search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
MCUs


Certifications demystified – a matter of trust


Giancarlo Parodi at Renesas Electronics discuses the new generation of security focused MCUs


and simplifying the integration both in development stage and in production. It supports AES, RSA, ECC, Hashing algorithms, and a true random number generation within an isolated on-chip environment. The SCE enables secure unlimited key storage utilising a factory programmed 256-bit Hardware Unique Key (HUK) to derive key encryption keys, which can be used to wrap (encrypt) the customer keys. The Secure Crypto Engine (SCE9) crypto subsystem is fully contained within the MCU and protected by an Access Management Circuit that can shut down the crypto engine operation upon illegal access attempts. It performs all plaintext crypto operations using its own dedicated internal storage area, which is not accessible by any CPU or DMA-accessible bus. The advanced key storage and key handling capabilities of the SCE9 can ensure that no plaintext keys are ever exposed or stored in CPU-accessible RAM or non-volatile external memory.


Highly regulated industries have security standards, like for example PCI for financial transactions, or DLMS security suite for metering applications, IEC-62443 for industrial controls, and so on. Most consumer products have so far no specific regulations or requirements for security. So in response to this lack of guidance, governments are starting to publish general requirements specifications.


In the US, NIST published some cybersecurity guidelines for IoT devices. The UK government released the code of practice for consumer IoT security. The “IoT security foundation” consortium published an IoT security compliance framework. More to come.


Figure 1: Secure crypto engine


Any connected device will need some sort of communication interface to receive and transmit user data, store such data securely on the device, perform secure application firmware updates over a potentially unsecure channel, whilst protecting the confidentiality and integrity of the user data.


T


For example, looking at the RA family of microcontrollers from Renesas Electronics: each connectivity capable group like the RA6 and RA4 derivatives includes a secure crypto engine (SCE). The RA6M4 is the first RA family MCU in the new generation of security focused MCUs from Renesas. State-of-the-art security features combined with best-in-class peripheral IP and feature- and pin-compatibility between the MCU Series make RA family MCUs the optimum choice for nearly any connected embedded product. The secure subsystem defined by the SCE (depicted in Figure 1) provides comparable secure element functionality with much higher performance as an integrated solution, reducing bill of material cost


56 MAY 2021 | ELECTRONICS TODAY


he growing world of connectivity-capable devices is pushing the security requirements for almost every application to new heights.


For the scope of the article, we are going to pick three examples among those programs.


One increasingly popular approach is promoted by ARM, as provider of embedded CPU cores with security related features like TrustZone. ARM has published a platform security architecture specification (PSA) which includes a security framework based on four stages: analyse, architect, implement and certify. The PSA certification program is a multi-level certification scheme which intends to give consumer device manufacturers assurance that the specific product is following the security practices as being outlined by the specification. There are three defined security levels, each building upon each other and with increasing security requirements. As a companion to the PSA specification, an open and compliant software reference implementation is available, called trusted firmware. Such software is an ideal starting point for manufacturers using ARM CPU technology to harmonise and deliver the features defined in the PSA specification. Renesas recognises the importance of the PSA initiative, and therefore is committed to certify its products according to the PSA specification requirements, including the trusted firmware platform, and to contribute to its development. As for today, successful certification of first level compliance has been already achieved, the successive level certification is being finalised and will be completed very soon. All the certification results


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74