Arm CryptoCell-312: Simplifying the design of secure IoT systems

Connected devices have become a vital part of our lives, impacting everything from our homes to our offices and factories, even improving our health and fitness. However, these IoT devices have also become an increasingly attractive target for cyber criminals. More connected devices mean more attack vectors and more possibilities for hackers to target us. Last week at Arm TechCon, we announced Arm CryptoCell-312, the latest product in the CryptoCell line-up (which includes the CryptoCell-700 family and the CryptoCell-300 family).

The CryptoCell-700 family is geared towards high performance, typically aimed at devices and use cases, which involve an Arm Cortex-A processor under-the-hood. The CryptoCell-300 family is created with high efficiency in mind, typically aimed at devices and use cases involving an Arm Cortex-M or an Arm Cortex-R processor. These are typically designs optimized for low power and low area.

We all know that the IoT will encompass a whole range of intelligent devices. Many of these new devices will require sophisticated security systems, meaning we need to bring security to even the smallest of embedded devices. The brand new Arm CryptoCell-312, has been optimized to complement the small, ultra-low power characteristics of the Cortex-M family (including the new Cortex-M23 and Cortex-M33), allowing you to simplify the design of secure systems.

So, what is CryptoCell?

Well, CryptoCell complements Arm TrustZone and fortifies device security. TrustZone provides isolation and gives Arm partners the capability to partition the system, creating a secure execution environment. Using TrustZone prevents software vulnerabilities in one execution environment being exploited to gain access into another. However, isolation is just one part of security – for a comprehensive security platform you need additional roots of trust and security mechanisms. This is where you add CryptoCell into your designs.

CryptoCell-312 is partitioned into 5 domains:

• Control domain
• Data interface domain
• Symmetric cryptography domain
• Asymmetric cryptography domain
• Security resources domain

This partitioning helps us maintain a modular approach, which enables all kind of PPA trade-offs. CryptoCell addresses the control and scheduling aspects, data interfaces, cryptography (symmetric and asymmetric) and the various security resources, which turns a cryptographic accelerator into a security solution.

The security resources domain is where platform security elements are enabled, typically using cryptography and off-device tools. These include: lifecycle, ROT management, RNG, key slot policies, provisioning, software image validation (boot time, update time), IP protection (code confidentiality), persistent and volatile data protection, secure debug / DFT and feature enablement.

• Lifecycle
  Lifecycle refers to the multiple states a device goes through during its lifetime – it starts with the SoC, typically containing little or no sensitive information. ICs are then shipped to OEMs and the chip gets assembled into a device, where it gets loaded with some device maker information. The next stop is often a retailer or a service provider, followed by actual deployment in the field (whether that’s a consumer, enterprise or governmental use).  These various life cycles states need different policies related to all kind of behavioural aspects of the device (including code loading, debug, operability of interfaces and features).

• Roots of Trust (RoT)
  Some elements serve RoT, which are assumed to be non-modifiable and non-accessible by untrusted entities. These elements use persistent on-chip storage that is accessible only by CryptoCell. Roots of Trust can be in the form of keys, used for various purposes and owned by different entities or other information pertaining to the state of the device.
  CryptoCell also supports a RoT ownership model, which allows multiple owners and multiple sets of roots of trust, which in turn enable different parties in the ecosystem (IC vendor, OEM, Service Provider) to own and monetize processes & assets without having to trust each other.

• True Random Number Generator (TRNG)
  The True Random Number Generator (TRNG) creates a random seed out of a source of entropy. In CryptoCell the source of entropy is completely digital and made out of standard cell libraries.

• Key slot
  A Key slot refers to a key and its policy. The policy defines access rights, usage rights and methods of use. Key slots enable isolation of keys from a certain execution environment or full isolation from all environments (i.e. usage at the HW level only).

• Provisioning
  Provisioning refers to the secure delivery of assets, to a device over untrusted bearers. Provisioning can involve a broad threat model, requiring aspects like mutual authentication and ecosystem enablement.

• Image validation
  Image validation ensures the integrity and authenticity of an already provisioned software image or software update, being delivered over-the-air.

• Code confidentiality
  Code confidentiality may also be required in the context of IP protection.

• Persistent and volatile data protection
  By Persistent and volatile data protection we mean the protection of data stored over different media (for example, flash or DRAM) against both offline and runtime attacks. This also includes rollback protection, preventing a stale set of data from being re-introduced to a device.

• Secure Debug
  Secure Debug (or Authenticated Debug) is the authentication of a debugging entity and verification of the rights it was granted. The process starts with the introduction of a device unique debug certificate, continues with the validation of that certificate and ends with the hardware based enforcement of the debug policy, captured in that authorization certificate.

• Feature enablement
  Feature enablement refers to the ability to turn capabilities on and off in the field in an authenticated, well defined manner.

Why do I need CryptoCell-312?

There are three main reasons why you’d want to use CryptoCell-312 in your new IoT device:

Enabling a full set of security services over deeply embedded form factors

CryptoCell-312 enables you to have a full set of security services, over a range of deeply embedded form factors. It provides you with a security platform providing cryptographic and security services, tailored to deal with different needs and threat models.

Enhanced performance allowing efficient offloading of IoT communication

CryptoCell-312 offers enhanced performance – offering a 10x faster cryptography performance when compared with software only operations on cryptography tasks. This drives improved energy efficiency, security and enables better user experiences, for example in the case of a smart door lock (see below).

Technology enforced trust between all stakeholders – allows monetization

IoT devices are often created in fragmented ecosystems, CryptoCell-312 allows trust between stakeholders. This in turn allows multiple entities to monetize their investments without having to trust other parties.

A use case for CryptoCell-312

There are many applications where security is needed. One such area is smart locks, which have grown in popularity but several do not have adequate security. Some examples of inadequate security include Bluetooth locks that store passwords in plain text and anyone with a Bluetooth sniffer can readily gain access. Other smart locks are vulnerable to replay attacks, which means a hacker can grab data over the air when a legitimate user unlocks the door and they then just replay that data to gain access.

A secure Smart lock should be capable of authenticating a home owner’s device (for example, a mobile phone) attempting to open the door. One way to achieve this is with a back-end cloud service that could be used for lock initialization and authorization.

Step 1

A homeowner buys a smart lock and the package includes a QR code. The QR code includes an App reference and a unique identifier. Once scanned, a mobile lock application is installed on their phone.

Step 2

The secure application then goes through a registration phase with the lock cloud server. When complete, the mobile device is provisioned with an admin key pair and a certificate (signed by the lock manufacturer) unique for that lock.

Step 3

The lock can then securely authenticate requests (for example “open door”) from that mobile phone and open the door upon successful verification.

To enable these services, there are several security mechanisms that the lock needs to have. These mechanisms include:

• Secure boot validating the loaded software image, as well as a firmware update mechanism to validate software updates (ideally with the ability to revoke images)
• The ability to protect the integrity of the Cloud service public key, as well as public keys belonging to authorized users (for example: children, friends and other family members)
• TRNG to issue random challenges to the device attempting to unlock
• Asymmetric crypto support for verifying the signed response to the lock’s challenge

CryptoCell-312 is one of the key technologies needed to enable these security mechanisms and provide a security platform for the smart lock system.

Simplifying the design of secure IoT systems

Together with TrustZone, CryptoCell-312 can form a security solution providing cryptographic services and platform security services, tailored to deal with different needs and threat models.

[CTAToken URL = "https://developer.arm.com/products/system-ip/trustzone-cryptocell/cryptocell-312" target="_blank" text="Find out more about CryptoCell-312" class ="green"]