Developing ARM-based secure designs you can trust
For embedded developers designing systems using the ARM processor for connected computing environments, the place to be for an education in securing such applications is the ARM Technical Conference in in Santa Clara, Ca..
For registered ARM Techcon attendees, there will be a track of 12 classes covering both hardware and software security techniques. Software-based solutions to be discussed include: online authentication techniques, secure operating systems, smart key management, and more secure system boot processes. But there are also a number of classes on hardware solutions, such as ARM's TrustZone, that make your hardware much more secure from the start. Among these are:
Trusting Trusted Execution Environments taught by Riscure's CTO Jasper Van Woudenberg. Operating systems on mobile platforms can't provide sufficient protection for sensitive applications and content (e.g. payments or TV/movies) and Woudenberg believes hardware solutions will be necessary. "The Trusted Execution Environment (TEE) aims to provide stronger security through containers for running Trusted Applications, separated from the rich OS," he says. The aim of his class is to introduce the TEE framework and show through examples some of the implementation errors that can still break the security.
Comprehensive Security for IoT Devices With ARM TrustZone. In this class Felix Baum of Mentor Graphics will take attendees through some of the many ways connectivity in embedded devices exposes sensitive data in applications such as portable medical devices, smart meters, and to connected automobiles. The class will cover how to use ARM TrustZone technology on platforms based on ARM Cortex A9 and A15 to secure data at rest, in use, and in transit, and produce robust designs.
Trusted UI and Its Role in Protecting Against Malware Attacks. Rolf Lindemann of Nok Nok Labs will take attendees through the basics of building a trusted user interface by making use of specific features of the Trusted Execution Environment (TEE) to create a trusted input and output path, allowing the user to approve a transaction in a tamper-proof architecture.
As noted in "Securing Android on nextgen embedded IoT & mobile apps," and "Software debug challenges of networked embedded designs," the use of software solutions to solve such security problems has come a long way. However, it is not enough and developers still need all the help they can get. The effectiveness of software solutions are limited by at least two things: 1) how good the developer is in implementing such methods and tools in a particular design, and 2) the reluctance of companies who do not give the problem the attention and long-term support required because they are focused on the near-term profit and loss.
Thus, it should come as no surprise that companies such as AMD, ARM, Intel, Imagination and others – the success of whose processor hardware depends on the security of the software running on them - are putting a lot of effort into better securing their hardware. Solutions such as ARM's TrustZone and the Intel-inspired Trusted Execution Environment at least raise the bar that hackers will have to pass in order to get into systems based on their architectures.
The classes at ARM TechCon will go a long way in providing developers with the information needed to take advantage of these solutions. But for me, it is more useful to see actual hands-on examples of how these techniques are used in real designs. To that end, in this week's Tech Focus newsletter are collected a range of design articles and technical papers on using trusted hardware. Of these my Editor's Top Picks are:
Using Trusted Execution Environments in Two-factor Authentication
A comparison of hardware-based ARM TrustZone versus the Intel/AMD’s Trusted Execution Environment in two-factor authentication applications.
Trusted Cells: A Sea Change for Personal Data Services
Operation of Trusted Cells, an ARM Trustzone-based set of personal data servers that can run on smartphones, setop boxes, portable tokens, or smart cards.
Building Blocks for Embedded Linux-based ARM TrustZone Platforms
Merging the Trusted Computing Group approach to securing connected processors with ARM TrustZone technology in order to build an open Linux-based embedded trusted computing platform.
Enhancing Security by Diversifying Instruction Sets
How to make network connected processors secure by implementing hardware support for instruction-set randomization (ISR), thus providing a unique random instruction set architecture (ISA) for every deployed system.
I would like to hear from you about your experiences in addressing these issues and your views about the best ways to deal with such challenges.
Embedded.com Site Editor Bernard Cole is also editor of the twice-a-week Embedded.com newsletters as well as a partner in the TechRite Associates editorial services consultancy. He welcomes your feedback. Send an email to firstname.lastname@example.org, or call 928-525-9087.