On Wednesday, 2nd May we announced a range of IP to protect silicon from physical attacks, extending our portfolio of Arm security IP to bring physical security within reach of any IoT product. Our new IP, all marked with a “P” tag for physical security, includes: the Cortex-M35P processor, as well as a new suite of security IP with added side-channel attack protection (CryptoIsland-300P and CryptoCell-312P).
This post describes how the benefits and features of the Cortex-M35P bring anti-tampering protection to the widely-supported, user-friendly Cortex-M processor to guard against physical attacks, providing access to new markets for your product.
Cortex-M35P is the first Armv8-M processor with tamper-resistance designed in, making it easier and faster to get payment or telecom-certified security at the core. It is a fortress of a processor with multiple layers of security, combining software protection with Arm TrustZone technology and physical protection featured in our SecurCore family of processors. The Cortex-M35P is an extension of Arm’s comprehensive security portfolio, following the principles of Arm's Platform Security Architecture (PSA).
We are seeing more and more devices in our daily life – in our homes, workplaces, hospitals, industrial sites and cities, to name a few – some connected, some not connected. Many are storing valuable and personal information, making them a target for physical attacks. These attacks are becoming more accessible from a cost point of view, thanks to the deployment of simple data acquisition tools. We are increasingly seeing physical attacks, such as side-channel attacks, becoming part of the standard security threat model. The core concern with physical attacks is the scalability factor. By attacking one device, the attacker can extract source code and find vulnerabilities to perform a large-scale network attack.
Yossi Oren, BGU senior lecturer at TechRepublic, concluded in his IoT security article, "You only need physical access once. Once you buy one copy of a make and model of a camera and you attack it in your lab, you get information which will allow you to attack this make and model anywhere remotely.”
Let’s use an analogy to explain why we created the Cortex-M35P: it’s like securing your house. Since you have valuables in your house, it is important to make sure all entrances are protected, whilst also considering the difficulty for a thief to break into a particular entrance (see Figure 1 below).
Figure 1: Device security is like securing a house – only as strong as your weakest link!
For example, for a thief to break into a small window on the top floor, they may need a ladder and special tools to gain entry, so you might assume that window is not the thief’s first entry choice. It’s protected by the fact that it’s difficult and complex to reach from the outside. However, if the house contains very valuable items or the window becomes easier to reach, then the thief may go to the effort to break in.
This concept also applies to IoT. Arm has an extensive security portfolio for to protect against various entry points, and now we stepping up the game against physical attacks. The Cortex-M35P was developed to address all embedded and IoT markets that require physical resilience. Any Cortex-M developer now facing the project requirement for physical security can now upgrade to this latest Cortex-M processor, while maintaining all the previous development investment.
Even more, it is designed to fit with the rest of the Arm IP portfolio for a robust, comprehensive security solution for faster time to market. Developers can benefit from Arm’s extensive ecosystem that offers the widest choice of development tools, compilers, debuggers, operating systems, and middleware to save time and costs.
With the attack surface ever-increasing and with IoT growing exponentially, it can be difficult to work out how to secure your next device. At Arm, we describe security in terms of four different types of attacks: communication, life cycle, software, and physical attacks, as shown in Figure 2 below. The risks facing your device depend on the application and the value of the data. Many devices will need to consider more low-level attacks, such as software attacks, where isolation provided by TrustZone would be ample protection. However, there are other classes of device that need to consider more sophisticated attacks, like the risk of physical breaches to the silicon.
Figure 2: Assess your susceptibility to the four different types of security attacks
How do you identify which attack(s) you need to protect against – how can you determine if physical attacks pose a risk? Arm’s Platform Security Architecture recommends that security should always start with analysis, which you carry out using a threat modelling process. Threat modelling allows you to assess your device and the ways your device may be hacked or exploited. If you’re new to security, threat modelling can feel like a daunting process, which is why Arm has created three example threat models, which you can use completely free of charge.
Once you’ve assessed your device and the threats you face, it’s important to then take the appropriate measures to protect your device. Arm recommends using a layered approach to security, using the right mix of counter-measures to protect your device at different layers.
Arm has an extended range of IP to protect against all types of security threats, shown in the graphic above. When physical attacks are deemed to be a large enough risk, you may choose to use a processor with physical attack mitigation. The combination of software isolation and physical security available in the Cortex-M35P help designers reach a higher level of system security, protecting against both physical and software attacks. You may decide that you need hardware-accelerated cryptography for side-channel attack (SCA) resistance – this is where CryptoIsland-300P and CryptoCell-312P can help.
When the value of the protected asset is high enough then hackers will resort to physical attacks on the device. The processor is built with multiple elements to protect it from and detect such attacks.
Cortex-M35P is equipped with several security features against physical attacks. Among many others, uniform-timing allows instructions to execute in a constant number of cycles whatever the operands, preventing information leaks. The activation of this feature is optional.
Another example is 100% parity coverage. Every flop in the processor is protected with a configurable parity. This allows random errors or intentionally-injected faults to be detected.
An integrated cache improves performance when running from embedded flash.
Flash access time does not scale as well as RAM, and is the common performance bottleneck. This problem is solved by activating the optional internal cache. The information stored in the cache is also protected against physical attacks.
TrustZone enforces protection of security-critical functionality. It offers software isolation to code, memory and I/O, while retaining the requirements of embedded applications: real-time deterministic response, minimal switching overhead, and ease of software development.
The Cortex-M35P processor with TrustZone has two security states, namely Secure and Non-secure, and a number of associated features, as shown in Figure 3 below:
Figure 3: Armv8-M additional security states
Software reliability and system security improves when each module is allowed access only to specific areas of memory required for it to operate. This protection, complementary to TrustZone, prevents unexpected access that may overwrite critical data. Each of the security zones can have a dedicated MPU that may be configured with a different number of regions. Programming the regions is easier, removing the constraint to align regions on power-of-two size.
The optional MPU is programmable and provides up to 16 regions for each of the Secure and Non-secure states. In multi-tasking environments, the OS can reprogram the MPU during task context switching to define the memory access permissions for each task. For example, a task of an application may be granted access to only some application data and specific peripherals. In this way, the MPU protects all other memories and peripherals from corruption or unauthorised access to dramatically improve system reliability.
Figure 4: Easier to setup memory regions
The Cortex-M35P memory protection architecture is based on the protected memory system architecture (PMSA)v8. This version adopts base and limit style comparators for regions as opposed to the previous power-of-two size, sized-aligned scheme. Each region has a base starting address, ending address, and settings for access permission and memory attribute. The result is that one can produce MPU regions without having to consider joining a number of regions together. This enhancement simplifies software development, encourages usage and reduces programming steps, which reduces context switch times.
For certain applications, special-purpose compute can make a difference. It is essential that this is done in a way that maintains all of the benefits of the world's #1 ecosystem – the widest choice of development tools, compilers, debuggers, operating systems, and middleware.
The Cortex-M35P processor includes an optional dedicated bus-like interface for the integration of tightly-coupled accelerator hardware. For frequently used compute intensive operations, this interface gives a mechanism to augment the general-purpose compute capability with custom defined processing hardware. Crucially, it does this without fragmenting the ecosystem. The interface includes control and data channels for up to eight co-processors, with signals to provide information about the privilege and security state of the processor along with the instruction type, associated register and operation fields.
To accelerate software development, Arm also deliver a free DSP library in the CMSIS project. The library contains a range of filter, transformation and math functions (e.g. matrix), and supports a range of data types. The CMSIS project is now open source and the development is published in GitHub.
The optional integer DSP extension adds 85 instructions. In most cases, the DSP instructions would increase performance by an average of three times, giving a boost to all applications that are centered around digital signal control.
The optional single precision floating point extension based on FPv5 includes an additional 16-entry 64-bit register file. The option adds 45 IEEE754-2008 compatible single-precision floating-point instructions. Using floating-point instructions usually yields an average of ten times increase in performance over the equivalent software libraries. The FPU is contained in a separate power domain allowing the unit to be powered-down when not enabled or in use.
In summary, physical attacks are one of several potential attacks on an embedded or IoT device. Arm’s Platform Security Architecture recommends that designers assess the level of security required through a threat modelling process, so the right mix of counter-measures are applied. Physical attacks are getting easier and cheaper to carry out, so advanced silicon protection is critical. Yet, designing in physical security is generally complex.
Now, Arm’s new suite of physical security IP brings physical resilience within reach of any developer. Arm Cortex-M35P processor provides an efficient security solution against both software and physical attacks, with both TrustZone technology and tamper-resistant features. When combined with Arm CryptoCell IP, Arm CryptoIsland IP, or a proprietary custom crypto solution, along with the support of the Arm ecosystem, developers of any embedded or IoT solution can ensure a strong, trusted foundation for the deployment of a secure IoT implementation – with physical resilience at the heart.
For more information on our new physical security IP suite:
Great contents!!