Complex regulatory requirements and the time it takes to make security solutions certifiable are obstacles to mobile development.
Security is now a common feature on most mobile devices, from fingerprint scanners to face ID. However, despite its widespread adoption, the time-to-market for developing security solutions still remains a challenge for OEMs, silicon providers (SiPs) and developers. Some of the most notable obstacles include: the availability of fully integrated security solutions incorporating existing IP, architecture and certification standards; complex regional regulatory environments, particularly in China; and the increased value of assets that devices use daily, such as accessing premium content and enabling machine learning (ML) and artificial intelligence (AI) algorithms.
The engineering effort of integrating security solutions with existing IP, adapting security solutions across multiple devices and making security solutions certifiable can lead to tens of man-years being wasted on software development. Chip developers often have to integrate security features into different IPs and architectures rather than having fully-integrated security solutions available. Multiple devices and markets now require security protection, not just mobile. DTVs and set-top boxes are increasingly enabling premium content on applications, such as Netflix, with this content needing to be protected. However, the security features for these devices are often complicated and comprised of many different sub-systems. Not offering certifiability on new security IP can waste time for developers as they look to ensure that their solutions conform to the latest standards. This challenge is true in several regions, but especially in China, which has complex regulatory requirements, and North America, which has certification standards such as FIPS 140-2.
Regulations in China ask for an increasing amount of use cases on mobile devices to use home-grown Chinese ciphers instead of international ones. Two examples of requirements needing to use specific China crypto (SM2/3/4) are content protection (e.g. the China DRM certification requirements that even span premium content) and payments. Moreover, as new use cases keep coming to light, security solutions should be made future-proof by conforming to new standards currently in development. One example is the GM/T 0028-2014 in China, which has specific security requirements to protect sensitive information in computer and telecommunications systems.
In addition, AI and machine learning (ML) features are playing an increasingly prominent role in most modern security features on mobile – just think about face ID that is now available on most modern smartphones. However, adopting these features into security solutions can be challenging and time-consuming for developers. For ML developers, a top concern is IP protection, as deploying an ML model onto a mobile device can lead to a loss of control over how the model is then accessed and used. The end result could be IP theft.
Arm has been helping its partners with these challenges for some time by offering – alongside comprehensive security IP products – access to Trusted Firmware-A, which is providing an implementation of a Trusted Boot Process and other valuable software. In addition, we intend to make it even easier for the eco-system to improve security. In the next few weeks, Arm will make the Trusted Base System Architecture (TBSA) specification for devices such as mobile, DTVs and set-top boxes public. This document presents System on Chip (SoC) architecture that supports Trusted Services compliant with key industry security standards.
Moreover, Arm is adding new CryptoCell security IP products aimed at performant systems – CryptoCell-713 and CryptoCell-703 (announced on Thursday 11th October) – both of which are compliant with the TBSA specification. CryptoCell-713 and CryptoCell-703 have been developed to address this time-to-market challenge for OEMs, silicon providers (SiPs) and developers. CryptoCell-713 is pre-integrated with existing Arm IPs and security architecture, providing the blueprint and implementation for security solutions. Both CryptoCell-713 and CryptoCell-703 can be applied to a range of devices including mobile, DTVs and set-top boxes and also have full certifiability – not just in China, but also in the West through FIPS 140-2. In the Chinese market, both meet the various regulatory requirements for now and in the future, with the CryptoCell-703 enabling our partners to utilize the Chinese cipher implementation while keeping their existing security IP. For AI and ML, CryptoCell-713 supports the full framework for using software image encryption, based on hardware bounded keys provisioned securely.
The security landscape is evolving at a rapid pace, particularly the emergence of new and different threats posed to multiple devices. The time-to-market of developing security solutions to tackle these threats remains a challenge for our partners. Reducing this will not only help them to develop products more quickly, but also ensure that security is not the last thought for new products and solutions. Ultimately, creating a more secure ecosystem will benefit everyone – our partners, their customers and the end user.
Leave a Reply