That ARM-Sensinode Buy: What Does It Mean For Security And IoT?

We wrote last week about the decision of chip-maker ARM to buy the small(ish) Finnish software maker Sensinode Oy, which has become a big player in the market for software that runs low power devices like embedded sensors. The deal makes sense at the 100,000 foot level – ARM makes chips that power embedded devices, Sensinode makes the software that is powered by them. Perfect.

Michael Koster - OSIOT
Koster, a co-founder of the group Open Source Internet of Things (OSIOT) says that the deal will put more momentum behind standards that support strong security for IoT devices.

But the deal actually works at a bunch of different levels, as I learned from a conversation with Michael Koster, the co-founder and lead architect at the group The Open Source Internet of Things (OSIOT). Koster is an authority on The Internet of Things and has helped create open-source toolkits and APIs that promote interaction among intelligent devices.

Koster said that ARM’s purchase of Sensinode is as much about both firms’ investment in emerging IoT standards for low-powered, intelligent devices like Constrained Application Protocol (CoAP) and 6LowPAN (IPV6 for Low Power Wireless Personal Area Networks) as the synergies between ARM’s hardware and Sensinode’s software. The deal works as both a business investment for ARM, by delivering improvements to ARM’s downstream embedded hardware partners like Texas Instruments. But it could also benefit the entire IoT ecosystem by providing a stable operating system stack (think “WinTel” in the 1990s) for what Koster calls the last segment of the network in IoT.” Namely: “the Wireless Sensor Networks and low bandwidth edge networks and constrained devices that will make up a lot of business for ARM and their partners.”

Paul: I understand the strategic goal (make it easier to develop applications on top of ARM hardware, SOCs, etc.). What, specifically, does Sensinode bring to the table that ARM couldn’t develop on its own or acquire elsewhere?

MichaelSensinode probably has the most mature version of the 6LowPAN stack, including CoAP. More to the point, Sensinode is founded by the developers of the 6LowPAN standard as well as central players in IPSO. They are building an ecosystem of application level partners that is great for ARM to hook up with and drive business “up the stack”. 

6LowPAN and CoAP are tailored to work well on resource constrained devices that have a lot of desirable attributes for IoT, like low power consumption and low cost. For example, the minimum packet size is 100 bytes. This creates a particular tradeoff toward small size, short strings in protocols, etc. that are a good fit for the embedded system that ARM technology plays in. 

The acquisition gives ARM a high influence position in the technology behind 6LowPAN, which is a great fit for it’s hardware ecosystem e.g. Atmel and TI, that have a big stake in embedded computing and communication. 

The stack is proprietary, which may result in some interesting questions for ARM around management of IP vs. driving adoption. I expect them to make the software readily available to their ecosystem. This potentially provides an “operating system” for the last segment of the network in IoT, the Wireless Sensor Networks and low bandwidth edge networks and constrained devices that will make up a lot of business for ARM and their partners.

Sensinode Homepage
Sensinode reassured customers that ARM will continue and expand its commercial offerings including its NanoStack and NanoService products.


Paul: ARM talked up Sensinode’s technology and its contribution to a lot of standards groups (IETF, Zigbee, etc.) Will being a part of ARM accelerate the IOT space towards adoption of standard protocols and platforms, or will it just become another silo (ARM + Nanostack, etc.)?

Michael:  I don’t expect CoAP based systems to become silos. The IETF standard is some really good work and is already being adopted by global standards groups like ETSI, oneM2M, and OMA for “lightweight” Machine to Machine communication. I believe that high level software interoperability is in the recognized best interest of ARM and the entire ecosystem.

Paul: Sensinode’s CEO called out security as something that his company brings to the table. What kinds of security features, in particular, will get a boost as a result of closer ARM/Sensinode collaboration?

Michael: There is a perception that because CoAP and IPV6 enable “end-to-end” communication without gateways, that this is inherently superior for security. I also hear that gateways can act as firewalls and enable higher levels of protection for interactions at web scale, using a layered approach to augment the features of the resource-constrained “local” environment. 

I am mostly concerned about security from a resource access control perspective…Who gets to use which data (and) controls associated with my IoT devices, and for what purpose?” — Michael Koster, OSIOT

Paul: Do you see a lack of standards (including those for data security) as an impediment to IOT device development and adoption?

Michael: I guess it depends a lot on one’s definition of an endpoint and the specific failure models being considered. Device level standards like 6LowPAN and CoAP will definitely drive growth of an ecosystem and probably drive overall business growth if they can get good branding and real plug and play interoperability. I think it’s a good time for the industry to be adopting standards.

However, I see IoT as being a lot bigger than the devices themselves. As we build out, it will be more and more about the data. Therefore we will need standards that deal with the layer of data and data models, as well as more nuanced models for access and sharing. There will all need to be standards, from the device level using 6LowPAN and CoAP to web scale APIs and protocols for data exchange. User/owner control of access to data and controls will be a huge factor in the future and will need to be considered from the beginning in order to achieve an Internet of Things at web scale. 

Paul: What are your big concerns or areas of interest vis a vis security and Internet of Things? How well does the ARM/Sensinode marriage address them?

MichaelI am mostly concerned about security from a resource access control perspective, that is “who gets to use which data/controls associated with my IoT devices, and for what purpose”?

I believe that the adoption of good standard protocols that have the ability to use strong encryption, like 6LowPAN and CoAP, supported by capable hardware architectures like ARM are a solid technology foundation for a secure ecosystem of devices and device networks for the Internet of Things. I think they are good questions and will, I hope, move the discussion beyond “what everyone knows” and onto the bigger topics around data and control that we need to think about.

We need to realize that the Internet of Things will quickly expand beyond the reach of the devices and into the pervasive sea of information all around us. Our ability to interact with the world will profoundly change in ways we can’t yet imagine. Back to the topic though, I think it’ will result in taking some of the pressure off having to monetize the software itself, which will drive availability and broader adoption of the IETF standard, which in my opinion is a good thing. Hopefully ARM will use it to drive the standard to broad adoption and accelerate growth of the Internet of Things.


Comments are closed.