Arm Releases New Infrastructure and Security Certifications for IoT Devices

February 25, 2019 by Baker Lawley

Arm's new security certifications and IoT infrastructure platforms plan for one trillion connected devices.

Arm today announced its new multilevel hardware-based security certification for IoT devices, PSA Certified.

Following last week's announcement of their Neoverse E1 and N1 platforms for use in IoT applications, Arm looks ahead to a world of one trillion connected devices.

The Changing Internet

As the Internet of Things becomes larger, with improved hardware and more connected devices, the internet must shift away from content distribution (like streaming movies) towards data consumption, to handle the massive amount of data that will be generated. 

In its current iteration, hardware has kept up with demands by developing faster general-purpose compute. As the IoT expands the amount of data it needs to process,Arm expects that a heterogenous compute—with segments such as general, network, storage, security, and graphics—will be the only way to keep up.

To plan for this future, Arm is introducing a complete infrastructure platform, with the Neoverse N1 and E1 platforms.


A breakdown of Arm's neoverse infrastructure platform. Image courtesy Arm.


The new generation of Arm's Neoverse infrastructure, the N1 and E1 platforms, aims to handle this larger amount of data with more efficiency and speed. Arm also wants to make it easier for all IoT devices to provide security assurance to end users with their newly-announced Platform Security Architecture (PSA) Certification.

Arm Neoverse

Building on the adoption of the Neoverse infrastructure adoption by Amazon’s AWS announced last November, Arm introduced their N1 and E1 platforms earlier this month. Arm states that the platforms can work with diverse solutions and ecosystems, and are scalable from hyperscale to the edge. 


N1 Platform

N1 is a high-compute chip able to handle huge amounts of data and make local decisions. It is capable of working singularly, deployed in IoT devices, or in a mesh network that can be comprised of up to 128 cores. With connections at each port, efficiency boosts in the design bring a lower cost of development for applications.


Arm's Neoverse N1 Platform. Image courtesy Arm.


Features of N1 are focused on infrastructure workload, including server-class RAS, CPU power management, statistical code profiling, and cache stashing.

The Neoverse N1 platform introduces 60% faster speeds than Arm's previous Cosmos iteration, and Arm has a four-year roadmap for the N1 platform promising 30% increases in speed as well as new features each year.


E1 Platform

As more IoT devices enter the ecosystem, demands for data throughput increase. Hardware will have to adapt accordingly. To address this, Arm introduced its E1 platform.


A graph predicting internet throughput exabytes per month, 2016-2021. Data courtesy Cisco Visual networking Index; image courtesy Arm.


The E1 platform is designed to move data fast. It utilizes a simultaneous multithread throughput to handle dual threads, increasing throughput and efficiency over other platforms. E1 makes use of a diverse software ecosystem, supporting the Armv8.2-A architecture and AArch64 ISA and working with many tools and operating systems such as Linux kernel and OpenSSL Libraries. 

With a high throughput, the chips are scalable for edge to core data, capable of operating at 25Gbps at a CPU power budget of 4W, up to multi-100Gbps systems. Arm states that E1 works in many environments—wired or wireless, 4G or upcominng 5G networks, as well as being natively compatible with the N1 platform. They see it as the backbone for data throughput, no matter what situation.

For market availability, partners will be putting the N1 and E1 platform core technology developed by Arm into silicon platforms, and Arm states these should be available by the end of the year.

The Changing Culture of IoT Security: PSA Certified

But it doesn't matter how fast hardware can perform or how many devices join the IoT if the underlying security is faulty.

The Wild West-like nature of IoT security—that is, the lack of cross-industry regulation and security standardization—has left a slew of vulnerabilities in IoT devices. Botnet DDoS attacks and other large-scale attacks that utilize IoT devices are commonplace. Fear over cyber attacks like Spectre and Meltdown, as well as the more recent MOSQUITO, affect trust in IoT security. Lack of security also puts the quality of the collected data into question.

The consequences of this state of the industry can be dire. Arm cites an estimate from Kaspersky Labs that malware attacks on IoT devices increased over 300% in the first quarter of 2018 alone. Another citation from Cyber Security Ventures estimates the monetary damage to be around $6 trillion by 2021. Arm hopes that giving developers simple, consistent frameworks and resources for security will allow the safe development of the IoT ecosystem.

To encourage faster adoption of IoT devices, Arm introduced Platform Secure Architecture (PSA) in 2017 to address this need.

Today, they announced PSA Certified, a new certification layer for devices.

PSA Certified is an architecture-agnostic certification scheme designed to simplify the security process, as well as bring consistency to device security by giving designers an independent authority to validate their applications. Arm has teamed up with Brightsight, CAICT, Prove&Run, Riscure, and UL to establish and execute testing protocols on IoT devices. 


Appropriate Security Levels for Different Use Cases

The breadth and variety of IoT use cases make a single approach to security impossible. As such, PSA Certified is hardware-based assessment, with three levels of assurance. Each level is based on Arm's PSA-RoT (Root of Trust) security hardware configuration and small amount of trusted code. Developers can independently decide the appropriate level of security needed for their use case.


PSA Certified Root of Trust (RoT) diagram. Image courtesy Arm.


Level 1 certification can be achieved in a day by filling out a robust questionnaire and providing sufficient evidence covering ten security principles that should apply to every IoT system. The process covers threat models and industry best practice compliance. Applicants' information is then evaluated by the test lab.

Level 2, the midlevel security assurance which takes a month to reach, involves a source code review. This process focuses on carefully-defined attack methods and utilizes a set evaluation methodology.

Level 3, forthcoming later this year, will cover more extensive attacks like side channel attacks and will provide the highest level of security certification.

Arm also introduced PSA Functional API Certified, which ensures a device's software ecosystem is PSA-compliant, regardless of the hardware platform it uses.


PSA Developer API workflow for PSA Certified Functional API. Image courtesy Arm.


The PSA Developer APIs are designed to make it easier for software developers on any architecture or RTOS to use these same hardware-based features. In that way, the chip vendor and software developer can work within the same security ecosystem. 



PSA Certified is available now and certification can be done for existing devices as well as devices in development and new to market. Arm states that some partners have already put the platform into use and established Level 1 certification. 


Featured image courtesy Arm.