Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores
Sneaky processors look to keep lid on sensitive IoT data
Arm has released a new processor core design for Cortex-M-powered system-on-chips that will try to stop physical tampering and side-channel attacks by hackers.
The microcontroller-grade Cortex M35-P CPU cores are aimed at embedded IoT devices that operate in public or areas where there is a risk someone will either crack open the device or get close enough to perform a proximity-based attack. Think things like smart meters or connected street lights in a major city.
Rather than worry about network-based or remote side-channel attacks (that is what the Platform Security Architecture is for), Arm says the M35-P has been designed to ward off actual hands-on attempts to compromise a device by fiddling with the processor itself.
These physical attacks [PDF] on Arm chips include techniques such as recording electromagnetic radiation to spot when information is being transmitted or even cracking open the housing on the chip to manipulate the silicon itself.
Microsoft has designed an Arm Linux IoT cloud chip. Repeat, an Arm Linux IoT cloud chipREAD MORE
How common are such attacks? Not particularly, admits Asaf Shen, Arm's VP of marketing for security IP. When they do occur, though, they are potentially devastating, and the barrier for entry is lowering, he said.
"Success attacking one device can easily turn into a large-scale attack," explained Shen. "If one smart streetlight can be hacked, it can provide a window for potentially an entire city's smart grid to be attacked."
Because these sort of flaws would, by nature, be impossible for the vendors to patch as they are etched into the bare metal, Arm is taking it upon itself as the designers of the processor cores to beef up security.
Among the measures Arm is taking with the M35-P is an attempt to control electric current leak and electromagnetic radiation. The Softbank-owned Brit biz says it has engineered the blueprints to minimize both leakage and EM output, particularly while performing tasks such as transmitting security keys.
Those measures, Arm hopes, will combine with other technologies like PSA and TrustZone to close off side-channel attacks and attempts to get directly into the hardware itself.
At the same time, Shen noted, the security measures on the M35-P will not be able to fully prevent physical attacks. Once a hostile party is able to crack open a chip and manipulate it, a compromise is going to happen sooner or later. Rather, Arm wants to make such a compromise more trouble than it is worth.
"Nothing out there is 100 per cent bulletproof, at the end of the day everything and anything can be compromised," Shen admitted. "The goal here is to make the attack uneconomical." ®