back to article Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores

Arm has released a new processor core design for Cortex-M-powered system-on-chips that will try to stop physical tampering and side-channel attacks by hackers. The microcontroller-grade Cortex M35-P CPU cores are aimed at embedded IoT devices that operate in public or areas where there is a risk someone will either crack open …

  1. Anonymous Coward
    Anonymous Coward

    Tamper Resistant

    Try a hammer !

    1. Jason Bloomberg Silver badge

      Re: Tamper Resistant

      I presume that's a part of what they hope to defeat. Other microcontroller manufacturers include physical safeguards so one can't take a hammer or a gently wielded scalpel to a chip without destroying its contents making that attack vector non-viable.

      That doesn't mean it cannot be done, as acknowledged in the article, but it does raise the difficulty and cost of doing that. It's a variation on security through obscurity; not worth the cost or effort.

  2. alain williams Silver badge

    Cost how much extra ?

    If it is much more than 1p/chip then the bean counters will avoid it.

    I see that the documentation is free - good start.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cost how much extra ?

      There are compensations. If the price is right you will have national governments subsidising your products simply for including a little snippet of their code securely hidden away on the processor.

    2. big_D Silver badge

      Re: Cost how much extra ?

      That is the problem today, everybody claims about how insecure IT systems are, yet they want the cheapest possible components and software and won't pay even a penny for reasonable security.

      Lighting is something that will be installed and remain in place for several decades (they have been updating our town - 30,000 residents, so not overly large - with new street lighting for about 5 years now, I'm not sure how much longer it will take, but I'm guessing another couple of years. Many of the lights being replaced are from the 1970s or earlier. They have done small upgrades over the years - as bulbs blew, they were replaced by energy saving bulbs and the new lamp posts use LEDs.

      So the recoup on investment of 1p per lamp post over the amortization of a street lighting system is nothing. Although it would probably add a few hundred Euros to the price of the complete project, but again, chicken feed.

      Towns and cities just don't have the budget to replace such systems on a biannual basis, so if they are going to use a smart system, it needs to be robust and secure, if it is going to last a couple of decades, before it can be upgraded again.

  3. This post has been deleted by its author

  4. Milton Silver badge

    Smart streetlight? FFS, why?

    What possible justification can there be for a "smart" streetlight?

    A streetlight requires to be off or on. Conceivably it may be useful to have variable brightness according to ambient light. Those functions are easily handled by primitive electronics, stuff so simple and cheap that these days it's barely even worth making as a kid's kit. That does not need a CPU. It barely needs a few discrete semiconductors. The cost of components over an entire city is probably about 20p/lamp.

    Ok, perhaps it would be useful for the streetlight to report its ON/OFF/dimmed state to a central system for a holistic power management view, but even that does not require anything more than a voltage signal: it could even be an analogue value peeled off a current shunt, if you wanted utter simplicity. Virtually no components required.

    Surely no one is suggesting that a streetlight needs a processor? What could possibly be the point? What business case could justify the cost of complicating this and adding the expense of parts and maintenance?

    Why do I get the feeling that some bunch of scoundrels is actually trying to sell the concept along with some overpriced and basically pointless kit (please tell me no one is suggesting putting SIM cards into streetlights so they can be centrally controlled)—yet another fatheaded solution that has no problem to solve?

    There seem to be flashes of cleverness in the field of Internet of Shyte, but no sign of wisdom or common sense anywhere.

    PS Am I right in recollecting an episode of Sarah Connor where they hack into the LA city system via a traffic light? Are we overlooking the possibility that by putting "smart" tech into places where it really isn't needed, we're just exponentially multiplying all the points of vulnerability in our civilisation?

    1. Voland's right hand Silver badge

      Re: Smart streetlight? FFS, why?

      What possible justification can there be for a "smart" streetlight?

      Your dream staple node in an IoT mesh.

    2. Lee D Silver badge

      Re: Smart streetlight? FFS, why?

      "Ok, perhaps it would be useful for the streetlight to report its ON/OFF/dimmed state to a central system"

      Bang. Now you need an Ethernet, 4G or even one-wire protocol connections back to a central point, which requires more than a dumb processor.

      It's not about what you want to do but how you do it.

      Do you want a custom protocol over a custom wire reporting back to custom software on the status of a bulb that you can switch on and off? Or do you just want to IP everything from the traffic lights to the streetlights to the road sensors and send all the info over the same wires from 10 different systems to one location where some larger computers can actually process it?

      There is some sense to IoT. It's how you deploy it that matters (i.e. Ethernet chips are 10-a-penny nowadays, and you're already cabling to the thing and powering the electronic circuits - so PoE might well be cheaper than two separate cables - but if you just plug it into the city, you're an idiot. VLANs, RADIUS, port-isolation etc. are MINIMUM REQUIREMENTS).

      But when a Raspberry Pi can be had, one-off, for £20 and is a 1GHz machine with gigabytes of RAM, Ethernet, Bluetooth, USB, Wifi, GPIO, etc. then I can't imagine that the IoT device side of things even figures in the expense of a town-level network. For a start, I bet it's MORE EXPENSIVE to buy a simple remote-controlled, timed, on/off switch that works on a streetlight than it is to buy some mass-produced, centrally-controlled, standardised thing.

      The enemy of security is commodity and laziness. These kinds of devices are commodity, proven by the fact that you could knock one up, connected and with a SIM card (or eSIMs nowadays) and relay electronics, for less than the price of a little plastic cover in a certain shape.

      The problem left is laziness. Don't just Ethernet your streetlamp and not even bother to secure it from attackers.

      1. big_D Silver badge

        Re: Smart streetlight? FFS, why?

        The problem with IoTing such infrastructure is the expected life of such things.

        Around here the replacement cycle for lighting seems to be around the 50 year mark. So, with the current market, you get security updates for 2 years... In that time, given a reasonable sized city, you probably haven't upgraded 10% of the lights, so they'll be out of support before you've even managed to roll out the smartlighting system.

        I'd prefer a simpler solution that doesn't offer security problems, if it is going to be running for decades. The "worst" they can do is tell you a light is on when its off or off when its on.

    3. ArrZarr Silver badge

      Re: Smart streetlight? FFS, why?

      Variable brightness depending upon visibility - make the light brighter when there is thick fog or heavy rain.

      I heard one story (can't find a link) about smart streetlights that texted taxi drivers when they detected rain to indicate that there may be an increase in demand for covered transport.

      This isn't to say I don't basically agree with you, just have a couple of examples there of why you may consider smart tech in a streetlight.

    4. Anonymous Coward
      Anonymous Coward

      Re: Smart streetlight? FFS, why?

      Maybe do a little readin...

      I'm no IoT fan as most of it is pointless shit, but this is one area that it does work for.

      https://www.citylab.com/solutions/2015/10/copenhagens-smart-new-street-lamps-shine-brighter-for-cyclists/411154/

      1. big_D Silver badge

        Re: Smart streetlight? FFS, why?

        @Lost all faith... I can see a motion sensor making the light brighter when objects approach (or even turning themselves on) and solar panels. But complex electronics that "phone home"? I just don't see this being secure in 20 or 30 years time.

    5. SiFly

      Re: Smart streetlight? FFS, why?

      Lots of things :

      1. Potential failure of the light, current consumption too much

      2. Actual failure of the light (no light coming when there should be a light)

      3. With a small battery failure of power.

      4. meshing together @night to only come on when there is a car /person near the road

      5. Placing a pollution monitor on the light, and use this for active traffic management.

      1. Anonymous Coward
        Anonymous Coward

        Re: Smart streetlight? FFS, why?

        The local LED street lights here have very good time-keeping - even allowing for daylight saving changes

        Compared to my MSF controlled clock - the street lights go off on the tick of midnight. I suspect they come on again long before dawn in winter - which is unlikely to be a light-sensing feature. Given the variable hours of daylight in the Northern Hemisphere it is likely to be a processor calculation - if not a remote control.

    6. snowpages

      Re: Smart streetlight? FFS, why?

      Already happening around these parts, and maybe somewhere near you - see https://www.telensa.com/ and scroll down to "Deployments". And this is just one company.

    7. Anonymous Coward
      Anonymous Coward

      Re: Smart streetlight? FFS, why?

      Are we overlooking the possibility that by putting "smart" tech into places where it really isn't needed, w't it e're just exponentially multiplying all the points of vulnerability in our civilisation?

      Yes **1000.

      Not everything needs to be connected 24/7 but it is the current 'on trend' thing to do at the moment.

      The same goes for Electric Scooters. Supposedly...(wft?) Electric vehicles are a gazillion times more reliable than ICE powered ones yet all those Tesla's and now even a battery powered scooter coming out of India is connected 24/7 supposedly as a diagnostic aide. but... but... but.. isn't is soooooooo much more reliable then why does it need to be connected????

      unless... (dons conspiracy tinfoil hat) it is part of various governments plans to track our every move.

    8. vincent himpe

      Re: Smart streetlight? FFS, why?

      - state monitoring ( lamp out for example ) -> auto service call

      - environmental monitoring ( temperature / humidity / motion / vibration / position )

      - traffic monitoring thru motion sensing (infrared/ radar)

      - early earthquake warning system ( vibration sensing )

      - impact monitoring. if some car hits the pole ...

      - weather monitoring

      - emergency services ( forced light-on )

      - diagnostics

      - battery state ( for solar powered light fixtures )

      - power outage detection ( street lights are on an always-on live feed . If the feed goes down a smart light can send a 'dying-gasp' signal alerting service.

      There are plenty of scenarios and many are already implemented.

      IoT does not necessarily mean it runs over Wifi. More often specialist mesh networks such as LoRaWan are used.

      The sensor packages for such services are very small. A 9 axis accelerometer /positional sensor combined with a temp/pressure/hum sensor can do the job. All electronics can fit in a matchbox and costs less than 5$ in mass production. Why not do it ?

      1. swampdog

        Re: Smart streetlight? FFS, why?

        Lamp out will show up in reduced power usage. It won't get fixed until after someone reports it so no point. Environmental monitoring wont happen, not because of the expense but because the govt does not want to know. Google can monitor traffic already as can existing cctv. Early earthquake warning is defeated by traffic. Impact monitoring can be performed by the vehicle which hits it. Weather is only going to tell you what just happened. Emergency services would prefer things not to be changing weirdly. No need for diagnostics if there's nothing there. Battery state I like - have a bloke come out with a handle to hand-crank the mechanical charger on each pole. Power outage is just a bigger lamp out.

        Okay you have a point: the biggest problem is it will be implemented by numpties. We already have solar powered road signs which spring out of nowhere (ie: come on) from darkness to dazzle a driver. Did nobody during any of the planning and implementation stop to think "sign in lit up area != sign in middle of nowhere".

    9. Jack of Shadows Silver badge

      Re: Smart streetlight? FFS, why?

      Traffic-shaping is one use that does require a bit of smarts as well as some sort of grid networking. Done right, it can improve fuel economy and the attendant pollution from traffic, by varying timing at each intersection.

    10. Sil

      Re: Smart streetlight? FFS, why?

      Christmas lightning ? ;-)

    11. Aodhhan Bronze badge

      Re: Smart streetlight? FFS, why?

      Thank you for opening your mouth, and removing all doubt.

      Smart street lights can do more than turn on or off.

      They can also:

      - Alert to electrical/mechanical problems (light will not come on for some reason)

      - Change the color of the light (for celebrations, holidays, etc.)

      - Be used to repeat other radio signals

      - Provide outlets etc. for items such as cameras and signs

      - Yada yada.

      Now, guess what we're all thinking about you.

  5. John Smith 19 Gold badge
    Unhappy

    Shock news. Smart streetlights *already* exist

    In fact I believe the whole of the Motorway and A road network use them.

    Other countries power their street lights off a separate network but UK practice is to hang local street lights off of the nearest house supply, making control through the mains (used in other countries) unworkable.

    What are they used for? So section of Mway can be gradually dimmed down when there's no one actually on them at 3am on midweeks. They can also report bulb or *gear" failure (or even impending failure) without waiting for some member of the public to phone in saying "Do you know...?"

    The best systems fail safe. If the control fails it fails with light full on. then it's under the control of either a timer or photocell in the lamp.

    And if councils insist on hooking this up to other systems where there is a way in there's someone likely to use it, if only for the s**t and the giggles.

  6. Anonymous Coward
    Anonymous Coward

    Well, I certainly admire them for at least making an attempt to thwart attacks...and they even admit it's not possible to make anything 100% secure. Guess ARM actually live in the real world, unlike Intel...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019