Sign in / up

back to article ARM grabs Dutch 'SSL of Things' biz Offspark

ARM has strengthened its security portfolio by buying Offspark, the company whose PolarSSL secure communications is widely used in Internet of Things devices. The purchase is not about organic growth for ARM, while the company isn’t giving out a figure for the value of purchase, a spokesman told El Reg it was well below …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Alistair
    Coat

    Internet Of Things Applications

    I can't give an iota about,

    But ARM jamming SSL into mbed is just plain a good thing in the long run.

    /running away before anyone sees it.

    1 0 Reply
  2. Bronek Kozicki

    Smart

    without some security, IoT is not viable. They know and are not going to leave it to accident.

    0 0 Reply
  3. CheesyTheClown

    Not too happy about this :/

    This is a clear case of where ARM is no longer thinking intelligently and now is making mistakes they've watched Intel make but should have learned from but instead just copied.

    TLS inside the CPU is ok if we limit ourselves to clearly verifiable code. For example, an AES block ciper is easily verified as the algorithm is fixed. You can compare it to software.

    MD5 is also pretty easy to verify.

    Here's where the problem is, security code should never ever ever be static within a chip. As soon as the slightest exploit is found (and it will be) the system running on the chip is trash, It takes A LONG time to harden a security stack, as OpenSSL.

    There is a far smarter way to handle this, but it will hurt performance per watt which is critical in IoT devices. Most ASICs tend to include at least some FPGA to make patches in the chip after release. This is how Intel occassionally makes CPU fixes... by releasing chip firmware updates... the concept is more complex than that, it has to to with instruction intercepting and stuff, but to stay on topic security features belong in FPGA areas of the chip.

    You may not know how AES works or other block ciphers and stream hashes work, but they aren't particularly difficult to implement in hardware. In fact, it would be quite easy to implement an FPGA area capable of hardware accelerated streams and fixed size block ciphers. It would just be a large number of relatively small ALUs, shift-registers and mapped swap functions.

    When you add things like key exchange and such, that where things get hairy. Accelerating key production and verification can be extremely valuable, but there never has and never will be a time where this should ever be implemented in ASIC. Here's the reality, you'll use it, it'll work great, someone will find a loophole in your implementation and now 1 billion+ IoT devices are hackable.

    So you send you a library update which moves the security into software... now 500million+ devices lack the performance to run.

    Bad form ARM.

    1 0 Reply
    1. Bronek Kozicki
      Reply Icon

      Re: Not too happy about this :/

      There is no need to implement cryptography inside the chip; hardware acceleration for cryptographic primitives will be sufficient.

      1 0 Reply
    2. Adam Inistrator
      Reply Icon

      Re: Not too happy about this :/

      "The motivation was to acquire the people and skills." .. perhaps in a very general sense

      0 0 Reply
    3. Daniel B.
      Reply Icon
      Boffin

      Re: Not too happy about this :/

      I don't think they are going to implement the entire PolarSSL stack on hardware; they're probably just adding hardware acceleration on the specific ciphers like AES.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like