1. May 4, 2011 1
Evolving
Trusted
Platforms
Haydn Povey
Director Marketing
Processor Division
ARM
2. May 4, 2011 2
Evolving the Mobile Internet
“More people in the world will have
their first interaction with the
Internet with mobile than with
laptop” Vinton Cerf, Google
“In mobile computing, the
opportunities for innovation are
particularly exciting.... The fact
that more than 3 billion people
around the world are connected
is unbelievable, yet that is less
than half the world’s population.
Steve Ballmer, Microsoft
... and malware and software threats are increasing exponentially
3. May 4, 2011 3
The Issue
Over 350,000 Android handset are shipped every day
Approaching 350,000 apps on Android store
Open mobile OS’s are a blessing... and a curse
Over 350,000 Android handset are shipped every day
Approaching 350,000 apps on Android store
Open mobile OS’s are a blessing... and a curse
4. May 4, 2011 4
Mobile Client of 2010
OEM/Operator “Store front
Web 2.0 apps mashups
OpenGL ES 2.0 graphics
Content and its usage in all
forms is driving
consumer demand
Internet
Games
Music
Books
Video
Cortex™-A8/A9
45/32nm
OpenGL ES 2.0 GPU
(Mali-400MP(
HD video DVC
TrustZone®
LTE 50Mbps DL
Multimode
40nm
Cortex-R4
WVGA AMOLED
screen
HDMI out
Apps processorDevice trends
Modem
Basic security
concepts
introduced
5. May 4, 2011 5
Mobile Client of 2013
Console gaming performance
Advanced video capability
Fast broadband
Enterprise applications
Advanced multi-
processing drives
new consumer
paradigms and use
Fast battery charge
New technologies
appear in batteries
for the first time
New generation MP
22nm
New generation GPU
HD video DVC: 60fps+
TrustZone and advanced
security
LTE 100Mbps DL
28nm
New generation processor
Device trends Apps processor
Modem
Advanced
system
security
capabilities
6. May 4, 2011 6
Security - Foundation of the Future
Integrated security is the key capability to enable the
next generation of services and applications across
many market segments
Seamless Payment Services
Integrated Content Management
The Internet of Things
7. May 4, 2011 7
Traditional Security Solutions
Security traditionally seen as separate and distinct
Enables the development of physical and electrical countermeasures
These applications remain vitally important, however the technology
significantly limit the functionality of those high performance
applications which demand security
In excess of 4 Billion devices per year Secure Elements are shippedIn excess of 4 Billion devices per year Secure Elements are shipped
8. May 4, 2011 8
SoC Platform Security Challenges
Definitions – Are we fighting the same battles?
Advanced threat models
Device-centric Malware vs. Class Breaks (iOS cracking(
Social engineering viruses vs significant Lab Attacks
Attack goals – gifted amateur or $$$mulit-million threat
Varying definitions of “security” creates significant market fragmentation
Hardware
Guidance & standard HW foundations required to enable SW ecosystem
Secure boot integration with UEFI, etc.
Processor requirements to enable best-in-class trust and security
System IP to deliver holistic security across the SoC
Role of secure element
Certification methodology
9. May 4, 2011 9
SoC Platform Security Challenges
Software
Lack of standards & low portability of code restricts ecosystem
Move to standard HW framework promotes code reuse
Enables the development of standard API within industry groups,
e.g. Global Platform (www.globalplatform.org(
Simplifies integration into rich OS WM, Android, etc.
Who cares about security?
End users are typically ignorant of security risks
Hence it falls to the content owners or banks to cover the risk
The stakeholder differ by market segment but have some common
members
10. May 4, 2011 10
Who Cares About Mobile Security?
Security is a Continuous Evolution – not a one time task
AppMNO ServiceOSOEMSoC User
SECURITY ATTENTION METER
11. May 4, 2011 11
Building Secure Platforms
Three fundamental alternatives
#1–Integration of separate secure element
Very low risk as SE are well trusted (EAL 5(+
Limited integration and low speed make them of limited use
#2–Integration of secondary secure processor
Provides a higher performance and focused alternative
Challenges around area cost, HW design, and separate SW code base
and integration with main application processor, OS and apps
#3–Leverage existing application processor
High performance and naturally integrated
12. May 4, 2011 12
Delivering A Trusted Virtual Processor
TrustZone has major advantages
over separate secure processor
solutions:
Performance
Security at full core MHz
All resources dynamically shared
Cost
The two isolated domains are
implemented in the same
machine with no HW duplication
System Approach
Security extends to entire
memory and peripheral systems
13. May 4, 2011 13
TrustZone Enabled Processors
TrustZone is in the DNA of all ARM Application Processors
Cortex-A5 MPCore
Cortex-A8 & Cortex-A9 MPCore
Cortex-A15 MPCore
Cortex-A15
Cortex-A9
Cortex-A5
14. May 4, 2011 14
Enabling Payment Solutions
On-Chip Secure RAM area protected with TrustZone Memory Adaptor
Keyboard and screen secured dynamically to protect PIN entry
Example solution based on ARM IP
15. May 4, 2011 15
Enabling Fully Secured Platforms
Addition of Crypto, Media Accelerators & DMA Controller for media handling
Protection of RAM and off-chip decode
Example solution based on ARM IP
16. May 4, 2011 16
TrustZone “Virtual” Secure Processor
Certification is traditionally a very lengthy and expensive process
for complex SoC designs
Certification is traditionally a very lengthy and expensive process
for complex SoC designs
Picture courtesy of
Texas Instruments
17. May 4, 2011 17
TrustZone “Virtual” Secure Processor
TrustZone provides a smaller virtual processor significantly
reducing complexity & cost
TrustZone provides a smaller virtual processor significantly
reducing complexity & cost
Picture courtesy of
Texas Instruments
18. May 4, 2011 18
Virtualization and Security
Virtualization often offered as a solution for security
Virtualization focused on sharing of resources across many threads
TrustZone solutions focus on simplicity to enable certification
Future systems will require Virtualization and TrustZone
Hypervisor Secure Kernel
Secure Boot
SecureApp
Normal Secure
Host OS
Secure Driver
Secure Driver
Guest OS
Secure Driver
App
App
App
Guest OS
Secure Driver
App
App
App
Guest OS
Secure Driver
App
App
App
SecureApp
SecureApp
Monitor
App
App
App
19. May 4, 2011 19
P0 P1 P2 P3
SMP OS
Multi-Core Software Model
All cores in multi-core processors inherently contain TrustZone H/W
Simplicity equals security – reduced attack vectors
Single implementation of SecureOS on P0 – small footprint & blocking
operation
P1, P2, P3 implement simple stub to redirect secure requests to P0
It is possible to have multiple SecureOS instantiations however
certification complexity grows exponentially.
Normal World
SecureOSSecure World
TrustZone Device Driver
Applications
Stub Stub Stub
20. May 4, 2011 20
SEPIA – EU Funded research program
Secure, Embedded Platform with advanced Process Isolation and Anonymity
capabilities
EU-funded research project in the 7th FRP
5Research Partners:
Hardware & Infrastructure Lead
Software & Security Lead
Certification Lead
Secure Element & Systems Lead
Threat Analysis & Project Lead http://www.sepia-project.eu/
21. May 4, 2011 21
Delivering Secure Applications
Tamper Resist Storage
Secure Crypto Exe
EAL 5+ Certification
Trusted Peripherals
GPS, UI, Clock etc
Authenticated Debug
Trusted Boot
TrustedAppsProcessor+SecureElement
M
obile
Advertising
Loyalty
applications
Em
ailEncryption
D
R
M
SuperD
istribution
O
ne
Tim
e
Passw
ord
D
ata
Protection
Access
C
ontrol
Secure
FO
TA
License
M
anagem
entTicketingM
obile
TV
M
obile
Paym
ent
M
obile
B
anking
“EMV” Certification
Trusted RTE
22. May 4, 2011 22
Conclusion
Security must be a major focus for the entire SoC industry
In an increasingly connected world, and the Internet of Things it
is critical to focus on the “who” as well as the “how”
In power constrained devices we have to build security in from
the ground up – not as an afterthought with layers of anti-
virus software
All platforms in the future are power constrained – from the
connected washing machine to the green cloud-server