By Gina Roos, editor-in-chief
Further securing its SoC portfolio from IoT threats, Silicon Labs has launched the Secure Vault technology, a new suite of software and hardware security features aimed at helping device manufacturers address growing IoT security threats. The integrated security protects connected products, data, and intellectual property and adds new security features around secure device identity, secure key management and storage, and advanced tamper detection.
The company’s Wireless Gecko Series 2 platform takes advantage of the new Secure Vault technology by combining security software features with physically unclonable function (PUF) hardware technology. The new combination of integrated hardware and software security features can help companies meet emerging regulatory measures, such as GDPR in Europe and SB-327 in California.
Secure Vault’s security subsystem, including a dedicated core, bus, and memory, is separate from the host processor. Silicon Labs said that this unique design of hardware separation isolates critical features, such as secure key store management and cryptography, into their own functional areas, which makes the overall device more secure.
By integrating a security system with a wireless SoC, it helps designers simplify development and makes it possible to securely update connected devices over the air (OTA) throughout the product life cycle, said Silicon Labs. “The delivery of genuine, trusted software or firmware to connected products serves to mitigate unforeseen exploits, threats, and regulatory measures.”
New security features
Silicon Labs provides a secure identity certificate during IC manufacturing for each individual silicon die to enable post-deployment security, authenticity, and attestation-based health checks. This guarantees the authenticity of the chip for its lifetime.
How effective a security scheme is for device and data access depends on key secrecy, said Silicon Labs. With Secure Vault, keys are encrypted and isolated from the application code. All keys are encrypted using a master encryption key generated using a PUF. The power-up signatures are unique to a single device, and master keys are created during the power-up phase to eliminate master key storage, which further reduces attack vectors, said the company.
The advanced tamper-detection feature offers a variety of capabilities ranging from product enclosure tamper resistance to sophisticated tamper detection of silicon through voltage, frequency, and temperature manipulations. “Hackers use these changes to force hardware or software to behave unexpectedly, creating vulnerabilities for glitch attacks,” said Silicon Labs.
Configurable tamper-response features enable developers to set up response actions with interrupts and resets or, in extreme cases, secret key deletion.
Silicon Labs is sampling new Secure Vault-enabled wireless SoCs, which will be released in late Q2 2020.
Advertisement
Learn more about Electronic Products Magazine
