ARM designs anti-tampering and software isolation into its processors

ARM is so concerned about security breaches that it is now designing physical security into its chips. The chip design company is announcing today that its ARM Cortex-M35P processor has both anti-tampering technology and software isolation built into it on a chip level.

The tech will bring smart card levels of security to emerging applications such as smart metering, door locks, and automotive devices. The security measures will help protect the internet of things (IoT), or everyday objects that are smart and connected.

The idea is to protect systems on the silicon level against increasingly prevalent physical attacks on hardware systems. Hackers can use devices such as power and electromagnetic analysis to figure out what is happening in chips without such protections — and that puts data at risk.

ARM wants to reach a trillion connected devices by 2035, but security won’t be optional in those devices, said Paul Williamson, vice president and general manager of IoT Device IP Line of Business at ARM, in a blog post.

“The diversity in this space is challenging for our partners, and today we’re announcing new products that provide a critical layer of system protection by empowering [system-on-chip] designers to incorporate higher levels of security in the growing set of applications that require protection against physical attack threats,” Williamson said.

Above: ARM points out why Internet of Things devices have to be secure.

In the past, it was harder to justify protecting against physical attacks on hardware beyond payment applications. However, as IoT gains momentum and more devices with high-value data become connected, those physical attacks becomes more attractive to hackers.

“As new use cases emerge, this protection won’t just be required for payment and identity applications, it will need to be integrated for use cases such as smart lighting, connected door locks, smart meters, or automotive applications,” Williamson said.

ARM is concerned about attacks that could be a result of direct physical contact with a chip, or close proximity to it. This significantly differs from attacks such as Mirai, which was an exploitation of default passwords, or vulnerabilities like Spectre and Meltdown, which require malware to be loaded onto the device remotely.

“Physical attacks aim to exploit vulnerabilities at the silicon implementation level, rather than exploiting a software or design-level weakness,” Williamson said. “These physical attacks fall into two main categories: invasive attacks, requiring (at least) chip de-packaging, and non-invasive attacks — for example, close proximity side-channel attacks (SCA), which gain information through unintended side channels stemming from the silicon implementation (for example, through observing the chip’s power consumption or electromagnetic field emission during a cryptographic operation).”

Both attack classes have similar goals. They retrieve sensitive information processed within the chip or simply cause it to carry out unintended behaviour that serves the attacker’s goals.

The Cortex-M35P is a high-performing processor that enables embedded security developers to hinder physical tampering and achieve a higher level of security certification. It’s the first processor in the Cortex-M family with designed-in tamper resistance. It also includes ARM TrustZone technology for software isolation, making it easier and faster for designers to embed multi-layered payment or telecom-certified security at the core of any device.

ARM said two pieces of its existing security intellectual property, CryptoCell and CryptoIsland, are available with technology to protect against a range of attacks. With the addition of physical attack resistance, these solutions can address an even broader attack surface, which is required by some IoT applications.

If one smart street light or building smart light is hacked, an entire city’s smart lighting grid can be vulnerable. The potential impact of such an attack is immeasurable. This places greater importance on the need for system-level design principles. ARM’s strategy is to build layers of protection that will prevent such easy takeovers of a city’s entire smart grid.