simplifying iot and embeddedsecuritysecure enclave / cryptoisland isim technology kigenfamily psa...

Copyright © 2018 Arm, All rights reserved.

Simplifying IoT and Embedded Security

Andrew Frame

Director, Business Development

Emerging Businesses Group, Arm

2Copyright © 2018 Arm, All rights reserved.

The facts about IoT security

The challenges of IoT security

are growing

IoT security trends are becoming

more complex

There are four main types of

attack to protect

yourself from

Arm can help simplify IoT

Security

3Copyright © 2018 Arm, All rights reserved.

Source: Altair78

4Copyright © 2018 Arm, All rights reserved.

Source: Altair78

5Copyright © 2018 Arm, All rights reserved. 5

Arm has always cared about security

6Copyright © 2018 Arm, All rights reserved.

Arm CryptoCell

TEE for Cortex-A

Cortex-A with

TrustZone

SecurCore

Security is a part of Arm’s DNA

Secure Enclave / CryptoIsland

iSIMtechnology

Kigen family

PSA launched

PSA threat models

PSA TF-M

Armv8-M processors:

Cortex-M23/M33 with Arm TrustZone

Arm security

manifesto

Mbed

Physical security

enhancements

Arm IP covers a variety of attack surfaces

2004 2018…

Physical vulnerabilities

Communication vulnerabilities

Lifecycle vulnerabilities

Software vulnerabilities

PSA APIS

PSA specifications

7Copyright © 2018 Arm, All rights reserved.

Arm’s Vision For IoT Security

Key IoT security considerations

Security needs to built-in from the ground up

1 A collectiveindustry

responsibility

2

Providing a framework to ensure consistent security

Platform Security Architecture (PSA) is the perfect starting point

Security needsto be simple,

with seamless integration

3

8Copyright © 2018 Arm, All rights reserved. 8

How do you know what to protect from?

9Copyright © 2018 Arm, All rights reserved.

Platform Security ArchitectureConsistently design-in the right level of security into low cost IoT devices

10Copyright © 2018 Arm, All rights reserved.

Nov 2017 Feb 2018 March 2018 …October 2018

Delivering On Our Vision

PSA announced offering a framework for developing

secure devices, economically

First PSAspecifications will

become public

Arm announces the PSA APIs and test kits

Example threat models made available

Arm announces Trusted Firmware-M open-source project

Visit www.arm.com/psa-resources

PSA is a reality

11Copyright © 2018 Arm, All rights reserved.

Security is a shared responsibility

Silicon CloudSoftware Security Systems

12Copyright © 2018 Arm, All rights reserved. 12

Four types ofvulnerabilities

13Copyright © 2018 Arm, All rights reserved.

Matching the Vulnerability with the Right Mitigation

PSA Analysis StageAssess the potential vulnerabilities

Software• buffer overflows • interrupts• malware

Physical• non-invasive• invasive

Lifecycle• code downgrade• ownership

changes• unauthorized

overproduction• Debug hacks

Communication• man-in-the-middle • weak RNG• code

vulnerabilities

Confidential © Arm 2018

Physical mitigation Software mitigation

Lifecycle mitigationCommunication mitigation

Arm SecurCore,Arm Cortex-M35P,CryptpCell-312P,CryptoIsland-300P

Arm TrustZone, CMSIS-ZONEArm Keil MDK and Armprocessors with TrustZonesupport

Arm CryptoCell & CryptoIsland,Arm Pelion IoT Platform,Arm CoreLink SDC-600

Arm CryptoCell & CryptoIsland,Arm Pelion IoT Platform

14Copyright © 2018 Arm, All rights reserved.

Achieving Software Isolation

Two Cortex-M processors

Cortex-M

SRAM

Interconnect

SRAMFlash Peripherals

Cortex-M

SRAM

Software architecture

Hardware requirements

TrustZone for Armv8-M

15Copyright © 2018 Arm, All rights reserved.

Platform Security For Strict PPA Constraints

Physical Protection – against side-channel attacks and more invasive attacks

Arm CryptoIsland - security enclave, fully isolated from host processor

Arm CryptoCell – hardware base security infrastructure

Asymmetric Crypto

Symmetric Crypto

Security resources

Keys and assets

Code and data

protection

Permission and access

control

Secure Arm processor

Secure memories

Secure always on

Mailbox

16Copyright © 2018 Arm, All rights reserved.

Extending Arm’s range of security IP into physical protection

A new Cortex-M processor with tamper resistance and software isolation with TrustZone for Armv8-M

Security enclave and cryptography IP with protection against side-channel attacks and more

Making it easier for designers to protect devices against different physical attack types

17Copyright © 2018 Arm, All rights reserved. 17

Making security even simpler

18Copyright © 2018 Arm, All rights reserved.

From Chip to Cloud – Total IoT Security

Secure foundation IP PELION

19Copyright © 2018 Arm, All rights reserved.

Trademark and copyright statementThe trademarks featured in this presentation are registered and/or unregistered trademarks of Arm Arm Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.

Copyright © 2018

Thank You!

19