A first step of a security lifecycle management solution has been announced by Renesas Electronics on the Renesas Synergy Platform for customers who build devices connecting to the Internet of Things (IoT). Renesas, together with partners Data I/O and Secure Thingz, offer a secure firmware flash programming solution enabling customers to reliably and securely program authorised firmware into the flash memory of Synergy MCUs in remote manufacturing facilities and in the field, while protecting firmware from being modified, pirated, or installed on cloned hardware.
OEMs building connected IoT devices face risks that include product disruption, system hijacking, eavesdropping, IP theft and product cloning. Without the proper security, these devices can be exploited to shut down or damage vital industrial infrastructure or cause injury. Given the increased complexity of the global supply chain, extra diligence is needed to ensure that the integrity and authenticity of a product is maintained in the production environment and not compromised throughout the entire manufacturing cycle regardless of the location and security level and capabilities of the Contract Manufacturer’s (CM’s) or OEM’s manufacturing personnel and processes. The secure flash programming solution based on the Synergy Platform enables OEMs to maintain product integrity and authenticity without such dependencies on the CM’s capabilities.
A chain-of-trust starts with the delivery of a Synergy MCU with hardware security features to a secure programming center where a root-of-trust is installed on each MCU with equipment provided by Data I/O. The next step in the chain is for the OEM to use tools provided by Data I/O and Secure Thingz to author their firmware such that it is encrypted, signed, and provisioned to specific MCUs. After this, the Synergy MCUs can be shipped to the OEM or CM facility. Once in the field, the authored firmware can be securely updated into the MCUs’ flash memory with the on-chip root-of-trust being used to validate and decrypt the firmware before flash programming – all securely taking place within the Synergy MCUs that provide hardware protected memory segments integrated with an asymmetric cryptographic engine to validate and decrypt the firmware. This eliminates concern for IP theft, piracy, and product cloning.
Renesas provides the Synergy MCU and Synergy’s security reference solution that deliver a strong root-of-trust through an identity, hardware protected keys, a secure boot loader, a secure flash update module, and cryptographic API’s that interface with the MCU hardware.
Secure Thingz provides the Secure Deploy suite of tools, which enable end-to-end encryption of firmware to the device, plus secure deployment into remote high risk manufacturing environments, alongside remote firmware updating and management.
Data I/O provides the SentriX Security Programming Platform, a highly flexible, cost-effective security provisioning and data programming solution for authentication devices, secure elements and secure MCUs that enables the secure provisioning in a secure manufacturing environment or programming center. The SentriX Platform contains the Secure Thingz’s Guardian with integrated HSM (Hardware Security Module), which allows for the SentriX Platform and the Secure Deploy suite to work together seamlessly to protect firmware and critical data.
“Renesas Synergy’s security reference solution empowers OEMs to deliver and manage a trusted IoT device. When used with the SentriX Security Programming Platform and Secure Deploy, Synergy MCUs plus the associated software, tools, and infrastructure allow OEMs to protect their software IP from modification, theft and cloning.” said Brian Davis, Vice President of Synergy IoT Platform Business Division, Renesas Electronics Corporation. “In addition, the solution enables remote systems to be safely updated over the product lifecycle with new protections for evolving security attacks and hacking technologies.”
Customers interested in evaluating the solution may obtain an evaluation kit that includes a DK-S7G2 Synergy Development Kit, tools, Synergy’s security reference solution, and an evaluation version of Secure Deploy. Once customers have evaluated the solution, it can be deployed into manufacturing in conjunction with Data I/O’s SentriX Security Programming Platform. Customers can work with Secure Thingz to deploy a remote update solution.
“IoT OEMs are increasingly concerned with vulnerabilities in connected devices and are turning to various types of secure microcontrollers to embed trust, enable a secure supply chain, and establish firmware integrity,” said Anthony Ambrose, President and CEO of Data I/O Corporation. “The SentriX Platform enables a trusted, secured, and cost effective solution for OEMs seeking to secure the supply chain and maintain firmware integrity. Data I/O is excited to partner with Renesas and SecureThingz to enable this comprehensive solution supporting the Synergy Platform products throughout the OEM product lifecycle.”
“With the advent of the IoT, the protection of the design, software, intellectual property, and integrity of products is becoming paramount to the OEM. Traditional security technology is unable to defend against rapidly advancing threats,” said Haydn Povey, Founder and CTO of Secure Thingz. “We are excited to work with Renesas and Data I/O to enable OEMs to deploy secure content to devices, creating robust foundations and delivering innovative features on Synergy Platform.”
Renesas plans to introduce Renesas Synergy’s security reference solution at embedded world 2017 to be held in Nuremberg, Germany from 14th-16th March 2017, at Renesas booth hall 4, stand 104.