SAN JOSE, Calif. — ARM will raise the bar for security in the Internet of Things with the publication of an architecture standard and three new products to help implement it. The new IP incudes secure firmware, a programmable security core and a secure debugging channel.
ARM’s Platform Security Architecture (PSA) is a set of hardware and software specifications based on an analysis of multiple IoT use cases. It initially targets Cortex-M devices and includes implementation examples that will be released for free under open source license before April.
Separately, ARM announced a programmable security core, the CryptoIsland-300, expanding the fixed-function CryptoCell announced last year. The SDC-600 is IP to implement a secure debug channel that users can turn off or on with a cryptographic certificate. In addition, Trusted Firmware-M is ARM’s first secure firmware specifically for microcontroller-class devices.
The news comes a year after ARM released its first two Cortex-M cores implementing its TrustZone secure execution environment and associated IP for them. “We’re applying what we learned in mobile and trying to be more ambitious in the microcontroller area,” said Rob Coombs, security director of ARM’s IoT group.
“This is a multiyear journey. This work will carry on for a long time with continuous improvements…We will probably need to define different levels of robustness in the PSA” for different use cases, Coombs added.
Indeed, security has been a hot topic in IoT for more than two years, spawning efforts by ad hoc groups as well as agencies such as UL, the former Underwriters Laboratories. For ARM, MCUs represent a large part of its shipments in a traditionally fragmented sector and one still coming up to speed with security lessons in other markets.
“Security research used to be done on mobile systems, but now it’s being done on the IoT because those systems are seen as softer targets…so we wanted to scale security to the lowest cost points,” Coombs said.
— Rick Merritt, Silicon Valley Bureau Chief, EE Times 
Related posts:
- UL, MIPI Bolster IoT Security
- IoT Security Costs are Manageable
- IoT Security Spending to Skyrocket
- Security Experts Cite IoT Risks