A New Security Platform for High Performance Client SoCs

Transcription

1 A New Security Platform for High Performance Client SoCs Udi Maor, Sr. Product manager, Client Line of Business October 2018

2 Agenda What are Client devices? Arm s approach to Trusted Execution on Client devices Introducing CryptoCell-713 Features in CryptoCell-713 Our motivation: Life Cycle of embedded security Premium content AI/ML algorithms Introducing CryptoCell-703 Summary Q&A 2

3 What are Client devices? 3

4 Arm s approach to Trusted Execution on Client devices TBSA TBBR & TF-A System & Security IP TrustZone 4

5 Introducing CryptoCell-713 Enabling a robust, up-to-date, TEE Performant and efficient SM2/3/4 Side Channel Attack countermeasures Robust asset isolation Up to 10s of Man Years saved 5

6 A (simplified) Life Cycle of embedded security Feature introduced Adopted by the market Value is increased Becomes prone to attacks Robustness rules are updated Cost/Effort To Attack SW security HW based security Physical security Asset value 6

7 Client security trends Premium content Feature introduced Adopted by market Value increases Becomes prone to attacks Robustness rules updated

8 Client security trends AI/ML algorithms TBD? Feature introduced Adopted by market Value increases Becomes prone to attacks Robustness rules updated 8 nsorflow-on-android

9 Features in CryptoCell-713 Keeping: CryptoCell-712 s feature set, including FIPS certifiability Adding: High performance SM2, SM3 and SM4 TZMP readiness Side Channel Attacks mitigation option Enhancing: Robustness of Secure Boot (code loading) Robustness of provisioning 9

10 CryptoCell s performance and efficiency benefits Arm invests in the pre-integration of CryptoCell with other IPs (CPUs, MM, System) Sub-systems such as SGM-775 Demos such as the TZMP1 demo presented at Linaro Connect Clear benefits of CryptoCell efficiency in real-life use cases: Up to 20X less dynamic power consumption (SGM-775) 80% increased throughput compared to software in TZMP use-case 10

11 Decryption Differences Decryption running on CPU Decryption running on CryptoCell Flickering is visible No flickering 11

12 Decryption Differences Decryption running on CPU Decryption running on CryptoCell Flickering is visible - Load average is higher than number of cores No flickering - Load average is lower than number of cores 12

13 Time-to-Market savings CryptoCell-713 is FIPS certifiable, similar to the recent CryptoCell-712 certification Best practices and reference security policy available to partners FIPS readiness alone can save SiPs/OEMs over 10MY of effort Chinese ciphers are designed to be GM/T compliant 13

14 Introducing CryptoCell-703 Focused on new requirements for using Chinese ciphers In case the only missing functionality is SM2/3/4 Side Channel Attacks mitigation option 14

15 Summary The Client trusted execution landscape is evolving Arm offers 2 new CryptoCell products to enable comprehensive, up-to-date TEEs, while keeping Time- To-Market short 15

16 Questions? 16

17 Thank You! Danke! Merci! 谢谢! ありがとう! Gracias! Kiitos! 감사합니다 धन यव द 17