ARM builds up security in the tiniest IoT chips

Small, low-power chip designs now incorporate ARM's TrustZone technology

ransomware hardware security embedded circuit board integrated controller
Credit: IDGNS

IoT is making devices smaller, smarter, and – we hope – safer. It’s not easy to make all those things happen at once, but chips that can help are starting to emerge.

On Tuesday at ARM TechCon in Silicon Valley, ARM will introduce processors that are just a fraction of a millimeter across and incorporate the company’s TrustZone technology. TrustZone is hardware-based security built into SoC (system on chip) processors to establish a root of trust.

It’s designed to prevent devices from being hacked and taken over by intruders, a danger that’s been in the news since the discovery of the Mirai botnet, which recently took over thousands of IP cameras to mount denial-of-service attacks.

“What ARM is trying to do is plug the holes before they can get started,” said analyst Bob O’Donnell of Technalysis Research.

As the array of IoT products expands into things like connected toothbrushes, many are being made by companies that know little about security, he said. ARM recognizes this.

“They’ve taken on the difficult task of trying to embed as much security into the device as possible,” O’Donnell said. It’s a big stretch for ARM, but the company’s well positioned because it already supplies the architecture for most IoT chips, he said.

TrustZone has been around for a decade for Windows, Mac OS and Android products but never for chips this small or low-powered.

The new Cortex-M33 chip design is just one-tenth of a square millimeter, and the Cortex-M23 is 75 percent smaller than that. They're the first chips based on the new ARMv8-M architecture and are designed to work with ARM's mbed OS. Chip vendors including Analog Devices, NXP and STMicroelectronics have already licensed the design.

ARM expects chips based on them to be used in products like bandages that collect and send medical data, tracking tags for packages in transit, and portable blood-monitoring devices.

These things won’t be plugged in to an outlet and may not even have batteries: A pocket-sized blood-testing device for diabetics could harvest enough energy to do its job just from the motion of the user removing the cap, ARM says.

Until now, this class of chip has had proprietary security hardware and software in many cases, which caused some limitations, said Nandan Nayampally, vice president of marketing in ARM’s CPU group. Added hardware made them less efficient, and developing different software for every chip duplicated effort.

With TrustZone, the chips can be secured without increasing their footprint, and they can use standard TrustZone software with APIs (application programming interfaces) for adding custom features.

Also on Tuesday, ARM introduced a cloud-based platform for managing and updating IoT processors for as long as they’re deployed. The mbed Cloud software-as-a-service platform is designed to solve the problem of how to manage millions of chips in devices that may be deployed all over a city or a global enterprise.

The platform can get a device set up and connected and then handle firmware updates over time. It also has a role to play in keeping IoT chips secure.

When a device boots up for the first time in the field, mbed Cloud can provide a security key for the communications channel and specify who can get access to the data from the device, based on enterprise policies.

The service can also help to prevent IoT-based denial-of-service attacks by monitoring what’s going on in the network. If there are abnormally chatty devices, it can isolate them or shut them down.

The SaaS platform isn’t just for devices with ARM-based chips or the mbed OS. If customers have legacy devices with other chips running Linux or freeRTOS, for example, ARM has a software module for connecting them to the mbed Cloud.

The service can be run on multiple public clouds, including Amazon’s and IBM’s.

Shop Tech Products at Amazon