Designing Secure IoT devices with the Arm Platform Security Architecture and Cortex-M33 explains how to design and deploy secure IoT devices based on the Cortex-M23/M33 processor. The book is split into three parts. First, it introduces the Cortex-M33 and its architectural design and major processor peripherals. Second, it shows how to design secure software and secure communications to minimize the threat of both hardware and software hacking. And finally, it examines common IoT cloud systems and how to design and deploy a fleet of IoT devices. Example projects are provided for the Keil MDK-ARM and NXP LPCXpresso tool chains.
Since their inception, microcontrollers have been designed as functional devices with a CPU, memory and peripherals that can be programmed to accomplish a huge range of tasks. With the growth of internet connected devices and the Internet of Things (IoT), “plain old microcontrollers are no longer suitable as they lack the features necessary to create both a secure and functional device. The recent development by ARM of the Cortex M23 and M33 architecture is intended for today’s IoT world.
Author(s): Trevor Martin
Edition: 1
Publisher: Newnes
Year: 2022
Language: English
Pages: 496
Tags: IoT; Arm; Cortex-M33; Cortex-M23/M33; CERT-C coding standard; mbedTLS
Cover image
Title page
Copyright
Foreword
Chapter 1: Introduction
Abstract
Arm Platform Security Architecture
Assumptions
Structure of the book
Tutorial exercises
Important
Chapter 2: Arm platform security architecture
Abstract
Introduction
Analyze
Architect
Implement
PSA certification
Conclusion
Chapter 3: Development tools and device platform
Abstract
Introduction
Hardware
Software
< to do > Install community license
Conclusion
Chapter 4: Cryptography—The basics
Abstract
Introduction
mbedTLS
Information assurance
Security services
Ciphers
Streaming block ciphers
Hash functions
Authenticated encryption
Random numbers
Managing keys
Conclusion
Chapter 5: Cryptography—Secure communications
Abstract
Introduction
Asymmetric ciphers
Elliptic curve cryptography
Message signing
Using asymmetrical ciphers
Man in the Middle
Public key infrastructure
X.509 certificates
Certificate validation
Certificate lifetime
Certificate revocation list
Certificate encoding
Certificate authority selection
Certificate chain
Exercise: Creating X.509 certificates
Putting it all together
Exercise: TLS server authentication
Conclusion
Chapter 6: IoT networking and data formats
Abstract
Introduction
Message queued telemetry transport (MQTT)
Data formats
Conclusion
Chapter 7: Using an IoT cloud service
Abstract
Introduction
AWS account
AWS IoT
Connect a device
Create a connection policy
Adding the Dynamo DB database
Action rules
IoT analytics
Logs
Lambda
Device services
Conclusion
Chapter 8: Software attacks and threat modeling
Abstract
Introduction
Common security exploits and vulnerabilities
Mitigation
Threat modeling
Conclusion
Chapter 9: Building a defense with the PSA security model
Abstract
Introduction
Software architecture
Temporal barrier
Runtime isolation
PSA Execution environment
Runtime partitions
Secure services
Secure Boot
PSA parameters
Lifecycle
Device requirements
Conclusion
Chapter 10: Device partitioning with TrustZone
Abstract
Introduction
TrustZone security extension
Programmers model
TrustZone operation
TrustZone configuration
TrustZone interrupt handling
TrustZone system control block
SysTick
Exercise: TrustZone SysTick support
Using an RTOS with TrustZone
Memory protection unit (MPU)
CMSIS-zone
Conclusion
Chapter 11: The NXP LPC55S69 a reference IoT microcontroller
Abstract
Introduction
Trusted execution environment (TEE)
Security architecture
Hardware accelerators
Conclusion
Chapter 12: Trusted firmware
Abstract
Introduction
Installation
Exercise: TF-M setup and testing
TF-M software design
Conclusion
Chapter 13: Trusted firmware secure services
Abstract
Introduction
Nonsecure client
Security services
Conclusion
Chapter 14: The PSA Secure Bootloader
Abstract
Introduction
Updatable bootloader
Upgrade strategies
Firmware update service
Image encapsulation
Image signing
BL2 configuration
Updating the bootloader keys
Exercise: Bootloader keys
Bootloading by hardware key
Image encryption
Measured boot
Conclusion
Bibliography
Index
