July 20, 2016

Cambridge, UK – July 20, 2016: Billions of connected devices are potentially at risk unless security sensitive software can be managed to an e-commerce standard, according to a group of leading technology security experts.

The companies, including ARM, Intercede, Solacia and Symantec worked together to assess the security challenges of connecting billions of devices across multiple sectors; including industrial, home, health services and transportation. Their conclusion was that any system could be compromised unless a system-level root of trust was established.

To deal with the risk, the companies collaborated on the Open Trust Protocol (OTrP) to combine a secure architecture with trusted code management, using technologies proven in large scale banking and sensitive data applications on mass-market devices such as smartphones and tablets.

"In an internet-connected world, it is imperative to establish trust between all devices and service providers," said Marc Canel, vice president of security systems, ARM. "Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform."

Other members of the OTrP Joint Stakeholder Agreement are: Beanpod, Laser Technology, Nutlet, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix.

The threat
Symantec estimates that one million internet attacks were carried out every day during 2015. The Internet of Things (IoT) expands the attack surface and according to Gartner, the analyst firm, security is now the number one priority when building any connected product.

OTrP in more detail
OTrP is a high level management protocol that works with security solutions such as ARM^® TrustZone^®-based Trusted Execution Environments that are designed to protect mobile computing devices from malicious attack. The protocol is available for download from the IETF website today for prototyping and testing.

The protocol paves the way for an open interoperable standard to enable the management of trusted software without the need for a centralized database by reusing the established security architecture of e-commerce. The management protocol is used with Public Key Infrastructure (PKI) and Certificate Authority-based trust architectures, enabling service providers, app developers and OEMs to use their own keys to authenticate and manage trusted software and assets. OTrP is a high level and simple protocol that can be easily added to existing Trusted Execution Environments or to microcontroller-based platforms capable of RSA cryptography.

OTrP is available as an IETF informational and it is planned that it will be further developed by a standards defining organization that can encourage its mass adoption as an interoperable standard.

Partner quotes

"The chain of trust for connected services must be based on strong digital identities for people and devices to ensure the integrity of data and applications in an open and interoperable way," said Lubna Dajani, OTPA Secretary and Futurist. "The release of OTrP is a significant step forward and it will enable the industry to operate more efficiently by collaborating on the basics and only competing where individual value can be added."

"Posting OTrP as an IETF informational for public review is an important step in providing universal digital trust from silicon to services for mobile and IoT connected devices, said Richard Parris, CEO of digital trust specialists, Intercede. "It provides network operators and app developers the control they need over their selection of hardware security module and cryptographic key provider for reasons of interoperability, policy and cost while maintaining a common management platform across mixed fleets of devices."

"Enabling the creation of an OTrP ecosystem for Trusted Applications is crucial in ensuring commercial flexibility across markets, said SangJin Park, CEO of Solacia. "We are committed to the adoption of open standards across the security industry and the provision of SecuriTEE will help to achieve this by deploying ARM TrustZone technology widely to ensure universal adoption of secure mobility."

"As a wireless operator, providing a communication and data ecosystem that is safe and secure is a paramount mission," said Dr. Ron Marquardt, Vice President of Technology at Sprint. "As the global ecosystem of connected devices and mobile applications continues to grow, security will become more challenging. OTrP offers a strong prescription for this increasing challenge with its flexibility to provision and maintain system-level root of trust within the service ecosystem."

"With new technologies come increased security risks," said Brian Witten, Senior Director, Internet of Things (IoT) Security, Symantec. "The Internet of Things and smart mobile technologies are moving into a range of diverse applications and it is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect on board encryption-keys."

Ends

 

Contacts

ARM
Andy Winstanley
Director of external communications, US and EMEA, ARM
+44 07788 249712
andy.winstanley@arm.com

Intercede
Sarah Alonze / Kathryn Mills-Web
+44 020 74345550
intercede@babelpr.com

Solacia Inc.
JunSoo Jeong
+82 10 8918 6802
jsjeong@sola-cia.com

Sprint
Adrienne Norton 
Corporate Communications – Network
+1 425-256-7014
adrienne.norton@sprint.com

About ARM

ARM (LSE: ARM, NASDAQ: ARMH) designs technology at the heart of the world's most advanced digital products. We are enabling the development of new markets and transformation of industries and society, invisibly creating opportunity for a globally connected population. Our scalable, energy-efficient processor designs and related technologies deliver intelligence wherever computing happens, ranging from sensors to servers, including smartphones, tablets, digital TVs, enterprise infrastructure and the Internet of Things.

Our innovative technology is licensed by ARM Partners who have shipped more than 86 billion System on Chip (SoCs) containing our intellectual property. Together with our Connected Community, we are breaking down barriers to innovation for developers, designers and engineers, ensuring a fast, reliable route to market for leading electronics companies. Learn more and join the conversation at http://community.arm.com.

All information is provided "as is" and without warranty or representation. This document may be shared freely, attributed and unmodified. ARM and TrustZone are trademarks or registered trademarks of ARM Limited (or its subsidiaries). All other brands or product names are the property of their respective holders. © 1995-2016 ARM Group.

Armについて

Armは、業界最高の性能と電力効率に優れたコンピューティング・プラットフォームであり、コネクテッドな世界における人口の100%に貢献する比類のないスケールを備えています。Armは、演算に対する飽くなき需要に応えるため、世界をリードするテクノロジー企業に先進的なソリューションを提供し、各社がAIによるかつてない体験や能力を解き放つことができるよう支援しています。世界最大のコンピューティング・エコシステムと2,200万人のソフトウェア開発者とともに、私たちはArm上で築くAIの未来を形作っていきます。

全ての情報は現状のまま提供されており、内容について表明および保証を行うものではありません。本資料は、内容を改変せず、出典を明記した上で自由に共有いただけます。ArmはArm Limited（またはその子会社や関連会社）の登録商標です。その他のブランドあるいは製品名は全て、それぞれの権利者の所有物です。©1995-2025 Arm Limited.