IoT devices can be secure with built-in authentication
Certified to security industry standards, the STSAFE-A100 can be designed-in by developers without specialist security expertise to protect connected devices in the consumer and industrial IoT. It also prevents cloning or copying genuine products by ensuring authenticity, says STMicroelectronics.
A secure element provides authentication services and can be used in conjunction with an ordinary microcontroller. It features an embedded secure OS and is certified to Common Criteria EAL5+ (Common Criteria Evaluation Assurance Level 5+), banking-level security-industry standards.
It provides authentication services that help make sure only authorised IoT devices can access online services and only authorised accessories or consumables are recognized and accepted by an application. It is compliant with the USB Type-C device-authentication scheme and secures communications with a remote host using Transport Layer Security (TLS) handshaking.
Additional functions to minimise potential security breaches include signature verification to ease secure boot and firmware upgrade, secure counters that allow usage monitoring, secure pairing with the host application processor, wrapping and unwrapping of local or remote host envelopes, and on-chip key-pair generation.
The element supports asymmetric cryptography including Elliptic Curve Cryptography (ECC) with NIST or Brainpool 256bit and 384bit curves, and symmetric cryptography using AES-128/AES-256. A serial number on each die and its OS comprises a kernel for authentication and data management and protects against logical, fault, side-channel and physical attacks.
An ecosystem includes an expansion board with Arduino headers, a microcontroller library, and reference implementations. These are claimed to simplify attaching the STSAFE-A100 to a microcontroller.
The secure element is scheduled to enter volume production in July 2016, as a 4.0 x 5.0mm SO8N or 2.0 x 3.0mm UFDFPN8.