SlideShare a Scribd company logo

BKK16-200 Designing Security into low cost IO T Systems

Linaro
Linaro

This document discusses security considerations for Internet of Things (IoT) systems. It outlines various security risks for IoT devices like weak cryptography, default passwords, and lack of device renewability. It then describes how security can be built into IoT systems at different levels, including device hardware with features like ARM TrustZone, software like mbed OS and mbedTLS, and cloud management platforms. The document advocates for an end-to-end secure IoT framework provided through collaboration between ARM and Linaro.

Technology
1 of 20
Download to read offline
Designing security into low cost IoT systems JimWallace Linaro Connect, Bangkok 2016 Director, SSG Marketing 8th March 2016
© ARM 20152 Connectivity EfficiencyManagementProductivity Security From Sensors to Servers
© ARM 20153 IoT is going everywhere Weak crypto, protocols Default Passwords No Passwords Hacked Devices Weak crypto Hacked device keys Side-channel attacks Memory bus probing No device renewability Software attacks After hours cloning Stolen keys Weak Protocols Base Stations Weakness in protocol No renewability Smart Meter Data ServersKeyServer Silicon/OEM Manufacturing Sensors/Devices Risks are hard to predict
© ARM 20154 Ultra-low cost Low cost BBC micro:bit BT Smart beacon Rich BT Smart Thread node BT Smart Device SW Capabilities IP +TLS mbed OS uVisor Management Security Firmware OTA ARMv6-M ARMv8-M Baseline TRNG + Crypto Device HW Resources ARMv8-M Mainline ARMv7-M with MPU Generic WiFi node Gateway Cortex-A Class TRNG + Crypto + GPU +VPU IP +TLS OP-TEE Management Security Firmware over-the-air Rich UI/Multimedia mbed OS / RTOS Linux / Rich OS IoT - From Cortex-M to Cortex-A class devices Intelligent Connected Secure
© ARM 20155 Evolution of IoT driving need for generic devices  Local intelligence enables: Camera/microphone/other sensors  Raw data does not need to be sent to the cloud, only processed meta- data is being sent  Reduced data bandwidth, transfer overhead and processing latency to/from cloud  Increased security Face Detection Arm/Disarm Motion Sensor Voice recognition Breaking Glass Communication
© ARM 20156 Security in IoT end points  Device management  Support for bootstrapping / provisioning / Behaviour monitoring…  Keep firmware up-to-date  Device integrity  Protect from untrusted S/W  Allow recovery from attack  Asset protection  Prevent access to certain resources  Data security  Keep data confidential  Prevent data alteration  Physical Security  Anti-tampering Device security Communications security Management security  Link encryption  Prevent eavesdroppers listening  Authentication  Identity of endpoint / server
©ARM 20157 Security must be built into all stages of the system
© ARM 20158  mbed Device Connector eases development, management and scaling of IoT  Available at https://connector.mbed.com  Management security implemented via standards such as OMA LWM2M Management security: mbed Device Connector Build IoT Device Connect your devices Build application with example code Utilize cloud solutions
© ARM 20159 Hardware Interfaces mbed OS uVisor mbed OS Core Schedulers mbed OS API Communication Management Device Management mbed TLS mbed Client IP Stack BLE APIEvent TasksEnergy Application Code Libraries uVisor Management SecuritySecure Drivers ARM Cortex-M CPU Crypto SensorRadio SW Crypto Thread API mbed OS 15.11  mbed OS is a modular, secure, efficient, open source OS for IoT  Connects to mbed Device Connector mbed OS Drivers Device DriversCMSIS-Core Debug Support Thread BLE6LoWPAN uVisor secure isolation MPU Communication Security Management Security Device Security
© ARM 201510 Device Connector Support Protocol Implementations: LWM2M, CoAP, HTTP Channel Security Implementations: TLS, DTLS Client Library Port mbed OS or RTOS / Linux + Networking mbed Client C++ API Application and Service Integration mbed Client  Connects to mbed Device Connector  Included as part of mbed OS, also portable to other platforms including Linux and third party RTOS  Implements protocols and support for securely publishing resources (e.g. sensor data), and managing the device from the cloud
© ARM 201511 Communication security: mbedTLS  Fully-fledged SSL /TLS / DTLS Library  Developer friendly: Clean API and documentation  Open Source under Apache 2.0 license at https://tls.mbed.org/  Suitable for use on Cortex-M and Cortex-A processors based targets Transport Security Symmetric Encryption Public Key Algorithms Hash Algorithms Random Number Generation X.509 Certificate Handling TLS/DTLS, etc AES, etc ECDHE, ECDSA, etc SHA, etc Entropy pool, CTR_DEBUG, etc ✔ https://tls.mbed.org/security
© ARM 201512 Device security services in low cost devices  Existing IoT solutions use flat address spaces with little privilege separation  Especially on microcontrollers  Mitigating strategy to split security domains into  Exposed code  Protected critical code Security Foundation • Cryptography • Key Management • Secure Identity • … Critical (secure world) Remainder of mbed OS • Scheduler • HAL + Drivers • Connectivity stack(s) • … Exposed (Normal world) mbed OS uVisor Hardware Interfaces ARM Cortex-M CPU Crypto SensorRadio MPU
© ARM 201513 TrustZone for low cost ARMv8-M IoT platforms  The ARMv8-M architecture introduces secure and non-secure code execution  Code running in non-secure memory can only access non-secure devices and memory  Code running in secure memory can access whole address space  So low cost devices can  Have trusted code & Apps in secure memory  Can have non trusted applications installed in non secure memory safe in the knowledge that they cannot be used to attack the system  CryptoCell augmentsTrustZone  Providing a range of security subsystems for acceleration and offloading Non Secure App Secure App/Libs SECURE WORLDNORMAL WORLD Non Secure RTOS Secure RTOS TrustZone AMBA 5 AHB5 Microcontroller -310 Asymmetric Crypto Symmetric Crypto Data interface Security resources Roots oftrust Always On Control interface CryptoCell-310
© ARM 201514 TrustZone technology for every IoT platform Non Secure App Secure App Secure Monitor SECURE WORLDNORMAL WORLD Rich OS. e.g. Linux Secure OS Asymmetric Crypto Symmetric Crypto Data interface Security resources Roots oftrust Always On Control interface CryptoCell-710 AMBA AXI Apps Processor Non Secure App Secure App/Libs SECURE WORLDNORMAL WORLD Non Secure RTOS Secure RTOS TrustZone AMBA 5 AHB5 Microcontroller -310 Asymmetric Crypto Symmetric Crypto Data interface Security resources Roots oftrust Always On Control interface CryptoCell-310
© ARM 201515 Trusted Firmware, OP-TEE reduce fragmentation  SecureWorld foundations for ARMv8-A:  Trusted Board Boot  Secure World runtime – world switch, interrupt routing, PSCI, SMC handling  Open source projects on GitHub https://github.com/ARM-software/arm- trusted-firmware https://github.com/OP-TEE  v1.2 (December)  + Trusted Boot baseline features  + PSCI v1.0 key optional features  + OS vendor alignment  GICv3 drivers ARM Trusted Firmware EL3 SoC/platform port Normal World OS EL1/EL2 OP-TEE OS Secure-EL1 OP-TEE Dispatcher OP-TEEprotocol andmechanism Trusted App Secure-EL0 App EL0 OP-TEE Linux driver OP-TEE client OP-TEEprotocolviaSM C viaioctl Porting interface between Trusted Firmware and SoC/ platform Interface between Trusted Firmware and Trusted OS Dispatcher ARM Trusted Firmware Trusted OS supplier SoC supplier OS/hypervisor supplier Trusted App supplier Internal TOS interface
© ARM 201516 ARM TrustZone CryptoCell  TrustZone,TEE and CryptoCell provide platform level security  with a hardware Root of Trust /Trust Anchor for the system  Crypto acceleration  TRNG  Configurable to target application – right size  Enhances usability e.g. time for DTLS handshake & door lock to open  Simplifies security implementations Asymmetric Crypto Symmetric Crypto Data interface Security resources Roots oftrust Always On Control interface CryptoCell
© ARM 201517 LITE using this to enable a security foundation Efficient Crypto Robust Protocols Device Health Checks TLS Secure Manufacturing Line Strong Crypto Secure Meter Renewability Key Rotation Secure Key Provisioning End-to-End Security Silicon/OEM Manufacturing Hardware Root of Trust Secure Boot Trusted Execution Environment Trusted Firmware Secure Clocks/Counters, Anti-Rollback Secure Key Storage, Robust Crypto Data Servers Secure Key Server Secure Base Stations Strong ID/Trusted UI Memory Isolation FOTA HW-RoT TEE
© ARM 201518 Imagine a world where…  From the wide choice of ARM-based devices, you chose the perfect one for you  Price, performance, power, form, security etc.  And what software you ran on it was up to you…  Android / Brillo, BSD, CentOS, ChromeOS, RHEL, SUSE, Tizen, Snappy Ubuntu, Windows, Yocto/OE, etc …or something we haven’t even thought of yet  But once you made that choice, it should all just work!  ARM & Linaro are committed to making this happen
© ARM 201519 Linaro and ARM providing the foundation for IoT  ARM working with Linaro to provide an end-to-end open source IoT framework for specific IoT implementations  ARM part of LITEWG  “Place to collaborate on ARM architecture for IoT”, enabling  Software solutions from Cortex-M to Cortex-A based platforms
The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. Copyright © 2016 ARM Limited

Recommended

Crypto Performance on ARM Cortex-M Processors
Crypto Performance on ARM Cortex-M ProcessorsCrypto Performance on ARM Cortex-M Processors
Crypto Performance on ARM Cortex-M Processors
Hannes Tschofenig
 
BKK16-100K2 ARM Research - Sensors to Supercomputers
BKK16-100K2 ARM Research - Sensors to SupercomputersBKK16-100K2 ARM Research - Sensors to Supercomputers
BKK16-100K2 ARM Research - Sensors to Supercomputers
Linaro
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3
Hannes Tschofenig
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the masses
Milosch Meriac
 
Measuring the Performance and Energy Cost of Cryptography in IoT Devices
Measuring the Performance and Energy Cost of Cryptography in IoT DevicesMeasuring the Performance and Energy Cost of Cryptography in IoT Devices
Measuring the Performance and Energy Cost of Cryptography in IoT Devices
Hannes Tschofenig
 
LAS16-112: mbed OS Technical Overview
LAS16-112: mbed OS Technical OverviewLAS16-112: mbed OS Technical Overview
LAS16-112: mbed OS Technical Overview
Linaro
 
LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devices
Linaro
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT Security
Hannes Tschofenig
 

Recommended

Crypto Performance on ARM Cortex-M Processors
Crypto Performance on ARM Cortex-M ProcessorsCrypto Performance on ARM Cortex-M Processors
Crypto Performance on ARM Cortex-M Processors
Hannes Tschofenig
 
BKK16-100K2 ARM Research - Sensors to Supercomputers
BKK16-100K2 ARM Research - Sensors to SupercomputersBKK16-100K2 ARM Research - Sensors to Supercomputers
BKK16-100K2 ARM Research - Sensors to Supercomputers
Linaro
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3
Hannes Tschofenig
 
Practical real-time operating system security for the masses
Practical real-time operating system security for the massesPractical real-time operating system security for the masses
Practical real-time operating system security for the masses
Milosch Meriac
 
Measuring the Performance and Energy Cost of Cryptography in IoT Devices
Measuring the Performance and Energy Cost of Cryptography in IoT DevicesMeasuring the Performance and Energy Cost of Cryptography in IoT Devices
Measuring the Performance and Energy Cost of Cryptography in IoT Devices
Hannes Tschofenig
 
LAS16-112: mbed OS Technical Overview
LAS16-112: mbed OS Technical OverviewLAS16-112: mbed OS Technical Overview
LAS16-112: mbed OS Technical Overview
Linaro
 
LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devices
Linaro
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT Security
Hannes Tschofenig
 
How to Select Hardware for Internet of Things Systems?
How to Select Hardware for Internet of Things Systems?How to Select Hardware for Internet of Things Systems?
How to Select Hardware for Internet of Things Systems?
Hannes Tschofenig
 
Developing functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroudDeveloping functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroud
Arm
 
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
armmbed
 
The importance of strong entropy for iot
The importance of strong entropy for iotThe importance of strong entropy for iot
The importance of strong entropy for iot
Arm
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
RISC-V International
 
Introduction to ARM mbed-OS 3.0 uvisor
Introduction to ARM mbed-OS 3.0 uvisorIntroduction to ARM mbed-OS 3.0 uvisor
Introduction to ARM mbed-OS 3.0 uvisor
Viller Hsiao
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
Arm
 
So you think developing an SoC needs to be complex or expensive?
So you think developing an SoC needs to be complex or expensive?So you think developing an SoC needs to be complex or expensive?
So you think developing an SoC needs to be complex or expensive?
Arm
 
High end security for low-end microcontrollers
High end security for low-end microcontrollersHigh end security for low-end microcontrollers
High end security for low-end microcontrollers
Milosch Meriac
 
LAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
LAS16-300: Mini Conference 2 Cortex-M Software - Device ConfigurationLAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
LAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
Linaro
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
RISC-V International
 
Sagar Kadam, Lead Software Engineer, Open-Silicon
Sagar Kadam, Lead Software Engineer, Open-SiliconSagar Kadam, Lead Software Engineer, Open-Silicon
Sagar Kadam, Lead Software Engineer, Open-Silicon
chiportal
 
Data on the move a RISC-V opportunity
Data on the move a RISC-V opportunityData on the move a RISC-V opportunity
Data on the move a RISC-V opportunity
RISC-V International
 
RISC-V: The Open Era of Computing
RISC-V: The Open Era of ComputingRISC-V: The Open Era of Computing
RISC-V: The Open Era of Computing
RISC-V International
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome Keynote
Linaro
 
mbed Connect Asia 2016 mbed HDK From prototype to production
mbed Connect Asia 2016 mbed HDK From prototype to productionmbed Connect Asia 2016 mbed HDK From prototype to production
mbed Connect Asia 2016 mbed HDK From prototype to production
armmbed
 
Efficient software development with heterogeneous devices
Efficient software development with heterogeneous devicesEfficient software development with heterogeneous devices
Efficient software development with heterogeneous devices
Arm
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
RISC-V International
 
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
Paris Open Source Summit
 
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Michelle Holley
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models
Milosch Meriac
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Linaro
 

More Related Content

What's hot

LAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
LAS16-300: Mini Conference 2 Cortex-M Software - Device ConfigurationLAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
LAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
Linaro
 

What's hot (20)

How to Select Hardware for Internet of Things Systems?
How to Select Hardware for Internet of Things Systems?How to Select Hardware for Internet of Things Systems?
How to Select Hardware for Internet of Things Systems?
 
Developing functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroudDeveloping functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroud
 
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
 
The importance of strong entropy for iot
The importance of strong entropy for iotThe importance of strong entropy for iot
The importance of strong entropy for iot
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Introduction to ARM mbed-OS 3.0 uvisor
Introduction to ARM mbed-OS 3.0 uvisorIntroduction to ARM mbed-OS 3.0 uvisor
Introduction to ARM mbed-OS 3.0 uvisor
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
 
So you think developing an SoC needs to be complex or expensive?
So you think developing an SoC needs to be complex or expensive?So you think developing an SoC needs to be complex or expensive?
So you think developing an SoC needs to be complex or expensive?
 
High end security for low-end microcontrollers
High end security for low-end microcontrollersHigh end security for low-end microcontrollers
High end security for low-end microcontrollers
 
LAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
LAS16-300: Mini Conference 2 Cortex-M Software - Device ConfigurationLAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
LAS16-300: Mini Conference 2 Cortex-M Software - Device Configuration
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
 
Sagar Kadam, Lead Software Engineer, Open-Silicon
Sagar Kadam, Lead Software Engineer, Open-SiliconSagar Kadam, Lead Software Engineer, Open-Silicon
Sagar Kadam, Lead Software Engineer, Open-Silicon
 
Data on the move a RISC-V opportunity
Data on the move a RISC-V opportunityData on the move a RISC-V opportunity
Data on the move a RISC-V opportunity
 
RISC-V: The Open Era of Computing
RISC-V: The Open Era of ComputingRISC-V: The Open Era of Computing
RISC-V: The Open Era of Computing
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome Keynote
 
mbed Connect Asia 2016 mbed HDK From prototype to production
mbed Connect Asia 2016 mbed HDK From prototype to productionmbed Connect Asia 2016 mbed HDK From prototype to production
mbed Connect Asia 2016 mbed HDK From prototype to production
 
Efficient software development with heterogeneous devices
Efficient software development with heterogeneous devicesEfficient software development with heterogeneous devices
Efficient software development with heterogeneous devices
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
 
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
 
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
 

Viewers also liked

HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
Linaro
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
Foto denuncia estado via publica a 2 de febrero de 2013
Foto denuncia estado via publica a 2 de febrero de 2013Foto denuncia estado via publica a 2 de febrero de 2013
Foto denuncia estado via publica a 2 de febrero de 2013
PSOE FUENTE DEL MAESTRE
 
A Modern View of Smart Cards Security
A Modern View of Smart Cards SecurityA Modern View of Smart Cards Security
A Modern View of Smart Cards Security
Ilia Levin
 
Mr201303 trust zone
Mr201303 trust zoneMr201303 trust zone
Mr201303 trust zone
FFRI, Inc.
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted Protocol
Linaro
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
Linaro
 

Viewers also liked (20)

Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
Foto denuncia estado via publica a 2 de febrero de 2013
Foto denuncia estado via publica a 2 de febrero de 2013Foto denuncia estado via publica a 2 de febrero de 2013
Foto denuncia estado via publica a 2 de febrero de 2013
 
A Modern View of Smart Cards Security
A Modern View of Smart Cards SecurityA Modern View of Smart Cards Security
A Modern View of Smart Cards Security
 
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
Webinar: Can a Light Bulb Really Pose a Security Threat? A Practical Look at ...
 
Mr201303 trust zone
Mr201303 trust zoneMr201303 trust zone
Mr201303 trust zone
 
BKK16-505 Kernel and Bootloader Consolidation and Upstreaming
BKK16-505 Kernel and Bootloader Consolidation and UpstreamingBKK16-505 Kernel and Bootloader Consolidation and Upstreaming
BKK16-505 Kernel and Bootloader Consolidation and Upstreaming
 
BKK16-309A Open Platform support in UEFI
BKK16-309A Open Platform support in UEFIBKK16-309A Open Platform support in UEFI
BKK16-309A Open Platform support in UEFI
 
BKK16-211 Internet of Tiny Linux (io tl)- Status and Progress
BKK16-211 Internet of Tiny Linux (io tl)- Status and ProgressBKK16-211 Internet of Tiny Linux (io tl)- Status and Progress
BKK16-211 Internet of Tiny Linux (io tl)- Status and Progress
 
IoT Meets Security
IoT Meets SecurityIoT Meets Security
IoT Meets Security
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted Protocol
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
 
UX and Security for the IoT
UX and Security for the IoTUX and Security for the IoT
UX and Security for the IoT
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
 
Tower defense for hackers: Layered (in-)security for microcontrollers
Tower defense for hackers: Layered (in-)security for microcontrollersTower defense for hackers: Layered (in-)security for microcontrollers
Tower defense for hackers: Layered (in-)security for microcontrollers
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
 

Similar to BKK16-200 Designing Security into low cost IO T Systems

Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdfTM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
ssuser8b324e
 

Similar to BKK16-200 Designing Security into low cost IO T Systems (20)

Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
Symposium on Securing the IoT - Security is the future of IoT - mbed
Symposium on Securing the IoT - Security is the future of IoT - mbedSymposium on Securing the IoT - Security is the future of IoT - mbed
Symposium on Securing the IoT - Security is the future of IoT - mbed
 
A practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platformsA practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platforms
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
 
Encapsulating Complexity in IoT Solutions
Encapsulating Complexity in IoT SolutionsEncapsulating Complexity in IoT Solutions
Encapsulating Complexity in IoT Solutions
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of Systems
 
mbed Connect Asia 2016 Intro to mbed OS
mbed Connect Asia 2016 Intro to mbed OSmbed Connect Asia 2016 Intro to mbed OS
mbed Connect Asia 2016 Intro to mbed OS
 
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdfTM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
 
Is your OT/IT offering IoT-ready?
Is your OT/IT offering IoT-ready?Is your OT/IT offering IoT-ready?
Is your OT/IT offering IoT-ready?
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-V
 
End to end IoT Solution using Mongoose OS.
End to end IoT Solution using Mongoose OS.End to end IoT Solution using Mongoose OS.
End to end IoT Solution using Mongoose OS.
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
Friendly Technologies- Cloud-Based TR-069 Device Management Suite
Friendly Technologies- Cloud-Based TR-069 Device Management SuiteFriendly Technologies- Cloud-Based TR-069 Device Management Suite
Friendly Technologies- Cloud-Based TR-069 Device Management Suite
 
Trustzone secure os tee for mips
Trustzone secure os tee for mipsTrustzone secure os tee for mips
Trustzone secure os tee for mips
 

More from Linaro

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Linaro
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Linaro
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
Linaro
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
Linaro
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
Linaro
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
Linaro
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Linaro
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
Linaro
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
Linaro
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Linaro
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
Linaro
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
Linaro
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
Linaro
 

More from Linaro (20)

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

BKK16-200 Designing Security into low cost IO T Systems

  • 1. Designing security into low cost IoT systems JimWallace Linaro Connect, Bangkok 2016 Director, SSG Marketing 8th March 2016
  • 2. © ARM 20152 Connectivity EfficiencyManagementProductivity Security From Sensors to Servers
  • 3. © ARM 20153 IoT is going everywhere Weak crypto, protocols Default Passwords No Passwords Hacked Devices Weak crypto Hacked device keys Side-channel attacks Memory bus probing No device renewability Software attacks After hours cloning Stolen keys Weak Protocols Base Stations Weakness in protocol No renewability Smart Meter Data ServersKeyServer Silicon/OEM Manufacturing Sensors/Devices Risks are hard to predict
  • 4. © ARM 20154 Ultra-low cost Low cost BBC micro:bit BT Smart beacon Rich BT Smart Thread node BT Smart Device SW Capabilities IP +TLS mbed OS uVisor Management Security Firmware OTA ARMv6-M ARMv8-M Baseline TRNG + Crypto Device HW Resources ARMv8-M Mainline ARMv7-M with MPU Generic WiFi node Gateway Cortex-A Class TRNG + Crypto + GPU +VPU IP +TLS OP-TEE Management Security Firmware over-the-air Rich UI/Multimedia mbed OS / RTOS Linux / Rich OS IoT - From Cortex-M to Cortex-A class devices Intelligent Connected Secure
  • 5. © ARM 20155 Evolution of IoT driving need for generic devices  Local intelligence enables: Camera/microphone/other sensors  Raw data does not need to be sent to the cloud, only processed meta- data is being sent  Reduced data bandwidth, transfer overhead and processing latency to/from cloud  Increased security Face Detection Arm/Disarm Motion Sensor Voice recognition Breaking Glass Communication
  • 6. © ARM 20156 Security in IoT end points  Device management  Support for bootstrapping / provisioning / Behaviour monitoring…  Keep firmware up-to-date  Device integrity  Protect from untrusted S/W  Allow recovery from attack  Asset protection  Prevent access to certain resources  Data security  Keep data confidential  Prevent data alteration  Physical Security  Anti-tampering Device security Communications security Management security  Link encryption  Prevent eavesdroppers listening  Authentication  Identity of endpoint / server
  • 7. ©ARM 20157 Security must be built into all stages of the system
  • 8. © ARM 20158  mbed Device Connector eases development, management and scaling of IoT  Available at https://connector.mbed.com  Management security implemented via standards such as OMA LWM2M Management security: mbed Device Connector Build IoT Device Connect your devices Build application with example code Utilize cloud solutions
  • 9. © ARM 20159 Hardware Interfaces mbed OS uVisor mbed OS Core Schedulers mbed OS API Communication Management Device Management mbed TLS mbed Client IP Stack BLE APIEvent TasksEnergy Application Code Libraries uVisor Management SecuritySecure Drivers ARM Cortex-M CPU Crypto SensorRadio SW Crypto Thread API mbed OS 15.11  mbed OS is a modular, secure, efficient, open source OS for IoT  Connects to mbed Device Connector mbed OS Drivers Device DriversCMSIS-Core Debug Support Thread BLE6LoWPAN uVisor secure isolation MPU Communication Security Management Security Device Security
  • 10. © ARM 201510 Device Connector Support Protocol Implementations: LWM2M, CoAP, HTTP Channel Security Implementations: TLS, DTLS Client Library Port mbed OS or RTOS / Linux + Networking mbed Client C++ API Application and Service Integration mbed Client  Connects to mbed Device Connector  Included as part of mbed OS, also portable to other platforms including Linux and third party RTOS  Implements protocols and support for securely publishing resources (e.g. sensor data), and managing the device from the cloud
  • 11. © ARM 201511 Communication security: mbedTLS  Fully-fledged SSL /TLS / DTLS Library  Developer friendly: Clean API and documentation  Open Source under Apache 2.0 license at https://tls.mbed.org/  Suitable for use on Cortex-M and Cortex-A processors based targets Transport Security Symmetric Encryption Public Key Algorithms Hash Algorithms Random Number Generation X.509 Certificate Handling TLS/DTLS, etc AES, etc ECDHE, ECDSA, etc SHA, etc Entropy pool, CTR_DEBUG, etc ✔ https://tls.mbed.org/security
  • 12. © ARM 201512 Device security services in low cost devices  Existing IoT solutions use flat address spaces with little privilege separation  Especially on microcontrollers  Mitigating strategy to split security domains into  Exposed code  Protected critical code Security Foundation • Cryptography • Key Management • Secure Identity • … Critical (secure world) Remainder of mbed OS • Scheduler • HAL + Drivers • Connectivity stack(s) • … Exposed (Normal world) mbed OS uVisor Hardware Interfaces ARM Cortex-M CPU Crypto SensorRadio MPU
  • 13. © ARM 201513 TrustZone for low cost ARMv8-M IoT platforms  The ARMv8-M architecture introduces secure and non-secure code execution  Code running in non-secure memory can only access non-secure devices and memory  Code running in secure memory can access whole address space  So low cost devices can  Have trusted code & Apps in secure memory  Can have non trusted applications installed in non secure memory safe in the knowledge that they cannot be used to attack the system  CryptoCell augmentsTrustZone  Providing a range of security subsystems for acceleration and offloading Non Secure App Secure App/Libs SECURE WORLDNORMAL WORLD Non Secure RTOS Secure RTOS TrustZone AMBA 5 AHB5 Microcontroller -310 Asymmetric Crypto Symmetric Crypto Data interface Security resources Roots oftrust Always On Control interface CryptoCell-310
  • 14. © ARM 201514 TrustZone technology for every IoT platform Non Secure App Secure App Secure Monitor SECURE WORLDNORMAL WORLD Rich OS. e.g. Linux Secure OS Asymmetric Crypto Symmetric Crypto Data interface Security resources Roots oftrust Always On Control interface CryptoCell-710 AMBA AXI Apps Processor Non Secure App Secure App/Libs SECURE WORLDNORMAL WORLD Non Secure RTOS Secure RTOS TrustZone AMBA 5 AHB5 Microcontroller -310 Asymmetric Crypto Symmetric Crypto Data interface Security resources Roots oftrust Always On Control interface CryptoCell-310
  • 15. © ARM 201515 Trusted Firmware, OP-TEE reduce fragmentation  SecureWorld foundations for ARMv8-A:  Trusted Board Boot  Secure World runtime – world switch, interrupt routing, PSCI, SMC handling  Open source projects on GitHub https://github.com/ARM-software/arm- trusted-firmware https://github.com/OP-TEE  v1.2 (December)  + Trusted Boot baseline features  + PSCI v1.0 key optional features  + OS vendor alignment  GICv3 drivers ARM Trusted Firmware EL3 SoC/platform port Normal World OS EL1/EL2 OP-TEE OS Secure-EL1 OP-TEE Dispatcher OP-TEEprotocol andmechanism Trusted App Secure-EL0 App EL0 OP-TEE Linux driver OP-TEE client OP-TEEprotocolviaSM C viaioctl Porting interface between Trusted Firmware and SoC/ platform Interface between Trusted Firmware and Trusted OS Dispatcher ARM Trusted Firmware Trusted OS supplier SoC supplier OS/hypervisor supplier Trusted App supplier Internal TOS interface
  • 16. © ARM 201516 ARM TrustZone CryptoCell  TrustZone,TEE and CryptoCell provide platform level security  with a hardware Root of Trust /Trust Anchor for the system  Crypto acceleration  TRNG  Configurable to target application – right size  Enhances usability e.g. time for DTLS handshake & door lock to open  Simplifies security implementations Asymmetric Crypto Symmetric Crypto Data interface Security resources Roots oftrust Always On Control interface CryptoCell
  • 17. © ARM 201517 LITE using this to enable a security foundation Efficient Crypto Robust Protocols Device Health Checks TLS Secure Manufacturing Line Strong Crypto Secure Meter Renewability Key Rotation Secure Key Provisioning End-to-End Security Silicon/OEM Manufacturing Hardware Root of Trust Secure Boot Trusted Execution Environment Trusted Firmware Secure Clocks/Counters, Anti-Rollback Secure Key Storage, Robust Crypto Data Servers Secure Key Server Secure Base Stations Strong ID/Trusted UI Memory Isolation FOTA HW-RoT TEE
  • 18. © ARM 201518 Imagine a world where…  From the wide choice of ARM-based devices, you chose the perfect one for you  Price, performance, power, form, security etc.  And what software you ran on it was up to you…  Android / Brillo, BSD, CentOS, ChromeOS, RHEL, SUSE, Tizen, Snappy Ubuntu, Windows, Yocto/OE, etc …or something we haven’t even thought of yet  But once you made that choice, it should all just work!  ARM & Linaro are committed to making this happen
  • 19. © ARM 201519 Linaro and ARM providing the foundation for IoT  ARM working with Linaro to provide an end-to-end open source IoT framework for specific IoT implementations  ARM part of LITEWG  “Place to collaborate on ARM architecture for IoT”, enabling  Software solutions from Cortex-M to Cortex-A based platforms
  • 20. The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. Copyright © 2016 ARM Limited