Microchip Technology announced Wednesday a new hardware crypto-enabled 32-bit microcontroller that offers significant performance improvements over firmware-based offerings. The CEC1302 makes it easy to add security to Internet of Things (IoT) devices, offering easy-to-use encryption and authentication for programming flexibility and increased levels of security.
Security threats are increasing exponentially in terms of frequency, targeted devices, malignancy and costs of attacks. The CEC1302 allows for pre-boot authentication of the system firmware in order to ensure that the firmware is untouched and uncorrupted, thereby preventing security attacks such as man-in-the-middle, denial-of-service and backdoor vulnerabilities. It can also be used to authenticate any firmware updates, protecting the system from malware or memory corruption.
Currently available for sampling and volume production, the CEC1302 (part number CEC1302D-SZ-C0) is available in a 144-WFBGA package starting at $1.75 each in 10,000 unit quantities.
The CEC1302 allows for pre-boot authentication of the system firmware in order to ensure that the firmware is untouched and uncorrupted thereby preventing security attacks such as man-in-the-middle, denial of service, and backdoor vulnerabilities. It can also be used to authenticate any firmware updates, protecting the system from malware or memory corruption.
The CEC1302 incorporates a high-performance 32-bit ARM Cortex-M4 embedded microcontroller with 128 kilobytes of SRAM and 32 kilobytes of boot ROM. It communicates with the system host using the I2C bus.
The CEC1302 has two SPI memory interfaces that allow the EC to read its code from external SPI flash memory: private SPI and/or shared SPI. The shared SPI interface allows for EC code to be stored in a shared SPI chip. The private SPI memory interface provides for a dedicated SPI flash that is only accessible by the EC.
The CEC1302 provides support for loading EC code from the private or shared SPI flash device on a VCC1 power-on. Before executing the EC code loaded from a SPI Flash Device, the CEC1302 validates the EC code using a digital signature encoded according to PKCS #1. The signature uses RSA-2048 encryption and SHA-256 hashing. This provides automated detection of invalid EC code that may be a result of malicious or accidental corruption. It occurs before each boot of the host processor, thereby ensuring a HW based root of trust not easily thwarted via physical replacement attack.
The CEC1302 is directly powered by two separate suspend supply planes (VBAT and VCC1) and senses the runtime power plane (VCC) to provide “Instant On” and system power management functions. It also contains an integrated VCC1 Reset Interface and a system Power Management Interface that supports low-power states and can drive state changes as a result of hardware wake events.
The CEC1302 offers private key and customer programming flexibility with a full-featured microcontroller in a single-package solution in order to minimize customer risk. The device provides savings in terms of power drain and also improved execution of application performance. In addition, since the CEC1302 is a full 32-bit microcontroller with an ARM Cortex-M4 core, adding security functionality only results in a small additional cost.
The CEC1302 can be used as a standalone security coprocessor or can replace an existing microcontroller. The hardware-enabled public key engine of the device is also 20 to 50 times faster than firmware-enabled algorithms, and the hardware-enabled hashing is 100 times faster.