Traditionally, this means the attacker could modify the flash and the device would be unrecoverable remotely. In this instance, the IoT device would need to be replaced or an engineer would need to be on site to reprogram the flash both of which are costly.
Fig. 4: Remote attack scenario – Bugs in user project could lead to vulnerabilities
Fig. 5: TrustZone prevents attacks from reaching protected resources
Fig. 6: TrustZone enables detection of attacks and recovery of systems
However, with an IoT microcontroller with security protection using TrustZone, the attacker:
- Cannot reprogram/erase the flash
- Cannot steal certificates/keys
- Cannot clone device
- Cannot stop Secure services
And if system health check service is running in the background, the service can detect abnormal system behaviour and trigger system recovery actions. Since the flash memory has not been corrupted, the system can be recovered by a system reset. As a result, the attack is short-lived and the system can be recovered quickly, without any lost/leakage of secure data.
Transforming the microcontroller industry with TrustZone
In recently years, even before TrustZone technology was available, microcontroller vendors already started to preload firmware into microcontroller products.
The trend of including firmware onchip is expected to become even more common, since TrustZone enables chip vendors to protect valuable software IP, such as Bluetooth and Zigbee stacks, as well as other libraries, like cryptography and sensor-fusion algorithms.
A potential secondary effect is that more microcontroller vendors will be selling IoT software platforms in chips these platforms will have several tightly integrated IoT firmware components, including networking stack (e.g.TCP/IP).
Today, we see a number of RTOS vendors already providing these IoT software platforms and delivering these software as on-chip firmware could be one way to allow chip vendors to differentiate by providing additional value to their products.
The trend of delivering IoT platformon- chip might also enable new business models for chip vendors. As a part of the IoT platform offering, the microcontrollers can be configured to connect to specific IoT cloud services, potentially allow chip vendors to develop new business model based on IoT services.
Potentially, these IoT cloud services could also be run by cloud operators, OEMs or mobile carriers. These companies could work with microcontroller vendors to create customised IoT microcontroller chips that are linked to specific IoT service platforms.
Using the same silicon chip design, each new IoT cloud services will only need customised preloaded firmware, and application developers can deliver IoT product solutions rapidly by calling preloaded APIs to establish secure connections.
For the end users of embedded products, the race of delivering secure IoT solutions in the microcontroller industry means that new products will likely utilize advance security measures. TrustZone technology for microcontrollers makes embedded security even easier to attain; this means that lowcost microcontroller systems no longer need to be labelled as insecure, as advanced security is now in reach of even the smallest IoT devices. As with the adoption of 32-bit processors in the microcontroller world, the transformation to more secure devices may take some time – but rest assured, the race for delivering secure IoT solutions is on, and the transformation of microcontroller industry has already started.