Overview

Digital devices across all markets deal with an ever increasing list of functional requirements leading to an ever increasing range of possible threats and attack vectors. To address these threats, multiple organizations are defining security recommendations and requirements, as well as compliance validation programs. These can be large commercial organizations (e.g. service providers in various fields), government agencies, industry specific alliances and more. 

To enable silicon vendors to cope with this plethora of requirements stemming from the target use cases, Arm provides a comprehensive security solution backed by a team of multi-disciplined experts with hands-on experience in forming a solution meeting the performance, power, area and security requirements.  The Arm TrustZone CryptoCell solution is a comprehensive collection of silicon-proven security modules that provide platform level security services. Its multi-layered hardware and software architecture combines hardware accelerators, hardware roots-of-trust control with a rich layer of security software and off chip tools. The CryptoCell security solution is offered either as a “high performance” variant or as a “high efficiency” variant, allowing designers to trade-off performance, power and area, as well as robustness level, according to their target markets and use cases.


  • ARM TrustZone Cryptocell-310
  • CryptoCell-300 Family

    The high efficiency TrustZone CryptoCell-300 family is focused at providing platform security for devices with strict power and area constraints.

     
    It provides the system with various cryptography related services (implementation of symmetric and asymmetric schemes, HASH and Keyed HASH functions, Random number generation) as well as platform security services required to assure the integrity, authenticity and confidentiality of code and data belonging to different stakeholders (e.g. an OEM, a service provider or the user).

    The high efficiency CryptoCell-300 family achieves all of that while maintaining a small area and power consumption footprint, as required by many IoT related deployment scenarios and contexts (e.g. home automation, factory automation, smart energy, automotive and more).

    TrustZone CryptoCell-300
  • ARM TrustZone Cryptocell-710
  • CryptoCell-700 Family

    The high performance TrustZone CryptoCell-700 family is focused at providing platform security for devices serving data intensive use cases.

     It provides the system with various cryptography related services (implementation of symmetric and asymmetric schemes, HASH and Keyed HASH functions, Random number generation) as well as platform security services required to assure the integrity, authenticity and confidentiality of code and data belonging to different stakeholders (e.g. an OEM, a service provider or the user).  

     Through this comprehensive set of security services the high performance CryptoCell-700 family enables the system to meet the security requirements of various data intensive use cases typical of modern high-end Consumer Electronics and Enterprise devices (digital rights management, high volume storage protection and more).

    TrustZone CryptoCell 700

Addressing Key Security Requirements

The following diagram illustrates the different components in the TrustZone CryptoCell subsystem 


TrustZone CryptoCell detailed components 

 

Attack vectors and threats can be grouped in different ways, for example:

  • Communication attacks – where the attacker attempts to make gains by exploiting flaws in the implementation (or even definition) of communication protocols (without modifying the behaviour of the communicating devices).
  • Software attacks – where the attacker attempts to make gains by modifying the code executed on the device or the data processed by it
  • Hardware attacks - where the attacker attempts to make gains by exploiting some Hardware characteristics or by modifying it (at the device or chip level), in order to compromise sensitive assets or alter the device’s behaviour.

To enable silicon vendors to address these threats, CryptoCell protects the integrity, authenticity and confidentiality (when needed) of code and data belonging to various entities. This protection is offered across different lifecycle states of the chip/device, allowing different stakeholder to apply different policies with regards to code origin, debug, updateability and renewability, assets isolation and more.

Arm Design Services

We customize Arm products to make it easy for you to adopt and integrate our products into your applications, whilst also reducing risk and time to market (TTM). Contact the Arm Design Services team for more information.