#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-based IoT - Alexandre ABADIE, INRIA

•

0 likes•143 views

La mise-à-jour de firmwares "Over-The-Air" sur microcontrôleur a toujours été un sujet ambitieux et pourtant primordial pour sécuriser une application IoT. Le système d'exploitation RIOT (https://riot-os.org) fournit désormais les briques logicielles pour réaliser des mise-à-jour de firmware en utilisant des protocoles standards et sécurisés de bout-en-bout.

Software

RIOT:
Towards Secure DevOps
on microcontroller-based IoT
Alexandre Abadie
Emmanuel Baccelli

Agenda
 Context
 RIOT: a brief overview
 Demo: Secure IoT DevOps with RIOT-fp

Internet
A multitude of
smaller, cheaper
microcontroller-
based devices
IoT: Cyber-Physical Deployments
Low-end IoT devices
- 1000x less energy
than RaspberryPi
- kBytes instead of
GBytes of memory

IoT: Device & Usecase Polymorphism
 Extremely varied use-cases, in almost all verticals
 Various vendors & architectures (8-bit, 16-bit, 32-bit)
 Various low-power communication technologies (BLE, 802.15.4, LoRa…)
iotworm.com

Software on Low-end IoT Devices
 IoT software before
 rudimentary embedded software, vendor-specific (vendor-locked?)
 IoT software now
 Cybersecurity, interoperability, device management requirements…
increase complexity + drive the need for a real OS
Middleware integration and
Application
RTOS
ApplicationOS and Middleware
Development time
Development time
This slide is partly borrowed from Hannes Tschofenig, ARM

IoT Software: Current Trends
O. Hahm et al. "Operating Systems for Low-End
Devices in the Internet of Things: a Survey,"
IEEE Internet of Things Journal, 2016.
ARM Cortex-M0+

What is RIOT?
✓An operating system for IoT devices too small for Linux
✓A free, open source software platform & ecosystem
✓A world-wide community of developers

Large Open-Source Community
 2013: started as French-German research project
 2018: more than 200 contributors worldwide
 ~ 20,000 commits and ~10,000 Pull Requests
 Academics, makers, industry (SME & bigger companies)
 Hundreds of related scientific publications
 Products shipping with RIOT in US, Europe, Russia
 Yearly RIOT Summit conferences (summit.riot-os.org)
 next in Helsinki Sept. 5-6
Source:www.openhub.net/p/RIOT-OS
Monthly contributors
github.com/RIOT-OS/RIOT
E. Baccelli et al. ‘RIOT: an Open Source Operating System for Low-end
Embedded Devices in the IoT,’ IEEE Internet of Things Journal, 2018.

 Modularity around a micro-kernel –
building blocks, to be combined in all
thinkable ways; Caters for versatile use
cases & memory constraints;
 Unified APIs – across all hardware,
even for hardware-accessing APIs;
Enables code reuse and minimizes
code duplication;
 Vendor & techno. independence –
Vendor libraries: avoided; Design
decisions don’t tie RIOT to a particular
technology;
General-Purpose OS for low-end IoT
120+ boards supported
8-bit, 16-bit, 32bit MCUs
Minimal
config.
2,6kB RAM
3,2kB Flash
(Cortex-M)

Numerous Libraries
 Packages: bundling 3rd-party libraries
 Integrated on-the-fly at build–time
 Easy to add: just requires 2 Makefiles
 Patches (if needed) are typically minimal
C, C++ (JavaScript, Rust)

Network-level Interoperability
Wired & Bus
 CAN
 Ethernet
Low-power wireless LAN & WAN
 IEEE 802.15.4
 LoRa package
 BLE (work-in-progress)
IP Protocols Stacks
 Default stack (GNRC)
 Thread (package)
 lwIP (package)
 OpenWSN (in progress)
Experimental stacks
 CCN-lite (package)
 NDN-RIOT (package)

RIOT-FP : Aiming for IoT cyber-security
RIOT-FP is an Inria project launched May 2019 combining RIOT with:
 Next generation IoT crypto primitives: small, fast and future-proof
 Secure IoT networking, object security, secure bootstrapping
 Formally verified IoT software modules within RIOT
 Secure IoT software updates, in practice, on most devices supported by RIOT
RIOT-fp on the web: https://future-proof-iot.github.io/

IoT Devices
Access point /
Border router
Low-power radio
IDE
Continuous
Integration
System
IoT Firmware
Update Repo
INTERNET 6LoWPAN, CoAP, SUIT
IoT
Software
Maintainer
(e.g. OEM)
DevOps for microcontroller-based IoT

RIOT Image 2
RIOT Image 1
Bootloader
Metadata
Metadata
Secure IoT Firmware Update: Workflow
RUNNING
IMAGE

What's hot

Standardizing the tee with global platform and RISC-V

RISC-V International

Chips alliance omni xtend overview

RISC-V International

Linaro Connect San Francisco 2017 - Welcome Keynote by George Grey | #SFO17

Linaro

Andes RISC-V vector extension demystified-tutorial

RISC-V International

….Trust and security are essential for the Internet of Things (IoT) to scale. As your product becomes successful, attraction will be high for it to be hacked and, as a consumer, you'll suffer with consequences if security is not baked into the system, at every level. With IoT, we now need to enable an appropriate level of security for low cost IoT designs done by people with little or no security expertise. In this presentation, you will learn how ARM, Linaro and the ARM partnership are securing these low cost IoT endpoints by providing device security, lifecycle security and communication security, without the need for in-depth security experts…

BKK16-200 Designing Security into low cost IO T Systems

Linaro

RISC-V: The Open Era of Computing

RISC-V International

The VF360 is a 3U OpenVPX module that leverages on Altera Stratix® V FPGA and Texas Instruments Key- Stone® Multicore DSP technology to provide an ultra-high bandwidth processing platform, ideally suited for computation and bandwidth intensive applications. The KeyStone provides the flexibility to perform complex post-processing functions more suited for the processor domain. The Stratic has two banks of dedicated DDR3 and QDRII+ memories for algorithms with high bandwidth and/or large memory size requirements. Highspeed serial interfaces to the OpenVPX data plane and the FMC-HPC Module site creates abundant IO throughput.

VF360 OpenVPX Board w. Altera Stratix and TI KeyStone DSP

Sundance Multiprocessor Technology Ltd.

Security and functional safety

RISC-V International

RISC-V Summit 2020: The Next Ten Years

RISC-V International

Boards for the IoT-Prototyping

Lars Gregori

IoTlondon - mbed based IoT Gateway talk

SomeRandomBloke

Sundance at the 49th Intelligent Sensing Program

Sundance Multiprocessor Technology Ltd.

Microsoft Hello World IoT 2017 - Embedded Systems Design - Build vs Buy

Fernando Luiz Cola

The new MediaTek LinkIt™ Development Platform for RTOS is based on ARM Cortex-M4 MCU architecture and provides leading features for the creation of connected appliances, home and office automation devices, smart gadgets, and IoT bridges. Supporting a range of chipsets (initially the MediaTek MT7687F), LinkIt for RTOS offers the convenience of a single toolset and common API implemented over a popular RTOS. With this you can achieve economies across a full range of consumer and business IoT devices. The platform consists of a Software Development Kit (SDK), Hardware Development Kits (HDKs), including modules from supply chain partners, and related technical documentation. The first release of the platform supports the MediaTek MT7687F Wi-Fi SOC which has a 192 MHz MCU, 1×1 802.11b/g/n Wi-Fi subsystem, integrated security engine (AES and 3DES/SHA), embedded SRAM/ROM and 2MB flash. The new platform uses FreeRTOS with open-source modules for TCP/IP, SSL/TLS, HTTP (client and server), SNTP, DHCP daemon, MQTT, XML and JSON. Development and debugging is supported by free command line tools, plus a KEIL plug-in.

Introduction to the new MediaTek LinkIt™ Development Platform for RTOS

MediaTek Labs

Connecting the smart factory to the cloud with MQTT and Sparkplug

Ian Skerrett

What motivates a Network Software Developer is often misunderstood. Since network software cannot be bought and sold like IOS/android apps or like a game on STEAM, they are often taken for granted as cog in the wheel of a large corporation where they execute the projects dictated by corporate strategy. However if one looks at how Networking has evolved over the year, the major transformations can be credited back to individual developers who had the hunger, curiosity and tenacity to try something new and stick to it in the face of opposition. With the advent of SDN/NFV networking is transforming, and Industry is again looking for the next big innovation. In this talk we will give a background of individuals who have helped drive the industry forward, and examples of those who continue to do so even today in their own quiet way.

The Role of a Network Software Developer in Network Transformation

Michelle Holley

The 6LoWPAN NBR is enabled on the Intel Baytrail platform with Linux. This solution can provide an open source gateway implementation of IPSO 6LoWPAN based solution. Kindly refer here to get details. If you need more information or need to get more features please contact me thru LinkedIn or email www.linkedin.com/hp/update/6178842682400567296 Usman Sarwar IoT Connectivity Architect usman.sarwar@intel.com

Intel IPSO/6LoWPAN solution for general wireless sensor network

usman sarwar

IoT support for .NET (Core/5/6)

Mirco Vanini

ODSA PHY Layer

jennimenni

BKK16-500K2 CTO talk - The End to End Story

Linaro

What's hot (20)

Standardizing the tee with global platform and RISC-V

Chips alliance omni xtend overview

Linaro Connect San Francisco 2017 - Welcome Keynote by George Grey | #SFO17

Andes RISC-V vector extension demystified-tutorial

BKK16-200 Designing Security into low cost IO T Systems

RISC-V: The Open Era of Computing

VF360 OpenVPX Board w. Altera Stratix and TI KeyStone DSP

Security and functional safety

RISC-V Summit 2020: The Next Ten Years

Boards for the IoT-Prototyping

IoTlondon - mbed based IoT Gateway talk

Sundance at the 49th Intelligent Sensing Program

Microsoft Hello World IoT 2017 - Embedded Systems Design - Build vs Buy

Introduction to the new MediaTek LinkIt™ Development Platform for RTOS

Connecting the smart factory to the cloud with MQTT and Sparkplug

The Role of a Network Software Developer in Network Transformation

Intel IPSO/6LoWPAN solution for general wireless sensor network

IoT support for .NET (Core/5/6)

ODSA PHY Layer

BKK16-500K2 CTO talk - The End to End Story

Similar to #OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-based IoT - Alexandre ABADIE, INRIA

Lecture 9

vishal choudhary

Faites communiquer vos objets connectés avec la solution RIOT ! RIOT est un nano système d'exploitation open source, l’équivalent de Linux, pour l’internet des objets. Grâce aux standards de communication qu'il implémente, il vous permettra de développer facilement et de façon pérenne et sécurisée vos applications pour vos objets communicants et embarqués (agriculture connectée, suivi et gestion de bâtiments intelligents, petits automatismes, usine du futur ...). Inria, l'institut national de recherche dédié au numérique, qui à French Tech Central connecte les entrepreneurs au meilleur de la recherche publique française, est un des membres co-fondateurs de la communauté mondiale des développeurs RIOT.

Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT

Stéphanie Roger

Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...

mCloud

IOT Exploitation

Cysinfo Cyber Security Community

C# on a CHIPs

Mirco Vanini

Everything about Internet of Things

Muhammad Nasr

Developing TI RTOS Applications and BLE Profiles

Sumit Sapra

Contiki IoT simulation

nabati

Eric Theis resume61.1

Eric Theis

Connect a chips to Azure

Mirco Vanini

Global Azure boot camp 2015 - Microsoft IoT Solutions with Azure

Vinoth Rajagopalan

Presentation of the Mainflulux team held In Portland at Embedded Linux Conference & OpenIoT Summit North America March 14 2018. IoT middleware platforms have become necessary building blocks of every complex vertical IoT solution. Traditionally, the platforms have been built to run in the cloud; wide availability and rich capabilities have driven the first wave of IoT adoption. As the scale and complexity of IoT projects have grown, however, the need to provide solutions that move to process to the network edge has also grown. Down-scaling cloud capabilities is complex in part because of the more modest capabilities of edge computing in typical deployment models. As a result, there are few open solutions that address this need. We introduce Mainflux (https://github.com/Mainflux/mainflux) - a IoT Platform for cloud and edge that can simultaneously scale-out to hundreds of nodes in the cloud but can also scale down to a modest RaspberryPi computer without changing a single line of code. This scalability is achieved thanks to careful architecture, the effectiveness of the Go programming language, and technology choices used in the implementation. We will discuss the platform, its use and application, and our work to bring core concepts from it to various open source projects including EdgeX. Repository for Mainflux open source and royalty-free IoT platform published under Apache-2.0 license, free download https://github.com/mainflux/mainflux Mainflux company official website: https://www.mainflux.com/

Mainflux - Hyperscalable Unified IoT Platform

Sasa Klopanovic

Mainflux - Hyperscalable Unified IoT Platform

Sasa Klopanovic

Want to add Wi-Fi to your IoT project? This 30 minute webinar, presented by technical consultant Ajith KP, demonstrated how to program (using Arduino and Python) for peripheral sensors connected to the MediaTek LinkIt Smart 7688 Duo’s microcontroller and how to communicate between the microcontroller and the MT7688 SOC. Three ways to undertake the peripheral programming for the MediaTek LinkIt Smart 7688 Duo were covered: 1) Using a primitive UART connection 2) Using the Firmata protocol 3) Using the Arduino Yun Bridge Library A recording of the live event can be found at http://home.labs.mediatek.com/technical-mediatek-linkit-smart-7688-webinar-recording-available/

Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...

MediaTek Labs

Simple things about Internet of Things

Muhammad Nasr

From Uc To Embedded

guest0cf711

Building IoT devices with ARM mbed - RISE Manchester

Jan Jongboom

2016-09-eclipse-iot-cf-summit

Mike Milinkovich

K vector embedded_linux_workshop

Keroles karam khalil

micro-ROS: Developing ROS 2 professional applications based on MCUs

eProsima

Similar to #OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-based IoT - Alexandre ABADIE, INRIA (20)

Lecture 9

Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT

Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...

IOT Exploitation

C# on a CHIPs

Everything about Internet of Things

Developing TI RTOS Applications and BLE Profiles

Contiki IoT simulation

Eric Theis resume61.1

Connect a chips to Azure

Global Azure boot camp 2015 - Microsoft IoT Solutions with Azure

Mainflux - Hyperscalable Unified IoT Platform

Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...

Simple things about Internet of Things

From Uc To Embedded

Building IoT devices with ARM mbed - RISE Manchester

2016-09-eclipse-iot-cf-summit

K vector embedded_linux_workshop

micro-ROS: Developing ROS 2 professional applications based on MCUs

More from Paris Open Source Summit

Always wanted to control your IoT device without SSH'ing into it? In this talk we will show how WebSockets, MQTT and a set of custom go/js libraries can help in managing remotely your IoT device without knowing its IP address. Learn how you can use the Arduino Create Agent to easily deploy containers, remotely. A journey on Docker client, APT command line, sockets, systemd and much more on Arm and Intel Linux devices.

#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...

Paris Open Source Summit

IoT is at the peak of the hype cycle - what they call the 'Peak of Inflated Expectations’. The complexity of the cybersecurity landscape is at an all-time high, with security researchers, vendors and even governments all trying to come to a consensus for making the cyber-world a safer place. In this world of lightning-fast development cycles, it may intuitively feel like security gets left behind. The battle over standards is always a struggle. The unresolved problem of software updates and short vendor support cycle combined with the lack of effort into security makes these devices an easy target. Companies not only need to update their technology stack for the evolving security landscape but also their mindset, processes and culture. This talk will shine a light on some of the challenges that today’s executives face in finding and fixing systemic problems in and outside of security through people, tools and understanding.

#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino

Paris Open Source Summit

"Cette présentation a pour but de présenter MirageOS et ses applications à l'écriture d'applications IoT sécurées. En particulier, MirageOS permet de développer des applications d'infrastructure réseau --- firewalls, proxy VPN, serveurs d'emails, etc. --- qui peuvent être déployées sur des processeurs embarqués de type ARMv8, ESP32 ou RISC-V. Nous expliquerons comment nous nous appuierons sur cette couche d'infrastructure entièrement open-source pour développer OSMOSE, une plateforme sécurisée et décentralisée permettant de construire des application IoT centrées sur l'utilisateur et le respect de sa vie privée. "

#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...

Paris Open Source Summit

WarpScript est un langage de programmation open source conçu pour facilement requêter, manipuler et traiter des données de séries temporelles à la volée. Bien qu'il soit compatible nativement avec Warp 10, WarpScript peut aussi être connecté à d'autre sources de données. Dans cette présentation, nous allons détecter des anomalies à la volée en utilisant des fonctions WarpScript et répondre aux questions suivantes. Que doit-on définir comme une anomalie ? Quel algorithme correspond au type d'anomalie que l'on cherche à détecter ? Comment prendre en compte la possible saisonnalité de mes données ?

#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...

Paris Open Source Summit

#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix

Paris Open Source Summit

#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria

Paris Open Source Summit

#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...

Paris Open Source Summit

ONLYOFFICE développée par Ascensio System SIA, est une suite bureautique open-source basée sur l'élément Canvas de HTML5, qui offre une gamme complète d’outils d’édition en ligne des documents texte, feuilles de calcul et présentations. Cette présentation commence par l’aperçu des principes de base : - support de tous les formats courants, - riche éventail d’outils de la mise en forme, - affichage du contenu de manière identique, quel que soit le navigateur utilisé, - ressources permettant d’étendre les fonctionnalités des éditeurs, - capacités avancées de co-édition, - transfert de données sécurisé en temps réel. Le nombre des universités et des écoles qui optent pour les alternatives open source aux solutions populaires offertes par les grandes marques, augmente chaque année. Les solutions de ONLYOFFICE sont actuellement utilisées par plus de 30 établissements d’enseignement en France tels que treize Universités de la Sorbonne, l’Université de Grenoble, l’Université de Nantes, l’École Nationale d'Ingénieurs de Brest, le l'établissement public Campus Condorcet, etc. Dans cette partie, Jeremy Maton, l’Administrateur Systèmes et Réseaux à l’Institut de Biologie de Lille, va présenter comment ONLYOFFICE est intégrée au sein de leur unité de recherches et aide à organiser le flux de travail.

#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...

Paris Open Source Summit

#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...

Paris Open Source Summit

#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...

Paris Open Source Summit

Dans une banque vieille de 200 ans, il ne parait pas forcément évident au premier abord de convaincre d’une démarche Open Source. Et pourtant, nous l’avons fait ! Dans cette conférence, nous vous expliquerons comment l’idée de publier du code Open Source est née, quels sont les leviers et opportunités que nous avons actionnés pour convaincre nos différentes directions. Nous expliquerons également les difficultés rencontrées et les choix retenus. Si vous aussi, vous êtes dans une banque, une assurance ou encore un groupe industriel, et que vous cherchez des clés pour initier une démarche Open Source, alors venez nous voir !

#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...

Paris Open Source Summit

#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...

Paris Open Source Summit

#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...

Paris Open Source Summit

#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...

Paris Open Source Summit

#OSSPARIS19 - Table ronde : souveraineté des données

Paris Open Source Summit

#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...

Paris Open Source Summit

#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...

Paris Open Source Summit

#Business #Apps - Track - Gestion documentaire et collaboration VITAM est une solution d'archivage open source utilisée pour des volumes élevés jusqu'à des milliards de documents. C'est un système distribué qui peut être implémenté aussi bien sur du bare metal que du cloud OpenStack, utilisant de 3 à plus de 100 VM. Il est conçu pour être efficace et très facile à administrer. Les principales opérations techniques sont entièrement automatisées. Cette présentation vous donnera les principales informations sur l'architecture VITAM, la façon de l'installer sur votre infrastructure et les pièges classiques à éviter. Elle vous permettra aussi de rencontrer des techniciens impliqués dans le développement de VITAM.

#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...

Paris Open Source Summit

#OSSPARIS19 - Cryptpad : la collaboration chiffrée - LUDOVIC DUBOST, CEO XWik...

Paris Open Source Summit

#Business #Apps - Track - Gestion documentaire et collaboration De nos jours, les systèmes CRM et ECM sont couramment utilisés. Habituellement, ces deux applications sont gérées par des systèmes distincts. Il peut y avoir des interconnexions ici et là entre eux, mais elles sont traitées séparément. Et si nous pouvions combiner ces deux solutions utiles dans un seul système, le tout basé sur une solution open source? L'avantage serait énorme : Nous pourrons avoir à la fois les informations relatives à nos clients en termes commerciaux et en même temps gérer la documentation liée (contrats, propositions, etc.). Cette présentation détaillera ce concept et nous verrons une démonstration d'une solution open source qui répond à ce besoin.

OSSPARIS19 - Customer Content Management: GED et CRM combiné - MICHAËL GENA, ...

Paris Open Source Summit

More from Paris Open Source Summit (20)