Skip to main content

Imagination One-Ups ARM With OmniShield, Supports Multiple Hardware Security Zones

In the mobile market the only real hardware security we've gotten is from ARM's TrustZone, which is a "secure world" separated from the non-secure environment where we all run our apps on smartphones and tablets.

Unfortunately, (or fortunately, depending on where you stand) TrustZone has been mainly used for DRM protection rather than security, at least until Apple came along with its "Secure Enclave," which is believed to be a modified TrustZone environment. Apple used that to store encrypted hashes of iPhone users' fingerprints, so if the users got some malware-infected apps in their phones, the malware couldn't access the fingerprint data.

Having a hard separation between a secure world and a non-secure world limits what you can secure, though. Imagination plans to fix it with its OmniShield solution, which allows for the creation of up to eight different hardware zones where different apps and even entire operating systems can be secured from each other.

This multi-domain security allows much more flexibility in what OEMs and software vendors can do with their apps and operating systems while also increasing the security of critical applications.

For instance, we could have not only fingerprint data stored in a secure domain, but also banking data, by securing the banking application when we use it inside one of these secure domains. We could also secure any other application that deals with sensitive data (such as health apps).

Imagination is targeting its new OmniShield security solution not just at smartphones and tablets, but also at IoT, set-top boxes and even cars.

The Internet of Things could be the biggest beneficiary of such a solution. Many worry that IoT devices could make us more vulnerable to hacking than ever, once we have "smart" (which is to say, hackable) devices all around us that are connected either directly to the Internet or through a gateway (preferable).

As for cars, although OmniShield looks to be state-of-the-art in security right now, and auto makers could do and have done much worse than using such a solution, there's still one fundamental problem: it wants to handle the car's critical systems on the same chip.

Ultimately, everything is hackable if you get some kind of access to it, no matter how limited. That's why (most) airplanes are air-gapped and don't connect the entertainment system to the critical systems needed for flying.

The difference between a set-top box or a phone hack and a car or airplane hack is that the former can't get you killed. That's why critical car systems such as the engine, brakes, steering wheel and so on should always be completely separated from the entertainment system and other gadgetry. The cost of adding an extra chip (and why not, another OmniShield-enabled one) seems minor in this context.

As more devices become "smarter" by gaining more advanced software and being connected to the network, the more necessary solutions such as Imagination's OmniShield will be. Imagination has just one-upped the rest of the industry, and it remains to be seen if its competitors will respond in kind with their own even more secure solutions that can protect our data, our privacy and even our lives when it comes to the automotive world.

Imagination's reference designs for OmniShield will be available later this year. The company has also formed a new security-focused group called the Security PEG (prpl Engineering Group) within the open source non-profit "prpl" foundation, which Imagination created last year.

The members of the security group include Broadcom, CUPP Computing, Elliptic Technologies, Ikanos, Imagination Technologies, Imperas Software, Ingenic, Kernkonzept, Lantiq, Qualcomm Atheros and others.

The new Security PEG will create a roadmap for enabling multi-domain security across heterogeneous SoCs and for the necessary software stack that will sit on top of these new chips.

Follow us @tomshardware, on Facebook and on Google+.