Copyright © 2018 Arm, All rights reserved.

Simplifying IoT and Embedded Security

Mayank Sharma

Senior Product Manager, IoT Device IP

Arm

2Copyright © 2018 Arm, All rights reserved.

The facts about IoT security

The challenges of IoT security

are growing

IoT security trends are becoming

more complex

There are four main types of

attack to protect

yourself from

Arm can help simplify IoT

Security

3Copyright © 2018 Arm, All rights reserved.

4Copyright © 2018 Arm, All rights reserved.

Trends impacting security today

Political trendsSecurity spending gets

squeezed

Government legislation / labeling

Technology trendsMore targets, more

accessible

AI Automation / quantum computing battle

Economic trendsEarly Adopters get a head

start

Regulatory compliance will be prime influencer

Social trendsDigital safety vs online

security

There will be more high profile security hacks and

attacks

5Copyright © 2018 Arm, All rights reserved. 5

Arm has always cared about security

6Copyright © 2018 Arm, All rights reserved.

Arm CryptoCell

TEE for Cortex-A

Cortex-A with

TrustZone

SecurCore

Security is a part of Arm’s DNA

Secure Enclave / CryptoIsland

iSIMtechnology

Kigen family

PSA launched

PSA threat models

PSA TF-M

Armv8-M processors:

Cortex-M23/M33 with Arm TrustZone

Arm security

manifesto

Mbed

Physical security

enhancements

Arm IP covers a variety of attack surfaces

2004 2018…

Physical vulnerabilities

Communication vulnerabilities

Lifecycle vulnerabilities

Software vulnerabilities

PSA APIs

PSA specifications

7Copyright © 2018 Arm, All rights reserved.

Arm’s Vision For IoT SecurityKey IoT security considerations

Security needs to built-in from the ground up

1 A collectiveindustry

responsibility

2

Providing a framework to ensure consistent security

Platform Security Architecture (PSA) is the perfect starting point

Security needsto be simple,

with seamless integration

3

8Copyright © 2018 Arm, All rights reserved.

Three main classes of IoT device

Software architecture

Rich IoT nodes & gateways Mainstream Constrained

Data processing at the edge

Decision making

Machine learning

Gateway to cloud

Balancing performance and cost

Moderate data / audio processing

High power efficiency

Ultra-low-cost, sensors or beacons

Often battery powered

Connecting to gateway or cloud

9Copyright © 2018 Arm, All rights reserved. 9

How do you know what to protect from?

10Copyright © 2018 Arm, All rights reserved.

Platform Security ArchitectureConsistently design-in the right level of security into low cost IoT devices

11Copyright © 2018 Arm, All rights reserved.

Nov 2017 Feb 2018 March 2018 …October 2018

Delivering On Our Vision

PSA announced offering a framework for developing

secure devices, economically

First PSAspecifications will

become public

Arm announces the PSA APIs and test kits

Example threat models made available

Arm announces Trusted Firmware-M open-source project

Visit www.arm.com/psa-resources

PSA is a reality

12Copyright © 2018 Arm, All rights reserved.

Security is a shared responsibilitySilicon CloudSoftware Security Systems

13Copyright © 2018 Arm, All rights reserved. 13

Four types ofvulnerabilities

14Copyright © 2018 Arm, All rights reserved.

Matching the Vulnerability with the Right MitigationPSA Analysis StageAssess the potential vulnerabilities

Software• buffer overflows • interrupts• malware

Physical• non-invasive• invasive

Lifecycle• code downgrade• ownership

changes• unauthorized

overproduction• Debug hacks

Communication• man-in-the-middle • weak RNG• code

vulnerabilities

Confidential © Arm 2018

Physical mitigation Software mitigation

Lifecycle mitigationCommunication mitigation

Arm SecurCore,Arm Cortex-M35P,CryptpCell-312P,CryptoIsland-300P

Arm TrustZone, CMSIS-ZONEArm Keil MDK and Armprocessors with TrustZonesupport

Arm CryptoCell & CryptoIsland,Arm Pelion IoT Platform,Arm CoreLink SDC-600

Arm CryptoCell & CryptoIsland,Arm Pelion IoT Platform

15Copyright © 2018 Arm, All rights reserved.

Achieving Software Isolation

Two Cortex-M processors

Cortex-M

SRAM

Interconnect

SRAMFlash Peripherals

Cortex-M

SRAM

Software architecture

Hardware requirements

TrustZone for Armv8-M

16Copyright © 2018 Arm, All rights reserved.

Platform Security For Strict PPA Constraints

Physical Protection – against side-channel attacks and more invasive attacks

Arm CryptoIsland - security enclave, fully isolated from host processor

Arm CryptoCell – hardware base security infrastructure

Asymmetric Crypto

Symmetric Crypto

Security resources

Keys and assets

Code and data

protection

Permission and access

control

Secure Arm processor

Secure memories

Secure always on Mailbox

17Copyright © 2018 Arm, All rights reserved.

Extending Arm’s range of security IP into physical protection

A new Cortex-M processor with tamper resistance and software isolation with TrustZone for Armv8-M

Security enclave and cryptography IP with protection against side-channel attacks and more

Making it easier for designers to protect devices against different physical attack types

18Copyright © 2018 Arm, All rights reserved.

From chip to cloud – total IoT securityApplications Ecosystem

(App Development Enablement)

Device Ecosystem

Connectivity Management Services

Device Management Services

Data Management Services

Chip

-to-

clou

d se

curit

yEnterprise+

Other Data

19Copyright © 2018 Arm, All rights reserved. 19

Making security even simpler

20Copyright © 2018 Arm, All rights reserved.

Arm secure foundation solutions

• Corstone foundation IP (former SDKs)

• Pre-verified, configurable system and subsystem IP

• Modifiable subsystem IP

• Pre-integrated with processor / security IP

• Tools• Models / FPGA / test chip boards

• Development tools

• Corstone ready software (e.g. Mbed OS)

Complete system approach

21Copyright © 2018 Arm, All rights reserved.

Designing Secure IoT Systems Arm Secure Foundation Solutions

Identify threatsDefine secure

architecture

Acquire security IP

Design secure

hardware

Design secure

software

Integrate cloud

security

Integrate system

22Copyright © 2018 Arm, All rights reserved.

Designing Secure IoT Systems Arm Secure Foundation Solutions

Identify threatsDefine secure

architecture

Acquire security IP

Design secure

hardware

Design secure

software

Integrate cloud

security

Integrate system

Identify threats Use Arm secure foundation Integrate system

23Copyright © 2018 Arm, All rights reserved.

Get started with a good foundation

Corstone-700 foundation IP

Secure enclave

Linux support

Rich IoT / Gateways

Corstone-200 foundation IP

Arm TrustZone

Mainstream systems

Corstone-100 foundation IP

Basic security features Constrained systems

Corstone brings you• Reduced time-to-

market

• Built-in security

• Lower design cost

24Copyright © 2018 Arm, All rights reserved.

From Chip to Cloud – Total IoT Security

PELION

25Copyright © 2018 Arm, All rights reserved.

Trademark and copyright statementThe trademarks featured in this presentation are registered and/or unregistered trademarks of Arm (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.

Copyright © 2018

Thank You!

25