Loading...

The IoT Security Suite is a software solution that makes it easy for IoT device OEMs to develop secure and trustworthy products.

Secure IoT - By Design

IoT Failure Points Graphic

Securing IoT products starts with recognizing that security failures occur at multiple points directly affecting a company’s brand image or worse—loss of revenue and value. Typically, security lapses are noticed when devices are deployed and operational. However, problems such as IP theft and device cloning occur at the time of manufacturing. Further, devices are also at risk of compromise when undergoing firmware updates or connecting to IoT cloud infrastructure. Therefore, ensuring security requires considering the entire device lifecycle. The IoT Security Suite implements measures to ensure device integrity from design to decommissioning.

Hardened Security. Simplified.

The IoT Security Suite for the Microchip SAMA5D2 enables device OEMs to implement critical security aspects that are foundational to trustworthy IoT devices. These include implementing hardware-based isolation, access to hardware cryptography, implementing a hardware root-of-trust, and essential key and certificate management tools. It simplifies the task of implementing these capabilities because the suite:

  • Is pre-configured to support available hardware security components and isolation
  • Provides simple APIs that reduce learning curve for implementing security
  • Software abstraction shields developers from underlying complexity of hardware security
  • Enables faster time to market at a lower cost

IoT Security Suite Capabilities

Trusted Boot, Firmware Protection, Trusted Device ID, Secure Storage, Secure Communications, Secure Firmware Update

Suite Components

IoT Security Suite Components Graphic

The Suite includes a number of components that help streamline deployment and enable secure functions. Components include:

1

CoreTEETM

Sequitur’s Trusted Execution Environment (Secure OS) which is required to utilize ARM® TrustZone® and TrustZone secured resources.

2

Trusted Applications

TEE resident applications enables secure functions.

3

Hardware Crypto Engines

TrustZone integrated crypto engine and OpenSSL plugin are accessible in Linux.

4

Easy to Use APIs

Easily implements security functions. Allows developers to focus on their application and not on the intricacies of hardware or TrustZone security.

5

Packaging Tool

Step by step tool that simplifies firmware development and IP protection, abstracting the complexity of secure boot and TrustZone.

6

In-system Provisioning Procedure and Toolset

Includes anti-replay measures and IP protection.

IoT Security Suite: Key Features

Security Through the Device Lifecycle

IoT Security Suite: Key Features - Security Through the Device Lifecycle
Tap to enlarge in mobile view.

Getting Started With the Right Kit

Sequitur provides three types of software kits to help customers learn about and quickly implement IoT Security Suite in their products.

Pre-configured for Advanced Hardware Security from Microchip

The IoT Security Suite currently supports advanced hardware security components and capabilities available in the Microchip SAMA5D2 MPU. The Suite is pre-configured to support the following advanced hardware security capabilities of the SAMA5D2 MPU:

  • ARM® TrustZone®
  • Secure RAM
  • Fuses
  • Hardware crypto
  • TRNG

The SAMA5D2 series is a high-performance, ultra-low-power ARM Cortex-A5 processor-based MPU. The Cortex A5 processor runs up to 500MHz and features the ARM NEON SIMD engine, a 128kB L2 cache and a floating point unit. It supports multiple memories including latest-generation technologies, such as DDR3, LPDDR3, and QSPI Flash. It integrates powerful peripherals for connectivity (EMAC, USB, dual CAN, up to 10 UARTs, etc.) and user interface applications (TFT LCD controller, touch controller, class D amplifier, audio PLL, CMOS sensor interface, etc.). The devices offer advanced security functions to protect customer code and secure external data transfers. These include ARM TrustZone, tamper detection, secure data storage, hardware encryption engines including private keys, on-the-fly decryption of code stored in external DDR or QSPI memory and a secure boot loader.

Capabilities of the Microchip SAMA5D2 MPU

Hardware security features of the Microchip SAMA5D2 MPU not currently supported by the Suite can be implemented on the custom basis by Sequitur Professional Services.

Cryptography

  • HW acceleration for 3DES/AES
  • SW library for RSA Elliptic Curves (ASCL)
  • High quality random TRNG
  • Hashing up to SHA512
  • Protection against side channels

Physical Protection Attack

  • Battery backed-up secure area
  • Tamper pins dynamic and static
  • Voltage, frequency and temperature monitors
  • Die shield
  • Jtag monitoring
  • Secure packaging

Code Protection

  • TrustZone and MMU
  • On-the-fly DDR/QSPI encryption - AES128
  • Scrambling of internal and external memories
  • Integrity check monitor on internal and external memories with independent SHA256
  • Secure debug modes
  • Secure boot loader (public and private key)

Secure Key Storage

  • Battery backed-up secure SRAM with erasure upon security event
  • Battery backed-up secure register for master key
  • 544 fuses for customer usage
  • TrustZone protected storage

GET STARTED

Download the FREE IoT Security Suite Software Evaluation Kit to get started on implementing advanced security for your IoT device. Download the kit by registering.

IoT SECURITY SUITE PRODUCT BROCHURE

Download a PDF of the IoT Security Suite Brochure.

HAVE QUESTIONS?

Visit the IoT Security Suite Frequently Asked Questions.

Injecting Trust in IoT and Embedded Systems

CoreTEE allows device makers to create trustworthy devices by addressing key aspects of security such as:

Secure Boot Safe Icon

Secure Boot Processes:

Critical boot processes can be secured and initiated from within CoreTEE to detect and prevent boot tampering.

Crypto and Key Management Icon

Cryptography and Key Management:

CoreTEE supports SoC specific cryptographic technologies and provides robust key management processes for root key implantation and subsequent management.

Secure Peripherals Icon

Secure Peripherals:

Secure peripheral driver framework which includes drivers for display, I2C, PIO and PMC.

Trusted Applications Icon

Trusted Firmware-based Applications:

Encrypted, signed and part of the base firmware.

Secure Update Firmware Icon

Trusted and Validated Rich OS-based Applications:

Encrypted and stored in the rich OS file system, these applications are validated and executed at runtime by CoreTEE. Applications can also be dynamically installed via secure Over-The-Air (OTA) processes.

Trusted User Interface Icon

Secure Displays and Trusted Input:

CoreTEE supports applications requiring a Trusted User Interface for secure input of information such as PIN capture.

All of the above capabilities are delivered in a standards compliant manner ensuring interoperability.

Supported Platforms

Microchip logo

A5D2 Series

A5D4 Series

NXP Logo

QorIQ LayerScape: LS1043

i.MX6 and i.MX7

Applications


Smart Meter

Trusted IoT:

CoreTEE enables the development of trusted IoT devices such as home and industrial gateways where data protection and security are important requirements.

High Security:

Devices with high security requirements such as payment terminals and medical devices that have compliance and certification requirements can better comply with such regulations.

Secure Continuous Execution:

Devices in the industrial automation space require critical processes to keep running even if the rich OS fails so as not to cause catastrophic events. CoreTEE enables the uninterrupted execution of critical applications in the TEE even if the rich OS hangs or reboots.

CoreTEE’s implementation depends upon the microprocessor architecture and involves a high level of customization. Sequitur provides services for product integration, working with chip makers and assessing needs for specific features.