STMicroelectronics recently announced a new secure element to protect connected devices in the consumer and industrial Internet of Things (IoT), and to prevent cloning or copying of genuine products by ensuring authenticity.
Certified to the highest security industry standards, the new STSAFE-A100 can be designed-in by developers without security to offer comprehensive support ecosystem.
Consumer devices, home appliances, industrial assets, and infrastructure controllers are already connected to the internet or will be soon. Many of them are designed to be autonomous and unattended. They now need electronic security to prevent hackers from counterfeiting, cloning, stealing information, or misusing the equipment.
The STSAFE-A100 is a highly secure solution that acts as a secure element providing authentication and data management services to a local or remote host. It consists of a full turnkey solution with a secure operating system running on the latest generation of secure microcontrollers.
ST’s STSAFE-A100 is a secure turnkey solution that brings the company’s proven expertise in electronic security for applications such as banking, e-commerce, and identity protection to the IoT. As a secure element that provides authentication services and can be used in conjunction with an ordinary microcontroller, it features an embedded secure operating system and is certified to Common Criteria EAL5+, banking-level security-industry standards.
The new offering offers secure MCUsCC EAL5+ AVA_VAN5 Common Criteria certifiedActive shield; monitoring of environmental parameters; protection mechanism against faultsUnique serial number on each die; protection against side-channel attacksAdvanced asymmetric cryptography; elliptic curve cryptography (ECC) with NIST or Brainpool 256-bit and 384-bit curves; elliptic curve digital signature algorithm (ECDSA) with SHA-256 and SHA-384 for digital signature generation and verification; elliptic curve Diffie-Hellman (ECDH) for establishment; advanced symmetric cryptography; key wrapping and unwrapping using AES-128/AES-256; secure channel protocols using AES-128; secure operating system and STSAFE-A100 kernel for authentication and data management; and protection against logical and physical attacks.
“STSAFE-A100 delivers an economical and certified solution for state-of-the-art security in IoT and brand protection, presenting an alternative with clear advantages over existing approaches like software-based security running on a general-purpose microcontroller or an uncertified crypto-companion IC,” said Laurent Degauque, Marketing Director, Secure Microcontroller Division, MDG Group, STMicroelectronics. “Seamless integration puts security at the heart of the product and frees developers to focus on maximizing added value at the application level.”
ST has made design-in of its secure element easy for customers by providing a complete ecosystem that includes an expansion board with Arduino headers, a microcontroller library, and reference implementations. These simplify attaching the STSAFE-A100 to a microcontroller such as any from the STM32 line.
STSAFE-A100 provides strong authentication services that help make sure only authorized IoT devices can access online services and only authorized accessories or consumables are recognized and accepted by an application. It is compliant with the USB Type-C device-authentication scheme and secures communications with a remote host using Transport Layer Security (TLS) handshaking.
Additional functions that further minimize any potential for security breaches include signature verification to ease secure boot and firmware upgrade, secure counters that allow usage monitoring, secure pairing with the host application processor, wrapping and unwrapping of local or remote host envelopes, and on-chip key-pair generation.
The STSAFE-A100 supports asymmetric cryptography including Elliptic Curve Cryptography (ECC) with NIST or Brainpool 256-bit and 384-bit curves, and symmetric cryptography using AES-128/AES-256. The STSAFE-A100 comes with a unique serial number on each die and its operating system comprises a kernel for authentication and data management and provides strong protection against logical, fault, side-channel and physical attacks.
The STSAFE-A100 secure element is scheduled to enter volume production next month, as a 4mm x 5mm SO8N or 2mm x 3mm UFDFPN8.