Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
Copyright © 2018 Arm, All rights reserved.
Simplifying IoT and Embedded Security
Andrew Frame
Director, Business Development
Emerging Businesses Group, Arm
2Copyright © 2018 Arm, All rights reserved.
The facts about IoT security
The challenges of IoT security
are growing
IoT security trends are becoming
more complex
There are four main types of
attack to protect
yourself from
Arm can help simplify IoT
Security
3Copyright © 2018 Arm, All rights reserved.
Source: Altair78
4Copyright © 2018 Arm, All rights reserved.
Source: Altair78
5Copyright © 2018 Arm, All rights reserved. 5
Arm has always cared about security
6Copyright © 2018 Arm, All rights reserved.
Arm CryptoCell
TEE for Cortex-A
Cortex-A with
TrustZone
SecurCore
Security is a part of Arm’s DNA
Secure Enclave / CryptoIsland
iSIMtechnology
Kigen family
PSA launched
PSA threat models
PSA TF-M
Armv8-M processors:
Cortex-M23/M33 with Arm TrustZone
Arm security
manifesto
Mbed
Physical security
enhancements
Arm IP covers a variety of attack surfaces
2004 2018…
Physical vulnerabilities
Communication vulnerabilities
Lifecycle vulnerabilities
Software vulnerabilities
PSA APIS
PSA specifications
7Copyright © 2018 Arm, All rights reserved.
Arm’s Vision For IoT Security
Key IoT security considerations
Security needs to built-in from the ground up
1 A collectiveindustry
responsibility
2
Providing a framework to ensure consistent security
Platform Security Architecture (PSA) is the perfect starting point
Security needsto be simple,
with seamless integration
3
8Copyright © 2018 Arm, All rights reserved. 8
How do you know what to protect from?
9Copyright © 2018 Arm, All rights reserved.
Platform Security ArchitectureConsistently design-in the right level of security into low cost IoT devices
10Copyright © 2018 Arm, All rights reserved.
Nov 2017 Feb 2018 March 2018 …October 2018
Delivering On Our Vision
PSA announced offering a framework for developing
secure devices, economically
First PSAspecifications will
become public
Arm announces the PSA APIs and test kits
Example threat models made available
Arm announces Trusted Firmware-M open-source project
Visit www.arm.com/psa-resources
PSA is a reality
11Copyright © 2018 Arm, All rights reserved.
Security is a shared responsibility
Silicon CloudSoftware Security Systems
12Copyright © 2018 Arm, All rights reserved. 12
Four types ofvulnerabilities
13Copyright © 2018 Arm, All rights reserved.
Matching the Vulnerability with the Right Mitigation
PSA Analysis StageAssess the potential vulnerabilities
Software• buffer overflows • interrupts• malware
Physical• non-invasive• invasive
Lifecycle• code downgrade• ownership
changes• unauthorized
overproduction• Debug hacks
Communication• man-in-the-middle • weak RNG• code
vulnerabilities
Confidential © Arm 2018
Physical mitigation Software mitigation
Lifecycle mitigationCommunication mitigation
Arm SecurCore,Arm Cortex-M35P,CryptpCell-312P,CryptoIsland-300P
Arm TrustZone, CMSIS-ZONEArm Keil MDK and Armprocessors with TrustZonesupport
Arm CryptoCell & CryptoIsland,Arm Pelion IoT Platform,Arm CoreLink SDC-600
Arm CryptoCell & CryptoIsland,Arm Pelion IoT Platform
14Copyright © 2018 Arm, All rights reserved.
Achieving Software Isolation
Two Cortex-M processors
Cortex-M
SRAM
Interconnect
SRAMFlash Peripherals
Cortex-M
SRAM
Software architecture
Hardware requirements
TrustZone for Armv8-M
15Copyright © 2018 Arm, All rights reserved.
Platform Security For Strict PPA Constraints
Physical Protection – against side-channel attacks and more invasive attacks
Arm CryptoIsland - security enclave, fully isolated from host processor
Arm CryptoCell – hardware base security infrastructure
Asymmetric Crypto
Symmetric Crypto
Security resources
Keys and assets
Code and data
protection
Permission and access
control
Secure Arm processor
Secure memories
Secure always on
Mailbox
16Copyright © 2018 Arm, All rights reserved.
Extending Arm’s range of security IP into physical protection
A new Cortex-M processor with tamper resistance and software isolation with TrustZone for Armv8-M
Security enclave and cryptography IP with protection against side-channel attacks and more
Making it easier for designers to protect devices against different physical attack types
17Copyright © 2018 Arm, All rights reserved. 17
Making security even simpler
18Copyright © 2018 Arm, All rights reserved.
From Chip to Cloud – Total IoT Security
Secure foundation IP PELION
19Copyright © 2018 Arm, All rights reserved.
Trademark and copyright statementThe trademarks featured in this presentation are registered and/or unregistered trademarks of Arm Arm Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.
Copyright © 2018
Thank You!
19