Renesas Electronics Corporation today introduced a new series of embedded security solutions employing general-purpose microcontrollers (MCUs) and microprocessors (MPUs) as completely new security structures for embedded devices that will function as Internet of Things (IoT) endpoints in homes and buildings. Now, as the first product of this series, Renesas has released the RX231 Communications Security Evaluation Kit.
The new kit provides both an evaluation board and a wide range of software, to prevent virus infections over communication channels and disclosure of confidential information and allows embedded devices with strengthened security to be developed easily.
Recently, there has been progress in supporting the IoT, in which a wide variety of devices is connected to the Internet for improving industrial productivity through data collection or remote control for energy saving. In many cases, overall network security in the IoT tends to be weak, since the scale of these systems is small, especially in edge devices at the very end of the network, such as sensors. To assure that edge devices do not become a platform for attack on the whole network, it has become necessary to make edge devices more intelligent, to enable them to independently make decisions and defend themselves, and to prevent both unauthorized software updates by viruses and other such actors and eavesdropping on the communications channels.
It is the management of encryption keys that correspond to passwords to protect information that is the core for implementing strong security functions. Since encryption keys were previously stored in flash memory or other nonvolatile memory, there was a risk that they could be discovered through malicious access. To address this issue, Renesas has developed a new technology that reliably protects these encryption keys using “trusted secure IP” hardware. In addition, by providing both an evaluation board and software at the same time, the RX231 Communications Security Evaluation Kit serves as a one-step service and simplifies implementation of security and communications functions.
Key features of the RX231 Communications Security Evaluation Kit:
(1) It implements strong security using the RX231’s built-in trusted secure IP
The trusted secure IP integrated into the Renesas RX231 32-bit MCU takes advantage of the security technology accumulated by Renesas and forms a hardware security layer that cannot be damaged even if attacked externally. This trusted secure IP features both (a) an encryption engine and (b) reliable protection of encryption keys. Thus the kit supports the implementation of strong security compared to earlier systems in which the encryption keys were managed by user efforts.
(a) The encryption engine supports both encryption and decryption using either 128-bit or 256-bit encryption keys as stipulated by AES (Note 2). It also supports ECB, CBC, GCM, and CMAC, which can be used for authentication and modification detection. Furthermore, it includes a true random number generator to generate random keys.
(b) Encryption keys are only handled in a secure area within the trusted secure IP. When an encryption key is stored in nonvolatile memory outside this IP, it is stored in combination with a characteristic semiconductor device ID as key generation information so that the original encryption key cannot be determined. Thus it is possible to protect encryption keys from reverse engineering attacks.
(c) Access monitoring functions are provided. Accesses to the encryption engine and the encryption keys within this trusted secure IP are monitored, and when an illegal access is detected, further accesses are blocked. This prevents unauthorized use of the encryption engine and the encryption keys.
(2) Embedded devices can be protected from unauthorized programs over communications channels such as wireless LAN and USB
While upgrades to provide new security measures go without saying, it is also necessary to update software to handle the steady progress in functionality in embedded devices. During these operations, as a secure firmware update function, when updating microcontroller user software using communication over wireless LAN or USB channels, if an unauthorized program modification is detected, the install operation is cancelled. Also, as a secure boot function, if an unauthorized modification to the user program is detected at MCU boot time, unauthorized program execution is prevented by stopping the boot operation. Furthermore, eavesdropping on communications can be prevented by data encryption/decryption using AES with the encryption engine.
(3) Evaluation board and a wide range of software that allows even developers without security or communications experience to develop applications quickly
The RX231 on-chip trusted secure IP 32-bit MCU evaluation board provided in the RX231 Communications Security Evaluation Kit includes a USB and SDHI wireless LAN communications expansion board interface, and can be connected to a wireless LAN communications expansion board. This kit also provides, in addition to security software, FreeRTOS, Renesas TCP/IP middleware, and a wireless LAN driver as a wireless LAN protocol stack for communications. Similar to the security software, Renesas also supports development of the communications sections that require specialized knowledge, thus allowing rapid implementation of secure embedded systems that operate over communications channels.