Dealing with Security Threats: Trusted Execution Challenges in Mobile and Beyond

As more people use their mobile devices for a range of everyday online tasks, from shopping to banking, the security threat to smartphones and other connected devices is only likely to increase. In fact, according to 2017 research by Dimensional Research, 94 percent of IT professionals expect mobile security attacks to become more frequent, while 79 percent reported increased difficulty securing devices.

It is true that security is already a common feature for most mobile devices - just think about the fingerprint scanner and face ID features that are present in most modern smartphones. However, from discussions with our partners and through monitoring known attacks, we are aware that many developers face Trusted Execution challenges in ensuring that devices are security-ready for the future.

Looking at the current security landscape, some of the main challenges are around: enabling artificial intelligence (AI) and machine learning (ML) security features; the unique requirements of the ever-growing Chinese market for mobile; the difficulty of future-proofing mobile devices against security threats; and the time-to-market when developing security solutions.

Security fingerprint

AI and ML security features

AI and ML are playing an increasingly prominent role in most modern security features on mobile devices, including face ID and voice recognition. As a result, the commercial value of AI and ML algorithms are expected to grow. For algorithm developers, IP protection, which includes model encryption, remains one of their top concerns. In fact, as noted in this article on reverse engineering ML, when developers deploy a ML model to a mobile device, they can lose control over how their model is accessed or used.

Challenges in the China market

Looking at different markets, the Chinese market for mobile devices is huge and will only get bigger. In fact, according to the latest Global Mobile Market Report from the market intelligence agency Newzoo, China accounts for 783 million of the three billion smartphone users worldwide. However, this market remains one of the most challenging for security. Chinese regulations ask for an increasing amount of use cases on mobile devices to use home-grown ciphers in China instead of international ones. For example, when developing IP, support for specific China crypto (SM2/3/4) are becoming pre-requisites for securing use cases, such as content protection and payment. The challenge comes from not only meeting these current regulation requirements, but also future-proofing the IP for any security changes in the future. For example, new security solutions will need to adhere to new standards currently in development in case they become mandatory in the future, such as the Chinese GM/T 0028-2014, which has specific security requirements to protect sensitive information in computer and telecommunications systems.

The time-to-market

A pain-point for chip designers is the time it takes to develop new security solutions for a range of different devices. This often involves having to integrate security into different IPs rather than having fully integrated security solutions across these IPs. The engineering effort that this takes negatively impacts the time-to-market for new devices that are increasingly reliant on fully-functional security solutions.

Family watching sport on TV

Protecting content across devices

In addition to smartphones, there are a range of other devices that are becoming vulnerable to security threats. With the astronomical growth of content providers such as Netflix, which, in the second quarter of 2018, had over 130 million streaming subscribers worldwide, there is now a vast amount of valuable content that requires protection from security threats. This would also be applicable to DTVs and set-top boxes that host these content provider applications. For example, MovieLabs' specification for content protection requires that DRM systems use a securely-provisioned hardware root of trust and cryptographic functions immune to side channel attacks.

Future security solutions

Security is clearly now a top priority for Arm's partners, their customers and the wider ecosystem. However, there still exists a number of pain-points that can make implementing security solutions on IP for devices challenging. Looking ahead, any comprehensive and successful security solution will require five key characteristics:

  1. Enables AI and ML-based security features that are becoming increasingly common on mobile;
  2. Can be used in the Chinese market by meeting the country's regulatory requirements;
  3. Fully-integrated within the IP package to decrease the time-to-market;
  4. A flexible solution that can be rolled-out across different devices; and
  5. Future-proofs itself for emerging developments in the marketplace.

Tackle these five challenges head-on and we feel confident that the pain of developing security solutions will only decrease in the future. With this in mind, we look forward to making more exciting announcements about our own security IP in the future.

More information about Arm's security solution