Secure Elements and Trusted Platform Module (TPM)
Secure Elements and Trusted Platform Module (TPM)
Overview
A secure element is a secure, tamper-resistant device capable of hosting confidential cryptographic data and keys in accordance with cryptographic algorithm standards. Secure elements can be used to offload important security needs such as key provisioning, certificate storage, secure boot, and encryption. Secure elements are targeted at applications including ecosystem control, anti-cloning, and lifecycle management. Secure elements provide protection against counterfeit products such as battery replacement in applications like laptops, tablets, and robot vacuums.
Trusted Platform Modules (TPM) bring hardware-based security to your embedded designs. A TPM is a security controller that is designed to carry out cryptographic functions and protect the integrity of embedded applications. The chip is protected from tampering and malicious software, which can interfere with security functions. TPMs are often used alongside systems running Windows and Linux. TPM technology is based on the Trusted Computing Group® (TCG) standards, each part being independently certified.
Arrow Shield96 Security Reference Design Platform
Advanced Hardware Security for IoT at Scale
The Shield96 board based on Microchip silicon is available in two different forms.
The Shield96 Standard reference platform provides a secure reference platform applicable across all IoT verticals. This trusted Linux turn-key solution addresses hardware security by design. This hardware allows users the ability to design a product as needed to fit their custom needs.
The Shield96 Trusted Platform comes preloaded with the EmSPARK Security Suite software by Sequitur Labs. This provides a secure platform to enable secure end points and protect firmware, keys and data throughout the lifecycle of a product. EmSPARK is the essential software companion suite complementing the Microchip hardware providing a cost-effective secure solution appropriate for every connected device built with the ATSAMA5D2 processor. Engineers can leverage this reference design for digital transformation built on trust extracting the full value of the advanced embedded security features.
| Learn More | Buy Shield96 Standard | Buy Shield96 Trusted Platform |
Microchip Security Overview
Arrow Security Starter Kits
The growing adoption of IoT technology across end-user industries, such as manufacturing, healthcare, and automotive, is driving the market’s growth positively. With the continuous advances in wireless technology and increasing amount of connected devices entering the world, IoT application developers and customers are facing growing security risks for their IoT products. Implementing security is often overlooked and can be a challenge to design into an IoT based embedded system which can lead to vulnerabilities and unwanted attacks on your device.
The Security Starter Kits integrate readily available wireless evaluation kits and Arrow’s 96Board compliant Single-board Computers with Infineon’s OPTIGA™ TPM2.0 and OPTIGA™ Trust M security solutions, AWS Cloud services, and open source software, enabling customers seeking to add security to their end products, a straight-forward implementation path & Root of Trust certificate.
Gateway Compute Solutions
Security Starter Kit with ST STM32MP1 and Infineon OPTIGA™ TPM 2.0 STM32MP1 microprocessor includes dual Arm® Cortex® A7 and Cortex® M4 cores and supports the Arm TrustZone® peripherals and active tamper security features.
Security Starter Kit with Wireless End Node Security Kits with OPTIGA™ Trust M
Security Starter Kit with NXP i.MX 8X and Infineon OPTIGA™ TPM 2.0 The NXP i.MX 8X processor has a quad-core 64-bit Arm® Cortex® A35, dedicated GPU, and VPU. Advanced security features supported by the application processor include AHAB secure and encrypted boot, random number generator, and RSA up to 4096.
Micro STM32WB55 and OPTIGA™ Trust M
This combination includes a Trust M S2GO board and the ST Micro P-Nucleo-WB55 EVK. It supports BLE and Bluetooth® 5 connectivity. iOS and Android mobile apps are provided.
Security Starter Kit with Giant Gecko 11, XBee3 Module and OPTIGA™ Trust M
This combination includes a Trust M S2GO board, Silicon Labs Giant Gecko 11 board, and XBee3 module for LTE-M connectivity.
| Security Feature Implemented | Description |
| Unique Device Identifier | EUI64 is used and stored in the OPTIGA™ embedded security solution |
| Secure Boot | Software based secure boot feature performed with OPTIGA™ embedded security solution |
| Secure OTA Updates | Implemented software-based capability for OTA updates with OPTIGA™ embedded security solution |
| Secure Data (encryption) | Data encrypted and decrypted using keys stored in the OPTIGA™ embedded security solution |
| Device Authentication | Device authentication enabled in the OPTIGA™ embedded security solution |
| Device Management (Allow/Deny) | Performed in AWS Cloud Services |
| Isolation of secure firmware from non-secure application | Stored in the OPTIGA™ embedded security solution |
| Isolation of credentials (keys) in a Tamper-& resistant element | Stored in the OPTIGA™ embedded security solution |
| X.509 certificate support | A digital certificate to verify that a public key belongs to the Hostname/domain or organization and stored in the OPTIGA™ embedded security solution |
| Secure Supply Chain | Register Root CA in AWS and using Root CA to create the device certificate. An Intermediate CA is not employed. Private key and device certificate are stored in the OPTIGA™ embedded security solution |
Infineon Secure Element OPTIGA™ Trust B- Authentication and Brand Protection
Infineon's OPTIGA™ Trust B is a secure element for embedded systems requiring easy-to-integrate, reliable authentication features. It is designed to help system and device manufacturers safeguard the authenticity, integrity and safety of their original products. It provides enhanced protection against aftermarket counterfeit replacements maintaining OEM authenticity and safeguarding the user experience.
| Buy Device | Buy Evaluation Board |
Infineon OPTIGA™ Trust Family Comparison Guide
| Product Name | OPTIGA Trust B SLE 95250 | OPTIGA Trust E SLS 32AIA | OPTIGA Trust X SLS 32AIA | OPTIGA Trust M SLS 32AIA |
| Product Description | Product authentication and brand protection solution | Enhanced authentication solution for high-value goods
|
Enhanced device security solution | Enhanced device security solution |
| Interfaces | SWI | I2C | I2C | I2C (shielded connection) |
| EEPROM | 512 bit | - | - | - |
| NVM | - | 3 kByte | 10 kByte | 10 kByte |
| CPU | State machine | 16-bit | 16-bit | 16 bit |
| Delivery forms | TSNP-6 | USON-10-2 | USON-10-2 | USON-10-2 |
| Typical applications | Authentication of consumer electronics, accessories, original replacement parts | PKI networks, consumer electronics, smart home, industrial automation, IoT, authentication of system services, original replacement parts, smart metering, system configuration management, IP/software protection | IoT, smart home, industrial automation, consumer electronics, smart metering, authentication of system services, original replacement parts, secure communication, IP/software protection | Mutual authentication, secured communication, secured updates, key provisioning, life-cycle management, data store protection, power management, platform integrity protection |
Infineon Secure Element OPTIGA™ Trust M- High Performance Solution Providing Secure Connectivity for IoT Devices to the Cloud
The OPTIGA™ Trust M is the trust anchor for advanced security combined with high performance for connected devices communicating to the cloud. It comes with a high-end security controller, operating system as well as a library for the main system host controller. The OPTIGA Trust M is a high-end security solution that provides secure connectivity for IoT devices to the cloud, giving every IoT device its own unique identity. This pre-personalized solution offers secured, zero-touch onboarding and the high performance needed for quick cloud access.
Features
• High-end security controller with CC EAL6+ (high) certification
• Turnkey solution ›ECC NIST P256/P384, SHA-256, TRNG, DRNG, RSA® 1024/2048
• Cryptographic toolbox
• I2C interface with shielded connection
• Hibernate mode for zero power consumption
• Up to 10 kB user memory
• USON-10-2 package (3 x 3 mm)
• Temperature range up to -40°C to +105°C
• Software framework on GitHub
• Device security monitor
• Lifetime of up to 20 years for industrial and infrastructure applications
The OPTIGA™ Trust M evaluation and demonstration kit is a quick and easy way of getting started with IoT security. The evaluation kit is based on a XMC4800 microcontroller and comes with software including typical use-case scenarios. This allows users to try out the applications of the OPTIGA™ Trust M such as a Mutual Authentication, Secured Communication, Data Store Protection, Lifecycle Management, Power Management, Secured Update and Platform Integrity Protection. It is also Arduino form factor compatible.
| Learn More | Buy Component | Buy Development Kit |
Infineon OPTIGA™ Trust Family Comparison Guide
| Product Name | OPTIGA Trust B SLE 95250 | OPTIGA Trust E SLS 32AIA | OPTIGA Trust X SLS 32AIA | OPTIGA Trust M SLS 32AIA |
| Product Description | Product authentication and brand protection solution | Enhanced authentication solution for high-value goods
|
Enhanced device security solution | Enhanced device security solution |
| Interfaces | SWI | I2C | I2C | I2C (shielded connection) |
| EEPROM | 512 bit | - | - | - |
| NVM | - | 3 kByte | 10 kByte | 10 kByte |
| CPU | State machine | 16-bit | 16-bit | 16 bit |
| Delivery forms | TSNP-6 | USON-10-2 | USON-10-2 | USON-10-2 |
| Typical applications | Authentication of consumer electronics, accessories, original replacement parts | PKI networks, consumer electronics, smart home, industrial automation, IoT, authentication of system services, original replacement parts, smart metering, system configuration management, IP/software protection | IoT, smart home, industrial automation, consumer electronics, smart metering, authentication of system services, original replacement parts, secure communication, IP/software protection | Mutual authentication, secured communication, secured updates, key provisioning, life-cycle management, data store protection, power management, platform integrity protection |
Infineon Secure Element OPTIGA™ Trust X - Simple, Fast, and Secure Management of Cryptographic Keys and Access Rights for IoT Devices
The OPTIGA™ Trust X the perfect choice for IoT Security
The OPTIGA™ Trust X offers simple, fast, and secure management of cryptographic keys and access rights for IoT devices. Discover more about this hardware-based premium security solution.
Infineon and Arrow Security Provisioning
| Learn More | Buy Now | Use Case |
Infineon OPTIGA™ Trust Family Comparison Guide
| Product Name | OPTIGA Trust B SLE 95250 | OPTIGA Trust E SLS 32AIA | OPTIGA Trust X SLS 32AIA | OPTIGA Trust M SLS 32AIA |
| Product Description | Product authentication and brand protection solution | Enhanced authentication solution for high-value goods
|
Enhanced device security solution | Enhanced device security solution |
| Interfaces | SWI | I2C | I2C | I2C (shielded connection) |
| EEPROM | 512 bit | - | - | - |
| NVM | - | 3 kByte | 10 kByte | 10 kByte |
| CPU | State machine | 16-bit | 16-bit | 16 bit |
| Delivery forms | TSNP-6 | USON-10-2 | USON-10-2 | USON-10-2 |
| Typical applications | Authentication of consumer electronics, accessories, original replacement parts | PKI networks, consumer electronics, smart home, industrial automation, IoT, authentication of system services, original replacement parts, smart metering, system configuration management, IP/software protection | IoT, smart home, industrial automation, consumer electronics, smart metering, authentication of system services, original replacement parts, secure communication, IP/software protection | Mutual authentication, secured communication, secured updates, key provisioning, life-cycle management, data store protection, power management, platform integrity protection |
NXP EdgeLock™ SE050: Plug and Trust Secure Element Family- Enhanced IoT security with maximum flexibility
Provisioning services for NXP EdgeLock SE050 Secure Element trust anchor enables scale of IoT edge nodes and gateways.
The EdgeLock SE050 secure element is an out of the box solution for integrating protection into IoT devices providing secure credential injection for root of trust at the IC level. This allows end to end security from chip to edge to cloud giving an easy to integrate security framework for connected IoT solutions.
The EdgeLock SE050 product family of Plug & Trust devices offers enhanced Common Criteria EAL 6+ based security, for unprecedented protection against the latest attack scenarios.This ready-to-use secure element for IoT devices provides a root of trust at the IC level and delivers real end-to-end security – from edge to cloud – without the need to write security code. Some of the use cases covered by EdgeLock SE050 are secure Cloud onboarding and device-to-device authentication.
To learn more about Arrow Secure Provisioning Service for EdgeLock SE050, contact secure.provisioning@arrow.com or visit www.arrow.com/manufacturing
| Get started now SE050 development Kit | Learn More |
NXP A71CH Secure Element to simply integrate secure provisioning for IoT edge nodes and gateways
Integrate secure provisioning for IoT edge nodes and gateways with ease featuring the NXP A71CH Secure Element trust anchor. Provisioning services for NXP A71CH Secure Element enables scale of IoT edge nodes and gateways.
The A71CH secure element is an out of the box solution for integrating security in IoT devices providing secure credential injection for root of trust at the IC level. This allows end to end security from chip to edge to cloud giving an easy to integrate security framework for connected IoT solutions.
Learn More
Silicon Labs Secure Vault Technology
Integrated Security Protects Connected Products, Data and Intellectual Property Against Evolving Threats
End node devices in IoT applications are commonly faced with limitations. These are primarily involved in microcontroller performance, memory, or power. This leaves security often overlooked as designers try to meet the application specific requirements. If security is not designed in from the start, end node devices which are typically cost sensitive and resource constrained are becoming a bigger target for hackers. Silicon Labs is committed to providing state-of-the-art technology to help protect your devices working with the security community, customers, and other related experts to provide robust security solutions.
