ARM Introduces Physical Security to Cortex-M Line
Subject: General Tech | May 2, 2018 - 11:00 AM | Josh Walrath
Tagged: voltage, physical attacks, exploits, EM, CryptoIsland, CryptoCell, Cortex-M35P, cortex, arm
The world is rife with exploits. We see and hear about them everyday. It is a major problem for device makers that try to use cutting edge technology in their products, but do not know what potential vulnerabilities can be exposed. ARM has a robust security suite available for their chips that can be licensed and implemented, but so far these have dealt primarily with software. Nothing has been done in consumer chips to protect from other side-channel exploits in which the chip is physically accessed.
Physical security was once the realm of military style hardware that were hardened and designed to be nearly impervious if falling into the wrong hands. Now ARM is offering partners the ability to implement several physical security features into their chips to help defeat those who wish to exploit these products.
The first product to get this treatment is the new Cortex-M35P. This is based on previously released Cortex-M3x technology featuring the Armv8-M ISA. It is a new chip in that it has all of the features for physical security integrated into the design. It also features all of the previous security IP that ARM has released including TrustZone, CryptoIsland, and CryptoCell.
Physcial attacks can come through a variety of ways. Monitoring voltage and EM from the chip is the least invasive, while physically accessing the device and exposing the core down to the transistor level obviously destroys the chip but gives the attacker a lot of information about the chip. The former attacks can be done by people with varying levels of experience and commonly acquired tools. The latter attack requires a tremendous amount of knowledge as well as require high end equipment not normally found outside of chip design and fabrication firms. ARM cannot protect against dissecting the part, but they can help protect against the more non-invasive exploits.
EM and voltage monitoring can give clues about potential sideband exploits that would work with the chip. The attacker records these measurements when the chip is doing work such as encryption. This then can lead to more specific attacks on the chip. ARM is able to design countermeasures on these chips to either limit EM output or to “dirty” the output so that it reveals little about the operation of the chip. ARM is able to do much the same when it comes to voltage tampering.
ARM did not go into any significant detail on the actual mechanisms of these security features. All we know is that these are features designed into the chip from the beginning and cannot be applied retroactively to previous chips. This makes sense due to these being physical attacks, and if ARM detailed the countermeasures, then the attackers can more easily work around them.
Security is a process. One fix will not create a totally locked-down world. It takes a pretty extensive infrastructure to address all of the threats that are likely to be encountered by IoT devices throughout the world. Adding to the physical IP with security measures allows ARM and its clients to be that little bit more confident that they are exposing their users to the least amount of risk possible when it comes to exploiting these products.