Designing Security & Trust into Connected Devices - Arm · Designing Security & Trust into...
Transcript of Designing Security & Trust into Connected Devices - Arm · Designing Security & Trust into...
Designing Security & Trust into Connected Devices
Eric Wang
Shenzhen / ARM Tech Forum / The Ritz-Carlton
Senior Technical Marketing Manager
June 14, 2016
© ARM 2016 2
Agenda
Introduction
Security Foundations on Cortex-A
Security Foundations on Cortex-M
Use cases
Certification
Summary
© ARM 2016 3
ARM TrustZone Technology – A Security Foundation
Content Protection Mobile Payment Authentication Enterprise Security
Today
© ARM 2016 4
Security is a Balance
HW Attacks • Physical access to device – JTAG, Bus, IO
Pins,
• Well resourced and funded
• Time, money & equipment.
Software Attacks • Buffer overflows
• Interrupts
• Malware
Communication Attacks •Man In The Middle
•Weak RNG
•Code vulnerabilities
Cost/Effort
To Attack
Cost/Effort
to Secure
Level 1
Level 3
Level 2
© ARM 2016 5
ARM Builds Layers of Hardware Security - Hierarchy of Trust
Secure Domain Security Subsystem or SE
Isolated & small security boundary
Trusted Domain Trusted code and data
with TrustZone & Trusted Software
Protected Domain Hypervisor, Virtual Machines
Rich Domain Rich OS and user applications
© ARM 2016 6
Security Foundations for Cortex-A
Software – ARM Trusted Firmware & 3rd party TEE ecosystem
Security certification for TEE via GlobalPlatform
TrustZone for ARMv8-A & ARMv7-A
Established architecture protecting billions of devices and services
TrustZone Media Protection Architecture
TrustZone CryptoCell-710
Configurable security subsystem adds a deep layer of hardware based security easily
integrated into SoC
© ARM 2016 7
TrustZone Based Trusted Execution Environment
Hardware root of trust
A basis for system integrity
Integrity through Trusted Boot
Secure peripheral access
Screen, keypad , fingerprint sensor etc.
Secure application execution
Technology called TrustZone
Trust established outwards
With normal world apps
With internet/cloud apps
Mobile devices with integrated HW security
ARM Trusted Firmware CryptoCell
© ARM 2016 8
Cortex-A: Putting it All Together
ARM Trusted FirmwareEL3
SoC/platform port
Normal World OSEL1/EL2
Trusted OSSecure-EL1
Trusted OS Dispatcher
TOS
spec
ific
p
roto
col a
nd
m
ech
anis
m
Trusted AppSecure-EL0
AppEL0
TOS driver
TOS library
TOS specific protocol via SMC
via
ioct
l
Porting interface between Trusted
Firmware and SoC/platform
Interface between Trusted Firmware and Trusted OS Dispatcher
OSS or
TEE Vendor
Trusted
Peripherals
Security
Subsystem
Crypto
HDMI
HDCP Security Platform Design Documents Mali GPU
TrustZone
CryptoCell
© ARM 2016 9
TEE has a Protection Profile Certified by
Common Criteria
Proposed scheme has Security Certification
of a Reference Implementation… AND
OEM product – looking at the deltas
Objective is to reduce time to certification
by OEM to 2-3 months
Independent security assessment vs. “Trust
Me”
GlobalPlatform TEE Certification
Secure boot
HW features
Trusted OS
Evaluation scope
© ARM 2016 10
IOT Security Enables New Business Opportunities
If you can trust devices and the little data you can
transform industries
Electricity meter example – if you can trust a
remote meter reading on a consumer meter…
No need to send someone to the house
Billing costs are reduced
Home security example – if you can trust a
connected security system …
You will be more likely to purchase and enable remote
monitoring
© ARM 2016 11
How Do We Build the Internet of Trustworthy Things?
Make end to end security easier by providing right sized secure
foundations that scale for different use cases and market needs
Make it easier
Build security in or enable easy integration of subsystems
Trusted software that is free and easy to use
Make it right sized
Security for any ARM platform
Provide multiple solutions
Keep it agile
© ARM 2016 12
Security Foundations for Cortex-M
Software - mbed OS, mbed uVisor, mbed TLS & 3rd party ecosystem
TrustZone for ARMv8-M
New microcontroller architecture gains TrustZone
TrustZone CryptoCell-310
Adds a configurable security system close to the root of trust suitable for
microcontrollers
© ARM 2016 13
Security Foundations for Cortex-M
Software - mbed OS, mbed uVisor, mbed TLS & 3rd party ecosystem
TrustZone for ARMv8-M
New microcontroller architecture gains TrustZone
TrustZone CryptoCell-310
Adds a configurable security system close to the root of trust suitable for
microcontrollers
© ARM 2016 14
TrustZone for ARMv8-A TrustZone for ARMv8-M
Non Secure
App
Secure
App
Secure Monitor
SECURE WORLD NORMAL WORLD
Rich OS. e.g.
Linux
Secure
OS
Non Secure
App
Secure
App/Libs
SECURE WORLD NORMAL WORLD
Non Secure
RTOS
Secure
RTOS
TrustZone
ARMv8-M
Microcontroller
TrustZone for ARMv8-M
Applications
Processors
© ARM 2016 15
Feature/Architecture TrustZone® ARMv7-A & ARMv8-A TrustZone® for ARMv8-M
Additional Security States SEL0* – Trusted Apps
SEL1 – Trusted OS
EL3 – Trusted Boot & Firmware (ARMv8-A)
Secure Thread – Trusted code/data
Secure Handler – Trusted device drivers,
RTOS, Library managers…
Secure Interrupts Yes
Yes (Fast)
State Transition (Boundary crossing) Software transition
Hardware transition (Fast)
Memory Management Virtual Memory MMU with secure attributes Secure Attribution Unit (SAU) &
MPU memory partitions
System Interconnect Security Yes Yes
Secure Code, Data and Memory? Yes Yes
Trusted Boot Yes Yes
Software ARM Trusted Firmware (+ 3rd party TEEs) Keil CMSIS, ARM mbed OS, mbed uVisor
+ 3rd party software
ARM TrustZone Architecture Extensions
*Secure Exception Level
© ARM 2016 16
Privileged
Hardware Interfaces
Normal World Code Trusted Software
Device Drivers
Unprivileged
RTOS
Security on Next Generation Cortex-M
Platform Code
ARM Cortex-M
v8-M Microcontroller
TRNG
Unique ID
Accel/ Services
Secure Storage
Physical IP
CryptoCell
uVisor
Secure
Libs
Crypto
Trusted App
Trusted Firmware
Comms Stack
Apps/User
TLS/Crypto Libs
Trusted Apps
TrustZone based uVisor is key building block
© ARM 2016 17
AMBA 5 AHB5: Extending Security to the System
Flash Flash Trusted
Peripheral B
Trusted region
CPU
Non-Trusted
Peripheral A
Non-trusted region
DMA
AMBA 5 AHB5 Interconnect
SRAM
Extends security
foundation to the SoC
Efficient security control
across all of the SoC
Optimized for embedded
SoCs
Security state extends
across Cortex-A and
Cortex-M systems
© ARM 2016 18
AMBA 5 AHB5: Extending Security to the System
Flash Flash TrustZone
CryptoCell-310
Trusted region
CPU
Non-Trusted
Peripheral A
Non-trusted region
DMA
AMBA 5 AHB5 Interconnect
SRAM
Extends security
foundation to the SoC
Efficient security control
across all of the SoC
Optimized for embedded
SoCs
Security state extends
across Cortex-A and
Cortex-M systems
© ARM 2016 19
Software / OS
Communication protocols, Secure authentication
Resource sharing, Key management, Protect system
Resources
Communication
Hardware/System
mbed TLS
mbed OS, mbed uVisor
TrustZone, CryptoCell (Root of Trust), System IP, AMBA 5
Secure Foundations for Services
© ARM 2016 20
CryptoCell acts as a trust anchor and security subsystem for the platform
TrustZone CryptoCell for Every Platform
Non Secure
App
Secure
App
Secure Monitor
SECURE WORLD NORMAL WORLD
Rich OS. e.g.
Linux Secure
OS
Non Secure
App
Secure
App/Libs
SECURE WORLD NORMAL WORLD
Non Secure
RTOS
Secure
RTOS
TrustZone
Asymmetric
Crypto
Symmetric
Crypto
Data
interfac
e
Security
resources Ro
ots
of tr
ust
Alw
ays
On
Control interface
CryptoCell-310
Asymmetric
Crypto
Symmetric
Crypto
Data
interfac
e
Security
resources Ro
ots
of tr
ust
Alw
ays
On
Control interface
CryptoCell-710
© ARM 2016 21
Chain of Trust Starts with Initial ROT
Apps
Guest OS
Hypervisor
(Cortex-A)
TrustZone
TEE or uVisor
iROT
TrustZone
CryptoCell
Keys Provisioned keys/data at factory
Initial Root of Trust: e.g. CryptoCell Security functions
Extended Root of Trust e.g. TrustZone based TEE
Launch of authenticated Hypervisor
OS / App Integrity
© ARM 2016 22
Secure Foundations From Sensor to Servers
Connectivity Efficiency Management Productivity Security
mbed OS
mbed TLS
mbed OS uVisor
TrustZone for ARMv8-M
TrustZone CryptoCell
© ARM 2016 23
Summary
Security is a place where partners can differentiate e.g. certification, provisioning, services…
ARM provide the building blocks for security on Cortex-A: Security Platform Design Docs
Standards e.g. GlobalPlatform
Open source e.g. ARM Trusted Firmware, uVisor & Linaro OP-TEE
Ecosystem e.g. Trustonic, BeanPod and other commercial TEE providers
TrustZone for v8-M brings familiar security architecture to lowest cost points TrustZone based uVisor & CMSIS-RTOS provide useful building blocks
CryptoCell provides Root of Trust to system & a toolbox of security functions
The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM
Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured
may be trademarks of their respective owners.
Copyright © 2016 ARM Limited
© ARM 2016
Thank you!