A New Security Platform for High Performance Client SoCs Udi Maor, Sr. Product manager, Client Line of Business October 2018 udi.maor@arm.com
Agenda What are Client devices? Arm s approach to Trusted Execution on Client devices Introducing CryptoCell-713 Features in CryptoCell-713 Our motivation: Life Cycle of embedded security Premium content AI/ML algorithms Introducing CryptoCell-703 Summary Q&A 2
What are Client devices? 3
Arm s approach to Trusted Execution on Client devices TBSA TBBR & TF-A System & Security IP TrustZone 4
Introducing CryptoCell-713 Enabling a robust, up-to-date, TEE Performant and efficient SM2/3/4 Side Channel Attack countermeasures Robust asset isolation Up to 10s of Man Years saved 5
A (simplified) Life Cycle of embedded security Feature introduced Adopted by the market Value is increased Becomes prone to attacks Robustness rules are updated Cost/Effort To Attack SW security HW based security Physical security Asset value 6
Client security trends Premium content Feature introduced Adopted by market Value increases Becomes prone to attacks Robustness rules updated 7 https://www.rapidtvnews.com/2017121850128/china-siqiyi-to-stream-the-shape-of-water-three-billboardsoutside-ebbing-missouri.html http://4k.com/news/4k-content-ripped-bypirates-from-netflix-and-amazon-isflooding-the-torrent-sites-11276/ https://medium.com/@tanayj/how-much-are-you-worthto-netflix-2fb61feb5441 https://www.emarketer.com/content/thesubscription-video-on-deman-market-inchina-is-booming
Client security trends AI/ML algorithms TBD? Feature introduced Adopted by market Value increases Becomes prone to attacks Robustness rules updated 8 https://www.slideshare.net/kstan2/te nsorflow-on-android https://www.androidauthority.com/bixby-vsgoogle-assistant-vs-siri-763201/ https://www.marketresearchfuture.com/reports/voiceassistant-market-4003 https://heartbeat.fritz.ai/reverseengineering-core-ml-6d6f1c2bdab0
Features in CryptoCell-713 Keeping: CryptoCell-712 s feature set, including FIPS 140-2 certifiability Adding: High performance SM2, SM3 and SM4 TZMP readiness Side Channel Attacks mitigation option Enhancing: Robustness of Secure Boot (code loading) Robustness of provisioning 9
CryptoCell s performance and efficiency benefits Arm invests in the pre-integration of CryptoCell with other IPs (CPUs, MM, System) Sub-systems such as SGM-775 Demos such as the TZMP1 demo presented at Linaro Connect Clear benefits of CryptoCell efficiency in real-life use cases: Up to 20X less dynamic power consumption (SGM-775) 80% increased throughput compared to software in TZMP use-case 10
Decryption Differences Decryption running on CPU Decryption running on CryptoCell Flickering is visible No flickering 11
Decryption Differences Decryption running on CPU Decryption running on CryptoCell Flickering is visible - Load average is higher than number of cores No flickering - Load average is lower than number of cores 12
Time-to-Market savings CryptoCell-713 is FIPS 140-2 certifiable, similar to the recent CryptoCell-712 certification Best practices and reference security policy available to partners FIPS 140-2 readiness alone can save SiPs/OEMs over 10MY of effort Chinese ciphers are designed to be GM/T 0028-2014 compliant 13
Introducing CryptoCell-703 Focused on new requirements for using Chinese ciphers In case the only missing functionality is SM2/3/4 Side Channel Attacks mitigation option 14
Summary The Client trusted execution landscape is evolving Arm offers 2 new CryptoCell products to enable comprehensive, up-to-date TEEs, while keeping Time- To-Market short 15
Questions? 16
Thank You! Danke! Merci! 谢谢! ありがとう! Gracias! Kiitos! 감사합니다 धन यव द 17