Physical Security Solutions
Arm's suite of physical security solutions empowers designers to build in the necessary physical protection at the heart of the device. The suite includes both processor IP equipped with tamper resistance, plus a range of IP specifically created to mitigate side-channel attacks. This page shares more information on physical attacks, why they are important to understand and how you can overcome the threat, with proven Arm IP.
Why Physical Security Matters
Devices can be targeted in many different ways; in fact, Arm splits these into four main categories: communication, lifecycle, software and physical attacks. The Arm Platform Security Architecture instructs that it's important for designers of devices to carry out extensive threat modelling, as this allows them to determine the specific threats. Once threats are identified, designers can look for specific counter-measures to mitigate the specific threats. Arm recommends implementing security at the different layers of the device.
When it comes to physical security, attackers often use the physical properties of the system-on-chip (SoC), such as timing or voltage, to either extract information or induce bad behavior. If the base layer of silicon fails, allowing sensitive data to leak out or to be easily accessed, the entire system security becomes at risk.
Even the most robust security schemes and cryptographic architectures are susceptible to physical attacks, and this type of attack is gaining traction as new automated tools make it easier and simpler to perform. The risk with a physical attack is the scalability factor: extracting information from one device, such as keys or source code, allows an attacker to conduct a large-scale software attack.
What Attacks Are Possible
Physical attack types can be divided into two main categories - non-invasive and invasive.
Non-invasive attacks can take many different forms. Some attacks involve perturbation techniques (causing unintended behaviour of the silicon), others are in the form of side-channel attacks (SCA), aimed at revealing secret information (e.g. cryptographic keys).
SCA involves observing behaviour, such as operation timing, power consumption or electromagnetic emission. This attack is hard for the owner of the device to detect and respond to (e.g. revoking compromised keys).
On top of this, non-invasive attacks typically cost very little to implement and can be quite scalable, potentially risking the security of the entire system.
Invasive attacks start with the removal of the chip package. After the chip is opened, it is possible to perform perturbation attacks, as well as probing or modification attacks (by etching drilling or laser cutting at least part of the passivation layer).
In the past, invasive attacks generally meant significant investment – they required days, or weeks, in a specialized laboratory with highly qualified specialists. Nowadays, the option to rent this equipment (and even the knowledge) is making this attack more accessible.
Arm Solutions for Physical Security
Cryptography and Platform Security Services IP with Physical Security
By using newly-enhanced IP from the Arm CryptoCell family (Arm Cryptocell-312P) you can assure the integrity, authenticity and confidentiality of code and data belonging to different stakeholders. These new Arm CryptoCell products provide the system with various cryptography related services and platform security services, plus protect against side-channel analysis.
Secure Enclave IP with Physical Security
The Arm CryptoIsland family provides local SoC entities and remote cloud entities with a comprehensive set of security services. They combine a compute engine, cryptographic capabilities, management of keys and other assets, forming smartcard level security on-die. Arm CryptoIsland-300P combines physical isolation of the security subsystem, with added protection against physical attacks.
Processor IP with Physical Security
For embedded security developers seeking to hinder physical tampering and achieve a higher level of security certification, Arm offers the Arm Cortex-M35P processor. It is a robust, high-performing processor on proven, easy-to-integrate Arm Cortex-M technology, making physical security and software security accessible for all developers.
Key benefits include:
- Design confidently with proven, widely-supported technology
- Protect flexibly with physical security that allows for optional advanced features
- Accelerate success with rich ecosystem support and reduced development cost
Physical resilience is recommended for high asset value devices (e.g. connected door lock), actuators (e.g. an industrial valve) or when the risk is high for one device to provide access to a larger-scale attack.
Embedded Secure Elements
Embedded Secure Elements, are often used in payment transactions, providing a trusted connection between a bank, a payment reader and the recipient of the funds. If this secure element is subject to a physical security hack, the user’s credentials could be exposed and misused.
Digital Content Protection
As consuming content on-the-go becomes more popular, there is a need to protect the content, data, passwords and payment details stored on portable devices from being exploited. A good example of this would be music content.
A vehicle is packed with electronics, some of which require authentication to operate or access data, such as the hardware security module (HSM), door locks, infotainment or V2X communications. It’s important these are protected from physical attacks.
Medical devices and wearables (for example glucose monitors) can hold sensitive personal information including heart metrics, blood types and other data. It’s important that this data is protected.
Devices that hold details about our identity (including smart cards, secure access devices and passports) can be incredibly valuable to an attacker.