Title 44pt Title Case Smarter security for the connected worldarmtechforum.com.cn/attached/article/2016ATS_Eric_Wang... · 2019-09-04 · Botnet of CCTVs launch biggest DDOS attack

Title 44pt Title Case

Affiliations 24pt sentence case

20pt sentence case

© ARM 2016

Smarter security for the connected world

Eric Wang

Senior Technical Marketing Manager

11/16

Tech Symposia

© ARM 2016 2


Bullets 24pt sentence case

Sub-bullets 20pt sentence case

Agenda

Introduction

What can we learn from mobile security & apply to IOT?

What are the next steps that can make security easier to use and deploy?

© ARM 2016 3




Connected security will be at the heart of IOT

How do we design in robust end-to-end security?

http://www.flickr.com/photos/jurvetson

/7408464122/in/photostream/

© ARM 2016 4




This couldn’t happen, could it?

© ARM 2016 5




Botnet of CCTVs launch biggest DDOS attack…

© ARM 2016 6




A range of solutions is needed

SW & HW Attacks • Physical access to device

– JTAG, Bus, IO Pins,

•Time, money & equipment.

Software Attacks • Buffer overflows

• Interrupts

• Malware

Communication Attacks •Man In The Middle

•Weak RNG

•Code vulnerabilities

Cost/Effort

To Attack

Cost/Effort

to Secure

mbed TLS

CryptoCell

TrustZone

SecurCore

© ARM 2016 7




ARM TrustZone® enables smarter secure services

GlobalPlatform

standardization

Initial RoT &

security subsystem

TrustZone-based

TEE

Common foundation

Hardware Interfaces

Normal world code Trusted software

ARM

trusted

firmware Trusted boot

Payload dispatcher SMCCC PSCI

EL1

EL2

Secure device drivers

Hypervisor

Apps

ARMv8A /

Cortex-A

SoC

subsystem

Graphics

Video

CryptoCell

Secure store

Physical IP

Trusted

apps

Payment

DRM

Rich OS

Device drivers

Trusted OS

Here’s a reminder of the architecture

Ecosystem

supplied

Trusted

SW/HW

Key

© ARM 2016 8




Smarter Authentication - FIDO

FIDO – Fast Identity Online

Better security for online services

Reduced cost for enterprise

Simpler & safer for consumers

© ARM 2016 9




Smarter payment

TrustZone based Trusted Execution Environment protects:

Trusted input e.g. capture of PIN or interface to FPS

Trusted display – what you see is what you pay

Authentication

Identity

Attestation

Tokens

Can be used with additional layers of security e.g. secure element, secure

enclave

© ARM 2016 10




Smarter content protection

We are watching streamed content ~ 1/3 of USA internet

bandwidth is Netflix content

TrustZone based TEE has been protecting HD content for years

Relies on isolated video path and TEE protected DRM

Security robustness important to content owners

e.g. Netflix Security Verified

© ARM 2016 11




Smarter enterprise security

TrustZone based TEE can do integrity checking

Boot components can be authenticated

Run time protection can block changes to normal world code

One time fuse can be blown if hacking detected

Attestation provides confidence to IT admins

Trusted Apps can monitor health of normal world

© ARM 2016 12




Applying the lessons from 20 Years of mobile to IOT

Device Security

Communications Security

Lifecycle Security

trusted software

Crypto

Root of Trust

non-trusted

trusted

trusted hardware secure

system

secure

storage

© ARM 2016 13




Initial Root of Trust & Chain of Trust

Apps

OS/RTOS

Trusted

Software

TrustZone

uVisor or TEE

iROT

TrustZone

CryptoCell

Keys

Provisioned keys/certs

Initial Root of Trust: Dependable Security functions

Extended Root of Trust e.g. TrustZone based

TEE or Secure Partitioning Manager (SPM)

Trusted Apps/Libs

RTOS

Apps

OS/RTOS

Trusted Software

TrustZone

SPM or TEE

iROT

TrustZone

CryptoCell

Keys

© ARM 2016 14




Trusting the implementation

Applications

Execution environment isolation

RNG

Cryptography

Persistent trusted storage

Data protection

(off-line, runtime)

Rollback

protection SW

updates

validation

Lifecycle

management

Debug

authentication

Code

encryption

Loaded SW

validation

TrustZone CryptoCell

family of security IPs

provides HW based

platform security

Isolation is one part of

the puzzle;

ARM TrustZone provides

that isolation, across

different PPA optimization

points

© ARM 2016 15




Simplifying security – security subsystems

Security subsystem

Provide a deeper level of security “beyond software”

Easily integrated into MCU or Apps processor

Comprehensive security features:

ROT management

Crypto acceleration

Security functions

Secure debug

Lifecycle management

Firmware updates

© ARM 2016 16




Privileged

Hardware Interfaces

Normal World Code Trusted Software

Device Drivers

Unprivileged

RTOS

Mobile security being adapted for MCU’s

Platform Code

ARM Cortex-M

v8-M Microcontroller

TRNG

Unique ID

CryptoCell

Secure Storage

Physical IP

SPM

Trusted

Libs

Crypto

Attestation

TrustZone based

Partitioning Manager

Comms Stack

Apps/User

TLS/Crypto Libs

Initial ROT &

Security subsystem

CMSIS API

TrustZone for ARM v8-M

© ARM 2016 17




Split memory into critical and exposed

Small critical footprint enables exhaustive verification

Exposed code never sees critical keys/secrets

Vulnerabilities on exposed side can’t affect critical

side

Critical side can reliably recover device to clean

state

ARM mbed uVisor an example implementation of

SPM

Secure Partitioning Manager (SPM) for MCUs

Application

Protocol

SSL Library

Diagnose

WiFi Stack

BLE Stack

Device Management

Secure

Storage

Crypto

Keys

Secure ID

Crypto API

Firmware

Update

RN

G

Public

Public Private

Firmware

Update

Secure

Storage

& Crypto

Keys

Crypto

API

Secure ID

WiFI/BLE

Stack

Application

TLS Library

Device

Management

RTOS

Exposed Critical

Firmware

Update

Secure

Storage

& Crypto

Keys

Crypto

API

Secure ID

WiFI/BLE

Stack

Application

TLS Library

Device

Management

Scheduler

SPM isolation of critical code

© ARM 2016 18




Bringing TrustZone protection to the system

Secure the system, secure the processor

Hardware separation and isolation

Protect memories, peripherals, legacy IP

AMBA AHB5 bus protocol

Signals security through the interconnect

Complementary to ARMv8-M

Optimized for embedded systems

Fewer wires saves area and power

Hardware protection simplifies software

Non-trusted

peripheral B

Trusted

peripheral A Flash

AMBA AHB5 compliant interconnect

SRAM

CPU

Non-

trusted

DMA

Trusted region Non-trusted region

Suggested title “bringing TrustZone security to the system”

Neil – update title and words,

This is about system security, not AHB5

© ARM 2016 19




TrustZone enabled IoT subsystem: Corelink SSE-200

Cordio

radio (digital part)

Embedded Flash

or External Flash

Cortex-M33

Flash controller

APB bridge

APB peripherals

Multi-layer AHB5 interconnect

Instruction cache

TrustZone

CryptoCell

• DMA • HW acceleration • Other radios • Peripherals • ADC/DACs • Interfaces (SPI, I2C,

SDIO,…) • …

Master/Slave

Cordio

RF

Always-on domain

TrustZone filters

TrustZone filters

AHB5 expansion ports

Non-ARM IP

ARM CoreLink SSE-200 IP

Other ARM IP

AHB5 code interface

Cortex-M33

Instruction cache

TCM

TrustZone filters

Power

Control

TrustZone Filters

Secure debug

CoreSight

SoC

Options

TrustZone filters

SRAM Cntl

System

SRAM CoreLink SSE-200 subsystem

ARM CoreLink SIE-200 IP

© ARM 2016 20




Next steps

Over The Air management of secure world security domains

2 Protocols being proposed: GlobalPlatform TMF, IETF OTrP

Powerful device management

TrustZone for MCU’s becomes mainstream

Low cost MCU’s get security subsystems (CryptoCell) and TrustZone based Security

Partitioning Managers

ARM creates a Platform Security Architecture to further simplify integrating security on chip

© ARM 2016 21




Call to action – it’s down to us

Security is a brand issue and will become a differentiator – it needs exec level attention

Mobile security is good today – we need to spread best practice to all the other connected “Things”

TrustZone for v8-M brings mobile style security architecture to resource constrained MCUs – we can use this to create “secure by design” at the chip level

ARM is helping simplify SoC security through sub-systems, architecture and open source – but careful implementation is required

Implement a Root of Trust & Security subsystem Design-in a security subsystem such as CryptoCell that provides robust security functions

Secure boot, secure debug, lifecycle management, crypto acceleration, identity provisioning…

Secure MCU’s for IOT that use TrustZone for ARMv8-M is a new opportunity for ARM partners Get to market faster with CryptoCell and SSE-200 system IP

Documents

Title 44pt Title Case Smarter security for the connected worldarmtechforum.com.cn/attached/article/2016ATS_Eric_Wang... · 2019-09-04 · Botnet of CCTVs launch biggest DDOS attack