Designing Security & Trust into Connected Devices

Similar documents
Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices

Trustzone Security IP for IoT

How to protect Automotive systems with ARM Security Architecture

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

A Developer's Guide to Security on Cortex-M based MCUs

The Next Steps in the Evolution of ARM Cortex-M

The Next Steps in the Evolution of Embedded Processors

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Mobile & IoT Market Trends and Memory Requirements

Fundamentals of HW-based Security

Beyond TrustZone Part 1 - PSA

Mobile & IoT Market Trends and Memory Requirements

Securing IoT with the ARM mbed ecosystem

Mobile & IoT Market Trends and Memory Requirements

Resilient IoT Security: The end of flat security models

ARM TrustZone for ARMv8-M for software engineers

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

IoT and Security: ARM v8-m Architecture. Robert Boys Product Marketing DSG, ARM. Spring 2017: V 3.1

Implementing Secure Software Systems on ARMv8-M Microcontrollers

Tailoring TrustZone as SMM Equivalent

New Approaches to Connected Device Security

Innovation is Thriving in Semiconductors

ARMv8-M Architecture Technical Overview

Arm TrustZone Armv8-M Primer

Accelerating IoT with ARM mbed

ARM processors driving automotive innovation

ARM Trusted Firmware Evolution HKG15 February Andrew Thoelke Systems & Software, ARM

Building mbed Together: An Overview of mbed OS and How To Get Involved

ARM instruction sets and CPUs for wide-ranging applications

ARM mbed Technical Overview

ARM mbed mbed OS mbed Cloud

A Secure and Connected Intelligent Future. Ian Smythe Senior Director Marketing, Client Business Arm Tech Symposia 2017

ARM mbed Technical Overview

Accelerating IoT with ARM mbed

HW isolation for automotive environment BoF

Resilient IoT Security: The end of flat security models. Milosch Meriac IoT Security Engineer

OP-TEE Using TrustZone to Protect Our Own Secrets

Connecting Securely to the Cloud

ARM mbed Towards Secure, Scalable, Efficient IoT of Scale

Accelerating IoT with ARM mbed

New ARMv8-R technology for real-time control in safetyrelated

Practical real-time operating system security for the masses

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

Bringing the benefits of Cortex-M processors to FPGA

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

Beyond Hardware IP An overview of Arm development solutions

Accelerating intelligence at the edge for embedded and IoT applications

Provisioning secure Identity for Microcontroller based IoT Devices

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

What s In Your e-wallet? Using ARM IP to Enable Security in Mobile Phones. Richard Phelan Media Processing Division TrustZone Security Technology

The Changing Face of Edge Compute

the ARMv8-M architecture

ARM Security Solutions and Numonyx Authenticated Flash

2017 Arm Limited. How to design an IoT SoC and get Arm CPU IP for no upfront license fee

Exploring System Coherency and Maximizing Performance of Mobile Memory Systems

Advanced IP solutions enabling the autonomous driving revolution

Compute solutions for mass deployment of autonomy

ARM mbed: Internet of Possible

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

Connect Your IoT Device: Bluetooth 5, , NB-IoT

Implementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited

SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD

Profiling and Debugging OpenCL Applications with ARM Development Tools. October 2014

智能互联推动嵌入式系统创新. March 2015

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

IoT It s All About Security

M2351 Security Architecture. TrustZone Technology for Armv8-M Architecture

ARM mbed Enabled. Mihail Stoyanov Partner Enablement Team Lead, ARM mbed. Xiao Sun Partner Enablement Engineer, ARM mbed

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

ARMv8-A Software Development

ARM Server s Firmware Security

WAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Arm Limited

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

AMD Security and Server innovation

Each Milliwatt Matters

Connect your IoT device: Bluetooth 5, , NB-IoT

Presentation's title

ARM CORTEX-R52. Target Audience: Engineers and technicians who develop SoCs and systems based on the ARM Cortex-R52 architecture.

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

Optimizing Cache Coherent Subsystem Architecture for Heterogeneous Multicore SoCs

So you think developing an SoC needs to be complex or expensive? Think again


Firmware Updates for Internet of Things Devices

Modern security for microcontrollers

ARM Trusted Firmware From Embedded to Enterprise. Dan Handley

Lecture 3 MOBILE PLATFORM SECURITY

SmartNICs: Giving Rise To Smarter Offload at The Edge and In The Data Center

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

Accelerating the route to secure scalable IoT

Security for Secure IoT: Advanced Architectures for IoT Gateways. Simon Forrest Director of Segment Marketing, Consumer Electronics

Live Demo: A New Hardware- Based Approach to Secure the Internet of Things

Back To The Future: A Radical Insecure Design of KVM on ARM

UEFI updates, Secure firmware and Secure Services on Arm

Windows IoT Security. Jackie Chang Sr. Program Manager

ServerReady and Open Standards Accelerating Delivery

Next Generation Enterprise Solutions from ARM

Bringing Android to Secure SDRs

Transcription:

Designing Security & Trust into Connected Devices Eric Wang Senior Technical Marketing Manager Shenzhen / ARM Tech Forum / The Ritz-Carlton June 14, 2016

Agenda Introduction Security Foundations on Cortex-A Security Foundations on Cortex-M Use cases Certification Summary 2

ARM TrustZone Technology A Security Foundation Today Authentication Mobile Payment Content Protection Enterprise Security 3

Security is a Balance Level 3 Cost/Effort To Attack Level 2 Level 1 Communication Attacks Man In The Middle Weak RNG Code vulnerabilities Software Attacks Buffer overflows Interrupts Malware HW Attacks Physical access to device JTAG, Bus, IO Pins, Well resourced and funded Time, money & equipment. Cost/Effort to Secure 4

ARM Builds Layers of Hardware Security - Hierarchy of Trust Secure Domain Trusted Domain Security Subsystem or SE Isolated & small security boundary Trusted code and data with TrustZone & Trusted Software Protected Domain Hypervisor, Virtual Machines Rich Domain Rich OS and user applications 5

Security Foundations for Cortex-A Software ARM Trusted Firmware & 3 rd party TEE ecosystem Security certification for TEE via GlobalPlatform TrustZone for ARMv8-A & ARMv7-A Established architecture protecting billions of devices and services TrustZone Media Protection Architecture TrustZone CryptoCell-710 Configurable security subsystem adds a deep layer of hardware based security easily integrated into SoC 6

TrustZone Based Trusted Execution Environment Mobile devices with integrated HW security 7 ARM Trusted Firmware CryptoCell Hardware root of trust A basis for system integrity Integrity through Trusted Boot Secure peripheral access Screen, keypad, fingerprint sensor etc. Secure application execution Technology called TrustZone Trust established outwards With normal world apps With internet/cloud apps

Cortex-A: Putting it All Together App EL0 Normal World OS EL1/EL2 TOS library via ioctl TOS driver Trusted App Secure-EL0 Trusted OS Secure-EL1 OSS or TEE Vendor ARM Trusted Firmware EL3 Porting interface between Trusted Firmware and SoC/ platform Interface between Trusted Firmware and Trusted OS Dispatcher TOS specific protocol via SMC TOS specific protocol and mechanism Trusted OS Dispatcher SoC/platform port HDMI HDCP Security TrustZone Subsystem CryptoCell Crypto Mali GPU Security Platform Design Documents 8 Trusted Peripherals

GlobalPlatform TEE Certification TEE has a Protection Profile Certified by Common Criteria Proposed scheme has Security Certification of a Reference Implementation AND OEM product looking at the deltas 9 Objective is to reduce time to certification by OEM to 2-3 months Independent security assessment vs. Trust Me Evaluation scope Trusted OS HW features Secure boot

IOT Security Enables New Business Opportunities If you can trust devices and the little data you can transform industries Electricity meter example if you can trust a remote meter reading on a consumer meter No need to send someone to the house Billing costs are reduced Home security example if you can trust a connected security system You will be more likely to purchase and enable remote monitoring 10

How Do We Build the Internet of Trustworthy Things? Make end to end security easier by providing right sized secure foundations that scale for different use cases and market needs Make it easier Build security in or enable easy integration of subsystems Trusted software that is free and easy to use Make it right sized Security for any ARM platform Provide multiple solutions 11 Keep it agile

Security Foundations for Cortex-M Software - mbed OS, mbed uvisor, mbed TLS & 3 rd party ecosystem TrustZone for ARMv8-M New microcontroller architecture gains TrustZone TrustZone CryptoCell-310 Adds a configurable security system close to the root of trust suitable for microcontrollers 12

Security Foundations for Cortex-M Software - mbed OS, mbed uvisor, mbed TLS & 3 rd party ecosystem TrustZone for ARMv8-M New microcontroller architecture gains TrustZone TrustZone CryptoCell-310 Adds a configurable security system close to the root of trust suitable for microcontrollers 13

TrustZone for ARMv8-M TrustZone for ARMv8-A TrustZone for ARMv8-M NORMAL WORLD SECURE WORLD NORMAL WORLD SECURE WORLD Non Secure App Secure App Non Secure App Secure App/Libs Rich OS. e.g. Linux Secure OS Non Secure RTOS Secure RTOS Secure Monitor TrustZone Applications Processors ARMv8-M Microcontroller 14

ARM TrustZone Architecture Extensions Feature/Architecture TrustZone ARMv7-A & ARMv8-A TrustZone for ARMv8-M Additional Security States SEL0* Trusted Apps SEL1 Trusted OS EL3 Trusted Boot & Firmware (ARMv8-A) Secure Interrupts Yes Yes (Fast) Secure Thread Trusted code/data Secure Handler Trusted device drivers, RTOS, Library managers State Transition (Boundary crossing) Software transition Hardware transition (Fast) Memory Management Virtual Memory MMU with secure attributes Secure Attribution Unit (SAU) & MPU memory partitions System Interconnect Security Yes Yes Secure Code, Data and Memory? Yes Yes Trusted Boot Yes Yes Software ARM Trusted Firmware (+ 3 rd party TEEs) Keil CMSIS, ARM mbed OS, mbed uvisor + 3 rd party software *Secure Exception Level 15

Security on Next Generation Cortex-M Normal World Code Trusted Software Unprivileged Apps/User Comms Stack Crypto Trusted App Secure Libs TLS/Crypto Libs Trusted Apps Privileged RTOS Device Drivers uvisor Platform Code Trusted Firmware Hardware Interfaces ARM Cortex-M v8-m Microcontroller TRNG Unique ID Accel/ Services Secure Storage CryptoCell Physical IP TrustZone based uvisor is key building block 16

AMBA 5 AHB5: Extending Security to the System Extends security foundation to the SoC CPU Efficient security control across all of the SoC Optimized for embedded SoCs AMBA 5 AHB5 Interconnect DMA Security state extends across Cortex-A and Cortex-M systems Flash Flash SRAM Non-Trusted Peripheral A Trusted Peripheral B Trusted region Non-trusted region 17

AMBA 5 AHB5: Extending Security to the System Extends security foundation to the SoC CPU Efficient security control across all of the SoC Optimized for embedded SoCs AMBA 5 AHB5 Interconnect DMA Security state extends across Cortex-A and Cortex-M systems Flash Flash SRAM Non-Trusted Peripheral A TrustZone CryptoCell-310 Trusted region Non-trusted region 18

Secure Foundations for Services Communication mbed TLS Communication protocols, Secure authentication Software / OS mbed OS, mbed uvisor Resource sharing, Key management, Protect system Hardware/System TrustZone, CryptoCell (Root Resources of Trust), System IP, AMBA 5 19

Always On Always On Roots of trust Roots of trust TrustZone CryptoCell for Every Platform NORMAL WORLD SECURE WORLD NORMAL WORLD SECURE WORLD Non Secure App Secure App Non Secure App Secure App/Libs Rich OS. e.g. Linux Secure Monitor Secure OS Non Secure RTOS TrustZone Secure RTOS Control interface Control interface Security resources Asymmetric Crypto Symmetric Crypto CryptoCell-710 Data interfac e Security resources Asymmetric Crypto Symmetric Crypto CryptoCell-310 CryptoCell acts as a trust anchor and security subsystem for the platform Data interfac e 20

Chain of Trust Starts with Initial ROT Apps Guest OS Hypervisor (Cortex-A) TrustZone TEE or uvisor irot TrustZone CryptoCell Keys OS / App Integrity Launch of authenticated Hypervisor Extended Root of Trust e.g. TrustZone based TEE Initial Root of Trust: e.g. CryptoCell Security functions Provisioned keys/data at factory 21

Secure Foundations From Sensor to Servers mbed OS mbed TLS mbed OS uvisor TrustZone for ARMv8-M TrustZone CryptoCell Productivity Security Connectivity Management Efficiency 22

Summary Security is a place where partners can differentiate e.g. certification, provisioning, services ARM provide the building blocks for security on Cortex-A: Security Platform Design Docs Standards e.g. GlobalPlatform Open source e.g. ARM Trusted Firmware, uvisor & Linaro OP-TEE Ecosystem e.g. Trustonic, BeanPod and other commercial TEE providers TrustZone for v8-m brings familiar security architecture to lowest cost points TrustZone based uvisor & CMSIS-RTOS provide useful building blocks CryptoCell provides Root of Trust to system & a toolbox of security functions 23

Thank you! The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. Copyright 2016 ARM Limited

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback