Highly Integrated Security Subsystem

The Arm CryptoIsland family of products enables trust creation at an early silicon manufacturing phase and maintains it across the full lifecycle of the Integrated Circuit (IC)/Device. The security subsystem also provides a high-level of isolation and security, suitable for stringent certifications, and ease of reuse. 

Features and Benefits
Rich Set of Cryptographic Services

The CryptoIsland family provides local and remote entities access to a rich set of cryptographic functions, covering all major symmetric and asymmetric ciphers, hash functions, and a true random number generation. The cryptography interface is based on publicly available MbedTLS APIs, and the use of MbedTLS allows developers to smoothly switch between software-based implementation to a hardware-accelerated implementation. 

Optional Mitigation of Attacks

An option to include mitigation of threats that are aimed at exploiting vulnerabilities related to the physical implementation of the silicon is available. An example might be exposure of secrets through the power consumed by the IC or by the electromagnetic field it emits. CryptoIsland can also mitigate attempts to compromise assets through the induction of faults, or through more invasive techniques (including tampering with the IC package). 

Asset Management

The CryptoIsland family manages different types of assets. Assets are a combination of a "payload" and an associated "policy". The policy defines aspects related to the asset lifecycle. For example, usage related lifecycle state dependency, usage and modification related authentication, cryptographic usage restrictions, modification related policy, and many others. 

Physical Connectivity

CryptoIsland can be physically connected (SoC architecture wise) to more than one bus fabric, thus creating a physical distinction between service requestors, which is easy to use. That physical distinction can be used to form simple and robust isolation.

Secure Manufacturing

Establishing trust in security-related processes occurs at early IC production stages (for example, at wafer sort). These processes may include provisioning sensitive information or IC identity export. Basing process trustworthiness on CryptoIsland technology helps mitigate risks in the manufacturing environment.

Lifecycle Management

IC lifecycle starts with the silicon fabrication, then device assembly, distribution, various deployment contexts, re-purposing, decommissioning, diagnostics, and so on. The requirements of each step affect security policies, and in turn code validation, debug, resources/features availability, and many more. The CryptoIsland family lets you define the desired lifecycle and the associated policy. The security solution then enforces that pre-defined policy, while allowing some “future proofing”. 

Code Updates

The CryptoIsland family is responsible for securing code updates, for both the CryptoIsland subsystem and other entities running code in the system. This supports strong cryptography, while assuring the efficiency and flexibility of the process is maintained. Code confidentiality and freshness are also addressed.

Authenticated Debug

The CryptoIsland family authenticates entities attempting to debug a design, verifying the debug rights that were granted at a fine granularity of control. Debug resources can be associated with different stored credentials, enabling the protection of assets between entities in the value chain. 

Attestation Service

This service can attest to the authenticity of the behavior and deployment context of an IC device, so it can exchange hands within the value chain and then be deployed.

Alarm Responses

The CryptoIsland family can respond to “alarm” signals generated internally (within CryptoIsland) or coming from outside the CryptoIsland boundaries, for example, from sensors and detectors embedded at the SoC/IC/device level.

Talk with an Expert

Want to know more about security on Arm? Talk to an expert about the right security solution for you.

Contact Us
Related Products and Services
Explore More Options and Features

Arm CryptoCell-300

Arm CryptoCell-300 offers an outstanding level of security to target a broad set of threats, while offering high performance, low power consumption, and a small footprint. 

Security on Arm

Security on Arm

Arm provides a range of security IP, which has been created to protect against a variety of different attacks.

Corstone Foundation IP

Compare Corstone

There are a number of Corstone packages, depending on device requirements. Explore further details and see what’s included in each one.

CryptoIsland Resources

Everything you need to know to make the right decision for your project. Includes technical documentation, industry insights, and where to go for expert advice.

Visit Arm Developer