Layered Security for the Next One Trillion Devices

Arm technologies are in billions of devices today, a number we expect to see grow to over a trillion. Achieving this vision calls for a symbiotic relationship between hardware and software, where security is no longer an afterthought. The Arm Platform Security Architecture guides partners through the complex world of security design, which when paired with Arm’s security portfolio, allows partners to deploy the security level that best matches their application needs. Achieving layered security involves implementing technologies, processes and measures designed to protect systems, networks, and data from a range of attacks and a broad spectrum of vulnerabilities. Why? Because your device is only as strong as your weakest link - a single vulnerability could compromise an entire device.

 

What vulnerabilities do I need to consider?

 

As the appetite for exploiting security flaws intensifies, so does the broad spectrum of vulnerabilities. It’s important to consider each type of vulnerability and how these could impact your system. At Arm we split the types of vulnerability into four areas: communication, physical, lifecycle and software.

Communication Vulnerabilities

IoT is about connectivity, which means the device sends messages back to a server, and an attacker can try multiple means to intercept, spoof or disrupt those messages. Best-practice cryptographic defenses must match the increasing value of the assets they communicate.

Physical Vulnerabilities

Silicon attacks are often split into two categories: non-invasive and invasive. Non-invasive (side-channel) try to observe the chip in different ways to gain information. They may use perturbation techniques for example, altering the power supply voltage, or interfering with electromagnetic signatures. Invasive techniques involve opening the chip to probe or modify part of the passivation layer. 

Lifecycle Vulnerabilities

A device changes hands many times from factory to user, to maintenance and to end of life. We must protect the integrity of the device as it goes through this cycle: is the object repairable, who is repairing it, how is confidential data handled? It also addresses the response to unplanned or forbidden paths, such as theft, overages, or Wi-Fi changes. 

Software Vulnerabilities

These are the most common attacks where someone finds a way of using existing code to get access to restricted resources. It could be due to a software bug or to unexpected call sequences that are open to whole classes of exploits.

Counter-Measures

Selecting the security products required for a device requires careful analysis to identify the level of threat, considering all four types of vulnerability. Sometimes it is hard to know where to start, which is why we created the Arm Platform Security Architecture (PSA) - a framework to secure devices from the ground up. PSA uses three key stages: analyze, architect and implement, that identify threats to a system and which counter-measures should be implemented. Below you will see the wide spectrum of counter-measures from Arm and how they can help you to counter a wide variety of vulnerabilities.

Cryptography
(Communication attacks)
Security Services
(Lifecycle attacks)
Isolation
(Software attacks)                
Tamper mitigation and side-channel attack mitigation (Physical attacks)
Counter-measure  Pelion IoT Platform Pelion IoT Platform Trustzone for Armv8-A SecurCore SC300

SecurCore SC000


CryptoCell-300

CryptoCell-700 

CryptoCell-300

CryptoCell-700

Trustzone for Armv8-M Cortex-M35P

CryptoIsland CryptoIsland TEE Arm security IP with side-channel attack mitigation


CoreLink SDC-600
CMSIS-Zone Arm Keil MDK

CryptoCell-312P

Arm Solutions

Our IP extends across the system with processors and subsystem protection (both hardware and software), as well as acceleration and offloading, fitting together seamlessly for layered protection.

The Perfect Starting Point: Arm Platform Security Architecture

The Arm Platform Security Architecture (PSA) is the framework for securing the next one trillion connected devices and systems, from chip to cloud, rallying the entire ecosystem to adopt a common security best practice. PSA calls for a consistent standard of security designed-in to both the hardware and firmware of all devices, guiding you through the process regardless of security expertise.

Bringing a Secure SoC to Market

Developers of IoT devices have a lot to consider and a key part of this is designing the right SoC. This requires a lot of moving parts: considering security, trust, power, performance and area constraints, plus scalable compute and connectivity to the cloud. Arm IoT frameworks accelerate time-to-security for SoC designers, device makers and developers by building on the principles of Platform Security Architecture and providing the powerful toolboxes they need to build their next system.

Security Counter-Measures
Arm TrustZone

Offering protection against software attacks with isolation and a device root of trust

TrustZone is a system-on-chip (SoC) and CPU system-wide approach to security, helping to isolate and protect secure hardware, software and resources. TrustZone is hardware-based security built into SoCs by semiconductor chip designers, then used by software developers. The family of TrustZone technologies can be integrated into any Arm Cortex-A and the latest Cortex-M based systems, whether it’s establishing a trusted foundation for a high-performance experience or enabling authentication on the smallest embedded device.

Arm CryptoCell Family

Offering protection against communication and lifecycle attacks

Arm CryptoCell enables the protection of assets (code and data) belonging to different stakeholders in an ecosystem (for example, silicon vendor, OEM, service provider, user). CryptoCell enables SoC designers to trade off area, power, performance or robustness in a very flexible approach so SoC designs can be optimized to achieve the most appropriate security level for the target market.

Arm CryptoCell Family

Offering protection against communication and lifecycle attacks

Arm CryptoCell enables the protection of assets (code and data) belonging to different stakeholders in an ecosystem (for example, silicon vendor, OEM, service provider, user). CryptoCell enables SoC designers to trade off area, power, performance or robustness in a very flexible approach so SoC designs can be optimized to achieve the most appropriate security level for the target market.

The Enhanced Suite of Physical Security IP

Offering protection against physical security and close proximity attacks

There is no doubt that chip-based physical attacks are becoming easier and more dangerous. Arm provides a suite of security IP to guard the SoC on several fronts, including:

Arm TrustZone Security System IP

Arm also has a range of Security System IP, including: the TrustZone Random Number Generator, TrustZone Full Disk Encryption and TrustZone Address Space Controllers.

Pelion IoT Platform

The Pelion IoT Platform is a flexible, secure, and efficient foundation spanning connectivity, device, and data management. It accelerates the time to value of your IoT deployments by helping you easily connect trusted IoT devices on global networks, invisibly administer them, and extract real-time data from them to drive competitive advantage.

Talk with an Expert

 As long as there is value in controlling a device or accessing its data, there will be a constant battle against potential attackers. Talk with an Arm expert to learn more about security technologies that can be designed into devices.

Contact Us
Arm Security Survey
We asked 1,200 tech sector workers
what they thought about security

Sixty-seven percent (67%) thought most technology companies
did not regard security as fundamental. Arm believes this is a problem.

See other survey results

Protect Your Data Platforms from the Next Wave of Cybercrime

The latest Arm Security Manifesto 2018 shows a disturbing trend in the continuing rise of cybercrime, particularly vast armies of attack bots and elaborate global security offensives. Yet industry is under pressure to simplify IoT, even as the numbers of IoT devices and data streams multiply by billions every year.

Download 2018 Manifesto