By Brian Santo, contributing writer
Arm has introduced a security platform for IoT applications that consists of an operating system (OS) for its embedded processors and a cloud-based service for connecting IoT devices that run the new OS. These are complemented by the company’s first Cortex microprocessor that sports security circuitry adapted from the company’s line of secure processors.
IoT security is, too far often, an oxymoron. Recently, it was discovered that commands that are inaudible to humans but clearly detectable by voice-activated personal assistants can be hidden in streams of music, allowing hackers to hijack, for example, Amazon’s Alexa, Apple’s Siri, and Google’s Assistant, according to The New York Times .
The Cortex-M35P is Arm’s first processor in the Cortex-M family with designed-in tamper resistance. Source: Arm.
OEMs that strive to make their IoT devices secure can fail to anticipate the ingenuity of hackers or otherwise stumble when it comes to building in security. Most lack adequate security expertise, and many manufacturers don’t even try to add security. The point of some IoT devices is that they are cheap and plentiful, and adding security adds cost.
Some organizations who might be interested in deploying IoT applications instead steer clear for a variety of reasons, prominent among them the lack of security, Arm notes.
Part of the problem is that there are so very many attack vectors. Some of the most damaging have exploited default passwords (Mirai is one example), while others involve malware. These attacks are at the software level, but there are physical attacks as well.
Physical attacks fall into two main categories, according to Paul Williamson, vice president and general manager of Arm’s IoT Device IP Line of Business: “invasive attacks, requiring (at least) chip de-packaging, and non-invasive attacks — for example, close-proximity side-channel attacks (SCA), which gain information through unintended side channels stemming from the silicon implementation (for example, through observing the chip’s power consumption or electromagnetic field emission during a cryptographic operation),” he wrote in his introduction to the new Cortex processor with integrated security.
Semiconductor suppliers including (but not limited to) Arm, Intel, and Qualcomm have long been aware of all of this and have been developing chip-level security measures that would fit into security ecosystems that would also encompass software and networking protections.
Last year, Arm published a manifesto on IoT security (download it here ) in which it detailed how a holistic approach to security should work.
Putting into practice what it has been preaching, Arm introduced its Cortex-M35P, the first Cortex processor to integrate the anti-tamper technology that the company designed for its Arm SecurCore processors, which have been commonly used in smartcards and credit cards.
The new Cortex model also includes Arm TrustZone technology, which the company said enables designers to embed multi-layered payment or telecom-certified security at the core of any device. The Cortex-M35P is available with an optional tamper-resistant package.
Arm proposes that its secure ICs be used in conjunction with its security platform, which it calls Mbed. The Mbed Operating System is an open-source OS containing a core, security, and several IoT networking and communication technologies.
IoT devices built around Arm processors running the Mbed OS are to be connected with others through Mbed Cloud, which the company designed to provide secure and scalable IoT device management for any device via any network and any cloud. Mbed TLS is an option that allows designers to easily add Transport Secure Layer (TLS) capabilities to their products. The offering is rounded out with a set of development tools.
Arm said that Mbed is supported by 80 contributing partners, including IBM, which isbridging the Mbed Cloud with IBM Watson IoT Platform . Arm explained that with the integration with Watson IoT, users can manage, provision, and update firmware over the air for their IoT devices through Mbed Cloud.
Arm has also agreed to integrate Mbed Cloud with Cybertrust and GlobalSign , two companies that specialize in identify certificates, to provide flexible security authentication for IoT devices.
“Security is no longer optional,” said Williamson.
Learn more about Electronic Products Magazine