Embedded security to protect IoT endpoints, by Renesas

June 28, 2016 // By Graham Prophet
Renesas has added a series of embedded security packages employing general-purpose microcontrollers and microprocessors as new security structures for embedded devices that will function as Internet of Things (IoT) endpoints in homes and buildings. The first product of this series is the RX231 Communications Security Evaluation Kit.

At the same time as implementing strong security functions using a trusted secure IP that is already incorporated in the Renesas RX231 MCUs, the kit provides both an evaluation board and a wide range of software, to prevent virus infections over communication channels and disclosure of confidential information and allows embedded devices with strengthened security to be developed easily.


In many cases, Renesas says, overall network security in the IoT tends to be weak, since the scale of these systems is small, especially in edge devices at the very end of the network, such as sensors. To assure that edge devices do not become a platform for attack on the whole network, it has become necessary to make edge devices more intelligent, to enable them to independently make decisions and defend themselves, and to prevent both unauthorized software updates by viruses and other such actors and eavesdropping on the communications channels.


Management of encryption keys corresponds to passwords, to protect information that is the core for implementing strong security functions. Since encryption keys were previously stored in flash memory or other nonvolatile memory, there was a risk that they could be discovered through malicious access. To address this issue, Renesas has developed technology that reliably protects these encryption keys using "trusted secure IP" hardware. Providing both an evaluation board and software at the same time, the RX231 Communications Security Evaluation Kit serves as a one-step service and simplifies implementation of security and communications functions.


RX231's built-in, integrated, trusted secure IP, forms a hardware security layer that cannot be damaged even if attacked externally. This trusted secure IP features both an encryption engine and reliable protection of encryption keys. The kit supports the implementation of strong security compared to earlier systems in which the encryption keys were managed by user efforts.


The encryption engine supports both encryption and decryption using either 128-bit or 256-bit encryption keys as