ARM mbed at Embedded World 2017: Enabling a truly secure IoT
Visitors at Embedded World 2017 in Nuremburg will have the chance to hear from two of mbed’s security experts, Peter Aldworth and Milosch Meriac, as they each tackle one of the most vital challenges faced by every industry adopting IoT: how to enforce strong, reliable security that spans from the chip, all the way to the Cloud.
The importance of strong entropy for IoT device security
Peter Aldworth will be speaking during the Exhibitor’s Forum (with free attendance for anyone with an exhibition pass), presenting his case for strong entropy as the most vital cornerstone to ensure true end-to-end security, from silicon to services.
To that end, his presentation covers the theory of strong entropy and its relation to security, as well as the important considerations for designers of IoT. Key takeaways include how device security must be implemented to support Transport Layer Security, TLS, and positions hardware entropy sources (e.g. True Random Number Generators, TRNGs) as recommended for IoT devices.
High-End security features for low-end microcontrollers
Milosch Meriac’s technical session will be presented on Day 1 of the conference. In his talk, he will present components for enabling highly granular and yet lightweight system level security features used in combination with new ARMv8-M cores.
Although connected microcontroller systems are ubiquitous, the security measures found on these systems commonly lag behind mobile application processors and desktop CPUs by more than twenty years. The result of this shortcoming is that potential remote attackers can have an easy game to escalate application bugs to system privileges. Once malware becomes resident, the system turns irrecoverable.
High-end embedded systems security solutions enable fine-grained access control and process separation by implementation of the ‘Principle of Least Privilege’. Usually such security measures are implemented using memory management units (MMU). The MMU hardware allows the OS to control, on a fine-grained level, which peripherals or memories are accessible in which context. The equivalent hardware security components to MMUs on microcontrollers are memory protection units (MPU).
Recent embedded operating systems for microcontrollers are starting to use MPUs for implementing spatial and temporal process isolation, but commonly at very high costs in terms of call-latencies and loss of real-time properties. The new ARMv8-M security architecture enables high-end hardware security features for microcontrollers that, until now, have only been available to high-end mobile applications and desktop CPUs.
In his presentation, Milosch will introduce examples to show how an OS can utilize ARM TrustZone technology, MPU and AMBA AHB5 to implement process isolation, without impacts to real-time capability of the system. His talk will also address accelerating common security requirements for features like dynamic secure memory allocation during runtime, flexible inter-security domain communication and peripheral-protection - all on a per-process level on MMU-less microcontrollers.
In addition, he’ll present how TrustZone technology enables secure boot and allows microcontroller systems to recover even when part of the system is being attacked and compromised.
To learn more, visit Peter and Milosch’s session during EW 2017 or visit the ARM booth in Hall 3 at Stand 342.