Building a safe and secure embedded world

Receive professional training from Hitex

Designing Secure IoT Devices with the Arm Platform Security Architecture

Course Convenor: Trevor Martin

Course Duration: 2 day

Course Overview

The world is becoming more connected than ever before. From smart homes to self-driving cars, the internet of things (IoT) is driving the world’s digital transformation. However, this shift is not without risk. As more of our everyday objects become connected to the internet, the security of these devices becomes increasingly important.

This course will provide an introduction to cryptography and secure communications, as well as an overview of the Arm Platform Security Architecture. We'll show you the tools, firmware, and methodology you need in order to achieve certification that meets any global legal requirements. With our experienced instructors, you'll come away with the confidence and knowledge to successfully implement security in all of your embedded systems.

This course is essential for anyone looking to expand their knowledge of IoT device security.

Prerequisites:

  • Familiarity with current Cortex-M processors
  • Attended the Cortex M workshop (ideal)
  • Knowledge of C programming language

What You’ll Receive:

  • A memory stick containing all presentations and examples used
  • A copy of the Designing Secure IoT devices with the Arm Platform Security Architecture book

Time, Date & Place:

14th & 15th June 2023 - Book Here

Course Details

Day 1

Platform Security Architecture and Cryptography

The course will begin with an overview of the Arm Platform Security Architecture to describe its specifications, methodologies firmware and software tools. We will then provide an introduction to essential cryptographic primitives using the open-source mbedTLS library. The features covered will include.

  • Symmetrical Ciphers
  • Hashing Algorithms
  • Message Authentication Codes
  • Random Number Generation

Secure communications        

In this section, we will extend our use of the mbedTLS library to include public key cryptography. We will also develop an understanding of the Public Key Infrastructure and how to establish secure communications using the Transport Layer Security Protocol. The topics covered will be:

  • Public Key Cryptography: RSA, DH, Elliptic Curve Cryptography, Digital Signatures
  • Public Key Infrastructure: Man in the middle attack, X.509 Certificates, Transport Layer Security
  • IoT message protocols: MQTT, JSON, CBOR

Day 2

Trust Zone and the PSA security model

Historically ‘Software attacks on small embedded devices have been very rare. However, as we begin to deploy millions of IoT devices it is a threat we must take seriously. We will begin the second half of this course will begin by considering how an IoT device is vulnerable to a software attack which will allow an attacker can gain control of our devices and system. We will then look at using Threat modelling to discover possible attack exploits that may be used by an adversary and how these can be countered by adopting the PSA Security Model

A key feature of the PSA security model is system partitioning to separate the application firmware  from the secure services and data. We will take a detailed look at how this is achieved with Arm Trust Zone for Cortex-M. We will also introduce the CMSIS Zone Utility which can be used to configure complex memory maps.

We will also see how Trust Zone has been implemented in a typical Armv8-M ( Cortex-M23/33/55/85) microcontroller along with vendor hardware extensions to create a trusted execution environment.

  • Software attacks
  • PSA Security Model
  • ARMv8-M Trust Zone and Memory Protection Unit
  • CMSIS-Zone
  • MCU Trusted Execution Environment
  • PSA Certification

PSA Trusted Firmware      

The Arm Trusted Firmware provides an open-source free-to-use reference platform for secure partition software. Today we will examine the architecture of the TF-M software and how to use the security services, crypto, secure storage, event logging and attestation that it provides. In any IoT system, it must be possible to update the firmware of any deployed device. The TF-M firmware includes a modified version of the open-source mcuBoot bootloader. In this final section, we will look at the operation of mcuBoot and how to prepare and sign update images. We will also see how mcuBoot is ported to a specific microcontroller.

  • Trusted Firmware Secure Processing Environment
  • Trusted Firmware Security Services
  • Secure Boot and “Updatable Root of Trust”

Search formContactOnlineshop