STMicroelectronics and Security Platform Inc. to Combine Security Expertise for Safe, Trusted, and Easy-to-Use IoT Devices
The IoT comprises potentially billions of tiny, connected, embedded computing devices to help manage services and infrastructure automatically. The devices communicate through the Internet and share data with the Cloud, and so need strong but lightweight and convenient security to prevent cyber-attackers intercepting sensitive information or infecting connected devices with malware.
Trusted Computing helps keep networks safe by combining specially designed secure ICs and software that help check the integrity and verify the credentials of any device that is connected or attempts to connect. ST and Security Platform are working to simplify implementation of highly secure IoT devices, leveraging Trusted Computing principles.
“Working with Security Platform, we aim to solve all the hardware-software integration challenges, providing a seamless path for IoT-device makers to implement best-in-class security for smart connected devices,” said Laurent Degauque, Secure Microcontrollers Division (SMD) Marketing Director, STMicroelectronics. “Our STSAFE-TPM Trusted Platform Module is proven, reliable, certified to international security standards, and provides the perfect foundation for this objective.”
“The embedded-security software technology from Security Platform makes it possible to embed light yet powerful protection features into lightweight IoT devices with limited resources at the manufacturing stage,” said Su-ik Hwang, CEO of Security Platform. “The integration with STSAFE-TPM from a leading Secure MCU provider ST helped us create a total security solution that enables devices to be intrinsically resistant to cyber-attacks to ensure the safety and success of the IoT.”
ST’s STSAFE-TPM is a Trusted Platform Module that provides secure storage for data such as cryptographic keys needed to authenticate the system, using proven techniques such as anti-tamper, memory protection, and data-watching prevention. It meets industry-recognized security standards including Trusted Computing Group (TCG) TPM 1.2 and TPM 2.0 protection profiles, IT-security Common Criteria Level 4+ (CC EAL4+) certification, and US Federal Information Processing Standard (FIPS) 140-2.
Using its Axio-OS secure operating system and Axio-RA remote-attestation verification solution, Security Platform checks for breaches of integrity by verifying the hash information of the device from a separate server. Together, these software modules also provide anti-cloning and anti-forgery protection, and process device authentication, message signing, and security update using only the appropriate signing code.
While this collaboration will deliver a pre-integrated, ready-to-use solution, it builds on the existing independent STSAFE-TPM ICs and Axio-OS and Axio-RA software the companies are already marketing and can help customers tie together. In these instances, Security Platform can supply Axio-OS and Axio-RA with a developer kit comprising a board and chipset to aid integration.
STSAFE-TPMs are available within the larger STSAFE family of ICs from ST, which are tailored to support platform integrity, authentication, secure storage and other cryptographic services in various classes of connected devices from small IoT devices to industrial or consumer products, and desktop computers.