Embedded security to protect IoT endpoints, by Renesas

Embedded security to protect IoT endpoints, by Renesas

New Products |
By Graham Prophet

At the same time as implementing strong security functions using a trusted secure IP that is already incorporated in the Renesas RX231 MCUs, the kit provides both an evaluation board and a wide range of software, to prevent virus infections over communication channels and disclosure of confidential information and allows embedded devices with strengthened security to be developed easily.


In many cases, Renesas says, overall network security in the IoT tends to be weak, since the scale of these systems is small, especially in edge devices at the very end of the network, such as sensors. To assure that edge devices do not become a platform for attack on the whole network, it has become necessary to make edge devices more intelligent, to enable them to independently make decisions and defend themselves, and to prevent both unauthorized software updates by viruses and other such actors and eavesdropping on the communications channels.


Management of encryption keys corresponds to passwords, to protect information that is the core for implementing strong security functions. Since encryption keys were previously stored in flash memory or other nonvolatile memory, there was a risk that they could be discovered through malicious access. To address this issue, Renesas has developed technology that reliably protects these encryption keys using “trusted secure IP” hardware. Providing both an evaluation board and software at the same time, the RX231 Communications Security Evaluation Kit serves as a one-step service and simplifies implementation of security and communications functions.


RX231’s built-in, integrated, trusted secure IP, forms a hardware security layer that cannot be damaged even if attacked externally. This trusted secure IP features both an encryption engine and reliable protection of encryption keys. The kit supports the implementation of strong security compared to earlier systems in which the encryption keys were managed by user efforts.


The encryption engine supports both encryption and decryption using either 128-bit or 256-bit encryption keys as stipulated by AES. It also supports ECB, CBC, GCM, and CMAC, which can be used for authentication and modification detection. It includes a true random number generator to generate random keys. Encryption keys are only handled in a secure area within the trusted secure IP. When an encryption key is stored in nonvolatile memory outside this IP, it is stored in combination with a characteristic semiconductor device ID as key generation information so that the original encryption key cannot be determined. Thus it is possible to protect encryption keys from reverse engineering attacks. Access monitoring functions are provided. Accesses to the encryption engine and the encryption keys within this trusted secure IP are monitored, and when an illegal access is detected, further accesses are blocked. This prevents unauthorized use of the encryption engine and the encryption keys.


Embedded devices can be protected from unauthorized programs over communications channels such as wireless LAN and USB, and covering sessions such as over-the-air updates and boot-up.


Evaluation board and a wide range of software that allows even developers without security or communications experience to develop applications quickly. The RX231 on-chip trusted secure IP 32-bit MCU evaluation board provided in the RX231 Communications Security Evaluation Kit includes a USB and SDHI wireless LAN communications expansion board interface, and can be connected to a wireless LAN communications expansion board. This kit also provides, in addition to security software, FreeRTOS, Renesas TCP/IP middleware, and a wireless LAN driver as a wireless LAN protocol stack for communications.


Renesas ;






If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles