Chip designer ARM announced it will add extensions to its processor core next year that incorporate hardware-based security technologies.
Future versions of the company's ARM core for mobile and wireless handset chips will contain protected areas for storage of user authentication keys, and areas of the processor that are off-limits to unauthorized users, said Mary Inglis, director of operating systems and alliances for ARM.
TrustZone, as the extensions are called, creates a parallel domain where secure applications can run alongside nonsecure applications. The operating system or application vendors set the security policies as to what data is designated as secure, and what isn't, Inglis said.
As the computing power of smartphones and other mobile devices grows, users will need to feel secure while making financial transactions, sending e-mail, or accessing corporate data, for adoption of those devices to become widespread, Inglis said. Crucial software applications often have to be downloaded to a handheld device, which creates a number of openings for hackers or viruses to exploit, she said.
ARM is adding what it calls an ‘S-bit’, for security, to the sixth version of its architecture. The S-bit is applied to code that needs to be secure, and a separate portion of an ARM processor monitors and identifies data tagged with an S-bit. That data is run separately through the processor from non-secure data.
Security extensions were also added to the level-1 memory system. Most processors have a small amount of memory stored in a cache close to the CPU that is used to store frequently accessed instructions. These memory-level extensions can recognize the S-bit, and control the flow of secure and non-secure data from the memory cache to the CPU.
The operating system on a TrustZone device will also boot from the secure portion of the processor, checking to make sure everything is safe within the operating system and applications before booting the entire device.
"If people really want 3G phones, smartphones, and wireless data services, they'll want to use them for transactions on the road, and they'll want to feel secure," said Tony Massimini, chief of technology at US-based Semico Research. ARM's efforts will help establish a security standard for the mobile device market that a number of companies can use, he said.
Just about all companies in the microprocessor industry are working on hardware-based security features, which free up system resources normally dedicated to security software products, and execute tasks such as random number generation much faster than software. Intel, Via Technologies and Transmeta, among others, have introduced or are working on hardware-based security features for their processors.
But skeptics are concerned about the ease at which these hardware-based security features could be used to set digital rights management policies by vendors. Since the device makers, operating system vendors, and application providers decide what data is secure and what isn't, they can set policies on the device to play only certain types of media files, monitor the way the device is used, or even log keystrokes. The user will have no access to the TrustZone controls in ARM's product, Inglis said.
"What we're embarking on now is designing the extensions, getting the specifications right, and making sure it works with the operating systems. We're just beginning, now that these extensions are defined, to work on how the market can take advantage of them, and define best practices," she said.
TrustZone will be a standard feature across the ARM product family when TrustZone makes its debut later this year, Inglis said.
ARM designs and licenses processor cores to other semiconductor companies that manufacture chips based on that design. Some of the London company's customers include Intel, Texas Instruments and Motorola, three of the largest mobile device chip makers