are driving growth in edge computing:
• •
Unfortunately, an estimated 80 percent of edge data goes to waste because it cannot be transmitted to the cloud for processing due to bandwidth, latency, privacy, or cost constraints. This is due in part to the fact that existing networking and cloud computing technologies are not optimized to handle the flood of edge data generated by IoT devices. Furthermore, high-performance, power-hungry servers used in hyperscale data centers are unwieldy and too costly to deploy close to the edge.
•
To deliver on the promise of AI and autonomy, we must radically improve networking and computational efficiencies. This includes the ability to learn continuously on the
•
4
IoT Design Guide 2021
• •
Ongoing expansion of IoT and machine-to-machine (M2M) connectivity Sophisticated algorithms and new applications, such as AI, machine learning, neural networks, autonomous vehicles, and virtual/ augmented reality, all requiring low latency and high reliability Bandwidth and connectivity limitations impacting cloud computing The rising cost of data storage and transmission An increasingly distributed and mobile workforce New and emerging data privacy concerns and requirements www.embedded-computing.com/iot
QUADRIC
www.Quadric.io
@quadric_io
www.linkedin.com/company/quadric.io
The Rise of Edge Supercomputing
In this decade and beyond, we will see innovations in high-performance computing (HPC) outside the data center built on the back of edge computing and edge server technologies. And we will see the rapid rise of a new compute paradigm: edge supercomputing.
FIGURE 1 Shown here are the various roles edge computing plays in different application contexts.
Figure 1 shows the tradeoffs of computing infrastructure characteristics as we move away from data center models and closer to intelligent, computationally powerful edge devices. As intelligent edge devices continue to proliferate in the field, the investment and time to market required to embed HPC capabilities into these devices will only accelerate. Real-time applications such as autonomous vehicles and industrial IoT equipment will require significant onboard computing resources. Bandwidth-constrained applications also can be addressed more efficiently by adding on-premise servers or edge data centers.
A Shift in Strategies and Architectures
Because machine intelligence at the edge relies on various sensors embedded in devices that make real-time decisions, the computational power and low latency required are greater than that which current data processing infrastructure (i.e., the cloud) is equipped to handle on a massive scale. These emerging requirements are creating a shift in how and where data is processed. Many data centers are moving portions of their computing resources closer to the devices receiving and sending data. More users of AI-enabled devices are choosing to process data on-site rather than in the cloud. With data stored and processed locally rather than transmitted to the cloud, edge computing enhances many aspects of security and privacy. Edge computing also opens up new opportunities for innovation to meet the growing demand for high-performance, low-latency, energy-efficient IoT products and smart, autonomous applications. www.embedded-computing.com/iot
The ongoing shift toward edge computing will require reimagined IT strategies and architectures. The following factors are important considerations for the new edge supercomputing paradigm:
•
• •
Realign Support Operations to the Edge – Extend software support beyond x86 CPUs and compute unified device architecture (CUDA) GPUs to new architectures optimized for edge or embedded servers. Deploy flexible hardware architectures to run different types of workloads in multi-tenant environments leveraging evolving algorithm workloads. Extend Dev Ops – Expand dev-ops beyond the cloud to edge devices and everywhere in between. Reprioritize Capital Allocation – Explore investments in deploying on-premise edge servers and/or increasing edge data center capacity.
Adding high-performance edge processing capabilities to today’s operational architectures is as critical to IoT and AI infrastructure as expanding cloud compute capabilities was in the past decade. Despite progress in many areas of edge processing, developers deploying advanced algorithms on the edge remain resource constrained. The full potential of edge-based machine intelligence to improve tasks and processes has not been achieved. Developers must tailor AI and high-performance workloads for optimized target hardware rather than the other way around. Hardware should be purpose-built for these demanding edge workloads. Developers seeking to create algorithms for new application challenges require room for experimentation and innovation. Currentlyavailable edge computing products may enable design flexibility, but they lack the processing power to turn ideas into market-viable applications that can be deployed on a large scale. The solution is edge supercomputing – an entirely new hardware and software architecture that combines HPC with sophisticated AI capabilities. The benefits of deploying edge supercomputing across multiple applications and markets will be transformative for people, workplaces, industries, and cities everywhere. As real-time decision making for intelligent edge devices becomes a reality, we will experience a world of possibilities we’ve yet to imagine and untold innovations that will make our lives safer, more secure, and more productive. IoT Veerbhan Kheterpal is CEO of Quadric and has founded three technology companies. He has full stack expertise spanning from ASICs and data centers to consumer-facing products. He is responsible for designing a memorable journey for everyone involved with quadric.io and building an amazing company. IoT Design Guide 2021
5
EDGE COMPUTING
Edge Management: The Next Big IoT Challenge By James White, IOTech Systems
You now have an application to handle edge/IoT sensor data, make decisions locally, and actuate at the edge. You can even get the data back to your enterprise or cloud safely and affordably with that edge application. Great! Ah – but now there are looming questions that sit between you and your organization’s victory celebration: How do you get the application to the edge? How do you deploy and orchestrate your solution to the edge at scale? How do you get “the bits to the boxes”? Our company, like others, started facing this issue a while ago. Our clients wanted to know if we could get our new solutions to edge platforms. And once deployed, they wanted to know how to monitor the applications and platforms. Importantly, the management of these solutions has to be done at edge scale – which means thousands of platform nodes and hundreds of thousands of sensors/devices. Perhaps like you, we originally looked to partner solutions to assist with this need. We have seen some solutions in this space evaporate – through acquisition or demise. Many attempted to take an enterprise deployment/orchestration solution and make it fit to work at the edge. Neither the architecture nor the business model for these products worked for the opportunity that exists at the edge.
Why Edge Applications?
A question you may be asking as part of this discussion is, “Why have an edge application at all? Why not just have your sensors/devices connect into a cloud-native application and avoid all this hassle?” This is a fair question, and in some use case situations, this might be a viable solution. But there are a few reasons this solution may not work and a few considerations you want to ponder before invoking such a solution. First, your edge devices and sensors may not always have the connectivity needed to “phone home” directly to the cloud or your enterprise where you have those apps running. Legacy devices (think 1980s twisted pair Modbus device) or resourceconstrained devices (think simple MCU or PLC) may not have the TCP stacks necessary to send data directly to the cloud. Or the connectivity may be intermittent. So, are you okay with windows of lost data due to lost connectivity? In these cases, you need the edge app to provide the connection to the cloud and serve as a store-and-forward apparatus when the data cannot be lost. Second, do you have time to wait for your cloud to reply to the edge? The latency in a sensor-to-cloud solution may not be huge (seconds?), but in some use cases, it’s time-critical. You don’t want a decision about when to fire the air bag in your car done from the cloud. So, if latency and determinism are important elements in your edge use case, a sensor-to-cloud solution will not suffice. Finally, can you afford it? A sensor-to-cloud solution says you are going to haul all the data from the edge to your cloud, no matter how much it costs to ship it there (paying for connectivity), no matter how much it costs to warehouse it while you evaluate its worth (paying for storage), and no matter how much work is involved in sifting through it to find valuable information (paying for compute). Your edge applications can help save transportation, storage, and compute cloud costs by weeding out or consolidating the valuable data at the edge and shipping back only what’s needed by the enterprise.
6
IoT Design Guide 2021
It should be noted that there is a cost of writing edge applications, even beyond the edge management challenges. Cloud-native applications are written so they don’t really care or even know where they are. They are abstracted away from the actual hardware and fabric they live on so that they can be easily moved, scaled, and brought up or down quickly. Edge applications at the farthest extremes typically have to know where they are, what hardware and connectivity they are supporting, and rarely, if ever, are scaled up or down. So, if your “smart sensor” can make the connection, and if the latency concerns and data management costs are reasonable for your use case, bypassing the edge in favor of cloud-native applications and application management, sensor-tocloud can be a reasonable approach. However, if this is not the case, then the need for edge applications is compelling. Still, deploying and managing edge applications, especially at the “thin” edge, comes with some unique requirements. So, what should you look for when searching for an edge management solution? 1. Edge Platforms Are Resource Constrained. Memory, CPU, and network availability are in vast supply in your enterprise environment, but not on all edge platforms. Look for solutions that can work in resource-constrained spaces. Kubernetes, for example, requires a minimum 700 MB of memory. The resource constraints, www.embedded-computing.com/iot
IOTECH SYSTEMS LIMITED
www.iotechsys.com
age of the nodes (operational technology has an average lifespan of seven-plus years), or the nature and diversity of the edge nodes, mean that you cannot always count on containerization or virtualization. Edge applications are going to sometimes run on “bare metal” and your solution must address this. If you are thinking of “just upgrading the edge” to support these solutions, the scale makes this very hard and expensive. Look for solutions that are largely platform agnostic and don’t require you replacing your infrastructure. 2. Monitoring the Edge, Both Node and Platform, Is Different than Monitoring Enterprise Servers. Given the scale, you often can’t afford to have all the telemetry reported to a central location and make any sense of it. You need an edge monitoring solution that automatically detects issues and then increases the collection of information on troublesome nodes to pinpoint and solve problems. Edge monitoring solutions have to minimize polling and data exchange and maximize push reporting and alerts on issues. 3. Edge Nodes Are Connected to Sensors and Devices that Speak All Sorts of Interesting Protocols and Data Formats. Deploying, orchestrating, onboarding/provisioning, and then monitoring the applications and this connectivity presents unique challenges. The right edge applications will help, especially when onboarding sensors and devices. Also, look for management solutions that understand the true nature of edge connectivity. You don’t want a management solution that can’t negotiate security constraints, or see through a container or a virtual layer to the device connectivity layer of the platform. 4. Edge Platforms Often Work Where There Is Low, No, or Intermittent Connectivity. Edge management solutions must be able to work “on-prem” and completely remote from the internet for some use cases. Edge nodes, such as those www.embedded-computing.com/iot
@IOTechSystems
www.linkedin.com/company/iotech-systems
on transportation vehicles, are going to have brief periods of connectivity. Look for edge management systems that can operate mostly independently at the edge and can briefly and cheaply take care of business when there is connectivity. 5. Edge Nodes are Often Hard to Get to. Their sheer numbers make it difficult to touch each one during a new application rollout. Look for solutions that offer a zero-touch or low-touch approach to onboarding and provisioning. This often requires the nodes to do more by way of reporting their presence and self-bootstrapping. 6. Make Sure You Explore Edge Management Solution Pricing and Make Sure it Fits Your Budget. Again, many edge management solutions have grown from enterprise management solutions. The pricing model often reflects the product origins. Look for an edge management solution that is priced to edge scale. Charging per CPU, number of connected sensors/devices (things), or amount of data transmitted to the back end can lead to unaffordable solutions. Do your homework to understand what you will have under management and that the pricing fits your requirements. These points serve as an important guide. Not all of them may be applicable to your use case and deployment situation. The unique challenges of edge management and the absence of truly edge-specific solutions have prompted a great deal of development activity, including a number of serious open-source initiatives that are emerging in this area.
What to Explore
What are some of the open-source edge management solutions to consider? As mentioned, this is still an up-and-coming field. You might experience some growing pains as these solutions evolve and take shape or find that the solution doesn’t meet all of your needs.
•
•
•
Edge Software Hub – A collection of edge software packages created by Intel that includes elements such as Edge Software Installer (formerly Retail Node Installer). It automates the installation of a complete operating system and software stack (defined by a Profile) on bare metal or virtual machines, using a “just-in-time” provisioning process. Project EVE – EVE is an open edge computing engine project under LF Edge that enables the development, orchestration, and security of cloud-native and legacy applications on distributed compute nodes. Supporting containers and clusters (Dockers and Kubernetes), virtual machines, and unikernels, Project EVE aims to provide a flexible foundation for IoT edge deployments. Open Horizon – Open Horizon is another LF Edge platform for managing the service software lifecycle of containerized workloads and related machinelearning assets. It enables autonomous management of applications deployed to distributed webscale fleets of edge computing nodes and devices without requiring on-premise administrators.
At IOTech, we have been developing a new edge management solution called Edge Builder. We believe that Edge Builder will help address the considerations described previously while incorporating many open-source tools and technologies, including some of the above. Initially focused on application deployment and orchestration, the company is also working toward managing and monitoring the edge nodes themselves through an open-source, platform-agnostic, edge-centric, and affordable edge management solution to complement existing edge applications. Edge management is a challenge that is starting to receive serious industry attention and there are plenty of good things to come in this area, so stay tuned. IoT James White is CTO of IOTech Systems Limited. IoT Design Guide 2021
7
EDGE COMPUTING
The Evolution of Edge AI and Cloud Computing By Dan Clement, ON Semiconductor
Before 2019, most IoT systems consisted of ultra-low-power wireless sensor nodes, often battery powered, that provided sensing capabilities. Their primary purpose was to send telemetry data up to the cloud for big data processing. Almost every company was doing this to enable proofs of concept (PoCs) as the Internet of Things became the new buzzword and market trend. Cloud service providers have nice dashboards that present the data in attractive graphs to help support the PoCs. The main reason for the PoCs was to convince stakeholders to invest in IoT and prove return on investment so larger projects could be funded. As this ecosystem scaled up, it became clear that there was the potential for sending too much data back and forth through the cloud. This could clog up the bandwidth pipeline and make it harder to get data in and out of the cloud quickly enough. This would also create latency that is at minimum annoying, and in the extreme could break applications that need guaranteed throughput. Despite major improvements in bandwidth and transfer speeds promised from standards such as 5G and Wi-Fi 6E, the massive number of IoT nodes communicating with the cloud has exploded. In addition to the sheer number of devices, costs are also increasing. Early IoT infrastructure and platform investments need to be monetized and, as more nodes are added, the infrastructure needs to be both scalable and profitable. Around 2019, the idea of edge computing became a popular solution. Edge computing implements more advanced processing within the local sensor network. This minimizes the amount of data that needs to go through the gateway to the cloud and back. This directly reduces costs as well as frees up bandwidth for additional nodes if needed. Having less data transferred per node also has the potential to reduce the number of gateways needed to collect and transfer the data to the cloud. As innovations were made and algorithms became more efficient, AI has also been moving to end nodes very rapidly and its use is becoming standard practice. A notable example is the Amazon Alexa voice assistant. The detection and wakeup upon hearing the trigger word, “Alexa”, is a familiar use of edge AI. In this case, the trigger word detection is done locally in the system’s MCU. After it successfully triggers, the rest of the command goes to the cloud over a Wi-Fi network where the most demanding AI processing is done. This way, the wakeup latency is minimized for the best possible user experience. Besides addressing the bandwidth and cost concerns, edge AI processing also brings additional benefits to the application. For example, in predictive maintenance, small sensors can be added to electric motors to measure temperature and vibration. A trained AI model can very effectively predict when the motor has or will have a bad bearing or an overload condition. Getting this early warning is critical to servicing the motor before it completely fails. This predictive maintenance greatly reduces line down time because the equipment is proactively serviced before complete failure. This offers tremendous cost savings and minimal loss of efficiency. As Benjamin Franklin said, “An ounce of prevention is worth a pound of cure”. As more sensors are added, gateways can also get overwhelmed with the telemetry data from the local sensor network. In this case, there are two choices to alleviate this data and network congestion. More gateways can be added or more edge processing can be pushed to the end nodes.
8
IoT Design Guide 2021
The idea of pushing more processing to end nodes, typically sensors, is underway and gaining momentum rapidly. The end nodes are typically running on power in the mW range and sleep most of the time with power consumption in the µW range. They also have limited processing capability, driven by the low power and cost requirements for end nodes. In other words, they are very resource constrained. For example, a typical sensor node can be controlled by an MCU as simple as an 8-bit processor with 64 kB of flash and 8 kB of RAM with clock speeds around 20 MHz. Alternatively, the MCU may be as complex as an Arm Cortex-M4F processor with 2 MB flash and 512 kB RAM with clock speeds around 200 MHz. Adding edge processing to resourceconstrained end node devices is very challenging and requires innovation and optimization at both the hardware and software levels. Nevertheless, since end nodes will be in the system anyway, it is economical to add as much edge processing power as possible. As a summary of the evolution of edge processing, it is clear that end nodes will continue to become smarter, but we have to also continue to respect their low resource requirements for cost and power. Edge processing will remain prevalent as will cloud processing. Having options to assign functionality to the right location allows systems to be optimized for each application and ensures the best performance and lowest cost. Distributing hardware and software resources efficiently is the key to balancing competing www.embedded-computing.com/iot
ON SEMICONDUCTOR www.onsemi.com
TWITTER @onsemi
YOUTUBE
www.youtube.com/channel/UCjz-_ox1i6Gcv40UwAa6j0A
www.linkedin.com/company/on-semiconductor
performance and cost objectives. The proper balance minimizes data transfer to the cloud, minimizes the number of gateways, and adds as much capability to sensors or end nodes as possible.
Example of an Ultra-Low-Power Edge Sensor Node
The RSL10 Smart Shot Camera, developed by ON Semiconductor, addresses these various challenges with a design that is ready to be used as-is or easily added to an application. The eventtriggered, AI-ready imaging platform uses a number of key components developed by ON Semiconductor and ecosystem partners to give engineering teams an easy way to access the power of AI-enabled object detection and recognition in a low-power format. The technique adopted is to use the tiny but powerful ARX3A0 CMOS image sensor to capture a single image frame, which is uploaded to a cloud service for processing. Before sending, the image is processed and compressed by an image sensor processor (ISP) from Sunplus Innovation Technology. After applying JPEG compression, the image data is much faster to transfer over a Bluetooth Low Energy (BLE) communication network to a gateway or cell phone (a companion app is also available). The ISP is a good example of local (end node) edge processing. The image is compressed locally and less data is sent over the air to the cloud, which provides clear power and networking cost savings resulting from reduced airtime. The ISP has been specially designed for ultra-low power operation, consuming just 3.2 mW when active. It can also be configured to provide some on-sensor preprocessing that can further reduce active power, such as setting a region of interest. This allows the sensor to remain in a low power mode until an object or movement is detected in the region of interest. Further processing and BLE communication is provided by the fully-certified RSL10 System-in-Package (RSL10 SIP), also from ON Semiconductor. This device offers industry-leading low power operation and short time to market. www.embedded-computing.com/iot
FIGURE 1
The RSL10 Smart Shot Camera contains all of the components required for a rapidly deployable edge processing node.
FIGURE 2
The RSL10 Smart Shot Camera’s image sensor processor allows images to be sent over Bluetooth Low Energy (BLE) to a smartphone and on to the cloud where computer vision algorithms can be applied for object detection.
As can be seen in Figure 1, the board includes several sensors for triggering activity. These include a motion sensor, accelerometer, and environmental sensor. Once triggered, the board can send an image over BLE to a smartphone where the companion app can then upload it to a cloud service, such as the Amazon Rekognition service (Figure 2). The cloud service implements deep learning machine vision algorithms. In the case of the RSL10 Smart Shot Camera, the cloud service is setup to do object detection. Once an image is processed, the smartphone app is updated with what the algorithm detected along with its probability of success. These types of cloud-based services are extremely accurate because they literally have billions of images to train the machine vision algorithm.
Conclusion
As discussed, the IoT is changing and becoming more optimized to enable massive and cost-effective scaling. New connectivity technologies continue to be developed to help address power, bandwidth, and capacity concerns. AI continues to evolve and become more capable as well as more efficient, enabling it to move to the edge and even end nodes. The IoT is growing and adapting to reflect continued growth and prepare for future growth. The RSL10 Smart Shot Camera from ON Semiconductor is a modern example of how to successfully address the main issues with putting AI at the edge: power, bandwidth, cost, and latency. IoT Dan Clement is a Senior Principal Solutions Marketing Engineer at ON Semiconductor, focused on Wireless IoT. He started in the semiconductor industry more than eighteen years ago, and has worked in multiple roles from analog/mixedsignal IC design to RF applications engineering to ultra-low power wireless. IoT Design Guide 2021
9
LOW-POWER, WIDE-AREA NETWORKING
Enabling Long-Range, Low-Power IoT Applications with LoRa and BLE By Charlene Wan, Ambiq Micro
As the Internet of Things expands, so do the digital sensors and networking technologies that connect devices and applications. Key technologies enabling this IoT connectivity in smart homes and other use cases are wireless standards like Wi-Fi, Bluetooth, and 5G. Among the available wireless protocols, the most popular are Bluetooth Low Energy (BLE) and LoRa (Long Range). The combination of BLE (intended for short-range networks) and LoRa (ideal for low-power wide-area networks (LPWANs)) provides an easy and secure solution for deploying today’s IoT applications.
How IoT Deployments Have Evolved
Traditionally, IoT deployments exist close to telecommunications infrastructure in a city or town. IoT devices can connect to existing cellular networks using the LTE-M or NB-IoT protocols, which offer low bandwidth, low power, and low cost. Many of these products are powered by a portable battery or by plugged into an AC wall outlet.
•
But the future of IoT lies at the edge where sensor device-to-cloud wireless connectivity does not have to rely on urban communication infrastructure. And IoT devices and sensors deployed in remote locations pose logistical challenges for battery life and maintenance. They are often inaccessible to field technicians and, in use cases like a farm or factory, deployed in the hundreds or thousands. This makes it impractical to maintain each one manually. Setting up an IoT system can be a complex process, and the cost of deployment and maintenance can add up quickly even if you do not have to pay traditional networking infrastructure costs. As such, the IoT solution you choose needs to provide enough value to cover the cost of implementing and managing it.
•
Companies should consider the following criteria when deciding on the best solution:
• •
Scalability – Depending on the effectiveness of the existing IoT deployments, setting up additional endpoint devices within the network may be needed in the future. However, connecting new endpoints can become extremely complex as the amount of data generated and transmitted increases. Edge Intelligence – The rise of edge computing means that your endpoint devices can compute more processes locally. However, to enable edge computing and intelligent endpoints, an IoT module needs to have a powerful microcontroller unit that can process data in real-time.
10
IoT Design Guide 2021
•
Security – Keeping an IoT solution secure is challenging because of the numerous use cases, types of network architectures, and different deployment options. In certain applications, a breach in the IoT environment could leak information that is critical to how the business works or how a proprietary device is manufactured. First-rate security is a must for cloud computing modules transmitting and receiving data on a regular basis. Energy Efficiency – Remote IoT deployments must rely entirely on battery power, which needs to last for years to maximize operating time. For low-power IoT applications, the IoT solution needs to perform at the highest standards for energy efficiency to ensure reliable system operation regardless of the available power source. Form Factor – To meet the environmental and performance demands of today’s remote Industrial IoT deployments, the IoT module must be rugged, have an www.embedded-computing.com/iot
AMBIQ MICRO www.ambiq.com
•
@Ambiq_Micro
ultra-small form factor, and integrate high-performance components. Despite a small form factor, the module needs to be compatible with standard wireless technologies, such as Wi-Fi, BLE, and LoRa. Cost – Depending on your specific deployment needs, you may need hundreds or even thousands of sensors that each connect to a gateway (Figure 1). Therefore, IoT sensor devices need to be cost effective to enable widespread deployment.
To meet these demands, industry leaders are blending BLE and LoRa, which allows them to capture IoT sockets in remote locations more efficiently and at lower cost. As a result, new applications and opportunities are emerging.
YOUTUBE
The enabling technologies for remote IoT device deployments must be cost effective and scalable.
FIGURE 2 LoRa is a long-range, low-power, lowdata rate wireless communications technology that is significantly less expensive than comparable cellular technologies.
Thanks to BLE’s small footprint and energy-efficient architecture, small wireless sensors and controls can operate on a battery charge for years and, unlike traditional wired devices, users can place BLE-enabled devices in nearly any location without worrying about physical accessibility, technical difficulty, or financial practicality. However, until recently, BLE usage was limited to low-throughput endpoints like beacons and wearables. And while the latest Bluetooth 5.0 standard can send large data files or stream audio without quickly draining your device battery, most BLE-based IoT applications rely on a mobile phone’s cellular connection as a gateway back to the cloud. If the cellular network is not reachable, LoRa technology is needed. The LoRa modulation technology makes up the physical layer of LoRaWAN, a software protocol based on LoRa. Together, LoRa and LoRaWAN enable long-range connectivity for IoT devices that have low power requirements and collect small amounts of data. Compared to other modulation schemes, LoRa is extremely energy efficient, resistant to interference, and cost effective (Figure 2). The combination of small www.embedded-computing.com/iot
www.linkedin.com/company/ambiqmicro
LPWAN Ecosystem Long-range enterprise IoT (EIoT solutions)
FIGURE 1
Cloud applications Gateways Embedded modules
Embedded modules
Sensors
Embedded modules
Data Rate & Power Consumption
Cost: Low
100 MBps
Bluetooth
1 MBps
Wi-Fi Halow
Licensed LPWAN LTE-M EC-GSM NB-IoT
BLE Zigbee Z-Wave
100 KBps
1 KBps
High
Cellular 5G 4G/LTE 3G
Wi-Fi
Unlicensed LPWAN MIOTY LoRa Sigfox
RFID
1m
Why Use LoRa and BLE Together?
www.youtube.com/channel/UCjMxU8MQVUkdIrZ-kEBGu_g
10 m
100 m
1 km
Range 10 km
receive bandwidth and a unique coding scheme allows LoRa radios to achieve a receiver sensitivity as low as -140 dBm. These characteristics support line-of-sight communications up to 10 miles and deep penetration capability through concrete and foliage. It also features ultra-low power requirements that enable battery-powered devices to last more than five years. BLE and LoRa are complementary technologies, with BLE supporting short-range connectivity and LoRa fulfilling long-range requirements. This makes the pairing ideal for a variety of applications such as industrial machine health monitoring, delivery lockboxes, and livestock health monitoring.
A Better IoT Solution
With the right edge-computing hardware, an IoT device that leverages the flexible connectivity of LoRa and BLE can detect costly malfunctions locally like a burst pipe and send that information to the cloud for analysis. But with sufficient intelligence, edge devices can make cost-saving decisions on their own, such as shutting off water valves supplying the broken pipe. As real-time applications that need processing at the edge increase, so too will the number of intelligent endpoints that are deployed in the field. Of course, adding this intelligence cannot come at the expense of significant power consumption. MCUs such as the Ambiq Apollo3 Blue can handle the low-power edge compute needed to support real-time applications. With the combination of an ultra-low-power MCU and a module such as from Northern Mechatronics, enterprises can find a secure and cost-effective solution to deploy IoT remotely and reliably without relying on existing telecom infrastructure. Together, these technologies enable reliable, secure, and energy efficient IoT deployments worldwide. IoT Charlene Wan is Vice President of Marketing Communications & Branding at Ambiq Micro. IoT Design Guide 2021
11
SECURITY
Building Smarter, More Secure Cities from the Ground up with Open Standards By Phil Beecher, Wi-SUN Alliance
Internet of Things technologies are finding their way into every corner of our lives. They monitor how we drive, make factory production lines more efficient, and keep utilities running smoothly. They are also at risk of compromise from adversaries who may be financially motivated cyber criminals, nation-state operatives, or even disgruntled employees. There is no silver bullet to help us fix this challenge. But security-by-design and open standards should be your guiding principles when designing products and building IoT systems. These will not only help to minimize cyber risk but can also speed time-to-market and drive cost efficiencies.
The Worst-Case Scenario
Security Starts Here
Weak passwords, firmware vulnerabilities, and insecure networks continue to blight deployments. They offer attackers an opportunity to hijack devices, to sabotage critical infrastructure, hold organizations to ransom, and steal sensitive data from connected networks. It is a threat identified long ago in the 1960s classic film, The Italian Job, where traffic in a prototypical Italian “smart city” is brought to a standstill by hackers. Unfortunately, much worse could happen today. A foiled cyber-attack on a water plant in Oldsmar, Florida earlier this year was designed to poison residents’ drinking water[3].
First, each device must be uniquely identifiable so that it can be authenticated effectively when joining a network, and able to prove that it has not been tampered with or hijacked with rogue code. Digital certificates embedded in each device are an ideal way to achieve this, as they can be embedded during manufacturing or prior to commissioning and
We are at the beginning of a new era of smart cities. Yet as connectivity and computing power is distributed more widely across large-scale outdoor networks, threat actors will continue to scale-up their own campaigns to monetize attacks. At the moment, there are plenty of security gaps to target. One 2020 report claims that IoT devices now comprise one-third (33 percent) of all infected devices on global networks, up from 16 percent in 2019[1]. Another report claims that more than half (57 percent) are exposed to medium- or high-severity attacks[2].
12
IoT Design Guide 2021
In this context, engineers and developers should be laser-focused on developing a robust security architecture. This will include two key elements as part of the device: device authentication and message encryption.
www.embedded-computing.com/iot
WI-SUN ALLIANCE https://wi-sun.org
YOUTUBE
@WiSUNAlliance
www.youtube.com/channel/UCbO1qAGY-Jz0SSfLcDErOfw
www.linkedin.com/company/ wi-sun
A WATER PLANT IN
An inherent concern for RF technology is the susceptibility to interference. Interference may be unintentional (such as co-located networks), caused by interferers (such as welding equipment), or may be intentional (like from a jamming device). Wi-SUN FAN networks, for example, use a number of techniques to mitigate these types of interference:
OLDSMAR, FLORIDA
•
EARLIER THIS YEAR
•
“A FOILED CYBER-ATTACK ON
WAS DESIGNED TO POISON RESIDENTS’ DRINKING WATER.”
are not vulnerable to compromise in the way that passwords are. All secure devices will contain a private key, which must be protected. There is more than one approach to this: consider a hardware secure element, a chip that is designed to specifically protect against unauthorized access, even if the attacker has physical access to the device (as is often the case with IoT) [4]. Another technique to prevent tampering is the physically unclonable function (PUF)[5]. Here, a “fingerprint” is derived from the unique characteristics of a piece of silicon (transistor threshold voltages, gain factor, etc). This can then be turned into a unique cryptographic key and used as the chip’s root key. The advantage here is that no additional hardware is needed to store the key securely, and that it becomes invisible to hackers when the device is powered off. Device authentication is just part of the protection needed. Equally important is message encryption. Encryption ensures the message contents are private and prevents alteration of messages, for example, from a “man-in-the-middle” attack. Radio standards, such as IEEE 802.15.4, include AES message encryption, which is built into RF silicon to encrypt messages on-the-fly. AES provides a lightweight method to secure over-the-air frames while maintaining low power consumption and processor overhead. www.embedded-computing.com/iot
First, devices use decentralized frequency hopping that makes it difficult for an attacker to deny service by jamming signals. Additionally, the mesh network topology has a major effect of network resilience, offering several advantages over star (or “hub-and-spoke”) networks. They are more reliable, as data can be re-routed if devices lose contact with each other. And, device-to-device transmissions are typically made over shorter distances, so there’s improved power efficiency, performance, and channel utilization.
The Power of Open Standards
The use of open, interoperable standards is another important consideration. Why does this matter from a security perspective? The answer is that open standards will be mature and reliable, stress-tested and verified by many stakeholders, both developers and users of the technology. Therefore, vulnerabilities are quickly detected and remediated. Wi-SUN Alliance profiles use a wide range of IEEE and IETF standards, including the IEEE 802.15.4 RF and link layers, secure device identity from 802.1AR, IETF EAP-TLSbased network authentication, and IEEE 802.15.9 key management.
A Better Security Scenario
From a product perspective, following open standards can speed time-to-market, keep costs down, and ensure your products can be optimized with a variety of manufacturers’ processors and radios. Typically, there will be a range of publicly available protocol stacks, design information, and reference implementations to help you build and future-proof secure products. As smart cities, smart utilities, and large-scale corporate IoT networks continue to grow, so will the attention of cyber criminals looking for new ways to make money. That is why security-by-design is a prerequisite for all connected devices. IoT Phil Beecher is the president and CEO of Wi-SUN Alliance and a recognized global expert on wireless IoT. He can be reached at phil.beecher@wi-sun.org. Resources:
1. Help Net Security (2020, October 22). Attacks on iot devices continue to escalate. Retrieved April 28, 2021, from https://www.helpnetsecurity.com/2020/10/28/attacks-on-iot-devices-continue-to-escalate. 2. Manager, A. (2021, February 18). OT/IoT Security Report: Rising IoT Botnets and Shifting Ransomware Escalate Enterprise Risk. Retrieved April 28, 2021, from https://www.nozominetworks.com/blog/what-it-needs-to-know-about-ot-io-securitythreats-in-2020. 3. Robles, F., & Perlroth, N. (2021, February 09). ‘Dangerous stuff’: Hackers tried to poison water supply of Florida Town. Retrieved April 28, 2021, from https://www.nytimes. com/2021/02/08/us/oldsmar-florida-water-supply-hack.html. 4. Watchdog. (n.d.). What is an IoT Hardware Secure Element? Retrieved April 28, 2021, from https://cerberus-laboratories.com/blog/iot_hsms. 5. Physical Unclonable Function - Intrinsic ID: Home of PUF Technology. (2021, February 25). Retrieved April 28, 2021, from https://www.intrinsic-id.com/physicalunclonable-function.
IoT Design Guide 2021
13
SECURITY
Why Deception is the Achilles’ Heel of IoT By Pim Tuyls, Intrinsic ID
The numbers are staggering. Depending on the source, the forecast number of connected IoT devices in 2021 varies from 20 to 40 billion, all producing immense volumes of data. And as more intuitive and responsive devices are unleashed, the lines between the digital and physical universes get blurry. Not to mention the impact all this connectedness has on security. IoT security has been widely discussed and is oftentimes associated with topics such as “the expanding attack surface” and “zero-day vulnerabilities.” However, one underrated attack vector that is often missing in those discussions is the most basic and vital of all: deception. Deception was known to be effective thousands of years ago, in the time of Sun-Tzu, author of The Art of War, which asserted it as the most powerful tool of the attacker. Today, with the advent of IoT, it’s no different. How do you win by deception? It has a lot to do with impersonation. For example, in the military, if hostile signals pretend to be coming from your own drones, you are in big trouble. And, if, in the near future, smart traffic lights have been tampered with, sending out deceiving signals to autonomous cars, the outcome could be disastrous. Take a common crime like stealing a car. In a parking lot, a criminal can attack one car. But, with the IoT, a hacker can simultaneously hack 10, 100, or 1,000 cars, possibly in various cities around the world. And the bigger problem is that, with the IoT, hackers can be ANYWHERE when making these attacks; they need not be physically near the hacked devices. They can be on the other side of the ocean.
Authentication is the Key
While it might not be the first thing everyone thinks of, the fact that deception is the biggest threat to IoT security is nothing new for security experts. Well-known
14
IoT Design Guide 2021
security author Bruce Schneier wrote a blog in 2016 about a rare public talk by Rob Joyce, who at that time was head of the Tailored Access Operations Group of the NSA. In this talk he downplayed zero-day vulnerabilities as overrated, asserting that “credential stealing is how to get into networks.” In fact, almost all security problems are authentication problems. If you can authenticate the identity of the device on the other side of a communication, you can know what is legitimate and what is not. But how do you authenticate a device? A drone or a car? It is possible the request to access your device is legitimate, but it might not be. When talking about device authentication, it helps to draw the human analogy. Customs officers identify people by their passport. And for some countries it must www.embedded-computing.com/iot
INTRINSIC ID
www.intrinsic-id.com
@IntrinsicID
YOUTUBE
www.youtube.com/channel/UCPIc3xS2KwuCcB11pt4a_xA
www.linkedin.com/company/intrinsic-id
“JUST AS HUMAN UNCLONABLE, THIS DEVICE-UNIQUE
Passport / Visa
FINGERPRINT IS ALSO
Birth Certificate
UNCLONABLE. COMBINED WITH THE DEVICE CERTIFICATE, WHICH
Device Unclonable Identity
Human Unclonable Identity
FINGERPRINTS ARE
Human Fingerprint
Device Certificate / Policies Mfg. record (serial, date, ...) Fingerprint of the chip
Can be cloned
Very hard to clone
SERVES AS A PASSPORT, IT BUILDS UNCLONABLE DEVICE IDENTITIES.” be accompanied with a visa. To be really secure, they have to verify your identity by checking your fingerprints. For devices that connect to the cloud it is very similar. Devices identify themselves to the cloud by showing their deviceunique certificate. This certificate has been registered at the cloud provider and certain permissions are linked to it – similar to a visa on a passport (Figure 1). Authorities / Customs Official
Cloud / Server / Device
Identification / Authentication
Human
FIGURE 1
Chip in Smart Device
An example of human and device identification and authentication.
It is not very hard to copy certificates from one device to another. Identification is not enough – identity needs to be verified. And the best way to do this (the unclonable way) is by checking something that is unique to the device (Figure 2). In other words, elements in the hardware of the device that cannot be copied from one device to another. www.embedded-computing.com/iot
FIGURE 2
Rooting identity in something that is very hard to clone.
PUF as a Device Fingerprint
Intrinsic ID uses a “fingerprint” that can be found in the static random-access memory (SRAM) of every chip. This fingerprint is called an SRAM physically unclonable function (PUF). Just as human fingerprints are unclonable, this deviceunique fingerprint is also unclonable. Combined with the device certificate, which serves as a passport, it builds unclonable device identities. For every connected device – a voice-assisted device, a connected car, a drone, a watch, a thermostat, a light bulb, an insulin pump – an unclonable identity can be created based on the PUF that makes it very difficult to bypass the authentication safeguards. With this unclonable identity, we can securely authenticate the device, protect the data’s integrity, and ensure the data’s confidentiality. But how does an SRAM PUF work? An SRAM PUF is based on the behavior of standard SRAM memory that is available in any digital chip. Every SRAM cell has its own preferred state every time the SRAM is powered, resulting from random differences in transistor threshold voltages. Hence, when powering SRAM memories, every memory will yield a unique and random pattern of 0s and 1s. As stated before, these patterns are like chip fingerprints because each one is unique to a particular SRAM and hence to a particular chip. However, this “response” from the SRAM PUF is a “noisy” fingerprint and turning it into a high-quality and secure cryptographic key requires further processing. By using “fuzzy extractor” IP it is possible to reconstruct exactly the same cryptographic key every time and under all environmental circumstances. There is no need for either the chip vendor or the device manufacturer to inject the device’s root key. Injecting secret keys requires a trusted factory, adds cost and complexity to the manufacturing process, and limits flexibility. Hence, it is a significant benefit that key injection is not required. This method of deriving a key from the SRAM properties has great security advantages compared to traditional key storage in non-volatile memory (NVM): Because the key is only generated when needed and therefore never stored, it is not present when the device is not active (no key at rest). Hence, it cannot be found by an attacker who opens the device and compromises its memory contents, which significantly increases the security of the device. There is no need to add costly security hardware, such as a secure element or trusted platform module (TPM) chip, to protect secret keys and valuable data on the chip. Any sensitive content or IP encrypted with the SRAM PUF key (or a key derived from it) can IoT Design Guide 2021
15
SECURITY be stored in unprotected memory, as it cannot be read anywhere outside of the chip without the SRAM PUF key (Figure 3).
From Key to Identity
Once a device is equipped with a root key from the SRAM PUF, additional functional keys can be derived from this root key by using a key derivation function (KDF) as specified by the National Institute of Standards and Technology (NIST). Any key derived from the SRAM PUF root key automatically inherits the benefits described earlier, so it also does not require injection, is never stored (is derived only when needed), and does not require costly security hardware. Device identities are typically managed by device certificates in a public key infrastructure (PKI). Using PKI, each device identity is built from a strong public-private cryptographic key pair that is unique to the chip. While the public part can be shared 3 1
Process Variation Deep sub-micron variations in the production process give every transistor slightly random electric properties 2
Silicon Fingerprint The start-up values create a highly random and repeatable pattern that is unique to each chip 4
SRAM Start-up Values When the SRAM is powered on this randomness is expressed in the start-up values (0 or 1) of SRAM cells
FIGURE 3
SRAM PUF Key The silicon fingerprint is turned into a secret key that builds the foundation of a sexurity subsystem
Deriving a key from SRAM start-up behavior
to establish the identity, the private part (used to authenticate the identity) must be kept secret at all times and should be bound to the device. These requirements fit perfectly with the properties of the SRAM PUF. When a public-private key pair is derived from an SRAM PUF, it is guaranteed that this key pair is device-unique simply because the root key is device-unique. Also, the private key is protected at all times, as it is never stored and only derived when needed. Hence, deriving a public-private key pair from an SRAM PUF provides the properties that are required for use in a PKI. Now, the public key can be shared with a certificate authority (CA) via a certificate signing request (CSR). Based on this public key, the CA returns a certificate that is provisioned onto the device. When the device connects with a cloud it will use this certificate to show its identity. Based on the certificate, the cloud
OpenSystems Media works with industry leaders to develop and publish content that educates our readers. Edge Computing is Here. What’s Next? By Lynx Software Technologies Referencing the real-world example of a car manufacturer dramatically improving their quality-control processes, we will examine the results from a testbed created in association with a number of pioneering European companies that can deploy data analytics workloads, communication protocol translation, and control workloads on the same platform without compromising performance.
www.embeddedcomputing.com/technology/iot/edge-computing/edge-computing-is-here-whats-next?
16
IoT Design Guide 2021
Check out our white papers at www.embedded-computing.com/ white-paper-library www.embedded-computing.com/iot
can verify the identity of the IoT device by running an authentication protocol that requires the device to have its private key (Figure 4). The authenticity of the device can now be guaranteed since no other party knows, or has access to, the private key. And, of course, the private key is reconstructed on the fly from the chip’s SRAM PUF.
PUF SRAM Fuzzy Exytractor
Private Key
CSR {
Mutual Authentification
Cloud
Public Key
}
Provisioning Tool
Certificate Authority
FIGURE 4
Connecting a device securely to the cloud.
In this way, a secure identity can be built into devices similar to the secure identity built for people through documents such as passports. Instead of using the biometrics of a person as the root of trust for a passport, the “fingerprint” from the SRAM PUF is used to unequivocally tie the identity in a certificate to the hardware of a device. The bottom line is that if we want to make the IoT successful, we have to establish trust, which requires authentication we can count on. Using the unclonable identity inherent to every device is a great place to start. IoT With more than 20 years experience in semiconductors and security, Pim Tuyls is widely recognized for his work in the field of SRAM PUF and security for embedded applications. He co-wrote the book Security with Noisy Data, which examines new technologies in the field of security based on noisy data and describes applications in the fields of biometrics, secure key storage, and anti-counterfeiting.
Making the Grade with Linux and Cybersecurity at the Intelligent Edge Sponsored by Wind River Software developers use open source Linux because of its ease of access, flexibility, and leading-edge technologies. It also has one of the largest and most prolific communities, with vast amounts of resources. At the intelligent edge, where devices and systems have mission-critical functionality, Linux adoption has lagged behind other markets. But the momentum is shifting, and Linux has the potential to lead the way for a massive transformation of the embedded industry. Join Michael Mehlberg, vice president of marketing for Wind River® Security, for a fast-paced micro series covering the requirements needed for Linux to make the grade at the intelligent edge. Watch the seven-part series at http://bit.ly/WindRiverMakingtheGrade.
WATCH MORE WEBCASTS:
https://www.embeddedcomputing.com/webcasts www.embedded-computing.com/iot
IoT Design Guide 2021
17
SECURITY
Security in Short-Range Wireless Solutions and Mesh Networks By Nick Wood, Insight SiP
While wireless connectivity brings many advantages, security is where it adds weaknesses. A wired connection can be probed or diverted, but it requires physical access and quite visible interference. Wireless connectivity, by contrast, makes it possible to spy on data transfer or inject malicious content remotely and unseen. This article discusses how security in short-range wireless is evolving as solutions – and threats – become increasingly sophisticated. There has been an explosion in the use of short-range wireless solutions in recent years, driven principally by the arrival of the Bluetooth Low Energy (BLE) standard. While plenty of short-range wireless solutions existed previously, their uptake was limited. This was either because they focused on niches – such as Zigbee or ANT – or were ill-suited to battery-powered or intermittent use cases – like Bluetooth “classic”. BLE fulfilled the general “cable replacement” objectives of the original Bluetooth standard, and with BLE quickly becoming natively available on phones, laptops, and tablets, there was a ready-made market of devices to connect to. Most early BLE solutions were quite simple point-to-point (P2P) connections between one device and another. A BLE connection has two main levels of security: a “pairing process” whereby a secure link is established between two devices and then data encryption for actual data transmission. Pairing is in many ways the weak point of P2P connection security and can be open to “man in the middle” attacks, whereby a third-party device connects to the two legitimate devices and places itself between them, allowing it to spy on or manipulate
18
IoT Design Guide 2021
data traffic. This risk can be reduced via an “out-of-band” exchange of data for pairing, which involves either manually entering a passcode or exchanging keys via a different channel such as NFC. The downside is increased complexity for the user and cost of devices. This highlights a key issue when considering security – there is rarely a “right” answer. The challenge is to find the right trade-off between security, usability, and cost.
Data Encryption & Beyond
Once a connection is established, data is encrypted via AES-CCM 128-bit symmetric www.embedded-computing.com/iot
INSIGHT SIP
www.insightsip.com
FIGURE 1
@insightSiP
www.linkedin.com/company/insight-sip
This diagram shows how a secure processor restricts access to data and resources in the trusted zone.
considers the example of a medical wearable, erroneous data could, in extremis, be life threatening.
End-to-End Security Considerations
For an end-to-end secure system, there are two major considerations. Encryption is one – that data can pass from one end to the other, but not be readable by anyone even if they had full control of an intermediate relay point. The second is authentication – that data apparently coming from an end device really is indeed coming from that device, and not being injected by a malicious actor, or the reverse. key cryptography, which is generally considered secure. However, this is only true provided the key remains secret. One issue with many simple BLE devices is that their integrated microprocessors are limited with no secure memory storage. Therefore, it is possible for an attacker to temporarily gain access to a device and steal the key for future spying purposes.
Encryption is often seen as the principal issue in security, but authentication is often the most crucial step. To illustrate, you might not want people spying on your financial transactions when you use a credit/bank card, but you would probably be far more concerned if someone could easily pretend to be you and access your bank account.
Even if we assume that the link is secure, this only establishes a secure P2P connection. Newer applications are increasingly more widely connected, and data is ultimately transferred far beyond a simple P2P link – perhaps from a device to a cell phone then up to the cloud, and then on to a further proprietary system. This introduces a vastly enlarged “attack surface” for those with malicious intent.
Unfortunately, in the security realm, solving one problem often leads to simply creating another. In this case, the immediate issue that arises is how you exchange and store keys securely. Mesh networks, for example, provide additional challenges for security architecture because, by design, their aim is to make it easy to add devices to networks like smart home networks. The risk is that a malicious hacker could find a way to join a device to the network, then cause damage, gain entry, or adopt devices for a denial-of-service attack.
In such an environment, link-level security may no longer be enough and an end-to-end security layer could be required to ensure safe operation. If one www.embedded-computing.com/iot
Public/private key encryption methods provide the means to both authenticate and secure a transaction. Encryption with the public key of the receiver means only they can decode it. Encryption with the private key of the sender means anyone can validate the sender’s identity.
Mesh networks can be particularly vulnerable because they can have universal network keys. So if this key is obtained, free access to the entire network is available. In such a system, key storage becomes critical because even if an intruder has temporary access to a device, the keys remain hidden. The ultimate solution for key storage is to use a hardware “secure element” that is programmed in a secure factory by a trusted partner (Figure 1). This approach has IoT Design Guide 2021
19
SECURITY been applied successfully in smart cards to protect bank cards and in SIM cards to limit access to the cellular networks. However, this solution is only applicable directly to systems that are produced in extremely large quantities by a small number of multi-national digital security companies. Clearly, transposing this to the world of short-range communication poses several issues related to market fragmentation, with many products and industry players. While the older generation of wireless devices were typically entirely open, newer generations of products integrate additional security features into the system. Amongst other things, Arms’s “TrustZone” includes a secure key unit. Here, a key storage unit and cryptographic services are held in a secure part of the processor (Figure 2). In practice, this means keys can be put in, but once inside cannot be read out, and cryptographic operations are carried out inside the secure part. The “trust zone” can be considered the first step in improving security from zero towards the ultimate “smart card” level. Nevertheless, it suffers from being implemented in standard silicon without specific hardware protection against key reading through side channels, such as power fluctuations. It is also arguably too flexible, meaning inexperienced designers may leave security flaws through mistakes.
Security Next Steps
The next step towards security is to add a hardware secure element that would act much in the same way as the secure element in a smart card. Here, the issue is to manage the provisioning of keys in such a way as to be relatively secure without the high overhead of the secure “Fort Knox” trusted factory. Future chipsets and modules will certainly have a higher level of security than is currently the norm. Key storage solutions will be included that are based on embedded zones in the communication SoC or on a companion hardware secure element. Provisioning of keys will also evolve to satisfy the needs of different levels of security while avoiding the cost and complexity of the approach used in the smart card industry.
“... THE ISSUE IS TO MANAGE THE PROVISIONING OF KEYS IN SUCH A WAY AS TO BE RELATIVELY SECURE WITHOUT THE HIGH OVERHEAD OF THE SECURE ‘FORT KNOX’ TRUSTED FACTORY.” Over-the-air updates are a common feature of the latest generation of wireless devices, offering another line of attack for hackers. This is protected by a secure boot process that, on startup, verifies that the code to be loaded has not been changed since the last boot, and also that any update package contains the correct digital signature to authenticate the origin of the code. Many newer generation devices also integrate a secure boot processes into the secure hardware element.
Integrating Security into Wireless Devices
Ultimately, security is always a tradeoff. Adding security features will variously add cost, design complexity, and degrade performance characteristics including throughput, power consumption, and usability. This is especially significant for small wireless devices, which often aim to be low cost and use simple, limited interfaces. Nevertheless, as the sophistication and connectivity of wireless devices grow, so does the interest of malicious hackers. It is an ongoing challenge waiting for wireless designers to respond. IoT
FIGURE 2 20
This diagram shows a BLE module with an integrated secure element, which can only be interfaced with via predefined functions/operations.
IoT Design Guide 2021
Nick Wood is Sales & Marketing Director at Insight SiP and has 25 years of experience working in high-tech companies, particularly in the mobile device sector. He is a board member of the Innovation Europe investment fund, is part of the Success Europe Investment team, and runs his own consulting company, Riviera Associates. Nick has a 1st Class Degree in Physics from the University of Bristol and a PhD in Particle Physics from University College London and CERN. www.embedded-computing.com/iot
SPEAKOUT
ADVERTORIAL
Video Analytics at the Edge By Germaine Ewing, SMART Embedded Computing
Video analytics solutions use artificial intelligence (AI) technology to understand video streams/feeds, creating rich metadata that can be searched and analyzed based on the objects, events, people and locations that appear in the video. This enables organizations to better understand behaviors in real-world scenarios and gain valuable insights into how employees, customers and visitors interact with and within their physical environments. Using a retail context as just one example, video analytics offers brick-and-mortar retailers the potential for a similar level of shopper insights as those used by the most sophisticated e-commerce sites. The more retailers can learn about their shoppers, the better they can serve them – leading to improved sales and profits. The Video Analytics Platform for retail from SMART Embedded Computing combines real-time analytics, interactive customized promotions, and employee nudges to increase sales and improve operational efficiency. Retailers can integrate the platform with existing security cameras to cost-effectively enhance the customer experience and streamline operational costs. The system encrypts all data and does not collect personallyidentifiable information.
Understand Customers and Refine Offerings
By measuring visual data and comparing trends over time, retailers can enhance store performance and operations. Retailers can learn basic demographics about their customer base, including age, gender and time of visit so they can target customer experiences based on business intelligence, rather than speculation. The system also captures unique customer counts, including visitors who don’t make a purchase and aren’t captured by the point-of-sale system. This enables retailers to identify missed opportunities. They can also understand trends in engagement with product displays to improve their understanding of the link between promotions, displays and sales. The system allows for conversion prompts and helps to identify ways to attract customers with cross merchandising.
Optimize Store Layout and Promotions
Video analytics enables retailers to track people, vehicles and animals in specific areas to identify movement patterns, trends and common areas of congestion.
Understanding how customers typically navigate through stores and how long they spend in certain locations enables retailers to optimize product placement and in-store traffic flows to encourage sales. Seeing actual in-store traffic pattern peaks and what causes them can help prevent friction in the path to purchase and improve customer experience.
Video Analytics Solutions
A single SMART Embedded Computing Smart Edge Server with integrated GPU capability and hosted video analytics software can process up to eight (8) cameras using state-ofthe-art data analysis software providing the ability to:
• • • • •
Identify shoppers without storing personally-identifiable information, maintaining shoppers’ privacy Track the customer journey throughout the store Track across multiple cameras Generate an intelligent and personalized offer based on contextual information and the past purchase history of the shopper Push that offer to the targeted shopper via an in-store digital display or smart phone, and apply it automatically at checkout for a frictionless shopping experience
Video analytics solutions from SMART Embedded Computing can also be applied to security, enterprise and smart city applications with options such as extended temperature range support that is ideal for roadside cabinet installations. Visit https://smartembedded.com/solutions/retail-videoanalytics/ for more information.
SECURITY
Got Questions about Date-Based Licensing? By Connor Zinanti, KEYLOK
If you’re looking for a new way to draw revenue streams from your software development efforts, the array of possible licensing schemes is worth a look. To start, licensing rather than selling applications comes with many advantages. These advantages include an increase in your product’s value and a long-term, dependable revenue stream for your company. Both you and your users will appreciate enhanced security features that thwart potential software pirates, hackers, and illicit users. In the world of software security, it’s essential to identify and put into place a licensing solution that is not only affordable and effective, but will save you time and money. That’s why date-based licensing is becoming a valuable aspect of software security.
What is Date-Based Licensing?
For decades, developers sold software for a single payment that granted the user unlimited access. But now, software is usually licensed as opposed to being sold. One payment grants access to the software for a given length of time, and when the end of that term arrives, either another payment is collected to extend it, or the software stops working. Instead of trading the software for one large lump sum, the developer can implement a series of consistent, evenlyspaced payments for its use at a much more affordable cost.
22
IoT Design Guide 2021
As a software developer, you should know that licensing your software through an expiration date, not selling it, offers you the opportunity to continue benefiting from your work just as your customers do.
Why Should I Implement Date-Based Licensing?
The structure of date-based licensing offers you all of the perks you hope for as a software developer. But at the same time, your product’s users can enjoy advantages they wouldn’t get if you were simply selling it. Here are just a few examples. Benefits for the developer:
• • •
With each licensing period, users must pay an additional fee, creating a revenue stream for your company that can last for years. Satisfied users won’t mind the recurring payment because they’ll appreciate the superior user experience and understand the value you’re providing. You gain more control over the usage of your software. You get to determine how long the licensing period will be and the extent of the user’s access. It protects your intellectual property from piracy and illicit use, ensuring you’re fairly compensated for your time, effort, and investment.
Benefits for users:
• • •
Date-based licensing allows customers to avoid a large one-time capital expenditure in favor of lower monthly payments, which increases the initial affordability of your software. It releases the user from the responsibility that comes with ownership. Similar to renting a tool, if something goes wrong, maintenance is needed, or a newer model is released. The user isn’t on the hook to replace the product. They can turn to you for help. You’re invested in the ongoing success of your product because dissatisfied customers won’t renew their licenses. Therefore, your customers will enjoy attentive customer support and regular product updates from a company that wants to help them succeed. www.embedded-computing.com/iot
KEYLOK
www.keylok.com
YOU TUBE
www.youtube.com/channel/UCzl0yUT5oGmYJpXu5Bgppiw
www.linkedin.com/company/keylok/
How Does Date-Based Licensing Work?
When you choose to implement date-based licensing, it will be enforced through a dongle. The expiration date is programmed to this hardware key before it leaves your door. The dongle works by comparing the system clock to the pre-programmed expiration date to determine whether the license has expired. In its most simple form, these are the functions the dongle carries out to enforce the terms you’ve set: 1. When your client receives the physical key, it will then call to the system clock or the on-board real-time clock (RTC) and store the initial date the software was run. This date becomes the beginning “lease date.” 2. Each day thereafter, when the program or application starts, the key will check to ensure that the current day is greater than the lease date. 3. Along with the lease date, the dongle will verify that the current day is one or more values greater than the previous date of use and does not exceed the expiration date. If all checks are successful, then the application can run. If not, then the application will be denied and access will be prevented until you receive payment and renew the license. Your customer will have full access to the application until the expiration date is reached. At that point, they can pay you to extend the license or give up access to the application.
What is an RTC?
An RTC is an extra layer of security, the cherry on top if you will. It is an external clock, outside of your end user’s main operating system, with its own power source or battery. The RTC provides the most reliable source between the absolute time and current time because, unlike the system clock, it runs constantly – even when the main operating system is in low-power mode or shut off entirely.
NEWSLETTER The Internet of Things has reached the top of nearly every buzz chart, but it still faces some tough real-world questions. IoT Design Weekly goes beyond the hype to provide practical coverage on Development Kits, MCUs and MPUs, Sensors, Operating Systems and Tools, Security, Wireless, Cloud, Industrial, Smart Home, the Connected Car, and more.
Since they require very little power, RTCs last years, and in many cases, RTC batteries are rechargeable to ensure lifelong protection. With an RTC on your side, you can be certain your software will remain secure and accessible to those who have met the proper criteria. By setting up your application to rely on an outside source for software accessibility and functions, you eliminate the need to rely on the system clock, which can be easily manipulated by malicious or dishonest end users. KEYLOK recommends that developers who implement date-based licensing also utilize dongles with RTC features. This approach keeps end users from circumventing their own devices to prolong their access to the licensed application. Beyond that, it creates an extra layer of security to prevent software pirates and hackers from gaining unauthorized access to your software. With date-based licensing, you open your company to a new realm of revenue and growth opportunities while also taking your product’s security to the next level. This simple method of licensing over a predetermined period empowers you to maintain full control of your application and offer a valuable product to your customers that evokes confidence in your application. IoT Connor Zinanti is Brand Manager for KEYLOK. www.embedded-computing.com/iot
SUBSCRIBE TO IoT Design Weekly at: www.embedded-computing.com/iot IoT Design Guide 2021
23
2021 Design Guide PROFILE INDEX Page
Advertiser
AI & EDGE COMPUTE 25
ADLINK Technology, Inc.
DEVELOPMENT KITS 26-27
Lauterbach, Inc.
IIOT/INDUSTRY 4.0 28
congatec
IOT 29
ADL Embedded Solutions
STORAGE 30
24
IoT Design Guide 2021
Virtium
LEC-IMX8MP / I-Pi SMARC IMX8M Plus Dev Kit ADLINK’s LEC-IMX8MP is the first SMARC rev. 2.1 AI-on-Module (AIoM) that uses NXP’s next-generation i.MX 8M Plus SoC for edge AI applications. The LEC-IMX8MP integrates NXP NPU, VPU, ISP and GPU computing in a compact size for future-proof AI-based applications across industrial AIoT/IoT, smart homes, smart cities and beyond. The powerful quad-core Arm® Cortex®-A53 processor runs up to 1.8 GHz with an integrated neural processing unit (NPU), delivering up to 2.3 Terra Operations Per Second (TOPS) for machine learning inference at the edge, suited for applications that require machine learning and vision systems paired with smart sensors to enable industrial decision-making.
an integrated up to 2.3 TOPS Neural Processing Unit (NPU), Graphics Processing Unit (GPU), Image Signal Processor (ISP) and Video Processing Unit (VPU), offering unmatched AI at the edge capabilities, flexibility, rich connectivity and high scalability for machine learning and computer vision, industrial IoT & automation, advanced multimedia, smart city & home, medical imaging applications.
FEATURES NXP i.MX 8M Plus with Quad Cortex-A53 Optional in-SoC 2.3 TOPS NPU Ą SMARC revision 2.1 compliant Ą LVDS, DSI, HDMI graphic output interfaces Ą Dual CAN bus / USB 2.0 / USB 3.0 interfaces Ą Dual GbE ports (one TSN capable) Ą I2S audio codec interface Ą Rugged operating temperature (optional): -40°C to +85°C Ą Available with ready-to-run I-Pi SMARC development kit Ą Ą
The LEC-IMX8MP SMARC module features:
• LVDS/DSI/HDMI graphic output, dual CAN bus/USB 2.0/USB 3.0, dual
GbE ports (one with TSN), and I2S audio interface – in a low power envelope that is typically below 6W
• Rugged design can sustain operating temperatures of -40°C to +85°C,
and high shock and vibration environments for reliability in harsh industrial applications
• Standard BSP support for Debian, Yocto and Android, including MRAA
hardware abstraction layer (HAL), allows engineers to substitute modules, sensor HATs and port code written in Raspberry Pi or Arduino environments to the I-Pi
• NXP eIQ machine learning software with
consecutive inference on CPU cores, GPU cores and NPU. Support for Caffe, TensorFlow Lite, PyTorch and ONNX models. Enablement for models such as MobileNet SSD, DeepSpeech v1, and segmentation networks. Arm NN fully integrated into Yocto BSP, supporting i.MX 8
Delivering edge intelligence, machine learning and vision for a smart world, the LEC-IMX8MP SMARC 2.1 module is an excellent platform for AI-based applications, removing cloud dependency and preserving individual privacy. A ready-to-run I-Pi SMARC development kit based on the LEC-IMX8MP module can be ordered online at ADLINK’s I-Pi SMARC theme and support site. For more info, please visit – https://www.ipi.wiki/ This I-Pi SMARC IMX8M Plus development kit includes everything needed to go live in minutes: LEC-IMX8MP module, I-Pi SMARC Plus carrier board, power adapter and USB debug cable. The module features NXP i.MX 8M Plus series SoC with www.adlinktech.com/Products/Computer_on_Modules/SMARC/LEC-IMX8MP
ADLINK Technology Inc www.adlinktech.com www.embedded-computing.com/iot
info@adlinktech.com www.linkedin.com/company/adlink-technology
1-800-966-5200 @ADLINK_Tech
IoT Design Guide 2021
25
IoT Design Guide
AI & Edge Compute
IoT Design Guide
Development Kits
Lauterbach Debugger for Intel x86/x64 Skylake/Kabylake Lauterbach TRACE32 Debugger for Intel x86/x64: In January of this year, Lauterbach introduced the new CombiProbe Whisker MIPI60-Cv2. The TRACE32 CombiProbe and TRACE32 QuadProbe now offer the same debug features for the Converged Intel® MIPI60 connector: • Standard JTAG, Intel® debug hooks with Pmode, and I2C bus • Merged debug ports (two JTAG chains) • Intel® Survivability features (threshold, slew rate, ...)
FEATURES
However, these debug tools have different areas of application. The TRACE32 QuadProbe, which is expressly designed for server processors, is a dedicated debug tool that enables SMP debugging of hundreds of threads on targets with up to four debug connectors. The TRACE32 CombiProbe with the MIPI60-Cv2 Whisker, designed for client as well as mobile device processors, can capture and evaluate system trace data in addition to its enhanced debugging features. Trace capabilities include support of one 4-bit and one 8-bit trace port with nominal bandwidth. The TRACE32 CombiProbe with the DCI OOB Whisker is specially designed for debugging and tracing of form factor devices without debug connectors. If the chip contains a DCI Manager, the target and the debugger can exchange debug and trace messages directly via the USB3 interface. The DCI protocol used to exchange messages supports standard JTAG and Intel® debug hooks as well as trace messages
Ą
Ą Ą
Ą
Ą
CombiProbe MIPI60-Cv2 provides debug and system trace capability Support for standard JTAG, debug HOOKs and I2C bus Support for merged debug ports (two JTAG chains per debug connector) Support for survivability features (threshold, slew rate, etc.) Support for system trace port with up to 8 trace data channels
Ą
128 MByte of trace memory
Ą
SMP debugging (including hyperthreading)
Ą
AMP debugging with other architectures
Ą
BIOS/UEFI debugging with tailor-made GUI for all UEFI phases
Ą
Linux- and Windows-aware debugging
Ą
Hypervisor debugging
www.lauterbach.com/pro/pro_core_alt01.php?chip=CORE-I3/I5/I7-6THGEN
Lauterbach, Inc.
www.lauterbach.com
26
IoT Design Guide 2021
info_us@lauterbach.com
508-303-6812
www.embedded-computing.com/iot
TRACE32 Multi Core Debugger for TriCore Aurix Lauterbach TriCore debug support at a glance: For more than 15 years Lauterbach has been supporting the latest TriCore microcontrollers. Our tool chain offers: • Single and multi core debugging for up to 6 TriCore cores • Debugging of all auxiliary controllers such as GTM, SCR, HSM and PCP • Multi core tracing via MCDS on-chip trace or via high-speed serial AGBT interface The Lauterbach Debugger for TriCore provides high-speed access to the target application via the JTAG or DAP protocol. Debug features range from simple Step/Go/Break up to AutoSAR OS-aware debugging. High speed flash programming performance of up to 340kB/sec on TriCore devices and intuitive access to all peripheral modules is included. Lauterbach’s TRACE32 debugger allows concurrent debugging of all TrCore cores. • Cores can be started and stopped synchronously. • The state of all cores can be displayed side by side. • All cores can be controlled by a single script.
Lauterbach, Inc.
www.lauterbach.com
FEATURES Ą Debugging of all auxiliary controllers: PCP, GTM, HSM and SCR Ą Debug Access via JTAG and DAP Ą AGBT High-speed serial trace for Emulation Devices Ą On-chip trace for Emulation Devices Ą Debug and trace through Reset Ą Multicore debugging and tracing Ą Cache analysis
www.lauterbach.com/bdmtc.html
info_us@lauterbach.com
508-303-6812
Development Kits
Lauterbach Debugger for RH850 Lauterbach RH850 debug support at a glance: The Lauterbach Debugger for RH850 provides high-speed access to the target processor via the JTAG/LPD4/LPD1 interface. Debugging features range from simple Step/Go/Break to multi core debugging. Customers value the performance of high speed flash programming and intuitive access to all of the peripheral modules. TRACE32 allows concurrent debugging of all RH850 cores. • The cores can be started and stopped synchronously. • The state of all cores can be displayed side by side. • All cores can be controlled by a single script. All RH850 emulation devices include a Nexus trace module which enables multi core tracing of program flow and data transactions. Depending on the device, trace data is routed to one of the following destinations: • An on-chip trace buffer (typically 32KB) • An off-chip parallel Nexus port for program flow and data tracing • A high bandwidth off-chip Aurora Nexus port for extensive data tracing The off-chip trace solutions can store up to 4GB of trace data and also provide the ability to stream the data to the host for long-term tracing, thus enabling effortless performance profiling and qualification (e.g. code coverage).
Lauterbach, Inc.
www.lauterbach.com www.embedded-computing.com/iot
FEATURES Ą AMP and SMP debugging for RH850, GTM and ICU-M cores Ą Multicore tracing Ą On-chip and off-chip trace support Ą Statistical performance analysis Ą Non intrusive trace based performance analysis Ą Full support for all on-chip breakpoints and trigger features Ą AUTOSAR debugging
www.lauterbach.com/bdmrh850.html
info_us@lauterbach.com
508-303-6812
IoT Design Guide 2021
27
IoT Design Guide
Development Kits
IoT Design Guide
IIoT/Industry 4.0
conga-SA7
FEATURES Ą Integrated Intel® UHD Graphics with up to 32 execution units can drive
three independent 4K streams and increases performance up to 2x over the previous generation.2
Ą Support for up to 32 GB of DDR4 and up to 16 GB of LPDDR4/x RAM plus
in-band error-correcting code (IBECC) that can trap errors in standard RAM
Ą Video Interfaces Dual channel LVDS transmitter | support for flat panels
with 2x24 bit data mapping up to a resolution of 1920x1200 @60Hz | shared with eDP or 1x MIPI-DSI x4 (option) DP++
Ą Temperature Range | 0 to +60°C for Commercial Operations | -40°C to
85°C for Industrial Operations
Ą AMI Aptio® UEFI firmware | 32 Mbyte serial SPI with congatec Embedded
BIOS feature | OEM Logo | OEM CMOS Defaults | LCD Control | Display Auto Detection | Backlight Control | Flash Update
congatec
www.congatec.us
This SMARC 2.1 module based on Intel® Atom® x6000E and Intel® Pentium® and Celeron® J Series processors with low-power 10 nm technology will pave the way for a new generation of edge-connected embedded systems. Benefits especially welcomed in real-time industrial markets are Time Sensitive Networking (TSN), Intel® Time Coordinated Computing (Intel® TCC) and Real Time Systems (RTS) hypervisor support as well as BIOS configurable ECC and extended temperature options from -40°C to +85°C. More IoT features, simplified development and manufacturing. With this generation of modules, congatec is able to offer more IoT-specific services with fewer components and a smaller bill of materials. Intel Atom x6000E processors include the Intel® Programmable Services Engine (Intel® PSE). This ARM coprocessor provides hardware resources for realtime computing, low-DMIPS computing, a microcontroller lite, sensor hub, and network proxies. The Intel PSE also supports remote out-of-band device management. In the past, providing all of these services required additional design, engineering, and hardware. Now these functions are onboard and ready to run. www.congatec.com/en/products/smarc/conga-sa7
sales-us@congatec.com
www.linkedin.com/company/congatec/
858-457-2600 @congatecAG
IIoT/Industry 4.0
conga-B7E3 The embedded computing market is demanding more computing power across application areas. Industry 4.0 applications require synchronization of multiple machines and systems; machine vision in collaborative and cooperative robotics requires processing of image and other environmental data. Many of the edge computing tasks that arise around the development of 5G networks require server class performance by default. The conga-B7E3 with AMD EPYC processors are highly flexible and an attractive migration platform for next-gen embedded server designs. They support up to 32 NVMe or SATA devices and up to 8 native 10 GbE channels. Support is also provided for legacy I/Os such as field buses and discrete I/O interfaces, which is critical for industrial server technologies.
FEATURES Ą Equipped with AMD EPYC Embedded 3000 processors with 4, 8, 12, or 16
Ą Ą Ą Ą
www.congatec.com/en/products/com-express-type7/conga-b7e3/
congatec
www.congatec.us
28
IoT Design Guide 2021
high-performance cores, support simultaneous multi-threading (SMT) and up to 96 GB of DDR4 2666 RAM. Measuring just 125 x 95 mm, the COM Express Basic Type 7 module supports up to 4x 10 GbE and up to 32 PCIe Gen 3 lanes. For storage the module integrates an optional 1 TB NVMe SSD and offers 2x SATA Gen 3.0 ports for conventional drives. Further interfaces include 4x USB 3.1 Gen 1, 4x USB 2.0 as well as 2x UART, GPIO, I2C, LPC and SPI. Seamless support of dedicated high-end GPUs and improved floating-point performance, which is essential for the many emerging AI and HPC applications.
sales-us@congatec.com www.linkedin.com/company/congatec/
858-457-2600 @congatecAG
www.embedded-computing.com/iot
ADLEPC-1700 Compact Industrial PC The newly-released ADLEPC-1700 is a rugged, compact industrial-grade computer constructed from 6063 aluminum, with thick-walled design and a fanless, conduction-cooled CPU for industrial temperature operation. Its compact size and light weight make it ideal for a variety of industrial applications and environments ... whether on the factory floor or in rugged external conditions.
Customizable High Performance At the heart of the ADLEPC-1700 is a compact Intel® Atom™ E3900-series SBC with a host of onboard and mPCIe expansion features. The compact chassis design has a very small footprint at only a 3.3" x 4.6" ... the approximate size of an index card ... making it ideal for embedded use in IIoT applications or retro-fitting into high-value assets and infrastructure.
Custom I/O and Power The ADLEPC-1700 is highly customizable and can easily be adapted for particular customer needs including Wi-Fi, CAN, RS232/422/485, MILCOTS power, MIL-STD-1553, ARINC, and much more.
Our staff of system designers and engineers can custom tailor embedded solutions to meet your broad range of specific space, power, electrical or environmental requirements.
FEATURES
APPLICATIONS
Ą Small, compact footprint
Ą Industrial IoT (IIoT) network and cloud computing
Ą Wide Temperature
Ą Secure networking (routing, traffic monitoring and gateways)
Ą Intel® E3900-Series Atom processors
Ą Cyber security edge devices for ICS and SCADA threat security
Ą Up to 15-year availability
Ą Intelligent machinery and equipment controllers
Ą Onboard and mPCIe expansion features available
Ą Unmanned or autonomous vehicle mission / payload computing
Ą Custom System Design Services available
Ą Custom options: Company logos, paint and designs available
Ą Traffic Engineering, Transportation mobile computing Ą Wind turbine datalogging and collision avoidance Ą Oil and Gas IPC controller applications
ADL Embedded Solutions - Smarter By Design CONTACT US FOR MORE INFORMATION
ADL Embedded Solutions, Inc. www.adl-usa.com
www.embedded-computing.com/iot
sales@adl-usa.com 855-727-4200 twitter.com/ADLEmbedded www.linkedin.com/company/adl-embedded-solutions
IoT Design Guide 2021
29
IoT Design Guide
IoT
IoT Design Guide
Storage
®
Solid State Storage and Memory
Industrial-Grade Solid State Storage and Memory Virtium manufactures solid state storage and memory for the world’s top industrial embedded OEM customers. Our mission is to develop the most reliable storage and memory solutions with the greatest performance, consistency and longest product availability. Industry Solutions include: Communications, Networking, Energy, Transportation, Industrial Automation, Medical, Smart Cities and Video/Signage. StorFly® SSD Storage includes: M.2, 2.5", 1.8", Slim SATA, mSATA, CFast, eUSB, Key, PATA CF and SD. Classes include: MLC (1X), pSLC (7X) and SLC (30X) – where X = number of entire drive-writes-per-day for the 3/5-year warranty period. Memory Products include: All DDR, DIMM, SODIMM, Mini-DIMM, Standard and VLP/ULP. Features server-grade, monolithic components, best-in-class designs, and conformal coating/under-filled heat sink options.
New Products from Virtium! Industrial NVMe SSDs StorFly Series 6 M.2 NVMe SSDs are among the highest-capacity NVMe storage solutions to feature industrial temperature (I-Temp) support. The drives are designed with additional thermal and powermanagement features that mitigate performance variations caused by harsh environments. These drive capacities range from 240GB to 1920 GB – all within the 2280mm form factor. They provide storage system designers broad capacity options utilizing the latest industrial-grade NAND technology to ensure the most cost-effective solid-state storage. 32GB DDR4 ULP Mini-UDIMM, Mini-RDIMM, SO-UDIMM Memory Solutions The new line of memory solutions includes three 32GB ultra-low-profile (ULP) DDR4 modules that represent the industry’s first of that capacity in Mini-UDIMM, Mini-RDIMM and SO-UDIMM form factors, as well as the first 64GB ULP RDIMM module. They feature Industrial Temperature (I-Temp) support to ensure consistent operation in extreme temperatures between -40°C to 85°C.
Virtium
www.virtium.com
30
IoT Design Guide 2021
sales@virtium.com www.linkedin.com/company/virtium
Features • Broad product portfolio from
latest technology to legacy designs
• 25 years refined U.S. production and 100% testing
• A+ quality – backed by verified
yield, on-time delivery and field-defects-per-million reports • Extreme durability, iTemp -40º to 85º C • Industrial SSD Software for security, maximum life and qualification • Longest product life cycles with cross-reference support for end-of-life competitive products • Leading innovator in small-formfactor, high-capacity, high-density, high-reliability designs • Worldwide Sales, FAE support and industry distribution
949-888-2444 twitter.com/virtium
www.embedded-computing.com/iot
IIoT devices run longer on Tadiran batteries.
PROVEN
40 YEAR OPERATING
LIFE
Remote wireless devices connected to the Industrial Internet of Things (IIoT) run on Tadiran bobbin-type LiSOCl2 batteries. Our batteries offer a winning combination: a patented hybrid layer capacitor (HLC) that delivers the high pulses required for two-way wireless communications; the widest temperature range of all; and the lowest self-discharge rate (0.7% per year), enabling our cells to last up to 4 times longer than the competition.
ANNUAL SELF-DISCHARGE TADIRAN
COMPETITORS
0.7%
Up to 3%
Looking to have your remote wireless device complete a 40-year marathon? Then team up with Tadiran batteries that last a lifetime.
* Tadiran LiSOCL2 batteries feature the lowest annual self-discharge rate of any competitive battery, less than 1% per year, enabling these batteries to operate over 40 years depending on device operating usage. However, this is not an expressed or implied warranty, as each application differs in terms of annual energy consumption and/or operating environment.
Tadiran Batteries 2001 Marcus Ave. Suite 125E Lake Success, NY 11042 1-800-537-1368 516-621-4980 www.tadiranbat.com
*
Industrial Storage and Memory for Today ... and for Tomorrow -40°C to 85°C
Shock/Vibration Resistant
Controlled Bill-of-Materials
100% Test
10-Year Product Life Cycle
Industrial NVMe Now shipping!
25 Years of Innovation and Unparalleled Support Extended SATA Support
DDR5
StorKit Software
Extra Rugged Options
3D NAND 2.5" / 1.8" First Highest Density Smallest Form Factor VLP / ULP Industrial Temp.
®
Solid State Storage and Memory
Visit www.virtium.com or contact us at sales@virtium.com