Title 44pt Title Case
Affiliations 24pt sentence case
20pt sentence case
© ARM 2016
Smarter security for the connected world
Eric Wang
Senior Technical Marketing Manager
11/16
Tech Symposia
© ARM 2016 2
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Agenda
Introduction
What can we learn from mobile security & apply to IOT?
What are the next steps that can make security easier to use and deploy?
© ARM 2016 3
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Connected security will be at the heart of IOT
How do we design in robust end-to-end security?
http://www.flickr.com/photos/jurvetson
/7408464122/in/photostream/
© ARM 2016 4
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
This couldn’t happen, could it?
© ARM 2016 5
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Botnet of CCTVs launch biggest DDOS attack…
© ARM 2016 6
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
A range of solutions is needed
SW & HW Attacks • Physical access to device
– JTAG, Bus, IO Pins,
•Time, money & equipment.
Software Attacks • Buffer overflows
• Interrupts
• Malware
Communication Attacks •Man In The Middle
•Weak RNG
•Code vulnerabilities
Cost/Effort
To Attack
Cost/Effort
to Secure
mbed TLS
CryptoCell
TrustZone
SecurCore
© ARM 2016 7
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
ARM TrustZone® enables smarter secure services
GlobalPlatform
standardization
Initial RoT &
security subsystem
TrustZone-based
TEE
Common foundation
Hardware Interfaces
Normal world code Trusted software
ARM
trusted
firmware Trusted boot
Payload dispatcher SMCCC PSCI
EL1
EL2
Secure device drivers
Hypervisor
Apps
ARMv8A /
Cortex-A
SoC
subsystem
Graphics
Video
CryptoCell
Secure store
Physical IP
Trusted
apps
Payment
DRM
Rich OS
Device drivers
Trusted OS
Here’s a reminder of the architecture
Ecosystem
supplied
Trusted
SW/HW
Key
© ARM 2016 8
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Smarter Authentication - FIDO
FIDO – Fast Identity Online
Better security for online services
Reduced cost for enterprise
Simpler & safer for consumers
© ARM 2016 9
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Smarter payment
TrustZone based Trusted Execution Environment protects:
Trusted input e.g. capture of PIN or interface to FPS
Trusted display – what you see is what you pay
Authentication
Identity
Attestation
Tokens
Can be used with additional layers of security e.g. secure element, secure
enclave
© ARM 2016 10
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Smarter content protection
We are watching streamed content ~ 1/3 of USA internet
bandwidth is Netflix content
TrustZone based TEE has been protecting HD content for years
Relies on isolated video path and TEE protected DRM
Security robustness important to content owners
e.g. Netflix Security Verified
© ARM 2016 11
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Smarter enterprise security
TrustZone based TEE can do integrity checking
Boot components can be authenticated
Run time protection can block changes to normal world code
One time fuse can be blown if hacking detected
Attestation provides confidence to IT admins
Trusted Apps can monitor health of normal world
© ARM 2016 12
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Applying the lessons from 20 Years of mobile to IOT
Device Security
Communications Security
Lifecycle Security
trusted software
Crypto
Root of Trust
non-trusted
trusted
trusted hardware secure
system
secure
storage
© ARM 2016 13
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Initial Root of Trust & Chain of Trust
Apps
OS/RTOS
Trusted
Software
TrustZone
uVisor or TEE
iROT
TrustZone
CryptoCell
Keys
Provisioned keys/certs
Initial Root of Trust: Dependable Security functions
Extended Root of Trust e.g. TrustZone based
TEE or Secure Partitioning Manager (SPM)
Trusted Apps/Libs
RTOS
Apps
OS/RTOS
Trusted Software
TrustZone
SPM or TEE
iROT
TrustZone
CryptoCell
Keys
© ARM 2016 14
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Trusting the implementation
Applications
Execution environment isolation
RNG
Cryptography
Persistent trusted storage
Data protection
(off-line, runtime)
Rollback
protection SW
updates
validation
Lifecycle
management
Debug
authentication
Code
encryption
Loaded SW
validation
TrustZone CryptoCell
family of security IPs
provides HW based
platform security
Isolation is one part of
the puzzle;
ARM TrustZone provides
that isolation, across
different PPA optimization
points
© ARM 2016 15
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Simplifying security – security subsystems
Security subsystem
Provide a deeper level of security “beyond software”
Easily integrated into MCU or Apps processor
Comprehensive security features:
ROT management
Crypto acceleration
Security functions
Secure debug
Lifecycle management
Firmware updates
© ARM 2016 16
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Privileged
Hardware Interfaces
Normal World Code Trusted Software
Device Drivers
Unprivileged
RTOS
Mobile security being adapted for MCU’s
Platform Code
ARM Cortex-M
v8-M Microcontroller
TRNG
Unique ID
CryptoCell
Secure Storage
Physical IP
SPM
Trusted
Libs
Crypto
Attestation
TrustZone based
Partitioning Manager
Comms Stack
Apps/User
TLS/Crypto Libs
Initial ROT &
Security subsystem
CMSIS API
TrustZone for ARM v8-M
© ARM 2016 17
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Split memory into critical and exposed
Small critical footprint enables exhaustive verification
Exposed code never sees critical keys/secrets
Vulnerabilities on exposed side can’t affect critical
side
Critical side can reliably recover device to clean
state
ARM mbed uVisor an example implementation of
SPM
Secure Partitioning Manager (SPM) for MCUs
Application
Protocol
SSL Library
Diagnose
WiFi Stack
BLE Stack
Device Management
Secure
Storage
Crypto
Keys
Secure ID
Crypto API
Firmware
Update
RN
G
Public
Public Private
Firmware
Update
Secure
Storage
& Crypto
Keys
Crypto
API
Secure ID
WiFI/BLE
Stack
Application
TLS Library
Device
Management
RTOS
Exposed Critical
Firmware
Update
Secure
Storage
& Crypto
Keys
Crypto
API
Secure ID
WiFI/BLE
Stack
Application
TLS Library
Device
Management
Scheduler
SPM isolation of critical code
© ARM 2016 18
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Bringing TrustZone protection to the system
Secure the system, secure the processor
Hardware separation and isolation
Protect memories, peripherals, legacy IP
AMBA AHB5 bus protocol
Signals security through the interconnect
Complementary to ARMv8-M
Optimized for embedded systems
Fewer wires saves area and power
Hardware protection simplifies software
Non-trusted
peripheral B
Trusted
peripheral A Flash
AMBA AHB5 compliant interconnect
SRAM
CPU
Non-
trusted
DMA
Trusted region Non-trusted region
Suggested title “bringing TrustZone security to the system”
Neil – update title and words,
This is about system security, not AHB5
© ARM 2016 19
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
TrustZone enabled IoT subsystem: Corelink SSE-200
Cordio
radio (digital part)
Embedded Flash
or External Flash
Cortex-M33
Flash controller
APB bridge
APB peripherals
Multi-layer AHB5 interconnect
Instruction cache
TrustZone
CryptoCell
• DMA • HW acceleration • Other radios • Peripherals • ADC/DACs • Interfaces (SPI, I2C,
SDIO,…) • …
Master/Slave
Cordio
RF
Always-on domain
TrustZone filters
TrustZone filters
AHB5 expansion ports
Non-ARM IP
ARM CoreLink SSE-200 IP
Other ARM IP
AHB5 code interface
Cortex-M33
Instruction cache
TCM
TrustZone filters
Power
Control
TrustZone Filters
Secure debug
CoreSight
SoC
Options
TrustZone filters
SRAM Cntl
System
SRAM CoreLink SSE-200 subsystem
ARM CoreLink SIE-200 IP
© ARM 2016 20
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Next steps
Over The Air management of secure world security domains
2 Protocols being proposed: GlobalPlatform TMF, IETF OTrP
Powerful device management
TrustZone for MCU’s becomes mainstream
Low cost MCU’s get security subsystems (CryptoCell) and TrustZone based Security
Partitioning Managers
ARM creates a Platform Security Architecture to further simplify integrating security on chip
© ARM 2016 21
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Call to action – it’s down to us
Security is a brand issue and will become a differentiator – it needs exec level attention
Mobile security is good today – we need to spread best practice to all the other connected “Things”
TrustZone for v8-M brings mobile style security architecture to resource constrained MCUs – we can use this to create “secure by design” at the chip level
ARM is helping simplify SoC security through sub-systems, architecture and open source – but careful implementation is required
Implement a Root of Trust & Security subsystem Design-in a security subsystem such as CryptoCell that provides robust security functions
Secure boot, secure debug, lifecycle management, crypto acceleration, identity provisioning…
Secure MCU’s for IOT that use TrustZone for ARMv8-M is a new opportunity for ARM partners Get to market faster with CryptoCell and SSE-200 system IP