SlideShare a Scribd company logo

Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304

Download as PPTX, PDF
Linaro, profile picture
Linaro

The document discusses the importance of a hardware root of trust (RoT) in securing IoT devices against various cyber threats and attacks. It outlines different models of RoT, their applications across various sectors, and the importance of tailored security solutions based on specific market constraints. Key takeaways emphasize that a one-size-fits-all approach is inadequate and that enhanced RoT options can effectively address security issues in IoT environments.

Technology
1 of 28
Downloaded 103 times
1
2
Most read
3
4
5
6
Most read
7
8
9
10
11
12
13
Most read
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
© 2017 Arm Limited© 2017 Arm Limited Demystifying Security Root of Trust Suresh Marisetty Security Solutions Architecture IoT Device Security Summit
© 2017 Arm Limited22 Agenda • The Landscape • Problem Statement • What’s RoT? • RoT Models • Beyond RoT • IoT Offerings • Conclusion
© 2017 Arm Limited33 Connected IoT Devices – Everywhere And more … Security camera
© 2017 Arm Limited Problem Statement
© 2017 Arm Limited55 Robustness Against Malicious Attacks  The three fundamental elements of security  Confidentiality  Integrity  Availability  Others  Non-Repudiation  Authentication
© 2017 Arm Limited66 Security: Threats, Attacks and Defenses Communication Attacks  Man In The Middle  Weak RNG  Code vulnerabilities Software Attacks  Buffer overflows  Interrupts  Malware Physical Attacks  Fault injection: clock or power glitch, alpha ray  Side channel analysis  Probing, FIB Life Cycle Attacks  Code downgrade  Integrity vulnerabilities  Factory Oversupply Defences Threat Focus: Hardware enforced Defences: • Scalable Software Attacks • Low Cost Hardware tampering • Economically Viable Attacks
© 2017 Arm Limited Hardware Enforced Root of Trust (RoT)
© 2017 Arm Limited88 Generic IoT Security Requirements Automotive •Unique device identity provisioning •Secure boot •FOTA update •Secure debug •IP config/feature provisioning •IP protection/secure firmware validation •Data integrity •IP protection and anti-counterfeiting •Right to repair •User data confidentiality •DRM Healthcare •Unique device identity provisioning •Secure boot •FOTA update •Secure debug •Secure HW key storage •IP protection and anti-counterfeiting •IP config/feature provisioning •Data integrity •Data Privacy (HIPPA) •Functional safety (actuators) Industrial •Unique device identity provisioning •Secure boot •FOTA update •Secure debug •Facility ops •Secure video monitoring •Telematics/fleet management •Data Integrity •IP protection and anti-counterfeiting •IP config/feature provisioning •Functional safety Wearables •Unique device identity provisioning •Secure boot •FOTA update •Secure debug •User data confidentiality •Data integrity •IP protection and anti-counterfeiting Home •Unique device identity provisioning •Secure boot •FOTA update •Secure debug •Privacy and data confidentiality •Data integrity •IP protection and anti-counterfeiting •IP config/feature provisioning ?
© 2017 Arm Limited99 Initial Root of Trust & Chain of Trust Provisioned keys/certs Initial Root of Trust: Dependable Security functions Extended Root of Trust e.g. TrustZone based TEE Trusted Apps/Libs RTOS Apps OS/RTOS Trusted Software TrustZone Extended Root of Trust iROT TrustZone CryptoCell Keys
© 2017 Arm Limited1010 Basic Security Requirement – Root of Trust  Embedded Boot ROM with the initial code needed to perform a Secure system boot in a secure environment – Initial boot block (aka IBB)  IBB executed by a trusted hardware engine by design  Execution environment fully contained to prevent altering of the boot flow  Crux of the Problem - One size does not fit all… • Different market segments with various constraints: Cost, Power, Latency, Performance, etc. • IoT end point device constraints dictate the packaged solution
© 2017 Arm Limited1111 Secure Boot – Assured Software Integrity FLOW:  Chain of trust starts with initial boot block (IBB) that is immutable  IBB is a trusted entity owned by Si Vendor and/or OEM  All software images beyond IBB are digitally signed  X.509 certificate is industry standard based on PKI (RSA or ECC)  IBB hash-verifies the first image that is loaded  Each subsequent image is hash verified by the prior to establish a chain of trust .. 1 2 3
© 2017 Arm Limited1212 Primer - Trusted Platform Module (TPM) Overview  Standard defined by the Trusted Computing Group  Availability  Hardware chip currently in 100+M laptops  HP, Dell, Sony, Lenovo, Toshiba,…  HP alone ships 1M TPM-enabled laptops each month  Core functionality  Secure storage  Platform integrity reporting  context for this discussion….  Platform authentication
© 2017 Arm Limited1313 Measured Boot – Software Integrity Measurement FLOW:  Chain of trust starts with IBB that is immutable  All software images beyond IBB is dynamically measured at boot time  SHA-1 or SHA-2 Computation/Measurement recorded in TPM PCR  Each subsequent image is measured to produce a combined hash chain value  Changes in the executing code can be detected by comparing measurement of executing code against golden recorded value  The measurements themselves must be protected from undetected manipulation .. 1 2 3
© 2017 Arm Limited1414 Secure vs. Measured Boot – Same End Goal Attribute Secure Boot Measured Boot Software Integrity Assured Assured Static Root of Trust for measurement Applies Applies Digitally Signed Software/Firmware Images Yes No HW RoT in SoC Required Required Core Root of Trust Immutable boot code in ROM Immutable boot code in ROM TPM Required No Yes
© 2017 Arm Limited RoT Models
© 2017 Arm Limited1616 Wide Applications Constrained Applications Secure Smart lock Ultra efficient Smart bandage Safe Medical Nanorobot Ubiquitous Asset tracking A M J A M J Engine Control Airbag Actuator Power Steering (EPS) Transmission Stability Control (ESC) Sensor Cluster GatewayIVI/Head Unit (V2X) Body EVITA FULLEVITA MediumEVITA Light HSM Security Level Diverse IoT Endpoints – No One Size HW RoT Fits All Within IoT Device – Diverse Function Endpoints Diverse Security Requirements
© 2017 Arm Limited1717 RoT – Myriad of Options Key Options • No Explicit RoT • TrustZone RoT • SE RoT • SE w/ TrustZone RoT More Robust Less Robust Higher Cost Lower Cost PE, No SE or TrustZone (1)** Single PE with TrustZone (2) Non- TrustZone PE + Non- TrustZone SE (2) TrustZone PE + TrustZone SE (4) TZ PE + Non- TrustZone SE (3) Non- TrustZone PE + TrustZone SE (3) Security Enclave RoT Standard RoT Enhanced SE RoT Enhanced App CPU + Enhanced SE RoT Enhanced App CPU + standard SE RoT (x) no. layers of security No Explicit RoT ** Hardware state-machine or CPU microcode extensions
© 2017 Arm Limited1818 What’s New? – TrustZone Extended to MCU-Family Increased Root of Trust Robustness non-trusted trusted  Confidentiality of SiP SW IP  Confidentiality of 3rd parties SW IP trusted drivers trusted hardware valuable firmware  Sandboxing trusted drivers trusted hardware certified OS / functionality trusted drivers trusted hardware trusted software crypto TRNG trusted hardware secure system secure storage Motivation – Address IoT Device Robustness Requirement
© 2017 Arm Limited Foundation - RoT
© 2017 Arm Limited2020 Beyond RoT – Basis for Secure/Protected Partitions RoT Secure Partition Isolation Dependency No Explicit Memory Management MPU and MMU - Hypervisor TrustZone Hardware Enforced Secure and Non-Secure Worlds with multiple protected partitions Security Enclave (SE) Secure Container with Secure Monitor or RTOS TrustZone PE and Security Enclave Two mechanism co-exist, more flexibility, more complexity Security Enclave with TrustZone Highest level of robustness with multiple secure partitions
© 2017 Arm Limited2121 Security by Separation  Protect sensitive assets (keys, credentials and firmware) by separation from the application firmware and hardware  Define a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources  The Non-secure Processing Environment (NSPE) runs the application firmware  Use a secure boot process so only authentic trusted firmware runs in the SPE  Install the initial keys and firmware securely during manufacture Platform hardware Secure partition manager Device management Application Non-secure processing environment (NSPE) Secure processing environment (SPE) Secure boot Root of Trust keys RTOS
© 2017 Arm Limited IoT Offerings
© 2017 Arm Limited2323 Cortex-M33: Security for Diverse IoT Usages Security foundation  System-wide security with TrustZone technology Extensible compute  Co-processor interface for tightly-coupled acceleration Enhanced memory protection  Easy to program  Dedicated protection for both secure and non-secure states 32-bit processor of choice  Optimal balance between performance and power  20% greater performance than Cortex-M4  With TrustZone, same energy efficiency as Cortex-M4 Enhanced & secure debug  Security aware debug  Simplified firmware development Digital signal control  Bring DSP to all developers  FPU offering up to 10x performance over software
© 2017 Arm Limited2424 Cortex-M23: Security for Ultra Low-Power IoT Enhanced capability  Increased performance  Multi-core system support  240 interrupts  Hardware stack checking Security foundation  System wide security with TrustZone technology Ultra-high efficiency  Flexible sleep modes  Extensive clock gating  Optional state retention Enhanced & secure debug  Security aware debug  Simplified firmware development  Includes embedded trace macrocell Enhanced memory protection  Easy to program  Dedicated protection for both secure and non-secure states Smallest area, lowest power  With TrustZone, same energy efficiency as Cortex-M0+
© 2017 Arm Limited2525 Example RoT Models – ARM SoC Solutions RoT - SE  +Dedicated secure CPU  + RoT within an isolated subsystem  No Reliance on TrustZone for SE RoT  RoT- TrustZone {Client,M}  Reliant on TrustZone for RoT  Other
© 2017 Arm Limited Summary
© 2017 Arm Limited2727 Take Away – Executive Summary  Hardware RoT is a fundamental requirement for any type of secure device  Extend RoT functionality for isolated and secure partitions to assure robustness against attacks  Security Enclave (aka HSM) option can be implemented to increase robustness against attacks  Many end point connected devices exist with inherent constraints  High to low cost – enterprise servers to disposable devices  High to low power consumption – wall plugged to harvested power devices  One size does not fit all – one RoT Model insufficient  Use case, device protection profile, cost and power constraints will dictate the chosen model  M-Class TrustZone assist now allows flexible RoT solution choices across IoT  Full range of solutions with preferred security robustness is possible  Address global/national security issue of IoT robustness with enhanced RoT option – Ex: Mirai botnet
© 2017 Arm Limited2828 Q & A

More Related Content

PDF
ELC21: VM-to-VM Communication Mechanisms for Embedded
Stefano Stabellini
 
PDF
KVM tools and enterprise usage
vincentvdk
 
PDF
Contemporary Linux Networking
Maximilan Wilhelm
 
PDF
ISSCC 2018: "Zeppelin": an SoC for Multi-chip Architectures
AMD
 
PDF
Review of QNX
Robert-Emmanuel Mayssat
 
PDF
Q4.11: ARM Architecture
Linaro
 
PDF
NetBox as the Source of Truth for Cisco NSO Configurations
Hank Preston
 
PDF
Scaling Apache Pulsar to 10 Petabytes/Day - Pulsar Summit NA 2021 Keynote
StreamNative
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
Stefano Stabellini
 
KVM tools and enterprise usage
vincentvdk
 
Contemporary Linux Networking
Maximilan Wilhelm
 
ISSCC 2018: "Zeppelin": an SoC for Multi-chip Architectures
AMD
 
Review of QNX
Robert-Emmanuel Mayssat
 
Q4.11: ARM Architecture
Linaro
 
NetBox as the Source of Truth for Cisco NSO Configurations
Hank Preston
 
Scaling Apache Pulsar to 10 Petabytes/Day - Pulsar Summit NA 2021 Keynote
StreamNative
 

What's hot (20)

PDF
AMD EPYC™ Microprocessor Architecture
AMD
 
PDF
Using eBPF for High-Performance Networking in Cilium
ScyllaDB
 
PDF
Qemu device prototyping
Yan Vugenfirer
 
PDF
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
PDF
Xen in Safety-Critical Systems - Critical Summit 2022
Stefano Stabellini
 
PPTX
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APU
AMD
 
PDF
Linux : PSCI
Mr. Vengineer
 
PDF
Cisco Firepower Next-Generation Firewall (NGFW).pdf
TaherAzzam2
 
PDF
The Path to "Zen 2"
AMD
 
PPTX
“Zen 3”: AMD 2nd Generation 7nm x86-64 Microprocessor Core
AMD
 
PDF
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Stefano Stabellini
 
PPTX
NSX-T Architecture and Components.pptx
Atif Raees
 
PDF
[오픈소스컨설팅] 서비스 메쉬(Service mesh)
Open Source Consulting
 
PDF
LCU13: An Introduction to ARM Trusted Firmware
Linaro
 
PDF
Anthos
Meena Sambamurthy
 
PDF
Cisco IOS XRv Router Installation and Configuration Guide
Salachudin Emir
 
PDF
Performance Analysis Tools for Linux Kernel
lcplcp1
 
PPTX
Real-world 802.1X Deployment Challenges
Aruba, a Hewlett Packard Enterprise company
 
PPT
GPU Virtualization in Embedded Automotive Solutions
GlobalLogic Ukraine
 
PDF
Netmcr 40 - Salt + Netbox + Vyos = Network Automation + Routing Security
Faelix Ltd
 
AMD EPYC™ Microprocessor Architecture
AMD
 
Using eBPF for High-Performance Networking in Cilium
ScyllaDB
 
Qemu device prototyping
Yan Vugenfirer
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Xen in Safety-Critical Systems - Critical Summit 2022
Stefano Stabellini
 
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APU
AMD
 
Linux : PSCI
Mr. Vengineer
 
Cisco Firepower Next-Generation Firewall (NGFW).pdf
TaherAzzam2
 
The Path to "Zen 2"
AMD
 
“Zen 3”: AMD 2nd Generation 7nm x86-64 Microprocessor Core
AMD
 
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Stefano Stabellini
 
NSX-T Architecture and Components.pptx
Atif Raees
 
[오픈소스컨설팅] 서비스 메쉬(Service mesh)
Open Source Consulting
 
LCU13: An Introduction to ARM Trusted Firmware
Linaro
 
Anthos
Meena Sambamurthy
 
Cisco IOS XRv Router Installation and Configuration Guide
Salachudin Emir
 
Performance Analysis Tools for Linux Kernel
lcplcp1
 
Real-world 802.1X Deployment Challenges
Aruba, a Hewlett Packard Enterprise company
 
GPU Virtualization in Embedded Automotive Solutions
GlobalLogic Ukraine
 
Netmcr 40 - Salt + Netbox + Vyos = Network Automation + Routing Security
Faelix Ltd
 
Ad

Similar to Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304 (20)

PDF
BKK16-200 Designing Security into low cost IO T Systems
Linaro
 
PPTX
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
armmbed
 
PDF
Software development in ar mv8 m architecture - yiu
Arm
 
PPTX
Symposium on Securing the IoT - Security is the future of IoT - mbed
Austin Blackstone
 
PPTX
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
 
PDF
A practical approach to securing embedded and io t platforms
Arm
 
PPTX
LAS16-203: Platform security architecture for embedded devices
Linaro
 
PDF
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
L. Duke Golden
 
PDF
Kl iot cebit_dg_200317_finalmktg
L. Duke Golden
 
PPTX
RISC-V 30906 hex five multi_zone iot firmware
RISC-V International
 
PPTX
Why TPM in Automotive?
Alan Tatourian
 
PDF
Confidential compute with hyperledger fabric .v17
LennartF
 
PDF
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
amber724300
 
PDF
HKG18-212 - Trusted Firmware M: Introduction
Linaro
 
PPTX
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Honeywell
 
PDF
BKK16-110~---3892hnfi2r8ru94jofmcw8ujd.pdf
satyabratmallaBujarb
 
PDF
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
PDF
Standardizing the tee with global platform and RISC-V
RISC-V International
 
PPTX
The Future of Embedded and IoT Security: Kaspersky Operating System
Kaspersky Lab
 
PDF
Z111806 strengthen-security-sydney-v1910a
Tony Pearson
 
BKK16-200 Designing Security into low cost IO T Systems
Linaro
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
armmbed
 
Software development in ar mv8 m architecture - yiu
Arm
 
Symposium on Securing the IoT - Security is the future of IoT - mbed
Austin Blackstone
 
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
 
A practical approach to securing embedded and io t platforms
Arm
 
LAS16-203: Platform security architecture for embedded devices
Linaro
 
Next Generation Embedded Systems Security for IOT: Powered by Kaspersky
L. Duke Golden
 
Kl iot cebit_dg_200317_finalmktg
L. Duke Golden
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V International
 
Why TPM in Automotive?
Alan Tatourian
 
Confidential compute with hyperledger fabric .v17
LennartF
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
amber724300
 
HKG18-212 - Trusted Firmware M: Introduction
Linaro
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Honeywell
 
BKK16-110~---3892hnfi2r8ru94jofmcw8ujd.pdf
satyabratmallaBujarb
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Standardizing the tee with global platform and RISC-V
RISC-V International
 
The Future of Embedded and IoT Security: Kaspersky Operating System
Kaspersky Lab
 
Z111806 strengthen-security-sydney-v1910a
Tony Pearson
 
Ad

More from Linaro (20)

PDF
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Linaro
 
PDF
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Linaro
 
PDF
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Linaro
 
PDF
Bud17 113: distribution ci using qemu and open qa
Linaro
 
PDF
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
Linaro
 
PDF
HPC network stack on ARM - Linaro HPC Workshop 2018
Linaro
 
PDF
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
Linaro
 
PDF
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro
 
PDF
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Linaro
 
PDF
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Linaro
 
PDF
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
PDF
HKG18-100K1 - George Grey: Opening Keynote
Linaro
 
PDF
HKG18-318 - OpenAMP Workshop
Linaro
 
PDF
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
PDF
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
Linaro
 
PDF
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Linaro
 
PDF
HKG18-TR08 - Upstreaming SVE in QEMU
Linaro
 
PDF
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 
PPTX
HKG18-120 - Devicetree Schema Documentation and Validation
Linaro
 
PPTX
HKG18-223 - Trusted FirmwareM: Trusted boot
Linaro
 
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Linaro
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Linaro
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Linaro
 
Bud17 113: distribution ci using qemu and open qa
Linaro
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
Linaro
 
HPC network stack on ARM - Linaro HPC Workshop 2018
Linaro
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
Linaro
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Linaro
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-100K1 - George Grey: Opening Keynote
Linaro
 
HKG18-318 - OpenAMP Workshop
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
Linaro
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Linaro
 
HKG18-TR08 - Upstreaming SVE in QEMU
Linaro
 
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 
HKG18-120 - Devicetree Schema Documentation and Validation
Linaro
 
HKG18-223 - Trusted FirmwareM: Trusted boot
Linaro
 

Recently uploaded (20)

PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
PPTX
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 

Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304

  • 1. © 2017 Arm Limited© 2017 Arm Limited Demystifying Security Root of Trust Suresh Marisetty Security Solutions Architecture IoT Device Security Summit
  • 2. © 2017 Arm Limited22 Agenda • The Landscape • Problem Statement • What’s RoT? • RoT Models • Beyond RoT • IoT Offerings • Conclusion
  • 3. © 2017 Arm Limited33 Connected IoT Devices – Everywhere And more … Security camera
  • 4. © 2017 Arm Limited Problem Statement
  • 5. © 2017 Arm Limited55 Robustness Against Malicious Attacks  The three fundamental elements of security  Confidentiality  Integrity  Availability  Others  Non-Repudiation  Authentication
  • 6. © 2017 Arm Limited66 Security: Threats, Attacks and Defenses Communication Attacks  Man In The Middle  Weak RNG  Code vulnerabilities Software Attacks  Buffer overflows  Interrupts  Malware Physical Attacks  Fault injection: clock or power glitch, alpha ray  Side channel analysis  Probing, FIB Life Cycle Attacks  Code downgrade  Integrity vulnerabilities  Factory Oversupply Defences Threat Focus: Hardware enforced Defences: • Scalable Software Attacks • Low Cost Hardware tampering • Economically Viable Attacks
  • 7. © 2017 Arm Limited Hardware Enforced Root of Trust (RoT)
  • 8. © 2017 Arm Limited88 Generic IoT Security Requirements Automotive •Unique device identity provisioning •Secure boot •FOTA update •Secure debug •IP config/feature provisioning •IP protection/secure firmware validation •Data integrity •IP protection and anti-counterfeiting •Right to repair •User data confidentiality •DRM Healthcare •Unique device identity provisioning •Secure boot •FOTA update •Secure debug •Secure HW key storage •IP protection and anti-counterfeiting •IP config/feature provisioning •Data integrity •Data Privacy (HIPPA) •Functional safety (actuators) Industrial •Unique device identity provisioning •Secure boot •FOTA update •Secure debug •Facility ops •Secure video monitoring •Telematics/fleet management •Data Integrity •IP protection and anti-counterfeiting •IP config/feature provisioning •Functional safety Wearables •Unique device identity provisioning •Secure boot •FOTA update •Secure debug •User data confidentiality •Data integrity •IP protection and anti-counterfeiting Home •Unique device identity provisioning •Secure boot •FOTA update •Secure debug •Privacy and data confidentiality •Data integrity •IP protection and anti-counterfeiting •IP config/feature provisioning ?
  • 9. © 2017 Arm Limited99 Initial Root of Trust & Chain of Trust Provisioned keys/certs Initial Root of Trust: Dependable Security functions Extended Root of Trust e.g. TrustZone based TEE Trusted Apps/Libs RTOS Apps OS/RTOS Trusted Software TrustZone Extended Root of Trust iROT TrustZone CryptoCell Keys
  • 10. © 2017 Arm Limited1010 Basic Security Requirement – Root of Trust  Embedded Boot ROM with the initial code needed to perform a Secure system boot in a secure environment – Initial boot block (aka IBB)  IBB executed by a trusted hardware engine by design  Execution environment fully contained to prevent altering of the boot flow  Crux of the Problem - One size does not fit all… • Different market segments with various constraints: Cost, Power, Latency, Performance, etc. • IoT end point device constraints dictate the packaged solution
  • 11. © 2017 Arm Limited1111 Secure Boot – Assured Software Integrity FLOW:  Chain of trust starts with initial boot block (IBB) that is immutable  IBB is a trusted entity owned by Si Vendor and/or OEM  All software images beyond IBB are digitally signed  X.509 certificate is industry standard based on PKI (RSA or ECC)  IBB hash-verifies the first image that is loaded  Each subsequent image is hash verified by the prior to establish a chain of trust .. 1 2 3
  • 12. © 2017 Arm Limited1212 Primer - Trusted Platform Module (TPM) Overview  Standard defined by the Trusted Computing Group  Availability  Hardware chip currently in 100+M laptops  HP, Dell, Sony, Lenovo, Toshiba,…  HP alone ships 1M TPM-enabled laptops each month  Core functionality  Secure storage  Platform integrity reporting  context for this discussion….  Platform authentication
  • 13. © 2017 Arm Limited1313 Measured Boot – Software Integrity Measurement FLOW:  Chain of trust starts with IBB that is immutable  All software images beyond IBB is dynamically measured at boot time  SHA-1 or SHA-2 Computation/Measurement recorded in TPM PCR  Each subsequent image is measured to produce a combined hash chain value  Changes in the executing code can be detected by comparing measurement of executing code against golden recorded value  The measurements themselves must be protected from undetected manipulation .. 1 2 3
  • 14. © 2017 Arm Limited1414 Secure vs. Measured Boot – Same End Goal Attribute Secure Boot Measured Boot Software Integrity Assured Assured Static Root of Trust for measurement Applies Applies Digitally Signed Software/Firmware Images Yes No HW RoT in SoC Required Required Core Root of Trust Immutable boot code in ROM Immutable boot code in ROM TPM Required No Yes
  • 15. © 2017 Arm Limited RoT Models
  • 16. © 2017 Arm Limited1616 Wide Applications Constrained Applications Secure Smart lock Ultra efficient Smart bandage Safe Medical Nanorobot Ubiquitous Asset tracking A M J A M J Engine Control Airbag Actuator Power Steering (EPS) Transmission Stability Control (ESC) Sensor Cluster GatewayIVI/Head Unit (V2X) Body EVITA FULLEVITA MediumEVITA Light HSM Security Level Diverse IoT Endpoints – No One Size HW RoT Fits All Within IoT Device – Diverse Function Endpoints Diverse Security Requirements
  • 17. © 2017 Arm Limited1717 RoT – Myriad of Options Key Options • No Explicit RoT • TrustZone RoT • SE RoT • SE w/ TrustZone RoT More Robust Less Robust Higher Cost Lower Cost PE, No SE or TrustZone (1)** Single PE with TrustZone (2) Non- TrustZone PE + Non- TrustZone SE (2) TrustZone PE + TrustZone SE (4) TZ PE + Non- TrustZone SE (3) Non- TrustZone PE + TrustZone SE (3) Security Enclave RoT Standard RoT Enhanced SE RoT Enhanced App CPU + Enhanced SE RoT Enhanced App CPU + standard SE RoT (x) no. layers of security No Explicit RoT ** Hardware state-machine or CPU microcode extensions
  • 18. © 2017 Arm Limited1818 What’s New? – TrustZone Extended to MCU-Family Increased Root of Trust Robustness non-trusted trusted  Confidentiality of SiP SW IP  Confidentiality of 3rd parties SW IP trusted drivers trusted hardware valuable firmware  Sandboxing trusted drivers trusted hardware certified OS / functionality trusted drivers trusted hardware trusted software crypto TRNG trusted hardware secure system secure storage Motivation – Address IoT Device Robustness Requirement
  • 19. © 2017 Arm Limited Foundation - RoT
  • 20. © 2017 Arm Limited2020 Beyond RoT – Basis for Secure/Protected Partitions RoT Secure Partition Isolation Dependency No Explicit Memory Management MPU and MMU - Hypervisor TrustZone Hardware Enforced Secure and Non-Secure Worlds with multiple protected partitions Security Enclave (SE) Secure Container with Secure Monitor or RTOS TrustZone PE and Security Enclave Two mechanism co-exist, more flexibility, more complexity Security Enclave with TrustZone Highest level of robustness with multiple secure partitions
  • 21. © 2017 Arm Limited2121 Security by Separation  Protect sensitive assets (keys, credentials and firmware) by separation from the application firmware and hardware  Define a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources  The Non-secure Processing Environment (NSPE) runs the application firmware  Use a secure boot process so only authentic trusted firmware runs in the SPE  Install the initial keys and firmware securely during manufacture Platform hardware Secure partition manager Device management Application Non-secure processing environment (NSPE) Secure processing environment (SPE) Secure boot Root of Trust keys RTOS
  • 22. © 2017 Arm Limited IoT Offerings
  • 23. © 2017 Arm Limited2323 Cortex-M33: Security for Diverse IoT Usages Security foundation  System-wide security with TrustZone technology Extensible compute  Co-processor interface for tightly-coupled acceleration Enhanced memory protection  Easy to program  Dedicated protection for both secure and non-secure states 32-bit processor of choice  Optimal balance between performance and power  20% greater performance than Cortex-M4  With TrustZone, same energy efficiency as Cortex-M4 Enhanced & secure debug  Security aware debug  Simplified firmware development Digital signal control  Bring DSP to all developers  FPU offering up to 10x performance over software
  • 24. © 2017 Arm Limited2424 Cortex-M23: Security for Ultra Low-Power IoT Enhanced capability  Increased performance  Multi-core system support  240 interrupts  Hardware stack checking Security foundation  System wide security with TrustZone technology Ultra-high efficiency  Flexible sleep modes  Extensive clock gating  Optional state retention Enhanced & secure debug  Security aware debug  Simplified firmware development  Includes embedded trace macrocell Enhanced memory protection  Easy to program  Dedicated protection for both secure and non-secure states Smallest area, lowest power  With TrustZone, same energy efficiency as Cortex-M0+
  • 25. © 2017 Arm Limited2525 Example RoT Models – ARM SoC Solutions RoT - SE  +Dedicated secure CPU  + RoT within an isolated subsystem  No Reliance on TrustZone for SE RoT  RoT- TrustZone {Client,M}  Reliant on TrustZone for RoT  Other
  • 26. © 2017 Arm Limited Summary
  • 27. © 2017 Arm Limited2727 Take Away – Executive Summary  Hardware RoT is a fundamental requirement for any type of secure device  Extend RoT functionality for isolated and secure partitions to assure robustness against attacks  Security Enclave (aka HSM) option can be implemented to increase robustness against attacks  Many end point connected devices exist with inherent constraints  High to low cost – enterprise servers to disposable devices  High to low power consumption – wall plugged to harvested power devices  One size does not fit all – one RoT Model insufficient  Use case, device protection profile, cost and power constraints will dictate the chosen model  M-Class TrustZone assist now allows flexible RoT solution choices across IoT  Full range of solutions with preferred security robustness is possible  Address global/national security issue of IoT robustness with enhanced RoT option – Ex: Mirai botnet
  • 28. © 2017 Arm Limited2828 Q & A

Editor's Notes

  • #4: Privacy / personal data Premium content protection (movies, shows) User identification/ Loose control of device Credit / payment fraud Safety / ADAS Corporate espionage
  • #5: ss
  • #10: Lots of definitions for ROT – GlobalPlatform doing some good work in the Security Task Force = ROT Definitions & Requirements Initial Root of Trust (e.g. CryptoCell) is a computing engine & executable code on same platform ROT may require data / keys to be securely provisioned at the factory e.g. RSA key pairs and storage of private keys ROT provides security services to next item in chain of trust e.g. authenticating boot code, crypto, confidential key store/ management iROT ususally has one identifiable owner e.g updates & controlled mutability One iROT per platform Small security boundary Extended ROT is next level in chain e.g. TrustZone based TEE Extended ROT is a set of code and data whose integrity can be verified prior to execution Provide additional security functions Often from different vendor to iROT iROT & Extended ROT = Primary ROT Typical security services: Confidentiality, Integrity, Auth, Identification, Measurement
  • #16: ss
  • #19: TrustZone for ARMv8-M helps enforcing various security use cases, that address scenarios/requirements of the different embedde sub-segments. Go through each 4 quickly, adding whose property it is helping to secure.
  • #20: ss
  • #24: Highlight energy efficiency vs M4 Depends on the configuration but at least as an energy efficient as an M4, in some cases more efficient