Challenge For Secure Embedded IoT Systems is The Creation And Validation Of The Threat Model
Security is the new concurrent to Embedded Technologies. Real-time visualization, cloud connectivity & Bluetooth Mesh Networking, AI capabilities and machine learning all integrating and boasting embedded security. In one of the biggest interview of 2019, Rhonda Dirvin, Senior Director Marketing Programs, Arm tranquillizes the growing concerns of ‘Embedded Security’ and also underlines their mammoth expertise in this domain. Edited Nub.
- What are the Embedded Security Requirements in IoT?
There are four generic groups for embedded IoT security
– Communication security: are all exchanges with the cloud protected?
– Lifecycle security: Is the product protected as it changes hands from supplier to user?
– Software security: Is the product upgradeable and protected from software attacks?
– Physical security: Is the product immune to physical tampering?
Usually the first three are required in all products, while physical security is reserved for use cases where the value of the embedded asset is high enough to merit the additional cost associated with physical security.
Arm offers solutions for all four categories, along with the Platform Security Architecture (PSA), which is the framework for designing secure embedded IoT products.
- Challenges and Solutions in maintaining the security in Embedded Systems?
The main challenge facing all designers of secure embedded IoT systems is the creation and validation of the threat model, which defines what needs to be protected in the product and from what types of threats.
Most designers find this to be the hardest step since one has to not only define and defend how the product should behave in normal operations, but one needs to also imagine all the ways that the product should not behave to include in the threat model.
Once that threat model is defined then the rest of the process is back to the standard embedded engineering approach of designing something that meets the project requirements. Arm and the ecosystem already provide, as in the past, all that is required to build the product once those requirements are clearly defined.
- What modern design architecture will build-in embedded security technologies of future?
Arm TrustZone is the key architecture that will be used to build all embedded IoT products in the future. By definition, all IoT products need to be protected from software attacks and need to be upgradeable to handle the recovery after an attack. The only method to meet those two requirements is to have hardware isolation which can be achieved either by using two distinct compute elements or by using one processor that has TrustZone.
TrustZone is a hardware isolation scheme running on a single processor. It is the most cost-effective and energy efficient scheme for isolation. Given that cost is a key factor for IoT deployment, an industry-standard technology, such as TrustZone, is key to drive mass IoT deployment.
- Being on the designing-front, what critical issues do you foresee in the Embedded systems?
Security: If we want to reach one trillion connected devices, but do not have security built-in devices from the ground up, then they cannot be trusted. Just one weak point in a device could compromise the entire device, all its data, and others it is connected to in a network. That is why we have TrustZone for Arm® Cortex®-M based devices, now available in chips from the major MCU suppliers. It provides system-wide, hardware-enforced isolation to ensure security is baked in the device. It uses the familiar Cortex-M programming model, making security accessible for all embedded and IoT developers.
Custom, application-specific design: We are seeing many manufacturers and silicon start-ups pursue custom system-on-chip designs (or ASICs). The barriers of IP, cost and expertise have been lowered, making custom silicon more accessible than ever. In particular, Arm has been investing in companies’ success by reducing both risk and initial investment through the Arm DesignStart program: fast, low-cost access to Arm IP so companies can design and prototype their custom SoC quickly and affordably.
And if design expertise is a concern, it doesn’t need to be – companies can outsource some or all of your chip design to one of our Arm Approved Design Partners, a global network of design service companies with a wealth of experience in Arm-based design. No matter a company’s technical expertise, they can get the right level of design support you need to take advantage of the benefits of custom chips. It is a great choice for both Internet of Things (IoT) start-ups and established companies looking to develop a workable proof-of-concept.
Also, recently Arm and Xilinx announced a collaboration that makes FPGA-based innovation faster, easier and more diverse: Arm DesignStart FPGA. You can read the announcement here. The design possibilities for embedded and IoT are wider and more accessible than ever with free, no-royalty use of Arm Cortex-M soft processor IP on Xilinx FPGAs. Now developers can access the benefits and ecosystem of Arm Cortex-M processors with the flexibility of FPGA.
- Low-power design and optimization will be key in MCU Embedded systems design space, your expertise in it?
AI can save power. For example, an electric motor controller could have additional sensors that detect vibration or noise to gather information about how the motor is operating, and then use a machine learning algorithm to self-adjust the motor to be more efficient. The power saved by the electric motor will be many times greater than the power used by the processor.
To reduce the power consumed by the processor, Arm has a wide range of processors with different capabilities. Some of Arm’s embedded processors for low-cost microcontrollers have additional functionality for accelerating the mathematical functions used in machine learning algorithms, which can reduce the area and power of another chip.
Specifically, one of the key design criteria for the Arm Cortex-M CPUs is power efficiency. This combined with the CMSIS-NN optimized software library enables best-in-class ML low-energy performance on embedded devices.
Most MCUs are built using older geometry processes (55nm and larger) where static power is less of an issue. Static power becomes an increasingly important issue when you get to smaller geometries. Here Arm has two technologies to reduce static power. Arm’s processors work with Arm’s Artisan Physical IP to lower dynamic and static power. This includes turning off functional blocks that are not currently executing and lower voltage to reduce the power needed to run the processor. Arm has introduced an optimized physical IP library (POP) for its Cortex-M microprocessors and its Neural Network Processor (Machine Learning POP).
- Deep learning, machine learning and other AI concepts, how critical will it be for designers and developers to provide next-gen secure embedded solutions?
While the first wave of ML focused on cloud computing, the combination of improved techniques for shrinking models to run on low-power hardware and the increased capabilities of compute on edge devices means that ML inference is already performed on millions of microcontroller-based IoT devices today.
Edge compute brings a number of advantages – not least privacy and security. By keeping data on-device, rather than shifting it back and forth to the cloud, exposure is minimized and the risk of a privacy breach reduced. On-device processing also brings benefits in terms of latency. A robot arm can’t wait for instructions to be sent down from the cloud to tell it what to do; even a small delay could have serious safety implications. The ability to run ML directly on the device assures a rapid, and secure response.
But for AI and ML to scale to 1 trillion connected devices across the Embedded and IoT markets, both hardware and software platforms have to be easy to design, program and deploy. Arm is making that easier with Project Trillium, a suite of Arm products that gives device-makers all the hardware and software choices they need.
The parameters for adding intelligence to a device vary according to the application – from home-based products like toothbrushes and forks to industrial equipment in sectors as diverse as agriculture, healthcare and manufacturing. There’s no one-size-fits-all solution, which is why Project Trillium is all about scalability and versatility, offering a range of performance options based on the compute world’s most widely-deployed advanced technologies.
Selecting the right solution for your application entails a series of trade-offs: from small, low-power microcontroller units (MCUs) for cost- and power-constrained systems; to central processors (CPUs) for greater performance and general-purpose programmability; graphics processors (GPUs) for faster performance with graphics-intensive applications; and neural processors (NPUs) for the most intensive and efficient ML processing.
Efficient NN kernels are key in enabling inference on Arm Cortex-M based CPUs. CMSIS-NN provides optimized functions to accelerate key NN layers and helps to reduce the memory footprint – vital for memory-constrained microcontrollers.
Arm NN provides a bridge between existing neural network frameworks – such as TensorFlow or Caffe – and the underlying processing hardware – such as CPUs, GPUs or the Arm Machine Learning processor.
