Arm TrustZone Now Part of Bluetooth Series 2 Devices, Bringing Encrypted Key Management to Developers

Silicon Labs is bringing the secure processing environment (SPE) of Arm TrustZone to our Bluetooth Low Energy (LE) products to offer developers an added layer of security against remote logical attacks. Smart home applications, many of which are designed specifically to monitor and record what’s happening in the house, need to be trusted to protect sensitive information from illicit exposure. With every high-profile information breach or sensationalized cyberattack, consumer confidence takes a hit that needs to be rebuilt, along with the reputational damage for the manufacturer.

IoT Security is a Primary Concern Among Consumers

Protecting IoT devices against security threats has become central to developing a product that people want to buy. This anxiety isn’t just limited to the home - connected medical devices and activity trackers also store, process, and transmit private health data, making a breach potentially life-threatening for the user, materially impacting the device maker’s reputation and business. Enterprises, industrial companies, manufacturers, hospitals, and other public organizations use IoT devices to run their most critical processes and assets. Introducing an SPE creates a secure area for key storage, keeping them sequestered from components that have large attack vectors like the wireless stack, device drivers, and RTOS and protecting consumers, for whom security is one of the primary barriers to IoT adoption.  

More than 50 percent of all attacks on IoT devices are remote logical attacks, meaning the attacker does not have physical access to the device. These can include buffer overflow, code injection, and other scripting attacks where the perpetrator attempts to gain access by getting the software to reveal the keys. TrustZone creates a logical barrier in our BG22 SoCs and modules, and the BG24 SoCs and modules, and prevents these types of attacks by blocking direct access to the key material. Any attempt to hack the device will only reveal encrypted keys – preventing any breach and discouraging future attempts.

Adding Layers of Security to Devices without Adding Complexity

The BG22 and BG21A parts store keys in plaintext memory, while the BG21B parts use Vault High Secure Key storage capabilities, or PUF key wrapping, to provide an added layer of protection - the more layers of protection, the more secure a device becomes. TrustZone provides an easy avenue for adding security by making it possible for users to store keys in secure memory or an encrypted form in non-secure memory. In addition to being able to add security to devices to differentiate them from competitors, developers can strengthen compliance with security standards, including PSA Certified Level 2, which requires the SPE to be isolated by hardware mechanisms to protect critical services and related assets from the non-secure processing environment. 

If you’re interested in participating in our Beta program, we invite you to reach out to your local Silicon Labs representative for more details.