Cambridge UK technology business ARM Holdings has helped create an immune system to protect connected devices under the Internet of Things from a soaring risk of cyber attacks.
ARM, Intercede, Solacia and Symantec – have collaborated to build a smart suite of e-commerce armour called the Open Trust Protocol (OTrP).
The standard combines a secure architecture with trusted code management, using technologies proved in large scale banking and sensitive data applications on mass-market devices such as smartphones and tablets.
The partners acted to address the clear security challenges of connecting billions of devices across multiple sectors; including industrial, home, health services and transportation. Their conclusion was that any system could be compromised unless a system-level root of trust was established.
Marc Canel, vice-president of security systems at ARM, said: “In an internet-connected world it is imperative to establish trust between all devices and service providers. “Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”
Other members of the new OTrP joint stakeholder agreement that arises from the initiative are Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel and Verimatrix.
Symantec spelled out the threat. It estimates that one million internet attacks were carried out every day during 2015. The Internet of Things expands the attack surface and according to analyst business Gartner, security is now the number one priority when building any connected product.
So what is OTrP in detail and how does it work? OTrP is a high level management protocol that works with security solutions such as ARM® TrustZone®-based Trusted Execution Environments that are designed to protect mobile computing devices from malicious attack. The protocol is available for download from the IETF website today for prototyping and testing.
There is headroom for further enhancements. The protocol paves the way for an open interoperable standard to enable the management of trusted software without the need for a centralised database by reusing the established security architecture of e-commerce.
The management protocol is used with Public Key Infrastructure (PKI) and certificate authority-based trust architectures, enabling service providers, app developers and OEMs to use their own keys to authenticate and manage trusted software and assets.
OTrP is a high level and simple protocol that can be easily added to existing Trusted Execution Environments or to microcontroller-based platforms capable of RSA cryptography.
OTrP is available as an IETF informational and it is planned that it will be further developed by a standards defining organisation that can encourage its mass adoption as an interoperable standard.
ARM’s pioneering role in the IoT movement is the main reason Japanese company SoftBank has agreed to pay $31bn for ARM in a deal backed by both boards and now pending shareholder approval.