A Developer's Guide to Security on Cortex-M based MCUs

Similar documents
Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

The Next Steps in the Evolution of Embedded Processors

Beyond TrustZone Part 1 - PSA

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

The Changing Face of Edge Compute

Designing Security & Trust into Connected Devices

Trustzone Security IP for IoT

Designing Security & Trust into Connected Devices

Accelerating intelligence at the edge for embedded and IoT applications

A Secure and Connected Intelligent Future. Ian Smythe Senior Director Marketing, Client Business Arm Tech Symposia 2017

How to protect Automotive systems with ARM Security Architecture

Securing IoT with the ARM mbed ecosystem

WAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Arm Limited

Designing Security & Trust into Connected Devices

Resilient IoT Security: The end of flat security models

New Approaches to Connected Device Security

The Next Steps in the Evolution of ARM Cortex-M

Compute solutions for mass deployment of autonomy

Implementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited

Arm TrustZone Armv8-M Primer

ARM TrustZone for ARMv8-M for software engineers

Fundamentals of HW-based Security

Building firmware update: The devil is in the details

A New Security Platform for High Performance Client SoCs

2017 Arm Limited. How to design an IoT SoC and get Arm CPU IP for no upfront license fee

Advanced IP solutions enabling the autonomous driving revolution

ARM processors driving automotive innovation

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

ARM instruction sets and CPUs for wide-ranging applications

Unleash the DSP performance of Arm Cortex processors

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

Connect your IoT device: Bluetooth 5, , NB-IoT

Connect Your IoT Device: Bluetooth 5, , NB-IoT

Implementing Secure Software Systems on ARMv8-M Microcontrollers

IoT and Security: ARM v8-m Architecture. Robert Boys Product Marketing DSG, ARM. Spring 2017: V 3.1

Bringing Intelligence to Enterprise Storage Drives

Arm s Latest CPU for Laptop-Class Performance

Resilient IoT Security: The end of flat security models. Milosch Meriac IoT Security Engineer

Innovation is Thriving in Semiconductors

ARM mbed Technical Overview

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

Optimize HPC - Application Efficiency on Many Core Systems

Modern security for microcontrollers

Mobile & IoT Market Trends and Memory Requirements

Connecting Securely to the Cloud

New ARMv8-R technology for real-time control in safetyrelated

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

Using Virtual Platforms To Improve Software Verification and Validation Efficiency

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Renesas Synergy MCUs Build a Foundation for Groundbreaking Integrated Embedded Platform Development

Building mbed Together: An Overview of mbed OS and How To Get Involved

Provisioning secure Identity for Microcontroller based IoT Devices

ARM mbed mbed OS mbed Cloud

ARMv8-M Architecture Technical Overview

Mobile & IoT Market Trends and Memory Requirements

Accelerating IoT with ARM mbed

Arm Mbed Edge. Shiv Ramamurthi Arm. Arm Tech Symposia Arm Limited

Mobile & IoT Market Trends and Memory Requirements

Bringing the benefits of Cortex-M processors to FPGA

Accelerating IoT with ARM mbed

Diversity of. connectivity required for scalable IoT devices. Sam Grove Principal Software Engineer Arm. Arm TechCon 2017.

ARM mbed Technical Overview


TZMP-1 Software Reference Implementation. Ken Liu 2018-Mar-12

Each Milliwatt Matters

ARM mbed Towards Secure, Scalable, Efficient IoT of Scale

Security: The Key to Affordable Unmanned Aircraft Systems

Accelerating IoT with ARM mbed

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

ARM Security Solutions and Numonyx Authenticated Flash

DPDK on Arm64 Status Review & Plan

DesignWare IP for IoT SoC Designs

Trusted Platform Modules Automotive applications and differentiation from HSM

Arm Mbed Edge. Nick Zhou Senior Technical Account Manager. Arm Tech Symposia Arm Limited

10 Steps to Virtualization

New STM32WB Series MCU with Built-in BLE 5 and IEEE

Confessions of a security hardware driver maintainer

T he key to building a presence in a new market

the ARMv8-M architecture

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

ARM Cortex processors

DynamIQ Processor Designs Using Cortex-A75 & Cortex-A55 for 5G Networks

DynamIQ Processor Designs Using Cortex-A75 & Cortex- A55 for 5G Networks

Comprehensive Arm Solutions for Innovative Machine Learning (ML) and Computer Vision (CV) Applications

Windows IoT Security. Jackie Chang Sr. Program Manager

Hardware- Software Co-design at Arm GPUs

So you think developing an SoC needs to be complex or expensive? Think again

Protecting your system from the scum of the universe

New STM32WB Series MCU with built-in Bluetooth 5 and IEEE

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

Practical real-time operating system security for the masses

CCIX: a new coherent multichip interconnect for accelerated use cases

Profiling and Debugging OpenCL Applications with ARM Development Tools. October 2014

ARM Cortex-M and RTOSs Are Meant for Each Other

Bringing Intelligence to Enterprise Storage Drives

How to Build Optimized ML Applications with Arm Software

Chapter 5. Introduction ARM Cortex series

Security of Embedded Systems

Transcription:

A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India

Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone What is physical security? Processor selection Secure software development 2 2018 Arm Limited

Why do we need security? 2018 Arm Limited

Security is not optional anymore Billions of IoT devices Data integrity, security & privacy Potential losses of hacks, breaches 4 2018 Arm Limited

Security is an integral part of the DNA of Arm TEE for Cortex-A Cortex-A with TrustZone SecurCore Arm CryptoCell Platform Security Architecture (PSA) launched Arm CryptoIsland Secure Enclave isim technology Kigen family Physical security enhancements Physical vulnerabilities 2004 2018 Mbed Armv8-M processors: Cortex-M23 and Cortex-M33 with Arm TrustZone Arm security manifesto PSA threat models PSA Trusted Firmware (TF-M) Communication vulnerabilities Lifecycle vulnerabilities Software vulnerabilities Arm IP protects against a wide set of attacks 5 2018 Arm Limited

Matching the attack with the right mitigation Communication Software Lifecycle Physical 6 2018 Arm Limited

How much security is needed? Cost/effort to attack Security subsystem & enclave Secure IoT Secure element TLS/SSL TrustZone-based TEE Communication attacks Man In The Middle Weak RNG Code vulnerabilities Software & hardware attacks Physical access to device JTAG, Bus, IO Pins, Time, money & equipment Software attacks & lightweight hardware attacks Buffer overflows Interrupts Malware Cost/effort to secure *Trusted Execution Environment / Secure Partitioning Manager 7 2018 Arm Limited

Introduction to TrustZone 2018 Arm Limited

Efficient TrustZone security isolation Comprehensive Secure, holistic protection across the entire processor and system Two worlds - one CPU Real-time transition* Non-trusted Simple to use Transparent to software developer Same programmers model Non-trusted view Trusted Trusted view Optimized for small embedded Hardware enforced isolation Deterministic, low-latency interrupts Secure services Firmware Secure firmware Data Secure data Peripherals Memory CPU resources 9 2018 Arm Limited * 2 cycles

Security for all embedded applications Root of trust applications - IoT IP Protection Crypto Trusted software Trusted hardware Secure system Secure storage TRNG* Valuable firmware Trusted drivers Trusted hardware Sandboxing Untrusted Trusted Certified OS / functionality Trusted drivers Trusted hardware * True random number generator 10 2018 Arm Limited

Device security: secure partitioning for MCUs Split memory into private secure and public non-secure Small private footprint enables exhaustive verification Public code never sees keys/secrets Vulnerabilities on public side can t affect private side Private side can verify integrity of the public side Public code can t write code directly to Flash Private side can reliably recover device to clean state Public Cloud BLE Stack WiFi Stack Application Protocol SSL Library Device Management Diagnose Private / Secure Firmware Update Secure Storage Crypto Keys Crypto API Secure ID RNG 11 2018 Arm Limited

Lifecycle & Physical Security 2018 Arm Limited

Lifecycle security Program unique ID, certificates, secure bootloader Disable debug Encrypted download of secure image, and app image via bootloader Secure firmware update Check for rollback, verify Wafer sort/ final test CM/OEM Customer Repair 13 2018 Arm Limited

Defending silicon vulnerabilities Power and EM analysis Fault injection attacks Invasive attacks/tampering Can we build an IP solution portfolio that can address these threats efficiently at the source? Can we integrate the solution to these three vulnerabilities into a single IP? 14 2018 Arm Limited

Proliferation of the need for physical security 15 2018 Arm Limited

Processor Selection 2018 Arm Limited

Security layers Physical security Cortex-M35P TrustZone for Armv8-M Cortex-M23 Cortex-M33 Memory protection unit (MPU) Cortex-M0 Cortex-M0+ Cortex-M3 Cortex-M4 Cortex-M7 17 2018 Arm Limited

Cortex-M23: Ultra low power with TrustZone Smallest area, lowest power With TrustZone, same energy efficiency as Cortex-M0+ Security foundation System wide security with TrustZone technology Ultra-high efficiency Flexible sleep modes Extensive clock gating Optional state retention Enhanced memory protection Easy to program Dedicated protection for both secure and non-secure states Enhanced capability Increased performance Multi-core system support 240 interrupts Hardware stack checking Enhanced & secure debug Security aware debug Simplified firmware development Embedded trace macrocell 18 2018 Arm Limited

Cortex-M33: Security for diverse embedded markets 32-bit processor of choice Optimal balance between performance and power 20% greater performance than Cortex-M4 With TrustZone, same energy efficiency as Cortex-M4 Digital signal control Bring DSP to all developers FPU offering up to 10x performance over software Extensible compute Co-processor interface for tightly-coupled acceleration Security foundation System-wide security with TrustZone technology Enhanced memory protection Easy to program Dedicated protection for both secure and non-secure states Enhanced & secure debug Security aware debug Simplified firmware development 19 2018 Arm Limited

Cortex-M35P: Physical security for high-value applications Highest security Customizable anti-tampering and side channel attack mitigation Increased performance 5x Flash frequency boost thanks to instruction cache 3.5x boost for DSP applications +20% integer performance boost Extensible compute Co-processor interface for tightly-coupled acceleration Dual-core lockstep Partial or full lockstep Security and safety Security and safety packages Commercial, automotive Provides basis for certification Enhanced & secure debug Security aware debug Simplified firmware development 20 2018 Arm Limited

Total security: scalable protection for all attack types Cortex-M23/Cortex-M33 - First Cortex-M processors with TrustZone Cortex-M35P - A new Cortex-M processor with tamper resistance and software isolation CryptoCell-312/P - Cryptography and lifecycle IP with or without physical security mitigation CryptoIsland-300/P - Secure enclave IP with or without physical security mitigation Security is key for IoT to scale to 1 trillion Advanced protection is critical as physical security attacks are getting easier and cheaper Designers can use Arm s Platform Security Architecture to assess threats Arm makes security accessible to all embedded and IoT designers 21 2018 Arm Limited

Arm secure foundation solutions Complete system approach CorStone foundation IP (formerly SDKs): Pre-verified, configurable system and subsystem IP Modifiable subsystem IP Pre-integrated with processor and security IP Development tools (including FPGA/test chip boards) CorStone-ready software (e.g. Mbed OS) 22 2018 Arm Limited

Secure Software Development 2018 Arm Limited

Existing IoT application Mixed Secure and Non-secure code MPU used for process protection PROJECT Crypto keys & certificates stored in non-readable memory. User application Function calls Firmware update Crypto keys, certificates Requires auditing of all code to protect against software vulnerabilities. Communications stack RTOS Function calls Start Crypto library Boot & boot loader 24 2018 Arm Limited

Developing code for secure IoT applications Composing a system from Secure and Non-secure projects Partition project place minimal security related code in secure project Non-secure project cannot access Secure resources. USER PROJECT Non-secure state User application Function calls SECURE PROJECT Secure state Firmware update Secure project can access everything. Secure and Non-secure projects may implement independent time scheduling. Communications stack RTOS Function calls Start Crypto keys, certificates Crypto library Secure boot & bootloader 25 2018 Arm Limited

IoT: Secure, Easier and More Scalable with Arm Secure IoT Platform Secure foundation IP Identity Certification of secure platforms Operating system Device management, & provisioning Diverse partner ecosystem Scalable Secure Consistent programming Services capable 26 2018 Arm Limited

Get started with security on Arm IoT security is not optional Consider attack types communication, software, life cycle and physical Platform Security Architecture provides a blueprint for secure design TrustZone provides software isolation to reduce the attack surface Visit Arm TrustZone on Arm Community for more information to get started 27 2018 Arm Limited

The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. www.arm.com/company/policies/trademarks 28 2018 Arm Limited

Thank You Danke Merci 谢谢ありがとう Gracias Kiitos 감사합니다 धन यव द תודה 29 2018 Arm Limited

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback