Scalable security requirements of connected devices

August 07, 2015

Scalable security requirements of connected devices

Multiple levels of security must combine both via the cloud and locally between devices to satisfy the growing capability of IoT. Once upon a time, fr...

Multiple levels of security must combine both via the cloud and locally between devices to satisfy the growing capability of IoT.

Once upon a time, from the most basic electronic devices to the most complex embedded device, where there was a need for security at all it simply had to satisfy a single purpose. More often than not, that security requirement existed more to protect the product manufacturer’s IP than a need to protect the user – back then the threats we see today simply didn’t exist. The first generation of devices that really needed protecting had a single vulnerable data stream, such as a set top box broadcasting licensed content or an ATM that must prevent users banking details being maliciously extracted. These single streams were easier to protect with binary security approaches (one secure, one unsecure zone), enabling a clear separation between what a user requires to operate the device and the confidential material he must not.

Today, even at the budget end of any electronic or embedded product range, multiple protected data streams with varying security requirements operate simultaneously within a single processor. The rapid rise of the Internet of Things (IoT) movement has increased the complexity of security requirements exponentially – the CPU centric approach can no longer cope. Set top boxes alongside premium media broadcast are expected to deliver over-the-top “on demand” streaming of content and encompass third-party applications too. ATMs have become merely a portal to extract paper money, checking balances and complete personal financial management is now achieved via your smartphone – suddenly your smartphone’s most valuable asset to protect is no longer holiday selfies! So far we’ve only considered data theft, with the emerging applications of autonomous driving, for example, the consequence of a security breach can be life, not just administratively threatening…

To add further complexity, with the contemporary concept of continuous improvement, devices must be able to update themselves in the field, which necessitates accessing the sensitive core of a product. Security solutions must be tighter than ever, but the solution must be sufficiently flexible that devices aren’t locked down once they leave the factory. All of these dynamic security requirements within that single SoC must be secure from external attacks and fundamentally, securely isolated from each other. Imagination Technologies have pioneered their OmniShield security solution to achieve that mammoth feat, developing a scalable security platform that is truly dynamic.

Any security solution to satisfy this multi-domain and multi-level environment must in itself be inherently complex, right? Wrong – Omnishield is claimed to be even easier to implement than many single stream security technologies; achieving this by permitting programming within a virtualised environment and enabling modular input of fresh security scenarios throughout the development and deployment stages, with a “multi-domain separation-based architecture”.

Historically, devices didn’t only have a single “security stream” but also a single processor, today heterogeneous architectures demand protection across a number of “sub” processors, with GPUs and other dedicated processing units increasingly handling specific functions; protecting them all requires scalability at IC level alongside simply multiple security levels. Omnishield also takes in its stride the greatest potential pitfall for IoT applications, the absolute requirement to not compromise battery life to unacceptable levels at the expense of achieving the required security – it achieves this through virtualisation at hardware level.

Recognising the multi-architecture requirement, Imagination Technologies is pushing Omnisheild support into its complete range of processors, including the latest MIPS and PowerVR processors. The latter is particularly critical; gone are the days of GPUs purely satisfying graphical output and their ability to relieve primary processors of tackling complex algorithms is widening their implementation by the day, which can only occur if the same level of security is available.

The protection requirements of next-generation devices are likely to increase in complexity even further, with new applications, protocols, changing usage models, and, of course, a range of new threats. In the high stakes arms race that is electronic security, staying ahead of the curve is vital; with Omnishield, Imagination Technologies have achieved just that.

Rory Dear, European Editor/Technical Contributor