ARM aims to build trust in IoT security

With billions of wireless devices expected to be connected to the internet over the coming years processor firm ARM has worked with Intercede, Solacia and Symantec to assess the IoT security challenges of connecting devices across multiple sectors; including industrial, home, health services and transportation.

As a result the companies have collaborated on the Open Trust Protocol (OTrP) to combine a secure architecture with trusted code management.

Marc Canel

The intention is to bring data security techniques used in the financial sector to mass-market devices such as smartphones and tablets.

Marc Canel, vice president of security systems, ARM, writes:

“In an internet-connected world, it is imperative to establish trust between all devices and service providers. Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”

So what is OTrP? According to ARM, it is a high level management protocol that works with security solutions such as ARM TrustZone-based Trusted Execution Environments that are designed to protect mobile computing devices from malicious attack. The protocol is available for download from the IETF website today for prototyping and testing.

The management protocol is used with Public Key Infrastructure (PKI) and Certificate Authority-based trust architectures, enabling service providers, app developers and OEMs to use their own keys to authenticate and manage trusted software and assets.

OTrP will be added to ARM microcontroller-based platforms capable of RSA cryptography. It is available as an IETF informational and it is planned that it will be further developed by a standards defining organization that can encourage its mass adoption as an interoperable standard.

“Posting OTrP as an IETF informational for public review is an important step in providing universal digital trust from silicon to services for mobile and IoT connected devices, said Richard Parris, CEO of digital trust specialists, Intercede.

“It provides network operators and app developers the control they need over their selection of hardware security module and cryptographic key provider for reasons of interoperability, policy and cost while maintaining a common management platform across mixed fleets of devices,” said Parris.

Software security firm Symantec estimates that one million internet attacks were carried out every day during 2015. The expectation is that internet of things (IoT) will expand the attack surface.

Other members of the OTrP Joint Stakeholder Agreement are: Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix.