simplifying iot and embeddedsecurity · three main classes of iot device. software architecture....
TRANSCRIPT
Copyright © 2018 Arm, All rights reserved.
Simplifying IoT and Embedded Security
Mayank Sharma
Senior Product Manager, IoT Device IP
Arm
2Copyright © 2018 Arm, All rights reserved.
The facts about IoT security
The challenges of IoT security
are growing
IoT security trends are becoming
more complex
There are four main types of
attack to protect
yourself from
Arm can help simplify IoT
Security
4Copyright © 2018 Arm, All rights reserved.
Trends impacting security today
Political trendsSecurity spending gets
squeezed
Government legislation / labeling
Technology trendsMore targets, more
accessible
AI Automation / quantum computing battle
Economic trendsEarly Adopters get a head
start
Regulatory compliance will be prime influencer
Social trendsDigital safety vs online
security
There will be more high profile security hacks and
attacks
6Copyright © 2018 Arm, All rights reserved.
Arm CryptoCell
TEE for Cortex-A
Cortex-A with
TrustZone
SecurCore
Security is a part of Arm’s DNA
Secure Enclave / CryptoIsland
iSIMtechnology
Kigen family
PSA launched
PSA threat models
PSA TF-M
Armv8-M processors:
Cortex-M23/M33 with Arm TrustZone
Arm security
manifesto
Mbed
Physical security
enhancements
Arm IP covers a variety of attack surfaces
2004 2018…
Physical vulnerabilities
Communication vulnerabilities
Lifecycle vulnerabilities
Software vulnerabilities
PSA APIs
PSA specifications
7Copyright © 2018 Arm, All rights reserved.
Arm’s Vision For IoT SecurityKey IoT security considerations
Security needs to built-in from the ground up
1 A collectiveindustry
responsibility
2
Providing a framework to ensure consistent security
Platform Security Architecture (PSA) is the perfect starting point
Security needsto be simple,
with seamless integration
3
8Copyright © 2018 Arm, All rights reserved.
Three main classes of IoT device
Software architecture
Rich IoT nodes & gateways Mainstream Constrained
Data processing at the edge
Decision making
Machine learning
Gateway to cloud
Balancing performance and cost
Moderate data / audio processing
High power efficiency
Ultra-low-cost, sensors or beacons
Often battery powered
Connecting to gateway or cloud
10Copyright © 2018 Arm, All rights reserved.
Platform Security ArchitectureConsistently design-in the right level of security into low cost IoT devices
11Copyright © 2018 Arm, All rights reserved.
Nov 2017 Feb 2018 March 2018 …October 2018
Delivering On Our Vision
PSA announced offering a framework for developing
secure devices, economically
First PSAspecifications will
become public
Arm announces the PSA APIs and test kits
Example threat models made available
Arm announces Trusted Firmware-M open-source project
Visit www.arm.com/psa-resources
PSA is a reality
12Copyright © 2018 Arm, All rights reserved.
Security is a shared responsibilitySilicon CloudSoftware Security Systems
14Copyright © 2018 Arm, All rights reserved.
Matching the Vulnerability with the Right MitigationPSA Analysis StageAssess the potential vulnerabilities
Software• buffer overflows • interrupts• malware
Physical• non-invasive• invasive
Lifecycle• code downgrade• ownership
changes• unauthorized
overproduction• Debug hacks
Communication• man-in-the-middle • weak RNG• code
vulnerabilities
Confidential © Arm 2018
Physical mitigation Software mitigation
Lifecycle mitigationCommunication mitigation
Arm SecurCore,Arm Cortex-M35P,CryptpCell-312P,CryptoIsland-300P
Arm TrustZone, CMSIS-ZONEArm Keil MDK and Armprocessors with TrustZonesupport
Arm CryptoCell & CryptoIsland,Arm Pelion IoT Platform,Arm CoreLink SDC-600
Arm CryptoCell & CryptoIsland,Arm Pelion IoT Platform
15Copyright © 2018 Arm, All rights reserved.
Achieving Software Isolation
Two Cortex-M processors
Cortex-M
SRAM
Interconnect
SRAMFlash Peripherals
Cortex-M
SRAM
Software architecture
Hardware requirements
TrustZone for Armv8-M
16Copyright © 2018 Arm, All rights reserved.
Platform Security For Strict PPA Constraints
Physical Protection – against side-channel attacks and more invasive attacks
Arm CryptoIsland - security enclave, fully isolated from host processor
Arm CryptoCell – hardware base security infrastructure
Asymmetric Crypto
Symmetric Crypto
Security resources
Keys and assets
Code and data
protection
Permission and access
control
Secure Arm processor
Secure memories
Secure always on Mailbox
17Copyright © 2018 Arm, All rights reserved.
Extending Arm’s range of security IP into physical protection
A new Cortex-M processor with tamper resistance and software isolation with TrustZone for Armv8-M
Security enclave and cryptography IP with protection against side-channel attacks and more
Making it easier for designers to protect devices against different physical attack types
18Copyright © 2018 Arm, All rights reserved.
From chip to cloud – total IoT securityApplications Ecosystem
(App Development Enablement)
Device Ecosystem
Connectivity Management Services
Device Management Services
Data Management Services
Chip
-to-
clou
d se
curit
yEnterprise+
Other Data
20Copyright © 2018 Arm, All rights reserved.
Arm secure foundation solutions
• Corstone foundation IP (former SDKs)
• Pre-verified, configurable system and subsystem IP
• Modifiable subsystem IP
• Pre-integrated with processor / security IP
• Tools• Models / FPGA / test chip boards
• Development tools
• Corstone ready software (e.g. Mbed OS)
Complete system approach
21Copyright © 2018 Arm, All rights reserved.
Designing Secure IoT Systems Arm Secure Foundation Solutions
Identify threatsDefine secure
architecture
Acquire security IP
Design secure
hardware
Design secure
software
Integrate cloud
security
Integrate system
22Copyright © 2018 Arm, All rights reserved.
Designing Secure IoT Systems Arm Secure Foundation Solutions
Identify threatsDefine secure
architecture
Acquire security IP
Design secure
hardware
Design secure
software
Integrate cloud
security
Integrate system
Identify threats Use Arm secure foundation Integrate system
23Copyright © 2018 Arm, All rights reserved.
Get started with a good foundation
Corstone-700 foundation IP
Secure enclave
Linux support
Rich IoT / Gateways
Corstone-200 foundation IP
Arm TrustZone
Mainstream systems
Corstone-100 foundation IP
Basic security features Constrained systems
Corstone brings you• Reduced time-to-
market
• Built-in security
• Lower design cost
25Copyright © 2018 Arm, All rights reserved.
Trademark and copyright statementThe trademarks featured in this presentation are registered and/or unregistered trademarks of Arm (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.
Copyright © 2018
Thank You!
25