New Approaches to Connected Device Security

Similar documents
Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Beyond TrustZone Part 1 - PSA

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

A Developer's Guide to Security on Cortex-M based MCUs

Implementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited

Accelerating intelligence at the edge for embedded and IoT applications

2017 Arm Limited. How to design an IoT SoC and get Arm CPU IP for no upfront license fee

Compute solutions for mass deployment of autonomy

The Changing Face of Edge Compute

WAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Arm Limited

Building firmware update: The devil is in the details

Securing IoT with the ARM mbed ecosystem

A Secure and Connected Intelligent Future. Ian Smythe Senior Director Marketing, Client Business Arm Tech Symposia 2017

How to protect Automotive systems with ARM Security Architecture

Trustzone Security IP for IoT

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices

ARM mbed mbed OS mbed Cloud

ARM mbed Towards Secure, Scalable, Efficient IoT of Scale

Arm TrustZone Armv8-M Primer

Designing Security & Trust into Connected Devices

ARM mbed Technical Overview

Building mbed Together: An Overview of mbed OS and How To Get Involved

Resilient IoT Security: The end of flat security models

Provisioning secure Identity for Microcontroller based IoT Devices

A New Security Platform for High Performance Client SoCs

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

ARM TrustZone for ARMv8-M for software engineers

Diversity of. connectivity required for scalable IoT devices. Sam Grove Principal Software Engineer Arm. Arm TechCon 2017.

Advanced IP solutions enabling the autonomous driving revolution

Using Virtual Platforms To Improve Software Verification and Validation Efficiency

Arm Mbed Edge. Shiv Ramamurthi Arm. Arm Tech Symposia Arm Limited

Protecting your system from the scum of the universe

Connecting Securely to the Cloud

Bringing Intelligence to Enterprise Storage Drives

Accelerating IoT with ARM mbed

ARM mbed Technical Overview


Connect your IoT device: Bluetooth 5, , NB-IoT

Arm Mbed Edge. Nick Zhou Senior Technical Account Manager. Arm Tech Symposia Arm Limited

The Next Steps in the Evolution of Embedded Processors

Confessions of a security hardware driver maintainer

Protecting your system from the scum of the universe

Managing & Accelerating Innovation with Open Source at the Edge

Strong Security Elements for IoT Manufacturing

Accelerating IoT with ARM mbed

Unleash the DSP performance of Arm Cortex processors

Accelerating IoT with ARM mbed

Design Process. in an embedded system. Kasper Ornstein Mecklenburg SW/HW development engineer Arm Limited

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

CCIX: a new coherent multichip interconnect for accelerated use cases

Connect Your IoT Device: Bluetooth 5, , NB-IoT

Bringing the benefits of Cortex-M processors to FPGA

ServerReady and Open Standards Accelerating Delivery

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

Beyond Hardware IP An overview of Arm development solutions

Practical real-time operating system security for the masses

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

Azure Sphere Transformation. Patrick Ward, Principal Solutions Specialist

Security and Performance Benefits of Virtualization

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

Resilient IoT Security: The end of flat security models. Milosch Meriac IoT Security Engineer

Introduction to Standards based approach to Server

Creating the Complete Trusted Computing Ecosystem:

Building secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On

The Open Application Platform for Secure Elements.

Windows 10 IoT Core Azure Connectivity and Security

TZMP-1 Software Reference Implementation. Ken Liu 2018-Mar-12

Arm crossplatform. VI-HPS platform October 16, Arm Limited

DynamIQ Processor Designs Using Cortex-A75 & Cortex-A55 for 5G Networks

Build the unified end to end IoT solution on ARM LEADING COLLABORATION IN THE ARM ECOSYSTEM

ARM Trusted Firmware Evolution HKG15 February Andrew Thoelke Systems & Software, ARM

Security for Secure IoT: Advanced Architectures for IoT Gateways. Simon Forrest Director of Segment Marketing, Consumer Electronics

Modern security for microcontrollers

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

The Future of Security is in Open Silicon Linux Security Summit 2018

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

IoT It s All About Security

UEFI and the Security Development Lifecycle

Lecture 3 MOBILE PLATFORM SECURITY

SSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions

智能互联推动嵌入式系统创新. March 2015

Non-Trusted. software. data. hardware. Open Source Secure World Software Trusted Firmware. Trusted. software. data. Update October 2018

Software Ecosystem for Arm-based HPC

ARM mbed: Internet of Possible

Improve the container image compatibility on Arm

Fundamentals of HW-based Security

ARM instruction sets and CPUs for wide-ranging applications

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

Presentation's title

So you think developing an SoC needs to be complex or expensive? Think again

The Next Steps in the Evolution of ARM Cortex-M

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

Microsoft Azure Sphere Overview Martin Grossen, Line Manager Microsoft Embedded / IoT Europe 5. June 2018

DynamIQ Processor Designs Using Cortex-A75 & Cortex- A55 for 5G Networks

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

ENABLING HARDWARE SECURITY FOR THE INTERNET OF THINGS

Back To The Future: A Radical Insecure Design of KVM on ARM

Why PartnerDirect. Choice, flexibility, simplicity

Transcription:

New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017

- If you connect it to the Internet, someone will try to hack it. - If what you put on the Internet has value, someone will invest time and effort to steal it. Brian Krebs January 2017 2

Agenda Securing IoT devices Introducing the Platform Security Architecture (PSA) The PSA Firmware Framework Trusted Firmware-M Summary 3

Securing IoT Devices Securing IoT devices

A diversity of device types OEM 1 OEM 2 OEM 3 SILICON PARTNER A SILICON PARTNER B SILICON PARTNER C SILICON PARTNER D 5

A diversity of device types needs common ground-rules OEM 1 OEM 2 OEM 3 SILICON PARTNER A SILICON PARTNER B SILICON PARTNER C SILICON PARTNER D 6

Security needs to be designed-in However, threat modelling and security analysis is often lacking Analyse Architect Need to avoid the illusion of security by just using components that we think makes a system more secure. Implement 7

The integration challenge Thousands of IoT device designs. Integrating components from multiple vendors. Diverse implementations of each component. Each device is a unique integration challenge. Integration work may not be reusable for other devices OEM Platform System on Chip Application RTOS Security firmware Device Management 8

The deployment challenge Connected devices require secure communication over insecure links. Cryptography and secret keys are required Software has bugs. Some are vulnerabilities that can be exploited to get secrets. Unpatchable software presumes no exploitable defects Connected devices must be in-field updatable Connected, secure, in-field updatable systems have high software complexity. High risk of remotely exploitable vulnerabilities that can expose the secret keys 9

The commercial challenge Designing-in and implementing best practice security is: Difficult + Expensive -> Often not addressed properly Or security features are implemented as a retro-fit 10

We need a process and enablers To help companies on tight timescales & budgets to build more secure systems Analyse Threat models and security analyses Architect Firmware & hardware architecture specifications Implement Source code & hardware IP 11

Introducing the Platform Security Architecture (PSA) Introducing the Platform Security Architecture

Introducing Platform Security Architecture (PSA) A recipe for building more secure systems from analysis to implementation Analyse Threat models and security analyses PSA documents Architect Firmware & hardware architecture specifications Implement Source code Enabling products & contributions 13

PSA will consist of three parts Platform Security Architecture Hardware system architecture Inform Threat Models and Security Threat Models and Security Threat Analyses Analyses Models and Security Analyses Trusted device initialization Asses Device Security Model Trusted boot & firmware update Implementation Implementation Implementation Firmware framework Specify Trusted functions 14

Security starts with analysis System description 15 Assets Threats Threat: Remote SW attacks Security Objectives Security Objective: Strong Crypto Security Requirements Security Requirement: Hardware based key store English-language Protection Profiles Example Asset: metering data to be protected in integrity & confidentiality Arm will publish representative IoT device Threat Models and Security Analyses. Analyse

PSA architecture specifications A growing suite of specification documents Device Security Model (DSM). Overall security architecture for designing and deploying devices within ecosystems Device lifecycle and its implications on roots of trust Root of trust and associated security services Root secrets their storage, protection, and provisioning Hardware system architecture. SoC hardware requirements (TBSA-M) Trusted device initialization. Factory initialization process for firmware and cryptographic Roots of Trust Trusted boot and firmware update. Firmware integrity requirements Firmware Framework (PSA-FF). Secure Processing Environment architecture and API specification Trusted functions APIs for Root of Trust services, e.g. Attestation Data sealing Cryptographic operations Creation of device identity certificates 16

Open source code to accelerate adoption Freely available reference implementation Trusted Firmware-M Reference firmware for the architecture specification Initially targeting Armv8-M In development now publically available first quarter 2018 17

Security by separation / isolation PSA protects sensitive assets (keys, credentials and firmware) by separating these from the application firmware and hardware. Non-secure processing environment Secure processing environment PSA defines a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources. Application Device management The application firmware runs in the Non-secure Processing Environment (NSPE). RTOS Secure partition manager Secure boot PSA requires a secure boot process so only authentic, trusted firmware runs in the SPE. PSA depends on secure installation of the initial keys and firmware during manufacture. Platform hardware Root of Trust keys 18

Standardize interfaces PSA specifies interfaces to decouple components. Enables reuse of components in other device platforms Reduces integration effort Partners can provide alternative implementations. Necessary to address different cost, footprint, regulatory or security needs PSA provides an architectural specification. Hardware, firmware and process requirements and interfaces Non-secure processing environment Application RTOS Secure IPC Platform hardware Secure processing environment Device management Secure partition API Secure partition manager Boot firmware Secure hardware requirements Root of Trust keys 19

An example IoT device implementation PSA is agnostic across architecture, RTOS, trusted firmware, etc. OEMs can choose their preferred implementations/ Shown in this example: SoC using Armv8-M (e.g. Cortex-M33) Reference OSS partition manager Arm Mbed components APIs are equally open to other RTOSes. Non-secure processing environment Application Arm mbed OS Secure IPC Arm v8-m based SoC Secure processing environment Arm mbed Client Secure partition API Arm Trusted Firmware v8-m TBSA-v8M Boot firmware Root of Trust keys 20

The PSA Firmware Framework (PSA-FF)

PSA Firmware Framework (PSA-FF) concepts Non-secure Processing environment Secure processing environment Secure Partition Manager (SPM) Provides the boot, isolation and IPC services to the SPE Partition The unit of execution Secure function Non secure partition Application firmware Secure partition Secure function Secure function Secure partition Secure function Secure function Trusted partition Trusted function Trusted function A set of related APIs invoked through secure IPC Trusted function A Secure Function that provides a Root of Trust service OS libraries OS kernel Secure Partition Manager Secure IPC Secure isolation Secure debug Isolation boundary 22

PSA firmware isolation levels Level 2 Separate Root of Trust from Secure Partitions within SPE Level 1 Lower cost hardware only isolate the SPE Level 3 More robustness isolate all partitions from each other 23

Secure Partition Programming Model The SPE defines a standard programming model for Secure Partitions. Secure Partitions are declared using a manifest. Partition identity Resource requirements Implemented Secure Functions All Secure Partitions are created when the device boots. Each Secure Partition has a single non re-entrant thread of execution. Secure Partitions use a small runtime API to the SPM. IPC server and client Device access Memory allocation 24

Secure IPC IPC design principles Secure by design no shared memory buffers Enable efficient implementation for simple platforms Easy to develop secure services on top Channel-based client/server IPC Partition (client) IPC library Channel handle Secure IPC framework Channel Message Channel handle Secure Partition (server) Secure Function The server is a Secure Function in a Secure Partition The client might be a Secure Partition or a task in the Nonsecure Partition Send message Port Port handle Requests are made on a connected channel and synchronous for the client. Event queue Secure Functions can use the client identity to implement access control. 25

PSA In Action TLS Session Setup Example Non-secure partition Secure partition Secure partition Trusted partition Application Key store Data sealing Application network TLS library TLS secure function Crypto operations Network protocol Secure partition manager Secure IPC TLS session setup PSA IPC PSA h/w access Platform hardware Cryptographic acceleration Root of Trust keys 26

A reference OSS implementation: Trusted Firmware-M

Trusted Firmware-M Open source reference implementation Overview Reference firmware for the architecture specification Initially targeting Armv8-M In development now publically available first quarter 2018 Similar to existing Trusted Firmware project (-A) Details Constrained runtime isolation level 1 implementation Initial target SSE-200 (Arm Musca-A1 testchip board) OS support Mbed OS is the main target in first release RTX is being used for prototyping work and will be released with limited support 28

PSA is architecture agnostic but we have prioritised M-profile Specifications available today Hardware requirements (TBSA) Firmware framework (PSA-FF) Platform Security Architecture TBSA v8m In development Device Security Model (DSM) Device initialization Boot and firmware update Trusted Function APIs Device Security Model Trusted device initialization Trusted boot & firmware update Firmware Framework - M Trusted Functions 29

Summary Summary

Summary PSA is a recipe to consistently design-in the right level of security into connected devices. It consists of three parts: 1. Threat Models and Security Analyses 2. HW & FW architecture specifications 3. A reference OSS implementation (public Q1 2018) First specifications available now (under NDA, public in Q1 2018). More published through-out 2018 Trusted Firmware-M OSS code public in Q1 2018. PSA: Shifting the economics of security Security.economics << 1; 31

Thank You! Danke! Merci! 谢谢! [Additional ありがとう Material]! Gracias! Kiitos! 32

The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. www.arm.com/company/policies/trademarks 33 2017 Arm Limited

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback