Track f evolving trusted platforms - arm


Published on

Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Track f evolving trusted platforms - arm

  1. 1. May 4, 2011 1 Evolving Trusted Platforms Haydn Povey Director Marketing Processor Division ARM
  2. 2. May 4, 2011 2 Evolving the Mobile Internet “More people in the world will have their first interaction with the Internet with mobile than with laptop” Vinton Cerf, Google “In mobile computing, the opportunities for innovation are particularly exciting.... The fact that more than 3 billion people around the world are connected is unbelievable, yet that is less than half the world’s population. Steve Ballmer, Microsoft ... and malware and software threats are increasing exponentially
  3. 3. May 4, 2011 3 The Issue Over 350,000 Android handset are shipped every day Approaching 350,000 apps on Android store Open mobile OS’s are a blessing... and a curse Over 350,000 Android handset are shipped every day Approaching 350,000 apps on Android store Open mobile OS’s are a blessing... and a curse
  4. 4. May 4, 2011 4 Mobile Client of 2010 OEM/Operator “Store front Web 2.0 apps mashups OpenGL ES 2.0 graphics Content and its usage in all forms is driving consumer demand Internet Games Music Books Video Cortex™-A8/A9 45/32nm OpenGL ES 2.0 GPU (Mali-400MP( HD video DVC TrustZone® LTE 50Mbps DL Multimode 40nm Cortex-R4 WVGA AMOLED screen HDMI out Apps processorDevice trends Modem Basic security concepts introduced
  5. 5. May 4, 2011 5 Mobile Client of 2013 Console gaming performance Advanced video capability Fast broadband Enterprise applications Advanced multi- processing drives new consumer paradigms and use Fast battery charge New technologies appear in batteries for the first time New generation MP 22nm New generation GPU HD video DVC: 60fps+ TrustZone and advanced security LTE 100Mbps DL 28nm New generation processor Device trends Apps processor Modem Advanced system security capabilities
  6. 6. May 4, 2011 6 Security - Foundation of the Future Integrated security is the key capability to enable the next generation of services and applications across many market segments Seamless Payment Services Integrated Content Management The Internet of Things
  7. 7. May 4, 2011 7 Traditional Security Solutions Security traditionally seen as separate and distinct Enables the development of physical and electrical countermeasures These applications remain vitally important, however the technology significantly limit the functionality of those high performance applications which demand security In excess of 4 Billion devices per year Secure Elements are shippedIn excess of 4 Billion devices per year Secure Elements are shipped
  8. 8. May 4, 2011 8 SoC Platform Security Challenges Definitions – Are we fighting the same battles? Advanced threat models Device-centric Malware vs. Class Breaks (iOS cracking( Social engineering viruses vs significant Lab Attacks Attack goals – gifted amateur or $$$mulit-million threat Varying definitions of “security” creates significant market fragmentation Hardware Guidance & standard HW foundations required to enable SW ecosystem Secure boot integration with UEFI, etc. Processor requirements to enable best-in-class trust and security System IP to deliver holistic security across the SoC Role of secure element Certification methodology
  9. 9. May 4, 2011 9 SoC Platform Security Challenges Software Lack of standards & low portability of code restricts ecosystem Move to standard HW framework promotes code reuse Enables the development of standard API within industry groups, e.g. Global Platform ( Simplifies integration into rich OS WM, Android, etc. Who cares about security? End users are typically ignorant of security risks Hence it falls to the content owners or banks to cover the risk The stakeholder differ by market segment but have some common members
  10. 10. May 4, 2011 10 Who Cares About Mobile Security? Security is a Continuous Evolution – not a one time task AppMNO ServiceOSOEMSoC User SECURITY ATTENTION METER
  11. 11. May 4, 2011 11 Building Secure Platforms Three fundamental alternatives #1–Integration of separate secure element Very low risk as SE are well trusted (EAL 5(+ Limited integration and low speed make them of limited use #2–Integration of secondary secure processor Provides a higher performance and focused alternative Challenges around area cost, HW design, and separate SW code base and integration with main application processor, OS and apps #3–Leverage existing application processor High performance and naturally integrated
  12. 12. May 4, 2011 12 Delivering A Trusted Virtual Processor TrustZone has major advantages over separate secure processor solutions: Performance Security at full core MHz All resources dynamically shared Cost The two isolated domains are implemented in the same machine with no HW duplication System Approach Security extends to entire memory and peripheral systems
  13. 13. May 4, 2011 13 TrustZone Enabled Processors TrustZone is in the DNA of all ARM Application Processors Cortex-A5 MPCore Cortex-A8 & Cortex-A9 MPCore Cortex-A15 MPCore Cortex-A15 Cortex-A9 Cortex-A5
  14. 14. May 4, 2011 14 Enabling Payment Solutions On-Chip Secure RAM area protected with TrustZone Memory Adaptor Keyboard and screen secured dynamically to protect PIN entry Example solution based on ARM IP
  15. 15. May 4, 2011 15 Enabling Fully Secured Platforms Addition of Crypto, Media Accelerators & DMA Controller for media handling Protection of RAM and off-chip decode Example solution based on ARM IP
  16. 16. May 4, 2011 16 TrustZone “Virtual” Secure Processor Certification is traditionally a very lengthy and expensive process for complex SoC designs Certification is traditionally a very lengthy and expensive process for complex SoC designs Picture courtesy of Texas Instruments
  17. 17. May 4, 2011 17 TrustZone “Virtual” Secure Processor TrustZone provides a smaller virtual processor significantly reducing complexity & cost TrustZone provides a smaller virtual processor significantly reducing complexity & cost Picture courtesy of Texas Instruments
  18. 18. May 4, 2011 18 Virtualization and Security Virtualization often offered as a solution for security Virtualization focused on sharing of resources across many threads TrustZone solutions focus on simplicity to enable certification Future systems will require Virtualization and TrustZone Hypervisor Secure Kernel Secure Boot SecureApp Normal Secure Host OS Secure Driver Secure Driver Guest OS Secure Driver App App App Guest OS Secure Driver App App App Guest OS Secure Driver App App App SecureApp SecureApp Monitor App App App
  19. 19. May 4, 2011 19 P0 P1 P2 P3 SMP OS Multi-Core Software Model All cores in multi-core processors inherently contain TrustZone H/W Simplicity equals security – reduced attack vectors Single implementation of SecureOS on P0 – small footprint & blocking operation P1, P2, P3 implement simple stub to redirect secure requests to P0 It is possible to have multiple SecureOS instantiations however certification complexity grows exponentially. Normal World SecureOSSecure World TrustZone Device Driver Applications Stub Stub Stub
  20. 20. May 4, 2011 20 SEPIA – EU Funded research program Secure, Embedded Platform with advanced Process Isolation and Anonymity capabilities EU-funded research project in the 7th FRP 5Research Partners: Hardware & Infrastructure Lead Software & Security Lead Certification Lead Secure Element & Systems Lead Threat Analysis & Project Lead
  21. 21. May 4, 2011 21 Delivering Secure Applications Tamper Resist Storage Secure Crypto Exe EAL 5+ Certification Trusted Peripherals GPS, UI, Clock etc Authenticated Debug Trusted Boot TrustedAppsProcessor+SecureElement M obile Advertising Loyalty applications Em ailEncryption D R M SuperD istribution O ne Tim e Passw ord D ata Protection Access C ontrol Secure FO TA License M anagem entTicketingM obile TV M obile Paym ent M obile B anking “EMV” Certification Trusted RTE
  22. 22. May 4, 2011 22 Conclusion Security must be a major focus for the entire SoC industry In an increasingly connected world, and the Internet of Things it is critical to focus on the “who” as well as the “how” In power constrained devices we have to build security in from the ground up – not as an afterthought with layers of anti- virus software All platforms in the future are power constrained – from the connected washing machine to the green cloud-server
  23. 23. May 4, 2011 23 And Finally.....