Ubuntu Core 16: Building secure and interoperable IoT ecosystems

I have been to quite a few IoT conferences, informal meetups, and listened to webinars and podcasts. During the Q & A or networking sessions, the questions that are most commonly asked by most attendees are about the security and interoperability of IoT devices.

These concerns are genuine considering the recent Distributed Denial of Service (DDoS) attacks haunting devices connected to the Internet.

In an effort to build trust among consumers, companies in the IoT space (both hardware and software) are investing millions in R&D to address these concerns in an effective and sustainable manner.

In one such effort, Canonical, the company behind Ubuntu, has recently concluded a milestone launch of Ubuntu Core 16. Ubuntu Core 16 aka Snappy is a tine operating system designed for IoT devices. It is called Snappy because at the heart of Ubuntu Core 16 there is a super-secure, remotely upgradable, Linux application package known as ‘snaps’.

Device security

So just how does Ubuntu Core 16 make IoT devices secure?

The entire Ubuntu Core 16 operating system is delivered as snaps (including kernel, libraries and major applications). Additionally, the OS automatically updates itself frequently to counter new threats and keep the system safe.

Snaps make Ubuntu Core 16 secure and reliable because of the following features:

• Read-only
• Tamper proof
• Digitally signed
• Stored as images.

Thus, Ubuntu Core 16 makes security cracking over the Internet extremely difficult without getting physical access to the device itself.

Ubuntu Core 16 is transactional in nature i.e. failures are automatically rolled back. This gives developers enough confidence to build new features into the system and fix issues without messing it up.

Since the whole Ubuntu Core 16 OS is built as a snap, the device can store multiple updates and the device can smartly choose only to install the healthiest updates. The transactional nature of Ubuntu Core 16 secures the device with a clean rollback if a wrong update is installed.

The snaps are delivered to devices via cloud as compressed base file system. Inside each Snap directory there is a file called meta/snap.yaml. In this file, the developer of the Snap can describe the following:

• Security requirements
• How the Snap can integrate with other parts of the system
• When to update the system

This automates the updating process i.e there will be no requirement for human interference.

Device interoperability

Let’s understand how Ubuntu Core 16 enables interoperability of IoT devices.

In order to enable interoperability, the snaps have to “speak” to each other. This is made possible through the following:

• Interfaces: Bridge between 2 snaps
• Plug: Consumer Snap, which requests service from another Snap
• Slot: Producer Snap, which provides service to the consumer Snap

Snaps interfaces

The interfaces for snaps are declared in snap.yaml in the following format:

In the plug or consumer snap

name : consumer_snap_name

plugs:

db:

interface:mysql

In the slot or producer snap

name : producer_snap_name

slots:

db:

interface:mysql

In this example, the producer and consumer snaps are sharing a database.

The snaps in Ubuntu Core 16 can share files with the following types of snaps:

• Other snaps of the same vendor
• Community-maintained shared snaps, which act as libraries of common data or code, by using the content-sharing interface

Additional features of Ubuntu Core 16

The Ubuntu Core 16 is compatible with desktops, servers, Intel Joule, Qualcomm Dragonboard, Samsung Artik, Raspberry Pi2, Raspberry Pi3.

Canonical does not stop here, it has added many interesting features to Ubuntu Core 16, which make Ubuntu Core 16 the best in the IoT space. Other interesting features of Ubuntu Core 16 are as follows,

• Keeps the files compressed and signed as a squashFS blob on the disk. Unlike earlier versions of the Ubuntu desktop OS, Ubuntu Core 16 does not spread the individual files all over the disk when it is installed.

• Ubuntu Core 16 is smaller than other micro container OS because it is just a base file. Its image size is 350 MB.

• The updates for the system or application snaps are delivered as xdelta diffs i.e. only the code that has changed gets updated.

• Kernel, device drivers, OS packages and snaps with dependencies are kept separate. This enables embedded engineers (who work on kernel and device drivers) and application and package developers (who work on OS packages and snaps) can work in parallel.

The search for origin of term Ubuntu will take us to Southern Africa where Ubuntuism means,”the belief in a universal bond of sharing that connects all humanity”. People say technology makes our lives simple and connected but with applicable *terms and conditions.

No system or high-end technology can save humanity from destruction if humanist philosophy, ethic and ideologies are ignored. Therefore, before building a smart system we need to build an ecosystem of sensible human beings who can then be given the task of building smart connected systems.