With the advent of IoT, there are very attractive business models for hackers for exploiting vulnerabilities of connected systems, in particular for those attacks that can be exploited remotely. Protecting those devices becomes critical. ProvenRun, a provider of ultra-secure off-the-shelf software solutions for connected systems, announces a one-step solution to protect connected devices against the most sophisticated remote cyber-attacks.
ProvenRun’s one-step security solution builds on the TrustZone® hardware protection of ARM® Cortex®-A processors, that allows executing security services independently of the main operating system (Rich OS) and its applicative environment. The solution is composed of a Secure boot and Secure Firmware Update manager together with OpenVPN/TLS security services:
- Firmware boot and update are highly sensitive operations, as a hacker can misuse it to brick or disable the device, unlock restricted features, or load a modified version of the firmware with disabled security and/or safety features. The proposed Firmware manager is designed to make sure that that the firmware stays authentic (PKI signature) and cannot be modified or downgraded by an attacker.
- OpenVPN tunnel with a remote server (over TCP/IP and/or WiFi) allows enforcing that the connection to the device’s control server can be established even in adverse conditions, in particular to get an important update. This is particularly critical for devices integrated in a cloud-based offer. In the proposed solution the OpenVPN sensitive assets are stored and manipulated in a dedicated restricted TrustZone execution environment, protecting these assets even in case of full compromising of the Rich OS.
The one-step security solution relies on ProvenCore, ProvenRun’s highly secure OS kernel. The security properties of ProvenCore have been formally proven, down to generated code. This allows being as close as possible to “zero-bugs” and therefore highly resistant to attacks.
ProvenRun’s one-step security solution is currently available on NXP® Semiconductor i.MX application processors.
“The growth of connected devices and IoT magnifies the importance of strong security from the component level to the cloud,” said Arnaud Van den Bossche, manager for i.MX automotive products at NXP Germany GmbH. “We have been working closely with ProvenRun so they can leverage the exceptional security features of i.MX processors to further strengthen the resistance of their solution.”
“With our one-step security solution, we want to make security easily accessible to security non-specialists. The solution can be integrated into new or existing devices to add the right protective measures without modifying their functional behavior. After integrating our solution, devices will remain under operational control even if the main operating system becomes corrupted by an attack” concludes Dominique Bolignano, President and Founder of ProvenRun.
This one-step solution will be demonstrated at NXP’s booth (4A-220) during Embedded World 2017 in Nuremberg.
ProvenRun’s mission is to help its customers resolve the security challenges linked to the large-scale deployment of connected devices and of the Internet of Things by providing cost effective off-the-shelf software solutions that dramatically improve the level of security of connected systems so as to protect them against remote cyber-attacks. Further information can be found at www.provenrun.com.