Image
Hiroki Ishiguro
Hiroki Ishiguro
Senior Principal Engineer
Published: March 11, 2022

In recent years, the number of IoT equipment has been increasing. The IoT equipment requires security implementation. In addition, not only does the Linux-based equipment come with more security implementation, but also the smaller size and lower power consumption MCU-based implementation are increasing. Therefore, there is a challenge to implement higher-level security at a lower cost.

Renesas has extended the Renesas’ propriety hardware secure IP (Trusted Secure IP) to the RX family as custom chips for the specific field/customer for over 20 years.

The RX family with the Trusted Secure IP can realize the below three points.

  1. Achieving Cryptographic Module Validation Program (CMVP) Level 3 certification under the FIPS 140-2 security standard by the National Institute of Standards and Technology (NIST). [News release]
  2. Accelerating the cryptographic communication TLS (Transport Layer Security) essential for IoT equipment (about 20 to 30 Mbps with RX65N@120MHz), concealing the core parameter premaster secret in Trusted Secure IP.
  3. Executing secure boot and firmware update functions that are becoming essential security functions for IoT equipment.

To support these, Renesas provides the following three points:

  1. Security Policy that summarizes the standards for FIPS 140-2 Level 3 CMVP. (Please search for “Security Policy”.)
    You can quickly learn the security standards required for IoT equipment based on the functional level of MCU-based embedded equipment.
  2. The RX family with Trusted Secure IP, its compatible boards, and Driver software for Trusted Secure IP.
    Among the RX family with Trusted Secure IP and its compatible boards, the RX72N Envision Kit is most ideal for evaluation of Trusted Secure IP. The firmware for the RX72N Envision Kit is released on GitHub. We have prepared the page describing the overview of Trusted Secure IP and how to use the driver software here. I will also introduce the benchmark result of each cryptography algorithm tested with the RX72N Envision Kit by wolfSSL. These make it possible to evaluate the functionality and performance of cryptography algorithms such as AES/RSA/SHA/ECC/TRNG.
  3. Software modules to control firmware update
    When implementing the firmware update function, we must take various considerations such as a mechanism that allows auto-recovery at the next startup if the power is cut off during overwriting. We have summarized these considerations as “Renesas MCU Firmware Update Design Policy”. Applying this can also help your feasibility evaluation of the OTA function by using Amazon Web Service.

For security essential for IoT equipment, we think that meeting general requirements and realizing it in a single chip can have cost advantages. So far, the difficulty of security implementation has been a barrier for electronic devices to connect to the internet. We have developed this solution to remove this barrier and enable much more electronic devices to connect to the internet. We will keep focusing on high-level security and easy-to-use products specification.

Share this news on

Documentation

Type Title Date
Application Note PDF 707 KB 日本語
1 item