Over the past few years security has become a prominent issue for our partners and their customers. However, OEMs, silicon providers (SiPs) and developers still encounter a number of challenges - as I discussed in my previous blog outlining the Trusted Execution Environment (TEE) challenges in mobile and beyond - when developing security solutions.
Some of these challenges include: the increased value of the assets that our devices use daily (e.g. premium content and machine learning (ML) /artificial intelligence (AI) algorithms); the complex regulatory requirements of the Chinese market; and the delay in the time-to-market when security features need integration with existing IP. In addition to these challenges for our partners, according to a survey from Arm as part of our updated Security Manifesto, security industry experts think that almost half of consumers are "generally oblivious" to how secure their products are, presenting a consumer education challenge as well.
To address all these challenges, Arm is announcing its most comprehensive CryptoCell security IP, aimed at performant systems, to date. CryptoCell-713 is focused on several use cases, with the new IP offering an outstanding level of security and targeting a broad range of threats, devices and markets, including mobile, DTV, set-top boxes (STB) and the Chinese market. It provides a comprehensive set of components, including hardware, firmware, software adaptation layers and tools, as well as simple and easy integration packages for hardware and firmware.
In addition to CryptoCell-713, Arm is announcing a sister product - CryptoCell-703 - for partners who want to augment their existing security solution with the missing, but vital, Chinese crypto functionality.
CryptoCell-713 and CryptoCell-703 enable high-performance, energy efficient, security functions for everyday use cases that require Chinese crypto functions (SM2/3/4), such as content protection and banking. Both products are meeting the China DRM certification requirements for all profiles, including Enhanced Content Protection requirements. For future-proofing, Arm is providing the Chinese ciphers as a GM/T 0028-2014 (the Chinese equivalent of FIPS 140-2 - the U.S. security standard that is used internationally) compliant implementation. In addition, CryptoCell-713 is FIPS 140-2 certifiable, similar to the recent certification of CryptoCell-712. Using just CryptoCell-703 allows our partners to target the Chinese market without dropping their existing security design.
CryptoCell-713 delivers high-performance, robust, platform security to a range of devices, notably mobile, DTV, and STB. Both CryptoCell-713 and CrytpoCell-703 are also available with enhancements that mitigate side-channel attacks - this enables premium content consumption. Another robustness increase in this new generation is coming from new provisioning infrastructure (delivered as tools, hardware roots of trust and on-device firmware) enabling asset delivery to devices' secure storage with complete isolation from manufacturing processes.
A large pain-point for SiPs and developers is the time it takes to integrate security features into their systems. This is particularly relevant for mobile, DTV and STB SoCs, which are increasingly complicated and comprised of many different sub-systems. Arm invests in the pre-integration of CryptoCell with Arm IP, including TF-A and the Mali Multimedia suite, with such integrations greatly reducing the time-to-market for SiPs and developers. Specifically, in content consumption use cases, which might be "day long", an important outcome of this pre-integration is valuable information available to partners on efficiency benefits resulting from using CryptoCell (as opposed to using software crypto).
In parallel, Arm continues its track record of helping partners through offering - in addition to the comprehensive security IP products - access to Trusted firmware-A, which is providing an implementation of a Trusted Boot Process and other valuable software. In addition, we intend to make it even easier for the eco-system to improve security by making our Trusted Base System Architecture (TBSA) specification for devices such as mobile, DTV and STB public in the next few weeks. The document presents SoC architecture that supports Trusted Services compliant with key industry security standards. Alongside the FIPS and Chinese standards' certification readiness, all of this can save tens of man-years of hardware and software development.
With AI and ML playing an increasingly prominent role in most modern security features on mobile, such as face ID and voice recognition, having a security solution able to support these technologies is becoming ever more important. As noted in my previous blog, when ML developers deploy their ML model to a mobile device, they can lose control over how it is accessed or used, which presents security challenges, as data stored on a mobile device can be unprotected. In response to these challenges, CryptoCell-713 supports the full framework for using software image encryption, based on hardware bounded keys provisioned securely.
In summary, CryptoCell-713 and CryptoCell-703 comprehensively address the various pain-points that OEMs, SIPs, developers and other partners feel when developing security solutions. Both deliver high-performance security functions in the challenging Chinese market, meeting the regulatory requirements needed to ensure a number of everyday use cases on mobile devices. CryptoCell-713 delivers high-performance security across a range of connected devices that now provide content to users and require robust security solutions. It also narrows the time-to-market for SiPs through providing an integrated security solution, which includes existing Arm IP. Meanwhile, CryptoCell-703 provides the Chinese crypto functionality for partners that already have a functioning security solution. Overall, our latest security IP aims to make our partners and their customers' lives easier, while creating a more secure ecosystem for everyone.
Find out more information about the CryptoCell-713 and CryptoCell-703 products.
[CTAToken URL = "https://www.arm.com/solutions/security" target="_blank" text="Learn more about Arm's security solutions" class ="green"]