ARM Proposes Security Framework Standard for IoT Devices

Consumer confidence in the Internet of Things can be easily rattled by reports of compromised privacy, such as when researchers found that some baby monitors had been turned into surveillance devices. The SoftBank Group-owned U.K. chip manufacturer ARM, however, has introduced a potential solution: a security framework for IoT devices from home appliances and children’s toys to vehicles and streetlights. Up until now, the many IoT manufacturers haven’t agreed on a single security standard, something ARM hopes to remedy.

Bloomberg notes that, according to a 2016 study by the Mobile Ecosystem Forum and analyst firm 451 Research, “the lack of security standards is holding back widespread adoption by both consumers and businesses.”

Internet_of_Things_Network

ARM security director of the company’s IoT device group Rob Coombs says that, “we’ve talked to a lot of companies and they are excited.” “We believe we have wide industry support,” he added.

ARM currently has a 95 percent market share with chips in smartphones around the world, but “is not as dominant in the smaller, less powerful but far more ubiquitous microcontrollers, which represent about 80 percent of all chips manufactured in the world.”

ARM’s security framework recommends that ARM security analysts, academic researchers and other electronics industry players first reach “a common agreement about exactly what threats connected devices face.” The framework would next “specify how hardware and software should be designed to mitigate these threats,” and, finally, “ARM will provide to its customers free of charge firmware — software that is permanently stored on the chips — that meets the requirements of the new standard.”

ARM also would like to require that “all devices should be able to receive software updates over-the-air, through either Wi-Fi, cellular or alternative low-power networks.”

To achieve the proposed standards ARM unveiled a so-called secure enclave, a dedicated chip that handles cryptographic operations often lacking in smaller connected devices. The second design is “a component that allows a secure method for finding and fixing bugs in chips and firmware,” because “many smaller chips did not have a secure way to perform these tests.”

ARM just released “the specific requirements of its new security standard Monday along with the new secure chip component designs,” and firmware will be released in Q1 2018.