Choosing the Right Root of Trust
The digital society has grown and expanded rapidly during the last few years, with the explosion of wearable and IoT devices number per household. It has become clear that endpoint security is critical to the protection of data on all devices. Each device represents a potential sensitive entry point; ranging from the device itself to the network it is connected to. Endpoints are used to secure the link between devices and the cloud and such end-to-end security can only be achieved by designing a solid root of trust.
At Secure-IC, we are convinced that one day security will be worth more than the devices. That is why we are committed to continuously improve our root of trust with secure elements from chip to cloud.
Only integrated Secure Elements (iSE) can implement this fundamental security foundation. An integrated Secure Element is an IP than is integrated in a chip, melted as a subsystem into the host chip it protects.
Root of trust down to the Silicon with software support
Software is versatile, which is one of its strengths; but also one of its weaknesses. Software can be continuously improved and perfected but it is also corruptible and vulnerable to malicious attacks. Of course, secure software can be written to ensure that weaknesses are kept to a minimum but even then, writing such software can be very expensive and time-consuming.
Silicon is a physical and immutable function; it cannot be modified as opposed to software that can be compromised. Silicon guarantees that the information received is genuine and has not been altered. Such an immutable function propagates the root of trust throughout the system.
It is important to note that software security cannot be considered as a stand-alone solution; both hardware security solution and software security solution are complementing each other and should be considered together
embedded versus integrated Secure Element
The integrated Secure Element offers a more customizable chip for each industrial application due to its large amount of resources that can be shared with the host and hardware isolation. The embedded chip is said to be more complex than the former as it has two chips; however, it has limited resources and is only certified for one application. In addition, an embedded chip costs more to integrate to the electronic board than an integrated one, due to the two-chip architecture. Basically, having an integrated secure element is a more cost-effective and versatile solution.
SecuryzrTM, Secure-IC’s integrated Secure Element
A tool for each and every root of trust need:
|
Feature |
Description |
Root of trust trustworthiness |
Secure Boot |
Verify the physical and logical integrity of the platform, and guarantee the authenticity of the software and operating system running on the device. |
Security Monitoring |
Ensure that no physical or cyber-attack is being perpetrated on the system and apply the security policy in case of an attack. |
|
Secure Debug |
For first programming, debug purpose, key injection/generation, lifecycle management, on-site firmware injection/update, malfunctioning device update authorization in factory. |
|
Initial PUF enrollment for root key generation. All subsequent accesses and credentials are managed by this key. |
||
Physical Attack Protection |
Protection against side-channel attacks. Protection against fault injection attacks. |
|
Security Services |
Cryptographic Services |
Authentication and confidentiality of the data. Post-Quantum Cryptography. |
Data Protection |
Protect the system data in terms of authenticity or confidentiality. |
|
Key Management |
Management of cryptographic keys in a system. |
|
Secure Communications Protocols |
TLS IPSec |
SecuryzrTM is available in different configurations that offers security at different levels from low area to high performance systems. It is a fully scalable and digital solution and SecuryzrTM is available for integration in Linux, PKCS#11, and EVITA-based systems.
Secure-IC’s iSE has unique features that make it ideal for any industry, such as:
- A unique digital anti-tamper technology;
- A PUF-based critical security parameter management and easier key provisioning;
- Unique countermeasures against side-channel attacks;
- Cyber protections for its integrated CPU.
Do you have questions on this topic and on our protection solutions? We are here to help.