Mitigating against physical attacks
CryptoIsland provides sophisticated defense against different kinds of low-level attacks. These defenses include:
- Side-channel attack protection. These types of attacks include power and electromagnetic emission analysis by the attacker.
- Perturbation attack protection. These types of attacks include clock or voltage manipulation.
- Anti-tampering alarm response
- Hardware-based execution environment isolation
Whether you use a CryptoIsland to protect your system depends on how sensitive the data that is held on the system is. You must be realistic about how damaging an attack can be. For an IoT coffee maker, investing in the security that is provided by the CryptoIsland might be unnecessary. Arm provides the CryptoIsland for:
- A secure IoT device that requires mitigation against physical attacks
- A security enclave that provides software isolation for secure services
An example of a secure IoT device requiring high security
Imagine a device that controls entry to a luxury apartment building, with apartments that are rented out on Airbnb. The owner of the building does not live in the country and, as Airbnb bookings come in, must remotely control entry to the apartments.
Access to the main door is possible through the mobile of a guest or manually, through a temporary access code that is issued to a guest. The main door IoT device:
- Provides a touchscreen for user interaction. Guests can enter their access codes here.
- Maintains an online connection. Through this connection, it is possible to fully administrate the entrance rights that are assigned to the main door and each apartment.
- Tracks the check-in and the check-out of guests. If a guest does not show up or if a guest checks out, the device can alert the user.
- Tracks any unauthorized access to the doors in the building. The device can alert the owner immediately in response to this situation.
- Tracks any attempt to tamper with the SoC itself. Here, the threat could come from someone who has legitimate access to the building. Specifically, the anti-tampering alarm response of a CryptoIsland can mitigate against side-channel attacks on the SoC. These attacks intend to gain key information or affect SoC operation.
- Communicates with the individual doors of apartments. Microprocessors, containing for example a Cortex-M3, control the locking systems on these individual doors. However, the microprocessors are under the direction of the main device.
- Requires a security level to a standard that the CryptoIsland provides. If the main device is compromised, the result of unauthorized access could be costly.