SANTA CLARA, Calif.—ARM is looking to extend the reach of its chip designs beyond smartphones and tablets and into new growth areas, with the Internet of things being a key one. The company sees the development of tens of billions of connected devices, systems and sensors as a natural fit for its low-power system-on-a-chip (SoC) designs, and has made a strong push into the burgeoning Internet of things (IOT) market over the last couple of years. That has included everything from the development of its mbed IoT platform to partnerships with the likes of IBM and acquisitions to build out its capabilities in the market.
At the company’s TechCon 2015 show here Nov. 10, CTO Mike Muller unveiled ARM’s new Cortex-A35 SoC, which is aimed at low-cost smartphones but also can be used for IoT devices.
With a broad array of devices becoming connected, the attack surface for hackers is rapidly increasing, and the issues of security and privacy have been at the forefront of IoT discussions throughout the industry. They also have been a focus at TechCon this week, where there were more than a dozen sessions about security and the IoT. In addition, at the same time he announced the Cortex-A35, Muller also introduced the company’s efforts to bring its TrustZone technology that is pervasive in its architectures for mobile systems to IoT devices though the development of its new ARMv8-M architecture.
Muller stressed the need for a layered approach to security that starts with the hardware and works its way up through software and communications.
CEO Simon Segars followed that up in his Nov.11 keynote address, talking about security, privacy and the need to develop trust among end users and governments in the use of a myriad of connected devices in use. Otherwise, they risk stalling what he and ARM partners on the TechCon stage said is a significant opportunity for technology innovations, business advancements and improving the lives of the world’s population.
If people don’t trust their connected devices, they won’t want to use them, Segars said. If governments are concerned about security, they will move in with regulations. The key is for the tech industry to get ahead of the security and privacy issues that impact trust and develop solutions that will deal with the challenges, the CEO said. An important part of that will be to address security as the devices are developed, rather than trying to bolt on technologies later.
“We have the opportunity to get this right,” Segars said to several thousand TechCon attendees. “Let’s take that opportunity to get the IoT right. “As the IoT evolves, and as it gets more complex, it will be difficult to address security after the fact, he added.
The Internet of things is expected to grow quickly over the next few years, with Cisco Systems forecasting that the number of connected devices worldwide will jump from 25 billion in 2014 to more than 50 billion by 2020. IDC analysts expect that IoT spending will hit $1.7 trillion by that year.
IDC also is predicting that as the number of devices grows, so will the number of cyber-attacks. According to IDC figures, the number of IoT devices will grow to 22 billion by 2018 and will fuel the development of 200,000 new apps and solutions to take advantage of them. However, security will continue to be a key issue. During a recent webcast, Frank Gens, senior vice president and chief analyst at IDC, reportedly said that by 2018, two-thirds of enterprises will experience IoT security breaches.
“Trust is all about risk mitigation,” said Coby Sella, vice president of products and technology at ARM said during a panel discussion. “You need to address that risk factor.”
IoT Security a Focus at ARM TechCon Show
TrustZone, which already is used in ARM’s high-end Cortex-A SoCs, is designed to separate and isolate non-trusted resources from trusted hardware, software and data by creating an area on the chip to house the trusted code. It includes hardware-assisted cryptography with secure access validation built into the chip, and now includes a technology called CrytopCell, for faster data encryption. The ARMv8-M architecture also will support the AMBA 5 AHB5 interconnect protocol, which extends security from the ARM-embedded SoC to other components in the system, such as memory, storage and connected peripherals, both trusted and untrusted.
It will be later next year or into 2017 that TrustZone technology begins to appear in devices, according to ARM. However, it is in the foundation of the layered approach ARM is taking with security, they said. It starts with the hardware, which includes TrustZone, mbedOS and SecurCore, then moves into communications software with features like mbed TLS and lifecycle security with mbed Device Server.
What’s important is realizing that security in the IoT can’t be addressed in the same way as it has been addressed with PCs, ARM and its partners said. There are too many devices and too many potential access points for hackers to attack.
“A lot of times, security is an afterthought,” Balaji Yelamanchili, executive vice president and general manager of Symantec’s enterprise security business, said during the panel. “You buy a device … and bolt on security afterwards. In the IoT, you can’t do that.”
“It’s got to be pervasive and it has to be part of the development process,” ARM’s Muller said in a round-table discussion with journalists.
“You can’t have security and trust as an extra,” he said. “To work, you’ve got to have it on everything. Once you make it optional, some people won’t use it.”
Muller said ARM will introduce other security services for IoT devices, such as secure firmware updates. However, it’s unclear when that will be available, according to CEO Segars. Company officials are determining whether ARM would run the service itself or license it to partners, which would put it in their products themselves.