May 4, 2011 1

Evolving Trusted

Platforms

Haydn Povey

Director MarketingProcessor Division

ARM

May 4, 2011 2

Evolving the Mobile Internet“More people in the world will have

their first interaction with the Internet with mobile than with

laptop” Vinton Cerf, Google

“In mobile computing, the opportunities for innovation are particularly exciting.... The fact that more than 3 billion people around the world are connected is unbelievable, yet that is less than half the world’s population.Steve Ballmer, Microsoft

... and malware and software threats are increasing exponentially

May 4, 2011 3

The Issue

Over 350,000 Android handset are shipped every dayApproaching 350,000 apps on Android store

Open mobile OS’s are a blessing... and a curse

Over 350,000 Android handset are shipped every dayApproaching 350,000 apps on Android store

Open mobile OS’s are a blessing... and a curse

May 4, 2011 4

Mobile Client of 2010

OEM/Operator “Store frontWeb 2.0 apps mashupsOpenGL ES 2.0 graphicsContent and its usage in all forms is driving consumer demand

Internet Games

Music Books Video

Cortex™-A8/A945/32nmOpenGL ES 2.0 GPU(Mali-400MP)HD video DVC

TrustZone®

LTE 50Mbps DLMultimode40nmCortex-R4

WVGA AMOLEDscreen

HDMI out

Apps processorDevice trends

Modem

Basic security concepts

introduced

May 4, 2011 5

Mobile Client of 2013

Console gaming performanceAdvanced video capabilityFast broadband

Enterprise applications Advanced multi-

processing drives new consumer paradigms and use

Fast battery charge New technologies

appear in batteries for the first time

New generation MP22nmNew generation GPU

HD video DVC: 60fps+TrustZone and advanced security

LTE 100Mbps DL28nmNew generation processor

Device trends Apps processor

Modem

Advanced system security

capabilities

May 4, 2011 6

Security - Foundation of the Future

Integrated security is the key capability to enable the next generation of services and applications across

many market segmentsSeamless Payment Services

Integrated Content ManagementThe Internet of Things

May 4, 2011 7

Traditional Security Solutions

Security traditionally seen as separate and distinct

Enables the development of physical and electrical countermeasures

These applications remain vitally important, however the technology significantly limit the functionality of those high performance applications which demand security

In excess of 4 Billion devices per year Secure Elements are shippedIn excess of 4 Billion devices per year Secure Elements are shipped

May 4, 2011 8

SoC Platform Security Challenges Definitions – Are we fighting the same battles?

Advanced threat models Device-centric Malware vs. Class Breaks (iOS cracking)

Social engineering viruses vs significant Lab Attacks Attack goals – gifted amateur or $$$mulit-million threat

Varying definitions of “security” creates significant market fragmentation

HardwareGuidance & standard HW foundations required to enable SW ecosystem

Secure boot integration with UEFI, etc. Processor requirements to enable best-in-class trust and security

System IP to deliver holistic security across the SoC Role of secure element

Certification methodology

May 4, 2011 9

SoC Platform Security Challenges SoftwareLack of standards & low portability of code restricts ecosystem

Move to standard HW framework promotes code reuse Enables the development of standard API within industry groups ,

e.g. Global Platform (www.globalplatform.org) Simplifies integration into rich OS WM, Android, etc.

Who cares about security?End users are typically ignorant of security risksHence it falls to the content owners or banks to cover the risk

The stakeholder differ by market segment but have some common members

May 4, 2011 10

Who Cares About Mobile Security?

Security is a Continuous Evolution – not a one time task

AppMNO ServiceOSOEMSoC User

SECURITY ATTENTION METER

May 4, 2011 11

Building Secure PlatformsThree fundamental alternatives

#1 – Integration of separate secure element Very low risk as SE are well trusted (EAL 5+)

Limited integration and low speed make them of limited use

#2 – Integration of secondary secure processor Provides a higher performance and focused alternative

Challenges around area cost, HW design, and separate SW code base and integration with main application processor, OS and apps

#3 – Leverage existing application processor High performance and naturally integrated

May 4, 2011 12

Delivering A Trusted Virtual ProcessorTrustZone has major advantages over separate secure processor solutions:

Performance Security at full core MHz

All resources dynamically shared

Cost The two isolated domains are

implemented in the same machine with no HW duplication

System Approach Security extends to entire

memory and peripheral systems

May 4, 2011 13

TrustZone Enabled ProcessorsTrustZone is in the DNA of all ARM Application Processors

Cortex-A5 MPCore Cortex-A8 & Cortex-A9 MPCore

Cortex-A15 MPCore

Cortex-A15

Cortex-A9Cortex-A5

May 4, 2011 14

Enabling Payment SolutionsOn-Chip Secure RAM area protected with TrustZone Memory AdaptorKeyboard and screen secured dynamically to protect PIN entry

Example solution based on ARM IP

May 4, 2011 15

Enabling Fully Secured PlatformsAddition of Crypto, Media Accelerators & DMA Controller for media handlingProtection of RAM and off-chip decode

Example solution based on ARM IP

May 4, 2011 16

TrustZone “Virtual” Secure Processor

Certification is traditionally a very lengthy and expensive process for complex SoC designs

Certification is traditionally a very lengthy and expensive process for complex SoC designs

Picture courtesy of Texas Instruments

May 4, 2011 17

TrustZone “Virtual” Secure Processor

TrustZone provides a smaller virtual processor significantly reducing complexity & cost

TrustZone provides a smaller virtual processor significantly reducing complexity & cost

Picture courtesy of Texas Instruments

May 4, 2011 18

Virtualization and SecurityVirtualization often offered as a solution for security

Virtualization focused on sharing of resources across many threads TrustZone solutions focus on simplicity to enable certification

Future systems will require Virtualization and TrustZone

Hypervisor Secure Kernel

Secure BootS

ecu

re A

pp

Normal Secure

Host OSSecure Driver

Secure Driver

Guest OSSecure Driver

Ap

p

Ap

p

Ap

p

Guest OSSecure Driver

Ap

p

Ap

p

Ap

p

Guest OSSecure Driver

Ap

p

Ap

p

Ap

p

Sec

ure

Ap

p

Sec

ure

Ap

p

Monitor

Ap

p

Ap

p

Ap

p

May 4, 2011 19

P0 P1 P2 P3

SMP OS

Multi-Core Software ModelAll cores in multi-core processors inherently contain TrustZone H/W

Simplicity equals security – reduced attack vectors Single implementation of SecureOS on P0 – small footprint & blocking operation

P1, P2, P3 implement simple stub to redirect secure requests to P0

It is possible to have multiple SecureOS instantiations however certification complexity grows exponentially.

Normal World

SecureOSSecure World

TrustZone Device Driver

Applications

Stub Stub Stub

May 4, 2011 20

SEPIA – EU Funded research program

Secure, Embedded Platform with advanced Process Isolation and Anonymity capabilities

EU-funded research project in the 7th FRP

5 Research Partners:Hardware & Infrastructure Lead

Software & Security Lead

Certification Lead

Secure Element & Systems Lead

Threat Analysis & Project Lead http://www.sepia-project.eu/

May 4, 2011 21

Delivering Secure Applications

Tamper Resist Storage

Secure Crypto Exe

EAL 5+ Certification

Trusted PeripheralsGPS, UI, Clock etc

Authenticated Debug

Trusted Boot

Tru

sted

Ap

ps

Pro

cess

or

+S

ecu

re E

lem

ent

Mobile

Adve

rtisi

ng

Loyalty

applic

atio

ns

Emai

l Encr

yptio

nDRM

Super D

istri

bution

One Tim

e Pas

sword

Data

Prote

ctio

n

Acces

s Contro

l

Secure

FOTA

Licen

se M

anag

emen

t

Ticke

ting

Mobile

TV

Mobile

Pay

men

t

Mobile

Ban

king

“EMV” Certification

Trusted RTE

May 4, 2011 22

ConclusionSecurity must be a major focus for the entire SoC industry

In an increasingly connected world, and the Internet of Things it is critical to focus on the “who” as well as the “how”

In power constrained devices we have to build security in from the ground up – not as an afterthought with layers of anti-virus software

All platforms in the future are power constrained – from the connected washing machine to the green cloud-server

May 4, 2011 23

And Finally.....