The maker of Android’s primary mobile processing units, Arm, has now announced a new IP that promises to finally begin addressing the physical aspects of IoT security problems. More directly, the company introduced the first of its Cortex-M processors – the Cortex-M35P – to deliver both anti-tampering technologies and software isolation to the chips used in IoT. Its enhanced security IP will be present in every processor marked with a “P” designation going forward. The IP is said to offer better protection against close proximity side-channel attacks, such as power and electromagnetic analysis. Moreover, this won’t just apply to IoT implementations for smart home devices or industrial enterprise terminals. The security found in the Cortex-M35P processor can also support ISO 26262 certification, making it a great option for inclusion in the automotive industry.
As to the technology itself, Arm has revealed that the new IP is based on the Arm SecurCore processors predominantly found in smart cards and credit card applications. The software side of security, on the other hand, includes Arm TrustZone. That’s Arm’s hardware-separation-based solution which keeps unsecured software from accessing secured software. In addition to the new security’s inclusion in the Cortex-M35P processor, Arm has also brought the standard to its CryptoCell and CryptoIsland security IPs. More directly, that will be included in the Arm CryptoCell-312P and Arm CryptoIsland-300P.
The overall goal of the new IP is to address concerns resulting from the increasingly broad attack surface presented to would-be attackers by the IoT ecosystem. It’s intended to halt the leak of information at its source, rather than depending on strong encryption or masking of data to prevent attacks. It also appears to be a great start to solving the inherent problems of the IoT. In the simplest terms, the new IP should help prevent attackers who gain access to a node within an IoT network from stealing data as IoT applications move data between nodes. Bearing that in mind, it goes without saying that this won’t apply to older IoT devices and will depend on implementation by SoC makers. So it’s not going to solve the problems with security overnight but should be useful in getting things moving down a more secure route.
