Hosted at the very beginning of both days, our wellbeing sessions will set you up for a day filled with learning and networking.

By moving closer to the edge, machine learning is profoundly changing the IoT landscape, where RISC-V is already seeing immense success. To be able to fully capitalize on the opportunities that arise from this trend, as well as tackle the related challenges, various communities must come together to create an open ecosystem of modern tools, frameworks and platforms that together will constitute a seamless environment for developers to build advanced ML applications on RISC-V.

The keynote panel will feature representatives of Google, Zephyr Project, QuickLogic, STMicroelectronics and Antmicro in a discussion of how the strengths of RISC-V, Zephyr RTOS, TensorFlow Lite and Renode can be combined to provide innovative, collaborative, software-driven and traceable ML development for the very edge, also on the hardware level, e.g. using FPGAs or RISC-V custom extensions. The participants will discuss modern testing methodologies and HW-SW co-development enabled by the Renode simulation framework - as used by e.g. Google’s TF Lite Team - unlocking efficient and deterministically testable ML development on platforms including RISC-V.

Other hot topics will include open source FPGA tools and Renode support for the Core-V MCU, recent developments concerning TensorFlow Lite Micro, RISC-V joining the Zephyr Project and the ML-oriented, EU-funded VEDLIoT project involving RISC-V and Renode.

The CORE-V family is an OpenHW Group project to develop, deploy, execute pre-silicon functional verification and SoC based evaluation kits of the CORE-V family of open-source RISC-V cores. Written in SystemVerilog, the CORE-V open-source IP matches the quality of IP offered by established commercial providers and is verified with state-of-the-art, auditable flows.

The CORE-V cores are verified using CORE-V-VERIF a silicon-proven, industrial-grade functional verification platform. CORE-V-VERIF has been used to execute a complete verification cycle of the CORE-V CV32E40P core and is currently being used to execute verification of the CV32A6 and CV64A6 cores. CORE-V-VERIF leverage verification components developed by the RISC-V community and will be continuously maintained and enhanced to integrate the latest best-practices and technology for the verification of future CORE-V cores such that CORE-V cores can be used in high-volume production SoCs.

This discussion will dive into one particular solution that combines long-polling, the device authorization grant, and an internet accessible controller to communicate with devices on a local network without opening inbound connections to those devices. We will also spend some time reviewing the attack surfaces of this approach and the required mitigations. Finally, we will spend a little time reviewing some of the COTS solutions that already exist in this area.

• How to use device authorization grant to initialize a device on a local network
• Understand how to create a simple controller that is accessible via the web and enables local devices to interact with it using tokens
• A look at some of the attack surfaces of this approach and the mitigations required

With the rapid development of the Internet of Things, intelligent systems are increasingly finding their way into everyday life and into people’s homes. With the spread of these technologies, there is a growing concern about device security and data privacy.

Many of us already interact with at least 3 to 5 smart devices daily – a smartphone, fitness tracer, a smart TV, voice assistant, and smart appliances to name a few.

Data from one device may not be a problem, but combining data from several devices could create a pattern that may reveal unwanted information about a user. And with more devices coming into homes, concerns around the way personal data is managed, controlled, and used by devices and organizations are increasingly being raised.

In this presentation, Tuya Smart, a global IoT Cloud and Development Platform, will discuss the top security concerns facing tech providers, product manufacturers, and consumers, highlighting best practices to ensure device security, data privacy, and end user peace of mind.

With literally hundreds of certification frameworks across multiple regions and verticals, one thing is clear: security evidence is an important trust enabler. While this trend continues, embedded IoT developers are confronted with the need of showing evidence of the security capabilities in their products. This is relevant for compliance, risk management or simply for accountability.

This presentation introduces SESIP, the Security Evaluation Standard for IoT Platforms. SESIP is a security evaluation scheme designed to support the entire IoT ecosystem. We will explore the state of the market in the area of security evaluations for IoT devices and introduce SESIP, with hands on examples including ETSI EN 303645 for consumer devices, and IEC 62443-4-2 for industrial IoT. Showcasing SESIP applicability and both the technical and commercial benefits for the entire value chain.

• A look at the global security certification and compliance trends for the IoT market
• Understand the benefits of security evaluations for IoT devices
• Experience the concept of composite evaluations as the scalable way to build products with secure, certified components
• Introduction to SESIP as the most relevant scheme in the world for IoT security

Ensuring that the firmware and software on an IoT device are updated to the latest version is critical to maintain a secure state with all the known vulnerabilities addressed. This talk will set the context with pertinent threat landscape data from NVD database on IoT devices. The TCG guidance will be introduced and concludes with the evaluation of technologies including TPM and DICE to achieve the objectives.

With so many headlines on IoT safety and security, and new attacks happening every week it can be difficult to know where to start. If you’ve ever asked any of the following questions, then this talk is for you:

• Where do I start with IoT security?
• How do I look at security and safety together?
• I’m on a project and what can I do to build secure devices?

This talk will walk through Synopsys’ approach to threat modeling IoT systems and will answer the above questions while also demonstrating how to tie security and safety together with a systems approach.

• Understand the security complications introduced by trends like 5G edge computing and private LTE/5G networking in order to stay protected
• Discover how to apply new cybersecurity frameworks such as homomorphic encryption: Why is this the next big thing?
• Leave this session with hacker vision: Gain the ability to see your networks from the perspective of a hacker
• Best practices in the field of IoT to establish zero-trust systems and networks (for any type of multi-tenant compute or network, not just mobile)

What are the consequences of leaving security as an afterthought when building a product? During this session, Exset Labs’ Security Researcher & Analyst, Diogo Pimentel, will speak about:

1- The current trends within the IoT industry and why you should care

2- The challenges and risks of not taking security seriously

3- What role do legislation and security standards play in ensuring secure products?

4- Types of threats and real world hacking cases/scenarios and what companies like yours can learn from this

5- Solutions to how you can protect your assets

Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 61508,) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project. In this session, we will lay out some challenges of making safety certification achievable in open source. We will be offering an in-depth review of how Xen Project is approaching these challenges and try to derive lessons for other projects and contributors.

• Understand the process of the Xen Project Special Interest Group (SIG)'s journey toward safety certifications so far and lessons learned along the way
• Discover documentation, requirements generation, static code analysis, and contribution processes that need to be improved to make progress

The IoT landscape is rapidly expanding and there's an urgent need for standardized, interoperable and proven end-point security. Years away, right?

Wrong.

Introducing IoTopia

In this presentation GlobalPlatform, a non-profit industry association will deliver insights into its new initiative, IoTopia. The initiative:
• Proposes a common framework to standardize the design, certification, deployment and management of IoT devices.
• Aims to be testable and meet vertical requirements by building on four foundational pillars: secure by design; device intent; autonomous, scalable and secure onboarding; and device life-cycle management.
• Will be a simple but executable framework that is standards-based, industry-wide and able to evolve as security capabilities and requirements change.
• Will provide the opportunity to support tiers of security as well as certification in desired verticals.