ARM Introduces IoT Platform Security Architecture at TechCon 2017

For most of its history, ARM has been known for the highly-efficient chips that helped drive the development and popularity of the smartphone and fuel the mobile device movement that steamrolled rival Intel.

While that maturing market is still important to the company, since its acquisition last year by Japanese IT giant SoftBank for $32 billion, ARM has begun to focus even more tightly on the burgeoning internet of things.

That focus is on display this week at the company’s TechCon 2017 show here. ARM has always had a natural role in IoT technology, with many of its low-power system-on-a-chip (SoC) designs finding their way into not only smartphones and tablets but also embedded systems. The company three years ago also launched its Mbed IoT platform and operating system for internet-connected devices. It has since added the Mbed Cloud for improved device management and security.

At the TechCon show Oct. 24, ARM officials introduced a framework for developing secure connected devices that they hope the industry will adopt to help drive the scalability of the IoT. Called the Platform Security Architecture (PSA), the framework includes IoT threat models and security analytics capabilities, hardware and firmware requirements and specifications, and a reference open-source implementation of the firmware spec called Trusted Firmware-M.

At the silicon level, the company unveiled on-die threat mitigation technology as well as an extension to its Mbed Cloud platform—called Mbed Edge—to help product designers, developers and businesses better secure the various devices, such as gateways, that sit between the end devices and the cloud.

ARM’s efforts in the IoT accelerated after the SoftBank acquisition, when the SoftBank Chairman and President Masayoshi Son addressed the TechCon 2016 crowd and offered a vision of 1 trillion connected devices.

It’s a tall order, Dipesh Patel, president of ARM’s IoT Services Group, said during his keynote address, but it’s one the company is aiming for. Both he and ARM CTO Mike Muller said that for that scalability to become a reality, people have to trust the connected devices.

“Security can’t be optional for the IoT to scale,” Muller said from the stage.

Patel noted that at the current rate of growth, the number of connected devices worldwide will hit 62 billion in 10 years and 125 billion in 20. But Patel argued that as the value of the IoT and the data it generates becomes more apparent to businesses, the growth will accelerate, bringing the industry closer to that goal of 1 trillion devices.

Over the course of their talks, both Muller and Patel spoke about the need to make the IoT secure and trustworthy, and the PSA framework will drive that security, they said. It’s essentially a recommended architecture that includes a version of its TrustZone technology with specifications and requirements that can be used to build more secure IoT devices and platforms.

Developers and businesses could the use the Mbed Cloud to manage these devices with such capabilities as over-the-air updates to ensure that the devices are as secure as possible.

In the SoC, the company is introducing Simple and Differential Power Analysis (SPA/DPA) and Simple and Differential Electromagnetic Analysis (SEMA/DEMA) to protect against hackers trying to compromise confidential information—such as a secret cryptographic key—by analyzing the power consumed by an integrated circuit during operations and the electromagnetic fields created during the operations. Through the analyses, the SoC will be able to detect intrusions and attacks, officials said.

Continues on page 2…