Skip to main content

RX Family Software – The Past and the Future - #8: Security for IoT Applications

Image
Hiroki Ishiguro
Hiroki Ishiguro
Senior Principal Engineer
Published: April 18, 2023

Design IoT Application Easier Than Ever with RX MCU - Part 2

Picking up from where we left off in the previous blog, we're here to share more insights on designing IoT devices.

As said, there has been an increasing demand for IoT devices to be more energy-efficient and smaller. Concurrently, there is a need to enhance the security of IoT devices. IoT stands for the Internet of Things, and when it comes to Internet security, the standard method for encrypting Internet communications is TLS (Transport Layer Security). IoT devices that communicate over the internet must be capable of implementing encrypted communications using TLS.

The processing of TLS can generally be divided into two phases:

  • Phase 1: Establish a communication session with the communication partner, exchange and share temporary session keys.
  • Phase 2: Engage in encrypted communication with the communication partner.

Phase 1 uses "public-key cryptography," represented by RSA and elliptic curve cryptography. This public-key method is used to authenticate the communication partner and exchange session keys. Phase 2 uses "symmetric-key cryptography," represented by Advanced Encryption Standard (AES). Encrypted communication is performed with the communication partner using the session key exchanged in Phase 1.

There are two main challenges in implementing Phases 1 and 2:

    (a) The various keys used in Phases 1 and 2 must be protected from leakage and tampering.
    (b) The calculations in Phases 1 and 2 must be executed quickly using hardware logic circuits specialized for cryptographic processing.

If challenges (a) and (b) are not addressed, IoT devices may be introduced to the market with the following disadvantages: 

  • Malicious third parties could extract key data stored within IoT devices through reverse engineering, leading to the following consequences:
    • Consequence 1: Session keys may be extracted, allowing encrypted communications to be decrypted.
    • Consequence 2: Authentication information could be extracted, resulting in unauthorized logins to cloud servers such as AWS and Azure
  • If only software is used to handle Phase 1, connecting to the server might take seconds to minutes. And if only software is used to handle Phase 2, communication speeds may be limited to a few hundred Kbps to several Mbps.

As a solution to tackle challenges (a) and (b), Renesas has incorporated the security IP "Trusted Secure IP" into the RX MCU family and provided driver software to control the "Trusted Secure IP". We have also put together an application note detailing how to link Mbed TLS, used in FreeRTOS as a primary TLS implementation, with the "Trusted Secure IP". (The method to link Azure RTOS's NetX Duo with the "Trusted Secure IP" is under development.)

The sample code introduced in this application note works with the RX72N Envision Kit. It can also be applied to other products equipped with "Trusted Secure IP", such as the RX65N and RX671.

By utilizing the sample code introduced in this application note, challenges (a) and (b) can be resolved in the following ways: 

  • Various keys can be protected from leakage and tampering, reducing the risk of encrypted communications being decrypted or unauthorized logins occurring.
  • Achieve nearly 10 times performance improvements in server connection time and the communication speed (see the table extracted from the application note).
Image
Examples of TLS Communication Speeds Using TSIP Driver

With this solution, it is now possible to develop high-performance, high-security IoT devices in 100MHz-class MCU-based systems. As discussed in our previous post, the security level is expected to be equivalent to NIST FIPS 140-2 CMVP Level 3. However, the barrier to entry remains high, and we are working with AWS and Microsoft to improve further and simplify the integration of FreeRTOS, and Azure RTOS features into customer systems.

TLS is the standard encryption communication protocol for the internet; however, it has been a challenge for 100MHz-class MCU-based systems. By integrating the RX family with the innovative "Trusted Secure IP" security solution, we've successfully elevated both performance and security to practical and efficient levels. Consequently, we're confident that IoT devices can now be designed with enhanced energy efficiency and affordability in mind. Our goal is to relentlessly pursue product and solution development that pushes the limits of low power consumption even further.

Share this news on