Professional Documents
Culture Documents
Author:
T hrough a combination of integrated
hardware and software components,
There are several security scenarios that
are causes for concern. The first is the
Tiago Alves and Don Felton, ARM ARM’s TrustZone™ technology provides potential to rapidly propagate viruses over
the basis for a highly-protected system a mobile network through a user’s phone
Synopsis: book, with the worst-case outcome being
architecture, with minimal impact to the
The rising interest in solutions for
core power consumption, performance or denial of the operator’s service – essential-
trusted computing is largely driven
area. TrustZone is a safe execution envi- ly bringing down the wireless network.
by the potentially severe economic
ronment that enables semiconductor and The second threat model involves the vul-
consequences of failing to ensure
security in embedded applications. OEM developers to incorporate their own nerability of end-users’ private data – for
application-specific security measures in example, private keys for enabling finan-
Ensuring security in both wired and tandem with their own hardware and soft- cial transactions or banking applications,
mobile applications has become ware IP. TrustZone software components email messages and remote access to cor-
imperative. Making an embedded are a result of a successful collaboration porate networks. The inability to safely
product safe from malicious attacks with software security experts, Trusted hold this type of information on a mobile
has consequences for hardware and Logic, and provide a secure execution terminal may inhibit the growth of such
software design, as well as the physical environment and basic security services services. Viruses also have the potential to
attributes of the design. It is now such as cryptography, safe storage and disrupt operation of the phone itself – for
accepted that the best protected integrity checking to help ensure device example, blocking calls within the radio
embedded systems must have and platform security. By enabling securi- cell.
security measures designed-in from ty at the device level, TrustZone provides a
the outset, starting with the specification platform for addressing security issues at Within the mobile phone sector, security
for the processor or CPU core. issues with handset identity codes cost the
the application and user levels.
industry billions of dollars every year. The
ARM is enabling system security by Why is Security So Important? unique International Mobile Equipment
integrating protective measures into There are many examples of the very sig- Identity code (IMEI) is a 15-digit code used
the heart of its cores and providing nificant costs associated with the failure of
secure software to complement the to identify an individual GSM mobile,
embedded systems to resist malicious while SIMLock should ensure that a hand-
efforts of semiconductor manufacturers,
attacks. These span multiple applications set can only be used with the subsidizing
product OEMs and operating system
partners. For OEM partners, the issue
and industry segments, and include both operator’s SIM card. On many handsets,
of platform integrity has become direct costs and lost revenue opportunities. both of these codes can be broken with lit-
paramount. For network operators The need to improve security has been tle effort. The result of this is an opportu-
and content providers, concerns over particularly driven by the ever-increasing nity for fraud to be committed on such a
digital rights management (DRM) spread of wireless systems that encompass scale that some statistics suggest it is driv-
and m-commerce are growing. data services and payment applications. ing 50% of street crime1 through mobile
phone thefts.
The technical issues associated with the
realization of data services over mobile Protection of digital content through digi-
devices provide both a revenue opportuni- tal rights management is another impor-
ty, but also a threat to security. A smart- tant area where security is becoming a
phone optimized primarily for data servic- mandatory requirement for consumer
es requires that the terminal becomes an protection, as well as the protection of
open platform for software applications. commercially valuable content.
Whilst this is essential to deliver the full
range of user applications and services, it The significant growth in wireless connec-
also means that the mobile device tivity is also elevating security to the top of
becomes more vulnerable to attack. the list of functional system requirements.
The growth of wireless LAN is one aspect endusers will be able to buy resources to domain. What is really required is a solu-
of this, but the opportunity for pervasive enhance their game-playing experience. tion that enables debug without compro-
wireless connectivity, such as offered by mising security.
Bluetooth™ and other similar standards, For manufacturers, security will become
presents a potentially more widespread an issue of competitive differentiation. The successful deployment of trusted com-
security challenge. With truly mobile com- Handset devices with inappropriate levels puting within portable and wireless equip-
puting, computers are no longer restricted of security will be left on the shelves. ment depends on being able to address
to equipment that users or administrators these key open issues.
manage themselves. Consequently, securi- At a corporate level, the adoption of
The Options for Security
ty must be considered in many devices as mobile information appliances will be
There are a number of possible approach-
a fundamental implementation issue. limited by the ability to demonstrate pro-
es to building security measures into
tection for company assets. The use of
embedded systems.
Economic Value in Security Issues smartphones and wireless networks in the
Practically every security issue can be corporate environment brings a new One option is to add a hardware security
related back to economic value, touching range of vulnerabilities. Unsurprisingly, module to the design. This approach suf-
every point in the industry value chain. companies have demonstrated a willing- fers from all of the restrictions inherent in
This includes content owners and ness to pay for more robust security in any pure hardware solution. Pure hard-
providers who need to be able to protect mobile systems. ware solutions are inflexible; they cannot
and charge for their content and services, easily be adapted to cater for new security
and be able to take advantage of new Open Industry Issues
functions. Obviously if an error is discov-
business models; service providers who There are a number of possible approach-
ered it cannot easily be fixed without a
must protect their networks against mali- es to building security measures into
costly design re-spin. Additionally, adding
cious use and provide efficient channels to embedded systems.
hardware IP adds manufacturing cost to
reach end users; and the end users them- the design and can have an adverse affect
selves who want privacy, protection from Much of the effort towards implementing
on power consumption.
street and cyber crime, but with conven- embedded security solutions to date has
ience and the freedom to choose their been focused on building security features Off-chip hardware, such as co-processors
source of service. into operating systems (OS). However, the and storage, offer another approach to
fact that OS are by definition open, and embedded security, enabling the accelera-
Fraud of any kind has an economic cost, extremely complex software systems, tion of demanding cryptography algo-
often in lost revenues as a result of coun- makes it difficult to provide robust securi- rithms, for example. However, adding a
terfeiting or abuse of digital media rights. ty solutions based on the OS alone. second processor to the system adds to the
For example, telecommunication frauds cost, complexity and power budget.
The lack of common security elements
are estimated to cost the industry more Additionally, this approach may not pro-
across different platforms is obstructing
than a billion dollars yearly.2 One of the vide the fundamental level of security
the development of integrated security
biggest contributors to that cost is the required in the CPU processing and oper-
solutions. With no standards in place,
cloning of cellular handsets. ating systems. The nature of the physical
implementation of embedded security
implementation means that traffic may
measures has been fragmented, costly and
For end users, there may be loss of person- be exposed between the core processor and
consequently adoption has been slow. Up
al funds as a result of electronic theft. In the off-chip device, and it may not be pos-
to now, many OEMs have developed their
the wider context, research has demon- sible for the CPU device to ascertain the
own software modules based on the exe-
strated that enabling easy and secure pay- integrity of the off-chip device – it may be
cution of a secure execution mode outside
ment systems can boost consumer spend- removed and interfered with. Performance
the CPU or OS. Inevitably this approach
ing on credit by up to 20 percent. may be an issue, as with any off-chip pro-
will be less safe than a solution that inte-
cessing.
grates hardware, OS and application
Better security will enable new revenue
measures.
streams and different business models for SIM cards have a role to play in securing
some industries. For example, the current The implementation of security measures wireless embedded systems. The strength
use of credit cards for web-based transac- requires the application of techniques that of the traditional SIM card in enabling
tions can be an expensive overhead when can inhibit the development and debug security within the handset is predomi-
used for very small transactions, or ‘micro- process. Currently, some manufacturers nantly in guarding against physical
payments’. Better security measures will provide special pre-production debug- attacks. There are two opposing trends in
reduce the risk of using credit cards for gable handsets to developers to help accel- SIM card development. One trend is
micro-payments, thus reducing the trans- erate the application development towards more functionally capable SIM
action cost. The likely outcome is the gen- process. However, this can compromise cards, or ‘Super SIMs’, containing larger
eration of new revenue streams for indus- security measures if these handsets memory and having more processing
tries such as online gaming, where become available within the public power.
ponents include the Monitor software, drivers and task modules. This may For data such as a secure key, it would be
which enables the interface between the include real-time DRM codecs, proprietary unacceptable to allow non-secure expo-
Secure and Non-Secure worlds, the Secure encryption protocols and proprietary sure for even one CPU cycle, as that would
Kernel, Secure Drivers and Boot Loader, secure communication protocols. risk the key being captured through the
and basic secure software services that will use of a logic analyzer. Processing such
be provided by ARM as part of the soft- Enabling Secure-Aware Applications data should be kept entirely within the
ware solution. The TrustZone environment enables secu- TrustZone environment.
rity measures to be applied at many levels
The TrustZone-optimized software is an within a complex embedded system. For something like the PCM audio output
evolution of the Security Module devel- from a DRM codec, it might be acceptable
oped by Trusted Logic, which operates as a Non-secure operations will be run com-
for the output to be exposed for short peri-
secure kernel. This can be ported to any pletely within the OS with no help from
od before the integrity checker blocks it.
ARM CPU, and provides security roadmap TrustZone. Although the OS may have its
For this type of secure-aware application,
compatibility for future TrustZone devices. own security measures, securing a com-
TrustZone supports integrity checking to
The Security Module by Trusted Logic and plete OS to the standards of the security
provide confidence that the output chain
the TrustZone-optimized software enjoy certification authorities can be impracti-
has not been tampered with. Integrity
the same security protocols, which means cal. To enable security within the OS,
checking and most of the security services
that secure applications that are devel- TrustZone can provide integrity checks
provided by the TrustZoneoptimized soft-
oped for the Security Module will be com- against attacks in three ways. First,
patible with TrustZone-enabled devices.
Monitor
has exclusive access to dedicated protected Kernel drivers drivers
Normal OS
memory, dedicated persistent storage, SIM
card, crypto-accelerators and a possible
trusted user Interface. By way of security
services, it provides integrity checking Boot-
(SIMLock, IMEI protection, secure boot), Loader
access control, secure storage and cryptog-
raphy services. Future services may
include frameworks for DRM, digital sig-
Normal OS Secure
nature and e-banking. services
app.
TrustZone can have multiple layers of API
SW Provided
depending upon the target application by ARM
requirements. A number of key APIs will
be made publicly available to assist in the
proliferation and standardization of the
TrustZone solution. These include: Figure 3: Elements of the TrustZone Software
• TrustZone Generic API provides a
simple message-passing interface. It is
TrustZone can verify that the OS is unal- ware can be implemented in one of two
designed to enable low-level communi-
tered before booting it. During run time, ways. A simple TrustZone access driver will
cation across the security boundary.
TrustZone verifies that critical paths provide a communication channel for the
• TrustZone Security Channel API is
remain unaltered. Finally, a restricted set integrity checking to be performed with
a more tightly-defined interface API
of approved functionality can be executed complete independence from the OS.
designed to allow access to commonly-
safely within TrustZone – a private space Alternatively, an in-built OS security fea-
available security functionality that
remote from the main OS. ture, such as a cryptography API, can
resides behind the TrustZone security
interface directly with TrustZone to facili-
barrier. This API can be expanded with
Different operations have different tate integrity checking or the usage of any
proprietary extensions as appropriate
requirements for security services, placing other service.
for tasks in the Security Module.
varying demands on the CPU and
For developers working within the Security TrustZone execution environment. While For service operators wishing to perform
Module, two further APIs will be available: data in a protected format (e.g. encrypted) protected transactions such as over-the-air
• The Security Module Internal API can be passed around by an OS with little upgrades, it can be desirable to have a
• The Security Module HAL API risk, issues occur when something has to security facility that is completely inde-
be done with that data – i.e. it is used. Any pendent of the handset and the OS. This
These provide access to the internal work- time that secure data is actually trans- could be enabled by using a Trusted
ings of the Security Module to allow devel- formed there is a danger of it being inter- Interpreter (based on the Small Terminal
opment or porting of function-specific cepted. Interoperability Platform specifications -
Normal App's
General Secure- Device security at the device
DMC Specific
Normal OS App's aware level, TrustZone provides
Shared TCM
4/8/16K Bytes Application Task
or a platform for addressing
Simple security issues at the
services application and user lev-
Normal Generic OS Trust
SSMC
FLASH
General Secure-
DMC
Normal App's
App's aware Trusted App's industry, and ensure that
Normal OS Shared TCM
4/8/16K Bytes Application timetomarket benefits
Device Security and cost efficiencies are
Specific Services Trusted ultimately available to
Normal Generic OS Trust Task Interpreter
semiconductor, OEM, OS
SSMC
FLASH