Implementing a Java-programmable, IP-addressable, secure MCU for the Internet of Things

Mikhail Friedland and Amit Wohl, jNet Technology

May 04, 2014

Mikhail Friedland and Amit Wohl, jNet TechnologyMay 04, 2014

Editor's Note: In this Product How-To article, Mikhail Friedland and Amit Wohl of jNet Technology describe why resource-constrained microcontrollers used on the Internet of Things need an OS appropriate to the connectivity needs and how the company's Java-based Javelin OS can be used to satisfy these requirements.

The Internet of Things is driving the need for connectivity in embedded systems. Once connected, ordinary devices become smart objects that can interact with the world over the Internet. This requirement is being pushed down even to the simplest, most resource-constrained devices. Connectivity in turn is driving a need for security, because connected and typically unattended devices can be more easily hijacked and converted into launch pads for malicious attacks.

As requirements and complexity grow, it makes more sense to use an operating system on the microcontroller, which is an effective way to reduce development costs and time to market. Java Embedded as well as a whole ecosystem of Embedded Linux options are available to do this for the higher-end microcontrollers. The lower-end, resource-constrained microcontrollers are generally considered too constrained to run an operating system. But is this actually true?

For many years, JavaCard, a subset of Embedded Java, has been running on low-cost, secure microcontrollers used in identity and payment applications such as SIM and chip-cards. The use of JavaCard on these low-end controllers enabled effective abstraction of the complicated cryptography required for identity and payment applications. Developers could write Java applet applications using a high-level programming language, make their applications portable across different hardware, re-use their code, and generally save a lot of development time and money.

In order to run Internet connected devices – Smart Objects - JavaCard needs to be enhanced to support IP connectivity, real-time programming, and post-deployment code updates (executable content management). The resulting Java machine needs to be optimized to efficiently run on low-cost (<$2.00), resource-constrained microcontrollers, and provide acceptable performance (on par with native code).

Based on JavaCard, jNet’s Javelin OS is a Java-programmable, IP-addressable, real-time enabled, and secure microcontroller OS designed for low-cost, resource-constrained microcontrollers that go into the Smart Objects that make up the Internet of Things. With a memory footprint of ~320KB, Javelin OS can run on 16- or 32-bit microcontrollers, providing them with out of the box support for a micro-IP stack, advanced cryptography, and remote code updates.

Java-programmable means the OS supports the execution of Java applet applications. The low-level chip architecture and complexities are abstracted away by the Java VM, which means developers don’t need to deal with the bits and bytes of low-level controller programming. With the hardware and low-level programming complexities abstracted away, developers can focus their work on the higher-level functionality that makes products extraordinary and also results in valuable gains in time-to-market and development costs.

With Java, standard and widely available development tools (Eclipse IDE) allow developers to get started quickly. High-level APIs can be learned in days and a proof-of-concept applet developed in a matter of hours. Once written, the applet can be loaded from Eclipse over the Internet and into a remote device for testing. Testing and debugging complex, low-level C and assembly code goes away. Java is also portable, which means application code can be re-used and will run on multiple platforms.

IP-addressable means the microcontroller can communicate with the Internet using standard protocols. IP-addressability is supported by the Javelin OS and its built-in micro-IP stack. Developers can work with standard Java classes (via a subset of for network connectivity, which means they do not need to implement standard communications protocols. This ensures out-of-the-box, cost effective, and error-proof connectivity for the smart object.

Beyond basic connectivity, the Javelin OS also supports mechanisms for secure post-deployment updates for the controller logic - the applet(s) - to correct bugs and upgrade capabilities. With post-deployment updates available, developers can deploy systems more quickly, manage the product lifecycle more effectively, and enjoy overall lower TCO for the Smart Object.

Real-time enabled means that the OS supports the soft real-time programming often required for effective handling of sensors and actuators. jNet’s Javelin OS augments the Java virtual machine, which inherently does not support time-sensitive tasks, with an integrated RTOS to enable time-sensitive control of sensors and actuators on the smart object. With roughly 70% of embedded projects requiring real-time capabilities (according to a recent UBM survey), augmenting the simplicity of Java programming with real-time capabilities offers developers a unique advantage.

Security is designed into the Javelin OS from the ground up, so developers are not burdened with the highly specialized and delicate task of designing-in security themselves. Strong application sandboxing ensures clear application-kernel separation, memory protection domains, restricted code execution on the system stack, and file system access protection. Javelin OS also features broad support for symmetric and asymmetric cryptography to allow developers to easily integrate strong cryptography to secure data, communications, authentication, and verification.

jNet’s Javelin OS is based on JavaCard "Classic", which is the most secure, highest-volume Java VM shipped to date. It runs on billions of SIM cards, ePassports, and EMV cards. It is the most suitable core for an IP-connected Smart Object and ensures low-cost implementation, acceptable performance, and a clear path for security certification when needed. When running on a secure microcontroller, Javelin OS gives you payment card-level security, including bullet-proof data integrity and confidentiality, code integrity, self-tests, countermeasures, and attack detection.

Java versus C
Developing in Java is more productive and cheaper when compared with the generally acceptable alternative – native C programming (Figure 1).

  • The Java Virtual Machine abstracts away the hardware and saves developers the need for driver development and other low-level interaction with the hardware.
  • Controller code is portable, so less money is spent on migrations to new hardware.
  • With many of the detailed interactions with the hardware delegated to Java operating environment, the higher-level coding requires dramatically less testing and debugging work.
  • Java development is supported by powerful development environments, such as Eclipse, that can be downloaded at no cost.
  • Out-of-the-box support for IP-connectivity, advanced crypto, and remote code updates automatically upgrades the capabilities of your system and opens the door to new opportunities available on the Internet of Things.

While some Java implementations might hamper performance, Javelin SC architecture is designed for a fine balance between performance and portability.

Figure 1: Paradigm shift of switching to Java development environment from traditional C

< Previous
Page 1 of 2
Next >

Loading comments...

Most Commented

  • Currently no items

Parts Search