Renesas Electronics Corporation, a provider of advanced semiconductor solutions, announced that the security mechanism for its RA family of 32-bit Arm Cortex-M microcontrollers (MCUs) has been certified by the National Institute of Standards and Technology Cryptographic Algorithm Verification Program (NIST). (CAVP).
Drivers for using certified SCE9 protected mode are included in the RA Family Flexible Software Package (FSP) v3.6.0 and later.
The Renesas RA6M4, RA6M5, RA4M2 and RA4M3 MCU groups have received NIST CAVP certification of a comprehensive suite of cryptographic algorithms, including multiple modes of Advanced Encryption Standard (AES), hashing, Rivest Shamir Adleman (RSA) and Elliptic Curve Cryptography (ECC) . ) key generation and authentication, key agreement schemes and deterministic random bit generator (DRBG).
NIST CAVP certification provides independent verification of the correct implementation of cryptographic algorithms, which is vital to ensuring connectivity interoperability.
Renesas announced last year that AR devices have received PSA Certified Level 2 and Security Evaluation Standard for IoT Platforms (SESIP) certifications.
“With CAVP certification, in conjunction with existing SESIP1 and PSA Level 2 certifications, Renesas provides the most comprehensive IoT security solutions in the industry,” said Roger Wendelken, senior vice president of the IoT and Infrastructure Business Unit at Renesas. . “Customers across a wide range of connected application segments can deploy the RA family with the utmost confidence that their data will be secure.”
Renesas' unique integrated security architecture provides a time- and energy-efficient solution with secure, unlimited key storage. An independent evaluation to compare the operation of SCE9 Protected Mode with a selection of secure elements was recently completed.
“Not only does SCE9 have a significant amount of cryptographic computing power, but getting rid of a serial interface (usually I2C) to an externally connected device offers several advantages, said Mario Noseda of the School of Engineering at the University of Applied Sciences of Zurich. “The high clock frequency of the internal data bus greatly reduces the data transmission time between the MCU and the SCE9. But even more important is the complete elimination of one point of attack, which is a huge selling point for an MCU containing SCE9.”
A white paper detailing the assessment is available here.
Proper handling of cryptographic keys is vital to maintaining the integrity of a secure product. The new security key management tool provides a straightforward mechanism to prepare keys for secure installation and updates, supporting development, production provisioning, and major updates for fielded products.
The GUI interface is designed to help developers, especially those who are new to security solutions, create prototypes and proofs of concepts with test keys. The command-line interface coordinates multiple developers and supports production key management for key provisioning and updating. Downloadable application projects demonstrate how to perform secure key installations and updates for development and production using available Renesas tools.
Find the full list of security-focused software, tools, and solutions here.
In addition to these widely recognized industry certifications, Renesas RA MCUs offer customers the latest in IoT security, combining Secure Crypto Engine IP with NIST CAVP certifications in addition to Arm TrustZone for Armv8-M. Devices in the RA family incorporate hardware-based security features, from simple AES acceleration to fully integrated cryptographic subsystems isolated in the MCU.
The Secure Crypto Engine provides symmetric and asymmetric encryption and decryption, hash functions, true random number generation (TRNG), and advanced key handling, including key generation and key wrapping unique to the MCU. An access management circuit shuts down the encryption engine if the correct access protocol is not followed, and dedicated RAM ensures that plaintext keys are never exposed to any CPU or peripheral bus.