One of the most talked about features of the new Apple iPhone 5S is the Touch ID feature which integrates a fingerprint sensor and a Secure Enclave. Although fingerprint sensors have been present in laptops for a while now (such as the Lenovo ThinkPad), the iPhone 5s is the first product to bring biometrics into the mainstream and is expected to accelerate its adoption across a wide variety of smartphones and tablets and other connected devices around our homes.
Biometric recognition is a paradigm shift in how we identify ourselves to our personal devices. It allows us to gain access to a seamless and secure world where we can enjoy a range of services without needing to create, remember and type a dozen different passwords and PINs. This clearly enhances the user experience, while at the same time eliminating the security risks associated with weak or hard to remember passwords.
Once the identity of the user and the connected device can be strongly confirmed, the user can potentially do online banking, online shopping, access business servers through the personal device (BYOD), and manage all email, social media and cloud storage accounts quickly, easily, and most importantly, securely.
For this scenario to come true and reach its full potential there is an underlying requirement of complete trust and reliability. Both the user and the various service providers absolutely rely on the device keeping the user's biometric and personal information safe. I.e. protect it at all times from being stolen, cloned or modified through software or hardware attacks.
While every smartphone or tablet manufacturer will implement the mechanics of security in their own unique way, designs lacking complete protection against physical and software attacks are likely to be exposed to higher risks. As always, security of the entire system is only as strong as the weakest link.
The flip side of the heightened media and public interest in security is the speed with which security flaws in newer devices are revealed. As devices become capable of handling larger volumes of high value transactions, they make even more lucrative targets for unscrupulous elements who have access to very sophisticated hacking equipment to challenge the system integrity from various angles.
Therefore it becomes imperative for designers to focus on each and every aspect of security, from the capabilities of the biometrics sensors to detect fake input and the encryption of personal data, to systemic protection against a wide range of software and hardware attacks.
Secure chips based on the http://www.arm.com/products/processors/securcore/index.php such as http://www.arm.com/products/processors/securcore/sc300.php, and SC000 are well suited for applications where protection against hardware attacks is required. SecurCore based products are tamper resistant which means that they can keep personal information such as biometric data and encryption keys safe against side channel attacks and other advanced physical or hardware attacks.
SecurCore based devices are a proven success in traditional smartcard markets such as SIM cards and banking. In 2012 alone, ARM Partners shipped more than 1 billion SecurCore devices.
As the reliability of the security chip is of the utmost importance, certification is often a strong requirement. Chip designs using SecurCore Processors have successfully been certified through the various certification standards like the Common Criterion, EMV and FIPS. Recently, the first SecurCore SC000 chip in the market (from STMicroelectronics) passed the Common Criterion EAL 5+ certification.
In complex systems such as the ubiquitous mobile phone, the SecurCore can become a fully integrated Secure Element, and potentially be integrated inside a multi-chip module to become the ‘Root Of Trust’.
The Secure Element often works hand-in-glove with the TrustZone® technology inherent in the main Cortex-A applications processer and can underpin and support the Trusted Execution Environment (TEE). By combining the Secure Element, which enables the secure capture, management and comparison of fingerprints, alongside the far more flexible and powerful TEE running in the application processor you rapidly achieve a - best of both worlds - physical robustness and functional capability.
While SecurCore devices continue to be used in large volumes in the traditional smartcard market, I am very excited that they are also delivering biometric authentication into the next generation of complex devices such as handsets, tablets, automotive IVI and perhaps even soon to medical and alarm systems.
With the arrival of the first generation of fingerprint sensors into the mainstream, we are on the threshold of a new era of secure identification and authentication on smartphones and tablets. Whisper it softly, but we may just be a step closer to saying 'G00dBye_4%ever&evER!' to passwords.
Sumit Sahai, Product Manager, ARM, he is part of the ARM Processor Division marketing team. He is the Product Manager for ARM Hard Macro product portfolio and the ARM SecurCore family of processors for the security and smartcard applications.