Implementing a Java-programmable, IP-addressable, secure MCU for the Internet of Things

Editor's Note:  In this Product How-To article, Mikhail Friedland and Amit Wohl of jNet Technology describe why resource-constrained microcontrollers used on the Internet of Things need an OS appropriate to the connectivity needs and how the company's Java-based Javelin OS can be used to satisfy these requirements.

The Internet of Things is driving the need for connectivity in embedded systems. Once connected, ordinary devices become smart objects that can interact with the world over the Internet. This requirement is being pushed down even to the simplest, most resource-constrained devices. Connectivity in turn is driving a need for security, because connected and typically unattended devices can be more easily hijacked and converted into launch pads for malicious attacks.

As requirements and complexity grow, it makes more sense to use an operating system on the microcontroller, which is an effective way to reduce development costs and time to market. Java Embedded as well as a whole ecosystem of Embedded Linux options are available to do this for the higher-end microcontrollers. The lower-end, resource-constrained microcontrollers are generally considered too constrained to run an operating system. But is this actually true?

For many years, JavaCard, a subset of Embedded Java, has been running on low-cost, secure microcontrollers used in identity and payment applications such as SIM and chip-cards. The use of JavaCard on these low-end controllers enabled effective abstraction of the complicated cryptography required for identity and payment applications. Developers could write Java applet applications using a high-level programming language, make their applications portable across different hardware, re-use their code, and generally save a lot of development time and money.

In order to run Internet connected devices – Smart Objects – JavaCard needs to be enhanced to support IP connectivity, real-time programming, and post-deployment code updates (executable content management). The resulting Java machine needs to be optimized to efficiently run on low-cost (<$2.00), resource-constrained microcontrollers, and provide acceptable performance (on par with native code). Based on JavaCard, jNet’s Javelin OS is a Java-programmable, IP-addressable, real-time enabled, and secure microcontroller OS designed for low-cost, resource-constrained microcontrollers that go into the Smart Objects that make up the Internet of Things. With a memory footprint of ~320KB, Javelin OS can run on 16- or 32-bit microcontrollers, providing them with out of the box support for a micro-IP stack, advanced cryptography, and remote code updates. Java-programmable means the OS supports the execution of Java applet applications. The low-level chip architecture and complexities are abstracted away by the Java VM, which means developers don’t need to deal with the bits and bytes of low-level controller programming. With the hardware and low-level programming complexities abstracted away, developers can focus their work on the higher-level functionality that makes products extraordinary and also results in valuable gains in time-to-market and development costs.

With Java, standard and widely available development tools (Eclipse IDE) allow developers to get started quickly. High-level APIs can be learned in days and a proof-of-concept applet developed in a matter of hours. Once written, the applet can be loaded from Eclipse over the Internet and into a remote device for testing. Testing and debugging complex, low-level C and assembly code goes away. Java is also portable, which means application code can be re-used and will run on multiple platforms.

IP-addressable means the microcontroller can communicate with the Internet using standard protocols. IP-addressability is supported by the Javelin OS and its built-in micro-IP stack. Developers can work with standard Java classes (via a subset of java.net) for network connectivity, which means they do not need to implement standard communications protocols. This ensures out-of-the-box, cost effective, and error-proof connectivity for the smart object.

Beyond basic connectivity, the Javelin OS also supports mechanisms for secure post-deployment updates for the controller logic – the applet(s) – to correct bugs and upgrade capabilities. With post-deployment updates available, developers can deploy systems more quickly, manage the product lifecycle more effectively, and enjoy overall lower TCO for the Smart Object.

Real-time enabled means that the OS supports the soft real-time programming often required for effective handling of sensors and actuators. jNet’s Javelin OS augments the Java virtual machine, which inherently does not support time-sensitive tasks, with an integrated RTOS to enable time-sensitive control of sensors and actuators on the smart object. With roughly 70% of embedded projects requiring real-time capabilities (according to a recent UBM survey), augmenting the simplicity of Java programming with real-time capabilities offers developers a unique advantage.

Security is designed into the Javelin OS from the ground up, so developers are not burdened with the highly specialized and delicate task of designing-in security themselves. Strong application sandboxing ensures clear application-kernel separation, memory protection domains, restricted code execution on the system stack, and file system access protection. Javelin OS also features broad support for symmetric and asymmetric cryptography to allow developers to easily integrate strong cryptography to secure data, communications, authentication, and verification.

jNet’s Javelin OS is based on JavaCard “Classic”, which is the most secure, highest-volume Java VM shipped to date. It runs on billions of SIM cards, ePassports, and EMV cards. It is the most suitable core for an IP-connected Smart Object and ensures low-cost implementation, acceptable performance, and a clear path for security certification when needed. When running on a secure microcontroller, Javelin OS gives you payment card-level security, including bullet-proof data integrity and confidentiality, code integrity, self-tests, countermeasures, and attack detection.

Java versus C
Developing in Java is more productive and cheaper when compared with the generally acceptable alternative – native C programming (Figure 1 ).

  • The Java Virtual Machine abstracts away the hardware and saves developers the need for driver development and other low-level interaction with the hardware.
  • Controller code is portable, so less money is spent on migrations to new hardware.
  • With many of the detailed interactions with the hardware delegated to Java operating environment, the higher-level coding requires dramatically less testing and debugging work.
  • Java development is supported by powerful development environments, such as Eclipse, that can be downloaded at no cost.
  • Out-of-the-box support for IP-connectivity, advanced crypto, and remote code updates automatically upgrades the capabilities of your system and opens the door to new opportunities available on the Internet of Things.

While some Java implementations might hamper performance, Javelin SC architecture is designed for a fine balance between performance and portability.

Figure 1: Paradigm shift of switching to Java development environment from traditional C

Case study: Javelin OS on Infineon I/O Centric secure MCUs
JavelinOS has been ported to run on Infineon’s SLE78 secure microcontrollerfamily, which is geared towards applications that require strongsecurity and data protection (Figure 2 below). This 16-bit, MCS 251instruction set controller is equipped with 500KB of Solid Flash memory,which means no expensive masking is needed and post deployment logicupgrades are simple. It also equipped with rich I/O including USB 2.0,GPIO, IIC, SPI, and ISO 7816.

For simpler nodes/smart objects, aJava-enabled secure microcontroller can control the entire devicesecurely and cost-effectively. For more complex or existing systems, thesecure microcontroller can function along-side the main controller andprovide secure storage and cryptographic services that are lacking onthe main controller.

Figure 2: Secure, IP-addressable interconnected Infineon controllers with Java programmability

Putting Javelin OS to work
Withthe Internet-connected Javelin OS, you can start developing right away.Simply start up a standard Eclipse IDE equipped with the jNet plug-incomponent. The plug-in supports a PCSC Virtual Card Acceptance Device(VCAD) Driver and a NET-Proxy whose job it is to make the “smart object”appear as if it were connected to the same machine – that is, as if itwere a standard JavaCard inserted into a physical PCSC reader pluggedinto the same PC.

On the remote end jNet’s secure remote node isrunning and waiting for instructions over the Internet. It is runningthe Javelin OS, which means it is a multi-tasking Java VM withintegrated RTOS. One of the execution threads executes a TCP/IP stackand lightweight TCP Server code that listens for traffic on a specificport. So when the NET-Proxy creates a connection over the Internet with aHTTP Server on a “smart object”, it sends back an ATR as if it camefrom a locally connected device, and acknowledges a successfulconnection. From that point on, all APDU commands from Eclipse IDE aresent through the network sockets; the same is done with return data.

Thediagram below demonstrates the scheme responsible for creation andloading over the Internet of Applets to be executed on a remote “smartobject” in the cloud (Figure 3 ).

Figure 3: Development and evaluation platform for IoT in the cloud

Conclusion
Programmingmicrocontrollers requires in-depth familiarity with the controllerarchitecture and low-level, micro manipulations of device drivers tohandle processor interrupts, memory, buses, I/Os, etc. The C programminglanguage is the preferred tool and assembly-level optimizations areoften required to achieve efficient performance.

Such low-levelcoding is error-prone and requires extensive testing and debugging,which drive up development costs. According to the 2013 Embedded MarketStudy by UBM Tech, between 20% to 25% of development time is spend ontesting and debugging and over 20% of embedded systems developers wishthey had better debugging tools.

The need for IP connectivityintroduces additional complexity. Connectivity is becoming a standardrequirement for many systems, especially those developed with theInternet of Things in mind. According to the UBM study, over 60% of newembedded projects requiring networking capabilities. But while protocolsare well specified, in practice reducing them ontoresource-constrained, embedded systems can be a formidable and expensivechallenge.

Finally, the security and robustness of the system ismore important than ever. Unattended network connected systems are aneasy and attractive target for attackers and a security concern forsystem owners. In many cases, without the ability to demonstrateadequate security, a system will not be deployed in the field, or willfall prey to a hack shortly after deployment. For example, suppose that asmart thermostat connected over WiFi to the Internet is compromised andits internal data storage becomes accessible to hackers.

Suchan information breach will divulge whether the owner is at home, onvacation, asleep or awake, hence compromising the owners’ physicalsecurity. Hackers might also use the compromised thermostat to triggerthe operation of the furnace during hot summer days, or conversely turnoff the heater in freezing weather causing burst water pipes. Thecompromised thermostat might also become an access point to theconnected network, which means additional nodes might also becompromised. Suppose what would happen with a smart lock or securitysensor.

Developing an embedded system on a cost-effectivemicrocontroller that is Internet-connected, adequately secured, andsupports secure, remote code updates is a formidable task that can take alion's share of the project's budget and leave little resources todesign software that solves an actual problem. jNet’s Javelin OS is aJava-programmable, IP-addressable, real-time enabled, securemicrocontroller OS designed for low-cost, resource-constrainedmicrocontrollers. Developing on Javelin OS frees developers fromoperationalizing basic functionality to solve actual problems thatcustomers care about.

Mikhail Friedland is the founder and CTO for jNet Technology, Inc. with over 20 years of experience. Mikhail is a technical expert insoftware design, specializing in high-assurance, secure embeddedoperating systems, virtual machines, cryptography, authenticationtechniques, EMV platform and mobile security/payments. Mikhail has lednumerous design, development and certification efforts for secureembedded operating systems, including JavaCard, Multos and proprietaryOSes.

Amit Wohl is a business development and marketingprofessional specializing in information security technology. Amit wasresponsible for technology partnerships and IP licensing at AladdinKnowledge Systems and SafeNet, Inc., which pioneered severalsmartcard-based authentication technologies. Amit holds a B.Sc. from TheIsrael Institute of Technology (Technion), a M.Sc. from theMassachusetts institute of Technology (MIT) School of Engineering, and aMBA from MIT’s Sloan School of Management.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.