Arm launches Cortex-M35P processor to bring IoT security to the silicon level

Arm hopes that security at the hardware level can help prevent physical tampering and attacks aimed at IoT devices.
Written by Charlie Osborne, Contributing Writer

Arm has announced the Cortex-M35P, a processor designed to prevent physical attacks against Internet of Things (IoT) devices.

The British semiconductor giant believes that by 2035, up to one trillion connected, IoT devices may be in use worldwide.

With so many conduits to the Internet -- and therefore potential avenues for cyberattack -- the firm says that "security is no longer optional."

We have seen the potentially devastating power unsecured IoT devices en masse has when in the hands of threat actors. The Mirai botnet, powered by millions of insecure IoT devices, sent vast areas of the US offline in 2016, whereas the Satori botnet enslaved countless routers and has been spotted targeting Ethereum mining rigs.

See also: Five nightmarish attacks that show the risks of IoT security

With so many new IoT devices predicted to become active worldwide in coming years, security must now become a top priority. However, software and vulnerability-based cyberattacks are not the only concern.

Physical attacks, which may include direct contact with a device's system-on-a-chip (SoC) or close proximity, target vulnerabilities at the silicon implementation level.

Instead of striking at design or software bugs -- such as in the case of Spectre and Meltdown -- hardware-level attacks can result in the leak of sensitive information or changing the compromised device's behavior.

"IoT security is a multi-faceted problem with billions of diverse devices requiring a system-wide approach for protecting them," says Paul Williamson, Vice President and General Manager at Arm's IoT Device IP Line of Business. "The diversity in this space is challenging for our partners."


For Arm, this means the creation of a processor capable of preventing physical attacks and IoT device tampering -- or, at least, making sure attacks are not financially viable in comparison to what would be achieved through a successful attack.

Asaf Shen, VP Marketing Security IUP at Arm, called these attacks of "special concern."

"Security is a balancing act between the cost and effort that system designers are willing to invest in the protection of assets, and the cost and effort that attackers are likely to dispense in an attack," Shen added. "Given an infinite amount of time and money, anything can be compromised. But the goal is to design a system where the attack becomes simply uneconomic."

On Wednesday, Arm said the Cortex-M35P processor is the first in the Cortex-M family with inbuilt tamper resistance which is also used in Arm SecurCore processors. The hardware also includes Arm TrustZone technology to give developers access to software isolation, which can be used to embed additional layers of payment or telecom-certified security.

The Cortex-M35P can also include support for ISO 26262 certification.

According to Shen, Arm is now "giving its partners more building blocks and more flexibility to form the right security solution for their applications and their markets."

See also: Windows 10 on Arm: HP Surface-like 2-in-1 is up for pre-order but will cost you $1,000

"As new use cases emerge, this protection won't just be required for payment and identity applications, it will need to be integrated for use cases such as smart lighting, connected door locks, smart meters or automotive applications," Williamson added.

In addition, Arm announced the launch of licensing for Arm CryptoCell-312P, which is cryptography and lifecycle IP with physical security mitigation, and Arm's CryptoIsland-300P, secure enclave IP with physical security mitigation. Both of which can be utilized to protect hardware against side-channel attacks.

AMD's 2nd-generation Ryzen: The ultimate desktop processor

Previous and related coverage

Editorial standards