The need for securing devices for IoT systems is becoming paramount. We'll outline how virtualization can be leveraged to enable consolidation of connected devices, and how ARM TrustZone can be utilized to address security threats.
As we observe the world in which we live, and in particular the electronic devices that surround us, we cannot help but be amazed at how quickly technology has evolved and how this pace of evolution continues to accelerate. The functionality of connected devices is rapidly increasing, and, accordingly, the value of the information stored on these devices, or information accessible through these devices is also rapidly rising. Because these value-rich devices are often connected to a network, cybercrime and cyber security concerns are also today’s front page news.
In this discussion I will address securing devices for connected and Internet of Things (IoT) systems. We’ll also look at how virtualization can be leveraged to enable consolidation and reliability of connected devices and at how ARM TrustZone can be utilized to address categories of security threats. Throughout the supply chain spanning semiconductor vendors, software developers, and system integrators, there are three interrelated topics that are consistently discussed: (1) IoT connectivity, (2) a move to ARM-based System on Chip (SoC) architectures, and (3) security.
Most of the devices we use today are connected to at least one type of network or service. Cars are commonly connected to devices via Bluetooth and mobile data networks, and will be soon to the roadside infrastructure. Patient bedside systems connect to each other, to the hospital network, and beyond. The energy infrastructure is connected from the power grid to the home consumer device and all points in between.
This device connectivity to the Internet and the data flowing through each device are commonly referred to as the Internet of Things. Another industry megatrend we are seeing is the move to ARM-based SoCs. Device manufacturers seek to consolidate capabilities at lower power and cost. Increasingly, they are leveraging ARM TrustZone architectures for enhanced security due to the connectedness of “things.”
Regarding security, news about security vulnerabilities are commonplace and affect all industries including automotive, medical, energy infrastructure, retail, consumer, and so on. Recall the Heartbleed security vulnerability that dominated the news early in 2014? Heartbleed was a security defect that existed for years in a critical software component used by many designers in their server infrastructure and electronic devices. Cyberattacks and potential security vulnerabilities are among the hottest topics in all device segments.
If you talk to a security expert, you will likely hear terms such as “defense in depth” or “layered security.” While there are formal and informal definitions of these terms, everything boils down to creating layers of security which can defend against attacks, or delay the attack from penetrating subsequent layers. Typical layers include:
- Policies and procedures: rules governing access and usage of a device
- Physical: literally, a physical layer such as a fence, guard, or locked door
- Network: securing the connectivity to the outside world
- Application: ensuring malicious applications cannot compromise the system
- Data: ensuring the integrity of data that is used or stored in the system
ARM's TrustZone technology
ARM’s TrustZone technology implemented in a SoC can be leveraged to address the network, application, and data aspects of the layered security model. Before addressing the specifics, it might be helpful to understand the concepts underlying ARM TrustZone.
ARM TrustZone is a hardware-based mechanism built into an ARM-based SoC that allows the resources of a system to be separated into two worlds, commonly referred to as “normal world” and “secure world.”