Arm announces the introduction of the first common industry framework for building secure connected devices, called Platform Security Architecture, to help to achieve the vision of a trillion secure connected devices.

A year ago at Arm TechCon, Arm and SoftBank Chairman Masayoshi Son announced his vision for a trillion connected devices by 2035. Achieving this vision will require the global population to become more knowledgeable in protecting these connected devices, while trusting the technology industry is doing everything it can to secure the devices and the data they generate. This is no easy task as this trust will need to be earned while battling hackers who relentlessly seek new vulnerabilities to find entry points into people’s daily lives.

This means that security cannot be an afterthought across all parts of the value chain, from device to cloud. Particularly for the Arm ecosystem, which expects to have shipped 200 billion Arm-based chips by 2021 (100bn+ to date and another 100bn by 2021). 200bn chips is an astonishing number when you consider it’s nearly 2x the number of people (108bn) who have ever lived on earth. It also highlights the responsibility of Arm and our ecosystem to ensure these increasingly diverse connected devices that communicate with each other are designed with a common secure foundation.

To address this, Arm is announcing the introduction of the first common industry framework for building secure connected devices, called Platform Security Architecture (PSA). Many of the biggest names in the industry are already endorsing and/or supporting PSA and the principles it’s based on.

Defining security for IoT at scale

The growing number of devices being connected to the internet need to be secure without sacrificing the very diversity which make them innovative and unique. Arm chief system architect Andy Rose and his team made sure this was top of mind when developing PSA through analysis of devices and best practices for securing them. PSA delivers:
• Representative IoT Threat Models and Security Analyses
• Hardware and firmware architecture specifications, built on key security principles, defining a best practice approach for designing endpoint devices
• A reference open source implementation of the firmware specification, called Trusted Firmware-M
PSA is a fundamental shift in the economics of IoT security, enabling ecosystems to build on a common set of ground rules to reduce the cost, time and risk associated with today.

Trusted Firmware-M: From architecture to implementation

To allow the IoT ecosystem to more rapidly realize the benefits of PSA, Arm will deliver an open source reference implementation firmware conforming to the PSA specification. Development initially targets Armv8-M systems, with source code release expected in early 2018. PSA is OS agnostic and is capable of being supported by all of Arm’s RTOS and software vendor partners, including the latest version of Arm’s market-proven Arm Mbed OS.

ARM also announced - new secure IP components

As part of Arm’s continued drive to provide partners with the tools to build secure IoT solutions, Arm also announcing new additions to its portfolio of security IP:
• Arm TrustZone CryptoIsland – A new family of highly integrated security subsystems providing on-die, smartcard-level security starting with CryptoIsland-300 which targets applications requiring high levels of isolation and security, such as LPWA communication, storage, and automotive.
• Arm CoreSight SDC-600 Secure Debug Channel – Evolving IoT use cases results in more devices requiring device lifecycle debug access. SDC-600 enables full debug capabilities without compromising system security, integrating a dedicated authentication mechanism for debug access.

We must all move faster

PSA addresses one part of the value chain, and at Arm TechCon, Dipesh Patel, president of Arm’s IoT Services Group, will provide an update on Arm’s plans for securely connecting and managing IoT devices.
Arm is moving fast and enabling its lead partners to thoroughly test and refine the PSA framework in advance of the public release of specifications and software in Q1 2018. But Arm, its ecosystem and the industry need to move faster. All parts of the value chain need to embrace the guiding principle that security can no longer be optional. Arm’s investment in PSA and Trusted Firmware-M represents much of the heavy lifting and lays out a clear and fast path to a common foundation for IoT security. No device should be left behind.