Security-on-a-chip is certified for European utilities
STMicroelectronics has brought together digital security techniques in a single chip to protect smart things and networks including those for utilities’ infrastructure against cyber threats.
Providing security for connected objects, the STSafe-J100 gives the object an unalterable identity that can be authenticated. It also handles encrypted communications and provides secure storage. It is integrated in IoT devices like smart meters, data concentrators, and utility gateways. The STSafe-J100 is customisable with market-specific applets. The secure element combines CC EAL5+ certified hardware and a CC EAL5+ certified secure OS. CC EAL5+ is the highest level for commercial electronic-security equipment, points out ST.
Device designers can create their own security profiles, or use ST’s pre-certified profiles such as German BSI and French Enedis smart-utilities specifications, to accelerate time to market.
ST provides a secure device-personalisation service. Personalising each device with its identity and cryptographic keys creates trusted hardware resistant to cloning or hacking, says ST. The service means customers do not have the responsibility for secure programming, preventing exposure of keys and secrets, and distributing programmed devices.
The STSafe-J100 occupies minimal real estate on the main system board, in either a 5.0 x 5.0mm VFQFPN32, 6.0 x 4.9mm SO8N, or 4.2 x 4.0mm UDFN8 package.
The STSafe-J100 is backwards-compatible with ST’s Kerkey embedded secure element. The new chip adds extra memory, offering up to 66kbyte of user data storage. It executes cryptographic algorithms faster, leveraging its updated and higher-performing secure microcontroller embedding dedicated hardware accelerator.
The latest JavaCard secure OS, Version 3.0.4 Classic with GlobalPlatform provides advanced security features, including support for Password Authenticated Connection Establishment (PACE) protocol. The STSafe-J100 leverages ST’s crypto library including DES/3DES, RSA, ECC and AES, SHA-1, SHA-256, SHA-512, CRC32, and CRC16. Middleware complies with the latest Public-Key Cryptography Standards (PKCS #11).
The STS-J-PROGQ32ELx development board allows engineers to interact with the chip using general-purpose MCU development boards. The STSafe-J100 is delivered with all documentation, software libraries, drivers, and test tool, and a code example to help personalise the device.