Computerworld
Print Article
Close Window

ARM adding hardware-based security to its processor cores

TrustZone creates a parallel domain for secure applications

Tom Krazit, IDG News Service
 

May 27, 2003 (IDG News Service)

Chip designer ARM Ltd. will add extensions to its processor core next year that incorporate hardware-based security technologies, the company announced today.
Future versions of the company's ARM core for chips for mobile devices and wireless handsets will contain protected areas for storage of user authentication keys, as well as areas of the processor that are off-limits to unauthorized users, said Mary Inglis, director of operating systems and alliances at ARM.
TrustZone, as the technology enabling the extensions is called, creates a parallel domain where secure applications can run alongside nonsecure applications. The operating system or application vendors set the policies designating what data is secure and what data isn't, Inglis said.
As the computing power of smart phones and other mobile devices grows, users will need to feel secure while making financial transactions, sending e-mail or accessing corporate data for adoption of those devices to become widespread, Inglis said. Crucial software applications often have to be downloaded to a handheld device, which creates a number of openings for hackers or viruses to exploit.
ARM is adding what it calls an S-bit, for security, to the sixth version of its architecture. The S-bit is applied to code that needs to be secure, and a separate portion of an ARM processor monitors and identifies data tagged with an S-bit. That data is run through the processor separately from nonsecure data.
Security extensions were also added to the Level-1 memory system. Most processors have a small amount of memory stored in a cache close to the CPU that is used to store frequently accessed instructions. These memory-level extensions can recognize the S-bit and control the flow of secure and nonsecure data from the memory cache to the CPU.
The operating system on a TrustZone device will also boot from the secure portion of the processor, checking to make sure everything is safe within the operating system and applications before booting the entire device.
"If people really want 3G phones, smart phones and wireless data services, they'll want to use them for transactions on the road, and they'll want to feel secure," said Tony Massimini, chief of technology at Semico Research Corp. in Phoenix. ARM's efforts will help establish a security standard for the mobile device market that a number of companies can use, he said.
Just about all companies in the microprocessor industry are working on hardware-based security features, which free up system resources normally dedicated to security software products and execute tasks such as random number generation much faster than software. Intel Corp., Via Technologies Inc. and Transmeta Corp., among others, have introduced or are working on hardware-based security features for their processors.
But skeptics are concerned about the ease with which vendors can use these hardware-based security features to set digital rights management policies. Since the device makers, operating system vendors and application providers decide what data is secure and what isn't, they can set policies on the device to play only certain types of media files, monitor the way the device is used or even log keystrokes. The user will have no access to the TrustZone controls in ARM's product, Inglis said.
"What we're embarking on now is designing the extensions, getting the specifications right, and making sure it works with the operating systems. We're just beginning, now that these extensions are defined, to work on how the market can take advantage of them and define best practices," she said.
TrustZone will be a standard feature across the ARM product family when it makes its debut later this year, Inglis said.
ARM designs and licenses processor cores to other semiconductor companies that manufacture chips based on that design. The Cambridge, England-based company's customers include Intel, Texas Instruments Inc. and Motorola Inc., three of the largest makers of chips for mobile devices.