Beyond TrustZone Security Enclaves - armkk-event.com

9 © 2017 Arm Limited New solution for authenticated debug access –SDC-600 Hackers can abuse debug interfaces to gain access to the chip. Arm addressin...

24 downloads 483 Views 2MB Size
Beyond TrustZone Security Enclaves Reed Hinkel | Senior Manager Embedded Security Market Develop

© 2017 Arm Limited

Part2 – Security Enclaves Tech Seminars 2017

Agenda New security technology for IoT •

Security Enclaves – CryptoIsland



System IP for debug



Dev boards & chips

GlobalPlatform TEE •

OTA and RoT topics

Summary

2

© 2017 Arm Limited

In a connected everything World…

What level of security robustness do you need?

3

© 2017 Arm Limited

Security is a balance… Cost/effort to attack

Secure Element Security enclave or subystem SW & HW Attacks •

TrustZone based TEE/PSA



Physical access to device – JTAG, Bus, IO Pins, Time, money & equipment

Software Attacks & lightweight hardware attacks • • •

TLS/SSL

Buffer overflows Interrupts Malware

Communication Attacks • • •

Man In The Middle Weak RNG Code vulnerabilities

*Trusted Execution Environment / Secure Partitioning Manager

Cost/effort to secure 4

© 2017 Arm Limited

Beyond TrustZone - Security enclaves A programmable security enclave to extend fixed function CryptoCell family. TrustZone CryptoIslands - an additional family of security solutions by Arm.

Debug CoreSight SoC

System SRAM

Host CPU

SRAM Cntl Instruction cache

TrustZone filters

SoC Alwayson domain

interconnect

Aimed at providing on-die security services, in a physically isolated manner (host CPU agnostic).

TrustZone Filters Flash Controller(s)

CryptoIsland Isolating I/F Secure CPU

Axiom: less sharing of resources leads to smaller attack surface and fewer vulnerabilities. Certification, at a reasonable cost (i.e. reuse). 5

© 2017 Arm Limited

Flash (internal / external)

Boot ROM Secure RAM

Secure Always On

APB peripherals

Alarms Roots of Trust

Cryptography LCS Mgr

APB bridge

Debug control

Power Control

Example: PSA with CryptoIsland on Armv8-M CryptoIsland is providing services to the Trusted Partitions and/or implements some of these trusted functions. Non-secure processing Environment

Arm v8-M: non-secure processing environment

Arm v8-M: secure processing environment

Secure processing environment (SPE)

CryptoIsland security enclave

6

© 2017 Arm Limited

Example: PSA with CryptoIsland on Armv7-M The Secure Processing Environment (SPE) is in CryptoIsland.

Arm v7-M: non-secure processing environment

CryptoIsland security enclave

7

© 2017 Arm Limited

CryptoIsland-300: the first family member We are forming a 1st security enclave out of existing and mature HW components (CPU, CryptoCell, interconnect, filters, mailbox, power control…) •

The SW and tools is where a lot of the effort is going invested!

Key point is preserve an identical “touch and feel” from the SW perspective, so the isolation/robustness choice explained earlier won’t impact the higher layers. •

Allowing different implementations to be interchangeable

Example target applications: LPWAN, Storage, Automotive, General purpose MCUs…

8

© 2017 Arm Limited

New solution for authenticated debug access – SDC-600 Hackers can abuse debug interfaces to gain access to the chip.

Socrates

Debug Subsystem

Arm addressing this misuse by enabling debug authentication on our partners’ silicon.

CoreSight SoC

Alternative to blowing e-fuse on debug port. SDC-600 Secure Debug Channel

SDC-600 (Secure Debug Channel) enables certificate based authentication handshake with external agent.

CryptoIsland

Isolating I/F Secure CPU Boot ROM Certificate

Secure RAM

Debug control Secure Always On Alarms

Cryptography LCS Mgr

9

© 2017 Arm Limited

Roots of Trust

SoC Host CPU

The Secure Debug Manager knows how to do the crypto to generate an unlock certificate for CryptoCell – or other unlock technology the target supports

Following certificate installation the APs are enabled, allowing external debug access 10

© 2017 Arm Limited

New dev board for PSA development - Musca-A1! Ready for PSA development Cortex-M33 based dev board. Used for internal software development. Test chip built on PSA recommendations. •

PSA development platform

Prototype your system Available now

11

© 2017 Arm Limited

Musca-A1 boards

Come to Arm booth to see Musca-A1!

Musca-A1 – PSA development platform

CoreSight SoC

Cortex-M33 Instruction Cache

Cortex-M33 Instruction Cache

IDAU

Secure Debug

IDAU

Other Arm IP Arm CoreLink SDK-200 IP

Local SRAM

TrustZone Filters

Cadence IP Always-on domain

Other

Power Control

Multi-layer AHB5 interconnect TrustZone Filters

TrustZone Filters

AHB5 interconnect

APB Peripherals

GPIO

I2C

master

PWM

Cordio BLE / 802.15.4

UART

Code SRAM

I2S

(digital part)

CoreLink SSE-200 subsystem

QSPI

Cordio BLE / 802.15.4

SPI

TrustZone Cryptocell

32MHz oscillator

PLL

RTC

SRAM Controller

32kHz oscillator

APB Bridge

SRAM Cntl

System SRAM

APB Bridge

32 MHz

TrustZone Filters

TrustZone Filters

32 kHz

AHB5 code interface

(RF part)

Musca-A1 12

© 2017 Arm Limited

Agenda New security technology for IoT •

Security Enclaves – CryptoIsland



System IP for debug



Dev boards & chips

GlobalPlatform TEE •

OTA and RoT topics

Summary

13

© 2017 Arm Limited

Arm TrustZone based TEE architecture A reminder of the architecture Normal world code

Trusted software

Payment

Apps

Trusted_Apps

DRM

EL1 EL2 Arm Trusted Firmware

Device drivers

Secure device drivers

Rich OS

Trusted OS

Hypervisor

SMCCC

PSCI

Payload Dispatcher

Trusted Boot

GlobalPlatform standardization TrustZone-based TEE Common foundation

Hardware Interfaces Key Trusted SW/HW

Arm Cortex-A

SoC Subsystem Physical IP

14

© 2017 Arm Limited

Graphics

CryptoCell

Video

Secure store

Initial ROT and security subsystem

GlobalPlatform & TEE GlobalPlatform is a Standards Defining Organisation: it is the home of TEE.

15



Defines APIs and Trusted services



Compliance program



TEE Protection Profile



Security certification program



Over the Air TEE management – Trusted Management Framework & Open Trust Protocol (PKI & JSON based)

© 2017 Arm Limited

OTA management of TEE is a market requirement

A new capability – standards based OTA TEE management OTrP* is being developed as an option in TMF & compatible with GlobalPlatform TEE System Architecture.

Secure Code Image Dev

Main features: •

A specific PKI architecture and trust anchors



A high level (JSON-based) message protocol



A REE Agent for communication with TAM/TSMs



A set of mandatory services from the Boot TEE and Bootstrap Domain

Image Delivery Server

TAM

TEE Device Certificate Authority *Open Trust Protocol is being developed as an option for Trusted Management Framework

16

© 2017 Arm Limited

TEE Device

Root of Trust is the foundation for secure services

TPM

PC

RoT = Trustworthy hardware & security functions

Cloud

Mobile & IoT

TEE & / or Security subsystem / SE

HSM

A Root of Trust, is a hardware device and a runtime environment that provide a set of trusted functions from which an initial chain or trust can be derived. It is the trust anchor for the system

17

© 2017 Arm Limited

TrustZone based TEE + extended Root of Trust example Normal World IoT developer writes Apps on top of his/her chosen OS

Secure World = Trusted code (Trusted OS/Libs) + Trusted Apps/functions + Trusted hardware

Security subsystem Reduced attack surface Protection from physical & side channel attacks Developed by security specialists 18

© 2017 Arm Limited

TrustZone based TEE + security subsystem option An additional security layer Applications Arm TrustZone based TEE for trusted functions

Execution environment isolation RoT mgmt Rollback protection

Lifecycle management

Debug authentication

Data protection Secure (off-line, manufacturing runtime)

SW SW validation & Cryptography updates decryption validation RNG Persistent trusted storage 19

© 2017 Arm Limited

Security subsystem e.g. Arm CryptoCell for RoT services

TrustZone family of security IPs provides protection from physical & SW attacks

Summary

© 2017 Arm Limited

Key take-aways… Arm has launched CryptoIsland - a new family of Security enclaves by Arm •

Provides a robust Root of Trust with some programmability



Creates another layer of hardware security beyond TrustZone

Arm has launched SDC-600 for certificate based control of debug

The TrustZone based TEE for Cortex-A is gaining a simple OTA management protocol •

OTrP provides a PKI based trust architecture and high level JSON protocol

Arm is making robust security easier, quicker and cheaper to implement! 21

© 2017 Arm Limited

Thank You! Danke! Merci! 谢谢! ありがとう! Gracias! Kiitos! 22

© 2017 Arm Limited

The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. www.arm.com/company/policies/trademarks 23

© 2017 Arm Limited