A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India
Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone What is physical security? Processor selection Secure software development 2 2018 Arm Limited
Why do we need security? 2018 Arm Limited
Security is not optional anymore Billions of IoT devices Data integrity, security & privacy Potential losses of hacks, breaches 4 2018 Arm Limited
Security is an integral part of the DNA of Arm TEE for Cortex-A Cortex-A with TrustZone SecurCore Arm CryptoCell Platform Security Architecture (PSA) launched Arm CryptoIsland Secure Enclave isim technology Kigen family Physical security enhancements Physical vulnerabilities 2004 2018 Mbed Armv8-M processors: Cortex-M23 and Cortex-M33 with Arm TrustZone Arm security manifesto PSA threat models PSA Trusted Firmware (TF-M) Communication vulnerabilities Lifecycle vulnerabilities Software vulnerabilities Arm IP protects against a wide set of attacks 5 2018 Arm Limited
Matching the attack with the right mitigation Communication Software Lifecycle Physical 6 2018 Arm Limited
How much security is needed? Cost/effort to attack Security subsystem & enclave Secure IoT Secure element TLS/SSL TrustZone-based TEE Communication attacks Man In The Middle Weak RNG Code vulnerabilities Software & hardware attacks Physical access to device JTAG, Bus, IO Pins, Time, money & equipment Software attacks & lightweight hardware attacks Buffer overflows Interrupts Malware Cost/effort to secure *Trusted Execution Environment / Secure Partitioning Manager 7 2018 Arm Limited
Introduction to TrustZone 2018 Arm Limited
Efficient TrustZone security isolation Comprehensive Secure, holistic protection across the entire processor and system Two worlds - one CPU Real-time transition* Non-trusted Simple to use Transparent to software developer Same programmers model Non-trusted view Trusted Trusted view Optimized for small embedded Hardware enforced isolation Deterministic, low-latency interrupts Secure services Firmware Secure firmware Data Secure data Peripherals Memory CPU resources 9 2018 Arm Limited * 2 cycles
Security for all embedded applications Root of trust applications - IoT IP Protection Crypto Trusted software Trusted hardware Secure system Secure storage TRNG* Valuable firmware Trusted drivers Trusted hardware Sandboxing Untrusted Trusted Certified OS / functionality Trusted drivers Trusted hardware * True random number generator 10 2018 Arm Limited
Device security: secure partitioning for MCUs Split memory into private secure and public non-secure Small private footprint enables exhaustive verification Public code never sees keys/secrets Vulnerabilities on public side can t affect private side Private side can verify integrity of the public side Public code can t write code directly to Flash Private side can reliably recover device to clean state Public Cloud BLE Stack WiFi Stack Application Protocol SSL Library Device Management Diagnose Private / Secure Firmware Update Secure Storage Crypto Keys Crypto API Secure ID RNG 11 2018 Arm Limited
Lifecycle & Physical Security 2018 Arm Limited
Lifecycle security Program unique ID, certificates, secure bootloader Disable debug Encrypted download of secure image, and app image via bootloader Secure firmware update Check for rollback, verify Wafer sort/ final test CM/OEM Customer Repair 13 2018 Arm Limited
Defending silicon vulnerabilities Power and EM analysis Fault injection attacks Invasive attacks/tampering Can we build an IP solution portfolio that can address these threats efficiently at the source? Can we integrate the solution to these three vulnerabilities into a single IP? 14 2018 Arm Limited
Proliferation of the need for physical security 15 2018 Arm Limited
Processor Selection 2018 Arm Limited
Security layers Physical security Cortex-M35P TrustZone for Armv8-M Cortex-M23 Cortex-M33 Memory protection unit (MPU) Cortex-M0 Cortex-M0+ Cortex-M3 Cortex-M4 Cortex-M7 17 2018 Arm Limited
Cortex-M23: Ultra low power with TrustZone Smallest area, lowest power With TrustZone, same energy efficiency as Cortex-M0+ Security foundation System wide security with TrustZone technology Ultra-high efficiency Flexible sleep modes Extensive clock gating Optional state retention Enhanced memory protection Easy to program Dedicated protection for both secure and non-secure states Enhanced capability Increased performance Multi-core system support 240 interrupts Hardware stack checking Enhanced & secure debug Security aware debug Simplified firmware development Embedded trace macrocell 18 2018 Arm Limited
Cortex-M33: Security for diverse embedded markets 32-bit processor of choice Optimal balance between performance and power 20% greater performance than Cortex-M4 With TrustZone, same energy efficiency as Cortex-M4 Digital signal control Bring DSP to all developers FPU offering up to 10x performance over software Extensible compute Co-processor interface for tightly-coupled acceleration Security foundation System-wide security with TrustZone technology Enhanced memory protection Easy to program Dedicated protection for both secure and non-secure states Enhanced & secure debug Security aware debug Simplified firmware development 19 2018 Arm Limited
Cortex-M35P: Physical security for high-value applications Highest security Customizable anti-tampering and side channel attack mitigation Increased performance 5x Flash frequency boost thanks to instruction cache 3.5x boost for DSP applications +20% integer performance boost Extensible compute Co-processor interface for tightly-coupled acceleration Dual-core lockstep Partial or full lockstep Security and safety Security and safety packages Commercial, automotive Provides basis for certification Enhanced & secure debug Security aware debug Simplified firmware development 20 2018 Arm Limited
Total security: scalable protection for all attack types Cortex-M23/Cortex-M33 - First Cortex-M processors with TrustZone Cortex-M35P - A new Cortex-M processor with tamper resistance and software isolation CryptoCell-312/P - Cryptography and lifecycle IP with or without physical security mitigation CryptoIsland-300/P - Secure enclave IP with or without physical security mitigation Security is key for IoT to scale to 1 trillion Advanced protection is critical as physical security attacks are getting easier and cheaper Designers can use Arm s Platform Security Architecture to assess threats Arm makes security accessible to all embedded and IoT designers 21 2018 Arm Limited
Arm secure foundation solutions Complete system approach CorStone foundation IP (formerly SDKs): Pre-verified, configurable system and subsystem IP Modifiable subsystem IP Pre-integrated with processor and security IP Development tools (including FPGA/test chip boards) CorStone-ready software (e.g. Mbed OS) 22 2018 Arm Limited
Secure Software Development 2018 Arm Limited
Existing IoT application Mixed Secure and Non-secure code MPU used for process protection PROJECT Crypto keys & certificates stored in non-readable memory. User application Function calls Firmware update Crypto keys, certificates Requires auditing of all code to protect against software vulnerabilities. Communications stack RTOS Function calls Start Crypto library Boot & boot loader 24 2018 Arm Limited
Developing code for secure IoT applications Composing a system from Secure and Non-secure projects Partition project place minimal security related code in secure project Non-secure project cannot access Secure resources. USER PROJECT Non-secure state User application Function calls SECURE PROJECT Secure state Firmware update Secure project can access everything. Secure and Non-secure projects may implement independent time scheduling. Communications stack RTOS Function calls Start Crypto keys, certificates Crypto library Secure boot & bootloader 25 2018 Arm Limited
IoT: Secure, Easier and More Scalable with Arm Secure IoT Platform Secure foundation IP Identity Certification of secure platforms Operating system Device management, & provisioning Diverse partner ecosystem Scalable Secure Consistent programming Services capable 26 2018 Arm Limited
Get started with security on Arm IoT security is not optional Consider attack types communication, software, life cycle and physical Platform Security Architecture provides a blueprint for secure design TrustZone provides software isolation to reduce the attack surface Visit Arm TrustZone on Arm Community for more information to get started 27 2018 Arm Limited
The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. www.arm.com/company/policies/trademarks 28 2018 Arm Limited
Thank You Danke Merci 谢谢ありがとう Gracias Kiitos 감사합니다 धन यव द תודה 29 2018 Arm Limited