ARM adding hardware-based security to its processor cores

IDG News Service - Chip designer ARM Ltd. will add extensions to its processor core next year that incorporate hardware-based security technologies, the company announced today.
Future versions of the company's ARM core for chips for mobile devices and wireless handsets will contain protected areas for storage of user authentication keys, as well as areas of the processor that are off-limits to unauthorized users, said Mary Inglis, director of operating systems and alliances at ARM.
TrustZone, as the technology enabling the extensions is called, creates a parallel domain where secure applications can run alongside nonsecure applications. The operating system or application vendors set the policies designating what data is secure and what data isn't, Inglis said.
As the computing power of smart phones and other mobile devices grows, users will need to feel secure while making financial transactions, sending e-mail or accessing corporate data for adoption of those devices to become widespread, Inglis said. Crucial software applications often have to be downloaded to a handheld device, which creates a number of openings for hackers or viruses to exploit.
ARM is adding what it calls an S-bit, for security, to the sixth version of its architecture. The S-bit is applied to code that needs to be secure, and a separate portion of an ARM processor monitors and identifies data tagged with an S-bit. That data is run through the processor separately from nonsecure data.
Security extensions were also added to the Level-1 memory system. Most processors have a small amount of memory stored in a cache close to the CPU that is used to store frequently accessed instructions. These memory-level extensions can recognize the S-bit and control the flow of secure and nonsecure data from the memory cache to the CPU.
The operating system on a TrustZone device will also boot from the secure portion of the processor, checking to make sure everything is safe within the operating system and applications before booting the entire device.
"If people really want 3G phones, smart phones and wireless data services, they'll want to use them for transactions on the road, and they'll want to feel secure," said Tony Massimini, chief of technology at Semico Research Corp. in Phoenix. ARM's efforts will help establish a security standard for the mobile device market that a number of companies can use, he said.
Just about all companies in the microprocessor industry are working on hardware-based security features, which free up system resources normally dedicated to security software products and execute tasks such as random number generation much faster than software.