Right-sized Security for IoTMike Eftimakis

IoT Product Manager, ARM

Case study – Tape-out a secure IoT chip in 3 months!

Selecting the “Right Size” for IoT security

HW Attacks Physical access to device – JTAG, Bus, IO Pins Well resourced and funded Time, money & equipmentSoftware Attacks

Buffer overflows Interrupts Malware

Communication Attacks Man In The Middle Weak RNG Code vulnerabilities

Cost/Effort To Attack

Cost/Effort to Secure

Non scalable

IoT Subsystem

for Cortex-M

eFlash

Interconnect

Flash Cache

eFlash

Flash Cntl

SRAM Controller

APBPeripheralsSRAM SRAM SRAM SRAM

ProcessorCortex-M

Cor

eSig

ht S

oC

mbed OSDevice Drivers

Application

BeetleTest chip

Power Management

TRNG

APBBridge

Cordio Radio

ARM® mbed™ OS(including mbed TLS, mbed uVisor)

TRNG(from ARM TrustZone® CryptoCell)

ARM IoT Subsystem for Cortex®-M

ARM Cortex-M3

ARM Cordio® Radio

Device management Support for bootstrapping /

provisioning / refurbishing / decommissioning

Behaviour monitoring

Device integrity Protect from untrusted software Allow recovery from attack

Asset protection Prevent access to certain

resources

Data Security Keep data confidential Prevent data alteration

Physical Security Anti-tampering protection

Future-proofing Keep firmware up-to-date

Device security

Communications security

Lifecycle security

Link encryption Prevent eavesdroppers to listen

Authentication Guarantee identity of endpoint / server

Anonymity/Confidentiality Keep identity unknown to eavesdroppers Prevent traceability

Implement OMA LWM2M

Implement TLS

Root of Trust + Chain of Trust

HW backed partitioning

(MPU)

Implement Dual Flash bank + Secure FoTA

HW backed partitioning

(MPU)

Partition SW Resource

IoT node Cloud

Disrupt device

Observe / corrupt data

Access protected network

Damage cost = value of lost dataor side information (presence…)

Damage cost = value of lost cloud dataor value of the network infrastructure

Damage cost = value of disabled nodeor value of lost node data

× Scaleof network!!!

Estimate threats for your application

“Security” has different meanings

Device managementSupport for bootstrapping / provisioning / refurbishing / decommissioningBehaviour monitoring

Device integrityProtect from untrusted softwareAllow recovery from attack

Asset protectionPrevent access to certain resources

Data SecurityKeep data confidentialPrevent data alteration

Physical SecurityAnti-tampering protection

Future-proofingKeep firmware up-to-date

Device security

Communications security

Lifecycle security

Link encryptionPrevent eavesdroppers to listen

AuthenticationGuarantee identity of endpoint / server

Anonymity/ConfidentialityKeep identity unknown to eavesdroppersPrevent traceability

Select the“right-sized” security!

Security is expensive

Need to understand the threats

Use threat model adapted to IoT