New ARM Technologies for a More Secure IoT - 2017 Arm · PDF file ·...
Transcript of New ARM Technologies for a More Secure IoT - 2017 Arm · PDF file ·...
Title 44pt Title Case
Affiliations 24pt sentence case
20pt sentence case
New ARM technologies for a more secure IoT
Neil Parris
ARM Tech Symposia
Director of Marketing, Interconnect Products
November 2016
© ARM 2016 2
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Agenda
IoT security
Implementing secure embedded systems
CoreLink SIE-200 – System IP for
Embedded ARMv8-M designs
TrustZone CryptoCell-312
CoreLink SSE-200 – TrustZone enabled
SubSystem for Embedded
© ARM 2016 3
Text 54pt Sentence Case IoT security
© ARM 2016 4
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Different Types of Security
Device management
Monitoring Device integrity
Asset protection
Data Security
Physical Security
Future-proofing
Device security
Communications security
Lifecycle security
Link encryption
Authentication
Anonymity/Confidentiality
© ARM 2016 5
Text 54pt Sentence Case Implementing secure embedded systems
© ARM 2016 6
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
TrustZone: A comprehensive security foundation
Security separation with TrustZone
Isolate trusted resources from non-trusted
Reduce attack surface of key components
Trusted software
Crypto TRNG
Security throughout the system
Software, CPU, interconnect, memory and
peripherals
Trusted hardware
Fortified security for entire device lifecycle
Non-trusted
Trusted
Trusted hardware Secure
system
Secure
storage
© ARM 2016 7
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Bringing TrustZone protection to the system
Secure the system, secure the processor
Hardware separation and isolation
Protect memories, peripherals, legacy IP
AMBA 5 AHB5 bus protocol
Signals security through the interconnect
Complementary to ARMv8-M
Optimized for embedded systems
Fewer wires saves area and power
Hardware protection simplifies software
Non-trusted
peripheral B
Trusted
peripheral A Flash
AMBA AHB5 compliant interconnect
SRAM
CPU
Non-
trusted
DMA
Trusted region Non-trusted region
© ARM 2016 8
Text 54pt Sentence Case CoreLink SIE-200 System IP for Embedded
© ARM 2016 9
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
CoreLink SIE-200: Extending security to the system
Simplify the design of a secure system
Designed and verified with latest ARMv8-M
processors
Library of AMBA 5 AHB5 components
Implements system wide hardware security
Configurable to enabled tailored IoT solutions
Reduce design time with IP re-use
Secure existing AHB and APB peripherals
Accelerate deployment of ARMv8-M SoCs with TrustZone compatible system IP
© ARM 2016 10
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Flash
AMBA AHB5 Bus Matrix with TrustZone
SRAM
Legacy AHB
Non-secure
Master
AHB5
Protection
Controller
Memory
Protection
Controller
APB
Protection
Controller
Security
Wrapper
Memory
Protection
Controller
AHB
Peripherals
APB
Peripherals
Clock Bridge
AHB5
Master CPU
CoreLink SIE-200: System IP for embedded
Trusted region Non-trusted region
Scalable and configurable Full AHB5 support
Parallel transactions for
highest performance
Protect code and data Protect software IP
Programmable regions for
multiple applications
Protect peripherals Re-use existing peripherals
Programmable at run-time
Integrate legacy IP Re-use and secure existing
IP in AHB5 systems
Minimize power Flexible clock and power
domains save energy
Library of AHB5 IP Lightweight & low latency
CoreLink SIE-200
© ARM 2016 11
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
TrustZone AHB5 memory protection controller
Programmable
Dynamic allocation of trusted and non-trusted
regions
Configurable protection block sizes
From 32B to 1MB
Provides device security
Asset protection – data and code
Data security and privacy
Programmable response on illegal access
Decode error response
Secure error interrupt
AHB5 Slave Interface
AHB5 Master Interface
Security Check
Memory
Lookup Table
Trusted
APB programming
interface
Trusted
secure error
interrupt
Memory Controller
AHB5 System
© ARM 2016 12
Text 54pt Sentence Case TrustZone CryptoCell-312
© ARM 2016 13
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
TrustZone CryptoCell-312: Fortified device security
10x faster cryptography* performance
drives improved energy efficiency
Easy to integrate, silicon proven.
Software and tools included
* when compared to SW only operations on cryptography tasks
Enabling a full set of security services
over deeply embedded form factors
© ARM 2016 14
Text 54pt Sentence Case CoreLink SSE-200 TrustZone enabled Subsystem for Embedded
© ARM 2016 15
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
CoreLink SSE-200: A complete HW/SW subsystem
A foundation you can trust
Integrated hardware and software system
Fully verified
Configurable and extendable
© ARM 2016 16
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
The fastest and lowest-risk path to secure silicon
A validated subsystem
Security architecture
Optimized for low power
Easy to integrate with your
own IP
Development support
Fast model for SW
FPGA platform
Socrates tools for system
expansion
© ARM 2016 17
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
CoreLink SSE-200 subsystem
CoreLink SSE-200 subsystem block diagram
Cordio
radio (digital part)
Embedded or
External Flash
Cortex-M33
Flash controller
APB bridge
APB peripherals
Multi-layer AHB5 interconnect
Instruction cache
TrustZone
CryptoCell
• DMA • HW acceleration • Other radios • Peripherals • ADC/DACs • Interfaces (SPI, I2C,
SDIO,…) • …
Master/Slave
Cordio RF
Always-on domain
TrustZone protection
TrustZone protection
AHB5 expansion ports
Non-ARM IP
ARM CoreLink SSE-200 IP
Other ARM IP
AHB5 code interface
Cortex-M33
Instruction cache
TCM
TrustZone filters
Power Control
TrustZone Filters
Secure debug
CoreSight
SoC
Options
TrustZone protection
SRAM Control
System
SRAM
© ARM 2016 18
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
A ready-to-use software framework
Integration of
Libraries, drivers
Protocol stack
mbed OS
Verification at the system level
Different targets
Fast Model
FPGA board
Distributed as open-source
© ARM 2016 19
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Fast track to mbed OS ecosystem
Partner
components/ports
mbed OS
components
mbed OS Communication Security
mbed OS
Connectivity
mbed OS
device security
Hardware interfaces
ARM CoreLink SSE-200
HW Crypto Sensors Radio
mbed uVisor
Update trusted library
mbed OS
Core CMSIS-RTOS RTX
mbed OS API
Application code mbed OS libraries
Events Threads
Peripheral HAL
BLE
stack
BLE
HCI
802.15.4
MAC
mbed
nanostack
Thread
6LoWPAN
IP stack
WiFi
Eth
MAC
WiFi
stack
Ethernet
Sockets
BLE
Peripheral drivers
CMSIS-Core
Profiles
Provision trusted library
mbed Transport Layer Security Crypto trusted library
mbed
Cloud
Client
Connect client
Provision client
Update client
TrustZone for ARMv8-M
Peripherals
Cloud client infrastructure
Trusted HAL
Trusted drivers
Root of Trust
Secu
rity
APIs
Secure storage
mbed OS
200K developers
2016
60K developers
2014
CoreLink SSE-200
software integration
© ARM 2016 20
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Build your ARMv8-M system on FPGA
Evaluation and prototyping
IoT subsystem on FPGA
Rapid software and hardware development
Used by software and tools ecosystem partners
Expandable
Large FPGA for user logic
Arduino shield adapter
IO expansion
Debug connectors
Demo on ARM booth!
© ARM 2016 21
Text 54pt Sentence Case Conclusion
© ARM 2016 22
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Tackling the security challenges of IoT
Lifecycle security mbed Cloud and mbed Cloud client
CryptoCell lifecycle management
Communications security mbed TLS
CryptoCell encryption/authentication
Device security TrustZone technology
Subsystem and system IP to build secure SoCs
mbed uVisor
CryptoCell secure storage
© ARM 2016 23
Title 40pt Title Case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Creating a secure IoT is everyone’s responsibility
Need to get security foundation right
Secure processor
Secure system
Secure software
ARM IP is available to implement it
TrustZone technology
TrustZone CryptoCell
CoreLink System IP and Subsystem
mbed OS
ARM solution helps you get to market fast
The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited
(or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be
trademarks of their respective owners.
Copyright © 2016 ARM Limited