Arm announced this week the launch of its Platform Security Architecture (PSA), defining it as a secure foundation for connected devices (which it forecasts at a trillion by 2035). The PSA is essentially a common framework for scaling connected device security, with broad ecosystem support from industry partners. It leverages Arm’s open source reference firmware, the Trusted Firmware-M. In addition to the PSA launch, Arm also announced two new silicon Intellectual Property solutions for building secure systems: Arm TrustZone CryptoIsland-300 (to kick start a new line of security enclaves) and Arm CoreSight SDC-600 (a secure debug channel).
Registered users can unlock up to five pieces of premium content each month.
Log in or register to unlock this Insight.
Industry Framework for the IoT
|
NEWS
|
Arm announced this week the launch of its Platform Security Architecture (PSA), defining it as a secure foundation for connected devices (which it forecasts at a trillion by 2035). The PSA is essentially a common framework for scaling connected device security, with broad ecosystem support from industry partners. It leverages Arm’s open source reference firmware, the Trusted Firmware-M. In addition to the PSA launch, Arm also announced two new silicon Intellectual Property solutions for building secure systems: Arm TrustZone CryptoIsland-300 (to kick start a new line of security enclaves) and Arm CoreSight SDC-600 (a secure debug channel).
Platform Security Architecture
|
IMPACT
|
Arm’s vision is to provide security across the entire value chain, and scale it to the smallest, low-cost devices to deploy secure connectivity and management solutions. The core concepts of the PSA are to first analyze IoT threat models and extract relevant security analysis for a specific implementation. Then, PSA can be used to architect security by using industry-approved hardware and firmware specifications, notably those that can provide device identity, trusted boot sequence, secure OTA software updates, and certificate-based authentication.
The PSA is OS agnostic, but as part of the platform, Arm is proposing its own reference firmware with the Trusted Firmware-M, as well as new secure IP components. The Firmware-M targets Armv8-M systems and the source code is planned for release in 2018. In relation to the new IP, CryptoIsland is targeted at applications leveraging LPWA communication, storage, and automotive, while the CoreSight is specifically designed for IoT use cases.
Supporting the PSA launch are a host of industry partners that Arm has managed to coopt, including OEMs and semiconductors, software and OS developers, security outfits, systems vendors (notably MNOs and infrastructure players), and cloud providers. Collaboration with many of the vendors is key to widespread support and adoption of the PSA.
Silicon to Cloud Model
|
COMMENTARY
|
Arm is one of many vendors offering a secure platform for the IoT. In the past year, there has been an emergence of service-based secure IoT solutions aligned to the Arm model. Anchoring the trust in silicon is an enabler for secure systems, and there is an opportunity to provide services all the way to the cloud that can secure embedded systems and interconnected applications.
Such services start at the hardware level (with trusted computing and protected storage), providing security all the way to the backend infrastructure (often in the cloud). The idea is to leverage embedded security features to provide identity management, device provisioning, authentication, authorization, and access control, secure OTA delivery, and encryption key and certificate management. These core services are offered under an umbrella term called device lifecycle management where the device is continuously managed post-market until end of life, focusing on trust management, product security and service integrity.
Device lifecycle management is a new service offering on the IoT market from a chip to cloud perspective. There have been IoT application and cloud enablement platforms for several years, but this specific service seeks to provide a true end-to-end secure lifecycle management solution, where hardware security plays a pivotal role. These management services are primarily targeting high growth markets for IoT adoption, notably industrial, smart utilities and cities, connected cars, wearables and the retail, advertising and supply chain. Arm will have to contend with several other vendors in the space, notably:
-
Rambus CryptoManager (CM) Trusted Services platform and IoT Device Management, which includes Security Engine IP for SoC
-
Intertrust Seacert (PKI for IoT)
-
Entrust ioTrust (Identity Issuance, Management, & IoT Policy Management)
-
GlobalSign IoT PKI (partnership with IIC) leveraging Infineon (OPTIGA TPM) and Intrinsic ID (device fingerprinting tech)
-
Verimatrix Vtegrity (device, communications & service integrity) and Verimatrix Trust Authority
-
Intel Secure Device Onboard (Intel SDO) with Intel EPID (embedded in silicon) alternative to PKI
-
Gemalto Trusted Service Manager.
Finally, it is important to note that these silicon-to-cloud service models are all fairly nascent, having emerged this year or at the earliest, last year. As such the market is fragmented, full of new service offerings, and therefore open to penetration for a company that has core expertise in hardware security.
