Despite growing security threats, the Internet of Things hype shows no sign of abating. Feeling the FoMo, companies are busily rearranging their roadmaps for IoT. The transition to IoT runs even deeper and broader than the mobile revolution. Everything gets swallowed in the IoT maw, including smartphones, which are often our windows on the IoT world, and sometimes our hubs or sensor endpoints.
New IoT focused processors and embedded boards continue to reshape the tech landscape. Since our Linux and Open Source Hardware for IoT story in September, we’ve seen Intel Atom E3900 “Apollo Lake” SoCs aimed at IoT gateways, as well as new Samsung Artik modules, including a Linux-driven, 64-bit Artik7 COM for gateways and an RTOS-ready, Cortex-M4 Artik0. ARM announced Cortex-M23 and Cortex-M33 cores for IoT endpoints featuring ARMv8-M and TrustZone security.
Security is a selling point for these products, and for good reason. The Mirai botnet that recently attacked the Dyn service and blacked out much of the U.S. Internet for a day brought Linux-based IoT into the forefront — and not in a good way. Just as IoT devices can be turned to the dark side via DDoS, the devices and their owners can also be the victimized directly by malicious attacks.
The Dyn attack reinforced the view that IoT will more confidently move forward in more controlled and protected industrial environments rather than the home. It’s not that consumer IoT security technology is unavailable, but unless products are designed for security from scratch, as are many of the solutions in our smart home hub story, security adds cost and complexity.
In this final, future-looking segment of our IoT series, we look at two Linux-based, Docker-oriented container technologies that are being proposed as solutions to IoT security. Containers might also help solve the ongoing issues of development complexity and barriers to interoperability that we explored in our story on IoT frameworks.
We spoke with Canonical’s Oliver Ries, VP Engineering Ubuntu Client Platform about his company’s Ubuntu Core and its Docker-friendly, container-like Snaps package management technology. We also interviewed Resin.io CEO and co-founder Alexandros Marinos about his company’s new Docker-based ResinOS for IoT.
Canonical’s IoT-oriented Snappy Ubuntu Core version of Ubuntu is built around a container-like snap package management mechanism, and offers app store support. The snaps technology was recently released on its own for other Linux distributions. On November 3, Canonical released Ubuntu Core 16, which improves white label app store and update control services.
The Snap mechanism offers automatic updates, and helps block unauthorized updates. Using transactional systems management, snaps ensure that updates either deploy as intended or not at all. In Ubuntu Core, security is further strengthened with AppArmor, and the fact that all application files are kept in separate silos, and are read-only.
Ubuntu Core, which was part of our recent survey of open source IoT OSes, now runs on Gumstix boards, Erle Robotics drones, Dell Edge Gateways, the Nextcloud Box, LimeSDR, the Mycroft home hub, Intel’s Joule, and SBCs compliant with Linaro’s 96Boards spec. Canonical is also collaborating with the Linaro IoT and Embedded (LITE) Segment Group on its 96Boards IoT Edition. Initially, 96Boards IE is focused on Zephyr-driven Cortex-M4 boards like Seeed’s BLE Carbon, but it will expand to gateway boards that can run Ubuntu Core.
“Ubuntu Core and snaps have relevance from edge to gateway to the cloud,” says Canonical’s Ries. “The ability to run snap packages on any major distribution, including Ubuntu Server and Ubuntu for Cloud, allows us to provide a coherent experience. Snaps can be upgraded in a failsafe manner using transactional updates, which is important in an IoT world moving to continuous updates for security, bug fixes, or new features.