Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Networks

Thwarting IoT security threats with ARM TrustZone

Posted: 04 Sep 2014 ?? ?Print Version ?Bookmark and Share

Keywords:Internet of Things? IoT? ARM? TrustZone? SoC?

It is astounding how quickly technology has evolved and how this pace of evolution continues to accelerate. The functionality of connected devices is rapidly increasing, and, accordingly, the value of the information stored on these devices, or information accessible through these devices is also rapidly rising. Because these value-rich devices are often connected to a network, cybercrime and cyber security concerns are also today's front page news.

In this discussion I will address securing devices for connected and Internet of Things (IoT) systems. We'll also look at how virtualisation can be leveraged to enable consolidation and reliability of connected devices and at how ARM TrustZone can be utilised to address categories of security threats. Throughout the supply chain spanning semiconductor vendors, software developers, and system integrators, there are three interrelated topics that are consistently discussed: (1) IoT connectivity, (2) a move to ARM-based System on Chip (SoC) architectures, and (3) security.

Connected devices
Most of the devices we use today are connected to at least one type of network or service. Cars are commonly connected to devices via Bluetooth and mobile data networks, and will be soon to the roadside infrastructure. Patient bedside systems connect to each other, to the hospital network, and beyond. The energy infrastructure is connected from the power grid to the home consumer device and all points in between.

This device connectivity to the Internet and the data flowing through each device are commonly referred to as the Internet of Things. Another industry megatrend we are seeing is the move to ARM-based SoCs. Device manufacturers seek to consolidate capabilities at lower power and cost. Increasingly, they are leveraging ARM TrustZone architectures for enhanced security due to the connectedness of "things."

Regarding security, news about security vulnerabilities are commonplace and affect all industries including automotive, medical, energy infrastructure, retail, consumer, and so on. Recall the Heartbleed security vulnerability that dominated the news early in 2014? Heartbleed was a security defect that existed for years in a critical software component used by many designers in their server infrastructure and electronic devices. Cyber attacks and potential security vulnerabilities are among the hottest topics in all device segments.

If you talk to a security expert, you will likely hear terms such as "defence in depth" or "layered security." While there are formal and informal definitions of these terms, everything boils down to creating layers of security which can defend against attacks, or delay the attack from penetrating subsequent layers. Typical layers include:
???Policies and procedures: rules governing access and usage of a device
???Physical: literally, a physical layer such as a fence, guard, or locked door
???Network: securing the connectivity to the outside world
???Application: ensuring malicious applications cannot compromise the system
???Data: ensuring the integrity of data that is used or stored in the system

ARM's TrustZone technology
ARM's TrustZone technology implemented in a SoC can be leveraged to address the network, application, and data aspects of the layered security model. Before addressing the specifics, it might be helpful to understand the concepts underlying ARM TrustZone.

ARM TrustZone is a hardware-based mechanism built into an ARM-based SoC that allows the resources of a system to be separated into two worlds, commonly referred to as "normal world" and "secure world."

These resources can be memory spaces or hardware applications such as I/O and keyboards. When operating in the normal world mode, applications have access to anything that the system architect enables normal world processing to access. Normal world mode, however, cannot access or even be aware of anything that exists in the secure world.

When operating in secure world, anything that has been architected for secure world processing is accessible. Secure world mode can also access resources that exist in normal world (figure).

Figure: ARM's TrustZone technology allows developers to designate functions within a SoC as "Secure World" or "Normal World." (Source: Mentor Graphics)

Many of us regularly use secure world and normal world processing without realising it.

Secure world vs. normal world
For example, online shopping typically requires a username and password. When prompted to enter this authentication information, the mobile device (Android phone, Apple iPad, etc.) will switch into secure world mode where the data is entered on a secure keyboard and securely processed before anything else is allowed to occur.

1???2?Next Page?Last Page

Article Comments - Thwarting IoT security threats with ...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top