Event sponsor ARM was understandably keen to highlight the role its recently announced v8-M architecture can play in bringing security to the IoT. By rolling out its TrustZone technology into the MCU arena, it says designers can take advantage of secure memory to store code, keys and the like.
But secure MCUs are only one part of the solution; devices featuring them have to be manufactured securely and then maintained. IoT edge devices will be in the field for 10, maybe 20, years and their software and/or firmware will need to be updated – and that is likely to be done ‘over the air’ – or OTA.
Javier Orensanz, general manager of ARM’s development solutions group, pointed out in his keynote: “The IoT comes with its challenges and security is the most important – for example, we don’t want self driving cars that can be hacked. But security isn’t limited to automotive; other areas are just as important, including medical applications. Unless we have good security, the opportunity for people to cause havoc is almost limitless.”
He pointed out that it has been 12 years since ARM first launched TrustZone. “Its first application was in Cortex-A processors, separating secure and non secure areas of memory. But at the recent Techcon event, we announced TrustZone for small MCU based systems.”
Part of the v8-M architecture, TrustZone for real time systems allows keys to be stored in secure areas and to only be accessed by secure applications.
“This could mean that we will begin to see devices with preloaded software becoming available,” Orensanz suggested.
“It’s all about controlling access to the secure world,” he continued. “While there will need to be a number of access points, the idea is to have as few access points as possible.”
ARM is launching kits that will enable software development to start now, if that’s what designers want. “We’re making it our mission to enable development and the deployment of the architecture,” he said. “We have to be ready before silicon is available.”
But he contended the IoT won’t be just about Cortex-M devices. “We can envision devices with a mix of -A and -M cores,” he continued. “Cortex-A cores will handle processing, with M cores handling real time or acting as low power standby cores.”
Haydn Povey from Secure Thingz pointed to five elements in the design cycle: provision; development; deployment; manufacture; and update. “You need a trusted supply chain,” he asserted. “You need to build a total view of who’s touching your system.”
Niall Cooling from consultancy Feabhas talked about OTA updates. Although well established in some areas, his contention was that OTA will be a minefield when it comes to the IoT.
Orensanz address this issue in his keynote. “On average, a bug is found in Linux every three days. IoT devices could be in the field for 20 years, which means there could well be a huge number of bugs to be dealt with.
“Being able to update software automatically raises huge security concerns – the process has to be secure and controlled. But it will have to be over the air,” he contended.
Cooling was more focused. “The embedded systems industry can’t just push out upgrades and force them on the user. The process needs to be automated and managed in a way that doesn’t impact the user,” he concluded.