Physical Security Solutions
Arm's suite of physical security solutions empowers designers to build in the necessary physical protection at the heart of the device. The suite includes both processor IP equipped with tamper resistance, plus a range of IP specifically created to mitigate side-channel attacks. This page shares more information on physical attacks, why they are important to understand and how you can overcome the threat, with proven Arm IP.
Why Physical Security Matters
Devices can be targeted in many different ways; in fact, Arm splits these into four main categories: communication, lifecycle, software and physical attacks. The Arm Platform Security Architecture instructs that it's important for designers of devices to carry out extensive threat modelling, as this allows them to determine the specific threats. Once threats are identified, designers can look for specific counter-measures to mitigate the specific threats. Arm recommends implementing security at the different layers of the device.
When it comes to physical security, attackers often use the physical properties of the system-on-chip (SoC), such as timing or voltage, to either extract information or induce bad behavior. If the base layer of silicon fails, allowing sensitive data to leak out or to be easily accessed, the entire system security becomes at risk.
Even the most robust security schemes and cryptographic architectures are susceptible to physical attacks, and this type of attack is gaining traction as new automated tools make it easier and simpler to perform. The risk with a physical attack is the scalability factor: extracting information from one device, such as keys or source code, allows an attacker to conduct a large-scale software attack.
Physical attack types can be divided into two main categories - non-invasive and invasive.
Cryptography and Platform Security Services IP with Physical Security
By using newly-enhanced IP from the Arm CryptoCell family (Arm Cryptocell-312P) you can assure the integrity, authenticity and confidentiality of code and data belonging to different stakeholders. These new Arm CryptoCell products provide the system with various cryptography related services and platform security services, plus protect against side-channel analysis.
Secure Enclave IP with Physical Security
The Arm CryptoIsland family provides local SoC entities and remote cloud entities with a comprehensive set of security services. They combine a compute engine, cryptographic capabilities, management of keys and other assets, forming smart card level security on-die. Arm CryptoIsland-300P combines physical isolation of the security subsystem with added protection against physical attacks.
Processor IP with Physical Security
For embedded security developers seeking to hinder physical tampering and achieve a higher level of security certification, Arm offers the Arm Cortex-M35P processor. It is a robust, high-performing processor on proven, easy-to-integrate Arm Cortex-M technology, making physical security and software security accessible for all developers.
Key benefits include:
- Design confidently with proven, widely-supported technology
- Protect flexibly with physical security that allows for optional advanced features
- Accelerate success with rich ecosystem support and reduced development cost
Physical resilience is recommended for high asset value devices (e.g. connected door lock), actuators (e.g. an industrial valve) or when the risk is high for one device to provide access to a larger-scale attack.
Embedded Secure Elements
Embedded Secure Elements, are often used in payment transactions, providing a trusted connection between a bank, a payment reader and the recipient of the funds. If this secure element is subject to a physical security hack, the user’s credentials could be exposed and misused.
Digital Content Protection
As consuming content on-the-go becomes more popular, there is a need to protect the content, data, passwords and payment details stored on portable devices from being exploited. A good example of this would be music content.
A vehicle is packed with electronics, some of which require authentication to operate or access data, such as the hardware security module (HSM), door locks, infotainment or V2X communications. It’s important these are protected from physical attacks.
Medical devices and wearables (for example glucose monitors) can hold sensitive personal information including heart metrics, blood types and other data. It’s important that this data is protected.
Devices that hold details about our identity (including smart cards, secure access devices and passports) can be incredibly valuable to an attacker.
Want to know more about security on Arm? Talk to an expert about the right security solution for you.