SoftBank's ARM Makes Bid to Standardize IoT Security Industry

  • SoftBank-owned company has market power to drive adoption
  • Security concerns seen as holding back growth of IoT so far

SoftBank's ARM Makes Bid to Standardize IoT Security Industry

Faith in the security of baby monitors took a hit when researchers discovered some could be compromised and turned into surveillance devices, but U.K. computer chip designer ARM has unveiled a proposed solution.

The firm, owned by SoftBank Group Corp., has developed a security framework for so-called Internet of Things devices that, if adopted widely, could help instill consumer confidence and boost sales.

"We’ve talked to a lot of companies and they are excited," Rob Coombs, security director of ARM’s IoT Device Group, said in an interview. "We believe we have wide industry support."

The Internet of Things is an umbrella term for everyday devices -- from factory equipment, street lights and automobiles, to home appliances and children’s toys -- that are connected to computer networks in order to be more functional, or "smart."

While many manufacturers are already bringing such devices to market, there has been no agreement on security standards for them. This is holding back widespread adoption by both consumers and businesses, according to surveys conducted in 2016 by the Mobile Ecosystem Forum, a trade body for the mobile industry, and analyst firm 451 Research.

Cryptography, Security

The new security framework ARM is recommending has three components: the first involves a common agreement about exactly what threats connected devices face. ARM’s security analysts will work with academic researchers and others in the electronics industry to supply this information. The framework will specify how hardware and software should be designed to mitigate these threats. 

Finally, ARM will provide to its customers free of charge firmware -- software that is permanently stored on the chips --- that meets the requirements of the new standard.

ARM is also proposing the requirement that all devices should be able to receive software updates over-the-air, through either Wi-Fi, cellular or alternative low-power networks.

To help companies meet the new standards it is proposing, ARM unveiled designs for two new security components. The first is called a secure enclave. Devices such as smartphones often have this type of dedicated computer chip, which handles cryptographic operations. Apple Inc.’s iPhone uses one to handle fingerprint identification. But smaller connected devices often lack this component. ARM has said it will start providing this technology for customers of its smaller chip designs.

ARM’s second design is a component that allows a secure method for finding and fixing bugs in chips and firmware. Currently, many smaller chips did not have a secure way to perform these tests.

With a 95 percent marketshare, ARM-designed chips help run almost all of the world’s smartphones. The company previously rolled out a security standard for some of its more powerful chips, which has been widely adopted by customers. But ARM’s marketshare is not as dominant in the smaller, less powerful but far more ubiquitous microcontrollers, which represent about 80 percent of all chips manufactured in the world.

SoftBank Investment

Softbank said when it bought ARM for $32 billion in July 2016 that the deal was largely predicated on projections that demand for the Cambridge, England, company’s chip designs would soar along with the boom in IoT devices.

With its dominant market position within chip design, ARM believes it can drive industry adoption of its new security protocol, Coombs said. He said the company already had broad support for its security standard from customers, including NXP and Microchip, and big network players like Cisco, and ARM’s own parent company, SoftBank.

ARM is releasing the specific requirements of its new security standard Monday along with the new secure chip component designs. The firmware will be released sometime in the first quarter of 2018, the company said.

    Before it's here, it's on the Bloomberg Terminal.