News are published nearly everyday about a security breach or flaw in IoT devices, and last year, Softbank CEO, and new Arm owner, Masayoshi Son explained that to reach his goal of one trillion IoT devices and singularity, security had to be addressed, as everything was currently too easily hackable, including cars equipped with lots of electronics but very weak security.
As Arm Techcon 2017 is underway, the company has been working on improving IoT security and announced the Platform Security Architecture (PSA) designed for low cost IoT devices.
PSA has three major components:
- Threat Models and Security Analyses derived from a range of typical IoT use cases.
- Architecture specifications for firmware and hardware.
- An open source project, similar to Arm Trusted Firmware for mobile clients.
PSA is designed for low cost IoT devices, which would have not the resources (processing power, memory, battery power…) to run a full Trusted Execution Environment (TEE) , aims at protecting assets such keys, credential or firmware by separating them from application and hardware, and defines a Secure Processing Environment (SPE) for the codes that manages those assets and its trusted hardware resources.
While the architecture is agnostic, Arm and their partners will initially focus on Cortex-M based devices, specifically Arm v8-m ones such as Cortex M33. PSA defines hardware, firmware and process requirements and interfaces, but most people can’t see anything of it yet, as the first draft specification and reference firmware implementation (Trusted Firmware-M) will be made available in Q1 2018. Arm will also provide tools for evaluation and compliance, including a validation suite for the functional hardware requirements, potentially a validation suite for the firmware specifications, as well as ways to evaluate robustness compliance by working with partners part of the secure chain from silicon vendors to IoT cloud companies.
While on the subject of security, Arm also announced two new secure IP components with Arm TrustZone CryptoIsland family of smartcard-level security subsystems – starting with CryptoIsland-300 – targeting general purpose MCUs, LPWA connectivity, storage, automotive and more, as well as Arm CoreSight SDC-600 Secure Debug Channel enablingfull debug capabilities without compromising system security.
A few more details about PSA can be found on the product page, where you can also download an 18-page whitepaper entitled “Arm Platform Security Architecture Overview”.