Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
  • Groups
    • Arm Research
    • DesignStart
    • Education Hub
    • Innovation
    • Open Source Software and Platforms
  • Forums
    • AI and ML forum
    • Architectures and Processors forum
    • Arm Development Platforms forum
    • Arm Development Studio forum
    • Arm Virtual Hardware forum
    • Automotive forum
    • Compilers and Libraries forum
    • Graphics, Gaming, and VR forum
    • High Performance Computing (HPC) forum
    • Infrastructure Solutions forum
    • Internet of Things (IoT) forum
    • Keil forum
    • Morello Forum
    • Operating Systems forum
    • SoC Design and Simulation forum
    • 中文社区论区
  • Blogs
    • AI and ML blog
    • Announcements
    • Architectures and Processors blog
    • Automotive blog
    • Graphics, Gaming, and VR blog
    • High Performance Computing (HPC) blog
    • Infrastructure Solutions blog
    • Innovation blog
    • Internet of Things (IoT) blog
    • Mobile blog
    • Operating Systems blog
    • Research Articles
    • SoC Design and Simulation blog
    • Smart Homes
    • Tools, Software and IDEs blog
    • Works on Arm blog
    • 中文社区博客
  • Support
    • Open a support case
    • Documentation
    • Downloads
    • Training
    • Arm Approved program
    • Arm Design Reviews
  • Community Help
  • More
  • Cancel
Arm Community blogs
Arm Community blogs
Architectures and Processors blog Dealing with Security Threats: Trusted Execution Challenges in Mobile and Beyond
  • Blogs
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
More blogs in Arm Community blogs
  • AI and ML blog

  • Announcements

  • Architectures and Processors blog

  • Automotive blog

  • Embedded blog

  • Graphics, Gaming, and VR blog

  • High Performance Computing (HPC) blog

  • Infrastructure Solutions blog

  • Internet of Things (IoT) blog

  • Operating Systems blog

  • SoC Design and Simulation blog

  • Tools, Software and IDEs blog

Tell us what you think
Tags
  • mobile
  • Security
  • Machine Learning (ML)
  • Embedded Security Solutions
  • china
  • Trusted Execution Environment (TEE)
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

Dealing with Security Threats: Trusted Execution Challenges in Mobile and Beyond

Udi Maor
Udi Maor
October 4, 2018

As more people use their mobile devices for a range of everyday online tasks, from shopping to banking, the security threat to smartphones and other connected devices is only likely to increase. In fact, according to 2017 research by Dimensional Research, 94 percent of IT professionals expect mobile security attacks to become more frequent, while 79 percent reported increased difficulty securing devices.

It is true that security is already a common feature for most mobile devices - just think about the fingerprint scanner and face ID features that are present in most modern smartphones. However, from discussions with our partners and through monitoring known attacks, we are aware that many developers face Trusted Execution challenges in ensuring that devices are security-ready for the future.

Looking at the current security landscape, some of the main challenges are around: enabling artificial intelligence (AI) and machine learning (ML) security features; the unique requirements of the ever-growing Chinese market for mobile; the difficulty of future-proofing mobile devices against security threats; and the time-to-market when developing security solutions.

Security fingerprint

AI and ML security features

AI and ML are playing an increasingly prominent role in most modern security features on mobile devices, including face ID and voice recognition. As a result, the commercial value of AI and ML algorithms are expected to grow. For algorithm developers, IP protection, which includes model encryption, remains one of their top concerns. In fact, as noted in this article on reverse engineering ML, when developers deploy a ML model to a mobile device, they can lose control over how their model is accessed or used.

Challenges in the China market

Looking at different markets, the Chinese market for mobile devices is huge and will only get bigger. In fact, according to the latest Global Mobile Market Report from the market intelligence agency Newzoo, China accounts for 783 million of the three billion smartphone users worldwide. However, this market remains one of the most challenging for security. Chinese regulations ask for an increasing amount of use cases on mobile devices to use home-grown ciphers in China instead of international ones. For example, when developing IP, support for specific China crypto (SM2/3/4) are becoming pre-requisites for securing use cases, such as content protection and payment. The challenge comes from not only meeting these current regulation requirements, but also future-proofing the IP for any security changes in the future. For example, new security solutions will need to adhere to new standards currently in development in case they become mandatory in the future, such as the Chinese GM/T 0028-2014, which has specific security requirements to protect sensitive information in computer and telecommunications systems.

The time-to-market

A pain-point for chip designers is the time it takes to develop new security solutions for a range of different devices. This often involves having to integrate security into different IPs rather than having fully integrated security solutions across these IPs. The engineering effort that this takes negatively impacts the time-to-market for new devices that are increasingly reliant on fully-functional security solutions.

Family watching sport on TV

Protecting content across devices

In addition to smartphones, there are a range of other devices that are becoming vulnerable to security threats. With the astronomical growth of content providers such as Netflix, which, in the second quarter of 2018, had over 130 million streaming subscribers worldwide, there is now a vast amount of valuable content that requires protection from security threats. This would also be applicable to DTVs and set-top boxes that host these content provider applications. For example, MovieLabs' specification for content protection requires that DRM systems use a securely-provisioned hardware root of trust and cryptographic functions immune to side channel attacks.

Future security solutions

Security is clearly now a top priority for Arm's partners, their customers and the wider ecosystem. However, there still exists a number of pain-points that can make implementing security solutions on IP for devices challenging. Looking ahead, any comprehensive and successful security solution will require five key characteristics:

  1. Enables AI and ML-based security features that are becoming increasingly common on mobile;
  2. Can be used in the Chinese market by meeting the country's regulatory requirements;
  3. Fully-integrated within the IP package to decrease the time-to-market;
  4. A flexible solution that can be rolled-out across different devices; and
  5. Future-proofs itself for emerging developments in the marketplace.

Tackle these five challenges head-on and we feel confident that the pain of developing security solutions will only decrease in the future. With this in mind, we look forward to making more exciting announcements about our own security IP in the future.

More information about Arm's security solution

Anonymous
Architectures and Processors blog
  • Arm SystemReady certifications reach 50 including the Morello System Development Platform

    Dong Wei
    Dong Wei
    The Arm SystemReady program has reached a significant milestone with over 50 certifications since its launch only two years ago.
    • May 9, 2022
  • Total Compute solutions for the XR market

    Philippe Bressy
    Philippe Bressy
    This blog introduces the different Arm Total Compute solutions for wearable devices in the XR market, like VR headsets and AR smartglasses.
    • March 28, 2022
  • Selecting the right CPU performance benchmark for the home market

    Ajay Joshi
    Ajay Joshi
    This blog explores the different CPU performance benchmarks for devices in the home market, including DTVs and set-top boxes (STBs).
    • February 16, 2022