New ARM Technologies for a More Secure IoT - 2017 Arm · PDF file ·...

Title 44pt Title Case

Affiliations 24pt sentence case

20pt sentence case

New ARM technologies for a more secure IoT

Neil Parris

ARM Tech Symposia

Director of Marketing, Interconnect Products

November 2016

© ARM 2016 2


Bullets 24pt sentence case

Sub-bullets 20pt sentence case

Agenda

IoT security

Implementing secure embedded systems

CoreLink SIE-200 – System IP for

Embedded ARMv8-M designs

TrustZone CryptoCell-312

CoreLink SSE-200 – TrustZone enabled

SubSystem for Embedded

© ARM 2016 3

Text 54pt Sentence Case IoT security

© ARM 2016 4




Different Types of Security

Device management

Monitoring Device integrity

Asset protection

Data Security

Physical Security

Future-proofing

Device security

Communications security

Lifecycle security

Link encryption

Authentication

Anonymity/Confidentiality

© ARM 2016 5

Text 54pt Sentence Case Implementing secure embedded systems

© ARM 2016 6




TrustZone: A comprehensive security foundation

Security separation with TrustZone

Isolate trusted resources from non-trusted

Reduce attack surface of key components

Trusted software

Crypto TRNG

Security throughout the system

Software, CPU, interconnect, memory and

peripherals

Trusted hardware

Fortified security for entire device lifecycle

Non-trusted

Trusted

Trusted hardware Secure

system

Secure

storage

© ARM 2016 7




Bringing TrustZone protection to the system

Secure the system, secure the processor

Hardware separation and isolation

Protect memories, peripherals, legacy IP

AMBA 5 AHB5 bus protocol

Signals security through the interconnect

Complementary to ARMv8-M

Optimized for embedded systems

Fewer wires saves area and power

Hardware protection simplifies software

Non-trusted

peripheral B

Trusted

peripheral A Flash

AMBA AHB5 compliant interconnect

SRAM

CPU

Non-

trusted

DMA

Trusted region Non-trusted region

© ARM 2016 8

Text 54pt Sentence Case CoreLink SIE-200 System IP for Embedded

© ARM 2016 9




CoreLink SIE-200: Extending security to the system

Simplify the design of a secure system

Designed and verified with latest ARMv8-M

processors

Library of AMBA 5 AHB5 components

Implements system wide hardware security

Configurable to enabled tailored IoT solutions

Reduce design time with IP re-use

Secure existing AHB and APB peripherals

Accelerate deployment of ARMv8-M SoCs with TrustZone compatible system IP

© ARM 2016 10




Flash

AMBA AHB5 Bus Matrix with TrustZone

SRAM

Legacy AHB

Non-secure

Master

AHB5

Protection

Controller

Memory

Protection

Controller

APB

Protection

Controller

Security

Wrapper

Memory

Protection

Controller

AHB

Peripherals

APB

Peripherals

Clock Bridge

AHB5

Master CPU

CoreLink SIE-200: System IP for embedded

Trusted region Non-trusted region

Scalable and configurable Full AHB5 support

Parallel transactions for

highest performance

Protect code and data Protect software IP

Programmable regions for

multiple applications

Protect peripherals Re-use existing peripherals

Programmable at run-time

Integrate legacy IP Re-use and secure existing

IP in AHB5 systems

Minimize power Flexible clock and power

domains save energy

Library of AHB5 IP Lightweight & low latency

CoreLink SIE-200

© ARM 2016 11




TrustZone AHB5 memory protection controller

Programmable

Dynamic allocation of trusted and non-trusted

regions

Configurable protection block sizes

From 32B to 1MB

Provides device security

Asset protection – data and code

Data security and privacy

Programmable response on illegal access

Decode error response

Secure error interrupt

AHB5 Slave Interface

AHB5 Master Interface

Security Check

Memory

Lookup Table

Trusted

APB programming

interface

Trusted

secure error

interrupt

Memory Controller

AHB5 System

© ARM 2016 12

Text 54pt Sentence Case TrustZone CryptoCell-312

© ARM 2016 13




TrustZone CryptoCell-312: Fortified device security

10x faster cryptography* performance

drives improved energy efficiency

Easy to integrate, silicon proven.

Software and tools included

* when compared to SW only operations on cryptography tasks

Enabling a full set of security services

over deeply embedded form factors

© ARM 2016 14

Text 54pt Sentence Case CoreLink SSE-200 TrustZone enabled Subsystem for Embedded

© ARM 2016 15




CoreLink SSE-200: A complete HW/SW subsystem

A foundation you can trust

Integrated hardware and software system

Fully verified

Configurable and extendable

© ARM 2016 16




The fastest and lowest-risk path to secure silicon

A validated subsystem

Security architecture

Optimized for low power

Easy to integrate with your

own IP

Development support

Fast model for SW

FPGA platform

Socrates tools for system

expansion

© ARM 2016 17




CoreLink SSE-200 subsystem

CoreLink SSE-200 subsystem block diagram

Cordio

radio (digital part)

Embedded or

External Flash

Cortex-M33

Flash controller

APB bridge

APB peripherals

Multi-layer AHB5 interconnect

Instruction cache

TrustZone

CryptoCell

• DMA • HW acceleration • Other radios • Peripherals • ADC/DACs • Interfaces (SPI, I2C,

SDIO,…) • …

Master/Slave

Cordio RF

Always-on domain

TrustZone protection


AHB5 expansion ports

Non-ARM IP

ARM CoreLink SSE-200 IP

Other ARM IP

AHB5 code interface

Cortex-M33

Instruction cache

TCM

TrustZone filters

Power Control

TrustZone Filters

Secure debug

CoreSight

SoC

Options


SRAM Control

System

SRAM

© ARM 2016 18




A ready-to-use software framework

Integration of

Libraries, drivers

Protocol stack

mbed OS

Verification at the system level

Different targets

Fast Model

FPGA board

Distributed as open-source

© ARM 2016 19




Fast track to mbed OS ecosystem

Partner

components/ports

mbed OS

components

mbed OS Communication Security

mbed OS

Connectivity

mbed OS

device security

Hardware interfaces

ARM CoreLink SSE-200

HW Crypto Sensors Radio

mbed uVisor

Update trusted library

mbed OS

Core CMSIS-RTOS RTX

mbed OS API

Application code mbed OS libraries

Events Threads

Peripheral HAL

BLE

stack

BLE

HCI

802.15.4

MAC

mbed

nanostack

Thread

6LoWPAN

IP stack

WiFi

Eth

MAC

WiFi

stack

Ethernet

Sockets

BLE

Peripheral drivers

CMSIS-Core

Profiles

Provision trusted library

mbed Transport Layer Security Crypto trusted library

mbed

Cloud

Client

Connect client

Provision client

Update client

TrustZone for ARMv8-M

Peripherals

Cloud client infrastructure

Trusted HAL

Trusted drivers

Root of Trust

Secu

rity

APIs

Secure storage

mbed OS

200K developers

2016

60K developers

2014

CoreLink SSE-200

software integration

© ARM 2016 20




Build your ARMv8-M system on FPGA

Evaluation and prototyping

IoT subsystem on FPGA

Rapid software and hardware development

Used by software and tools ecosystem partners

Expandable

Large FPGA for user logic

Arduino shield adapter

IO expansion

Debug connectors

Demo on ARM booth!

© ARM 2016 22




Tackling the security challenges of IoT

Lifecycle security mbed Cloud and mbed Cloud client

CryptoCell lifecycle management

Communications security mbed TLS

CryptoCell encryption/authentication

Device security TrustZone technology

Subsystem and system IP to build secure SoCs

mbed uVisor

CryptoCell secure storage

© ARM 2016 23




Creating a secure IoT is everyone’s responsibility

Need to get security foundation right

Secure processor

Secure system

Secure software

ARM IP is available to implement it

TrustZone technology

TrustZone CryptoCell

CoreLink System IP and Subsystem

mbed OS

ARM solution helps you get to market fast

The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited

(or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be

trademarks of their respective owners.

Copyright © 2016 ARM Limited

New ARM Technologies for a More Secure IoT - 2017 Arm · PDF file ·...

Documents

Transcript of New ARM Technologies for a More Secure IoT - 2017 Arm · PDF file ·...