Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Networks

Thwarting IoT security threats with ARM TrustZone

Posted: 04 Sep 2014 ?? ?Print Version ?Bookmark and Share

Keywords:Internet of Things? IoT? ARM? TrustZone? SoC?

The banking application may itself run entirely in secure world, but the device can also switch out of secure world into normal world to access other applications such as a browser or email, or to perform other non-secure tasks. With this high-level understanding of TrustZone and secure world processing, we can now address how several aspects of the layered security model might be supported.

In regards to the network layer, networking interfaces to the outside world can be managed through the secure world. Interrupts coming in from designated interfaces can be mapped in such a way that the system switches into secure world for handling by an application that executes in secure world.

For example, this application can validate and authenticate the connection and connecting entity before actions with potential security implications are allowed to occur. It can also deny any connection that represents a potential threat before it can harm the system. Security measures to protect applications and data are enabled by using cryptographic hash functions such as SHA-256 and public/private cryptographic key pairs.

For example, when booting the system, loading an operating system, or downloading an application, one can create a hash, or message digest of the image using the vendor's public key. If a message digest of the image created with the vendor's private key is provided by the vendor, the user can use the vendor's public key to decrypt the vendor-provided digest and compare the two. If the two compare, then the user knows (1) the application or data came from an authorised party and (2) the application or data has not been tampered with.

Likewise, sensitive data can be validated and stored in an area only accessible in the secure world, or critical data can be encrypted and safely stored in a database that lives in normal world. All of this processing, including storage of sensitive data and cryptographic keys, can be done in the TrustZone secure world before the application or data is allowed to execute in the normal world.

To complicate matters, security exposures are being amplified due to the functional consolidation enabled by today's complex ARM-based multi-core SoC architectures. Many device manufacturers are moving to these homogeneous or heterogeneous multi-core SoC devices and consolidating heterogeneous operating environments and their applications in order to reduce the size, weight, and cost of their devices.

Also, as processing requirements rise with consolidation, power consumption is less of a concern due to the efficiency delivered by the ARM architecture. A hypervisor with ARM TrustZone support is critical in these consolidated, heterogeneous environments. The hypervisor enables consolidation across homogeneous cores by enforcing the separation of memory, devices, and applications on the multi-core SoC while increasing overall system reliability.

From a security perspective, a system architect can choose to enable secure world on all of the cores of the multi-core system or just one of the cores. However, in an asymmetric multi-processing (AMP) architecture, it might be best to consider using TrustZone on just one core as the system security gateway.

Enabling secure world mode on all cores may lead to secure world execution timing issues and resource contention, which could potentially increase the attack surface for security vulnerabilities. The embedded device world is indeed becoming more functionally rich and connected. As the Internet of Things continues to expand and the value contained in, or the data accessible through, these devices continues to expand accordingly, security becomes a paramount consideration.

Leveraging ARM TrustZone in devices can help to address several layers of the layered security strategy for device manufacturers, application developers, and system integrators.

About the author
Warren Kurisu is the director of Product Management in the Mentor Graphics Embedded Systems Division. He oversees the embedded runtime platform business for Nucleus, Mentor Embedded Linux, Automotive Technology Platform, AUTOSAR, and virtualisation technologies.

To download the PDF version of this article, click here.

?First Page?Previous Page 1???2

Article Comments - Thwarting IoT security threats with ...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top