A decade ago, consumer use of the internet was limited to home computers, some smartphones, and a very small number of tablets. Today, consumers are connecting a wealth of different devices – everything from smart TVs and smart security cameras through to smart speakers, thermostats, and smart kitchen appliances. In the coming years, many of us will drive cars that are permanently connected to the internet. In our kitchens, bedrooms and living rooms, there are already 400 million smart speakers installed, according to the latest Canalys forecasts, and the numbers are rising exponentially. These devices also often use a voice assistant connected to a cloud service.
Whilst there are well-publicized debates about smart devices and the related privacy implications, there has been far less scrutiny on how secure these devices are, and how they could be hacked by those with malicious intent. Whilst consumers may have concerns about sharing their confidential information with major cloud players who could monetize this data, most are blissfully unaware of more sinister dangers. After all, a cloud player might reassure consumers that the connection between their smart speaker and the cloud is encrypted, and that the cloud is a very secure place, but how do cloud players know that only genuine devices can connect, or that devices have not been tampered with? With the increasing licensing of cloud services, such as voice assistants to third party manufacturers, there is a significant increased risk that not everyone will treat security with the attention it deserves.
The rational conclusion, given the huge growth in smart devices for consumers and the variety of chipsets and software deployed, is that it is only a matter of time before bad actors exploit the vulnerabilities in these devices. Of course, some major cloud players have also reached this same conclusion. Realizing that a breach of their cloud services from a weakly protected consumer appliance, they recognize that this could turn their billion-dollar brand into a million-dollar brand. As a result, they are recommending, and will soon be mandating, security standards with respect to the software and hardware running inside consumer appliances.
How to best protect consumer appliances
When it comes to ensuring the highest protection levels for consumer appliances, hardware-backed security is accepted as being the gold standard. This means creating a physical barrier between software used to run general operations on the appliance and the more sensitive operations dealing with user data protection, device credentials, payment information etc. This approach is commonplace in mobile phones, and increasingly in every other device, from security cameras to smart speakers.
There are two distinct approaches to hardware-backed security. One is to use a separate chip or device – typically a secure element (SE) or hardware security module (HSM) to run the sensitive software. The other approach is to use hardware security features of the main CPU to provide isolation.
This is commonly called a Trusted Execution Environment (TEE). The advantage of the TEE approach is twofold.
Firstly, there is a cost reduction, as no separate chip is required. Secondly, as the TEE runs on the main CPU, it benefits from higher performance and larger memory space, enabling broader security applications, and providing an easier upgrade path.
TEE solutions based on ARM TrustZone™ architecture allowing a separate ‘secure world’ operating system to manage the security operations. These can range from embedded functions such as secure boot and attestation to higher level application capabilities such as secure video decoding or payment processing.
Deploying hardware-backed security is not difficult when focusing on a single program or product. However, it gets trickier the larger your product portfolio is, due to the fragmented SoC platform market. For companies with large endpoint ecosystems, such as Google’s Android or Amazon Alexa the challenge is even larger. Whilst it is foreseeable that there will be further SoC platform consolidation around pre-integrated platforms, it is highly likely that such moves will take years to become reality and even then, there will be a limited offering for most large-scale CE players across their product portfolio.
What are the options for device OEMS?
It is easy to mandate additional security hardware – but that raises the cost and reduces flexibility. The TEE can provide a solution. For example, Google requires Chromebooks to have a Trusted Platform Module (TPM) to attest to secure boot, but whilst a TPM is traditionally provided by a separate chip, it can also be provided in a TEE.
This approach offers the advantages of flexibility and cost saving. TPMs in TrustZone are nothing new, they are explicitly called out in the TPM standard, and have been used commercially for many years in laptops and other devices.
A TEE offers a fully integrated solution providing enhanced support for features such as secure software updates, Trusted Applications and much more. For OEMs currently using discrete hardware, or who have yet to adopt any security solution, TEE based approaches are worth considering. Whilst there may be some upfront software investment needed, this can quickly be recouped by the savings in physical hardware and the added advantages of a common platform that can be updated via a software patch, not a hardware recall. There are a number of differences between TEE and HSM which need to be considered.
As one of the early innovators of TEEs, Trustonic, originally founded a part of ARM holdings, is currently an independent company providing its Secure Platform. Trustonic’s solutions have been deployed in more than 2 billion mobile and IoT devices and tens of millions (to date) of vehicles.
Further, Trustonic has been actively working with multiple SoC manufacturers, for many years, to create pre-integrated SoC platforms with our Kinibi TEE delivered as part of the BSP.
