27 Jun 2018

Analyst forecasts of the number of connected devices deployed over the next decade range into the hundreds of billions. With the vast potential value that IoT brings, also comes a growing concern that those billions of devices and the data they process remain under-protected, posing a serious security threat. Trustonic is pleased to announce that it is enabling the world’s premier microcontroller (MCU) supplier, Microchip Technology Inc., to provide their customers with a secure platform and strong device identity pre-embedded into their MCUs, providing enhanced security capabilities that can be leveraged across the value chain and IoT ecosystem.

Product variants of Microchip’s SAM L11 MCUs contain Trustonic’s Kinibi-M security platform and are based on the Arm Cortex-M23 core featuring Arm TrustZone for Armv8-M, a programmable environment that provides hardware isolation between certified libraries, IP and application code. SAM L11 MCUs also include proprietary chip-level tamper resistance, secure boot and secure key storage.

Trustonic’s Kinibi-M software is a modular, hardware-secured Trusted Execution Environment (TEE), specially designed for size-constrained IoT chipsets

Protects software and IP

Built using the expertise already gained from securing over 1.5 billion mobile devices, Trustonic’s Kinibi-M software is a modular, hardware-secured Trusted Execution Environment (TEE), a secure operating system (OS) that has been specially designed for size-constrained IoT chipsets. It is designed to ease development and leverage Trustonic’s implementation resources, saving developers from having to develop expertise in-house. In order to trust data coming from an IoT device, you first need to be able to trust the device itself. To achieve this, Trustonic embeds a unique and distinct identity for every device during silicon manufacture. Kinibi-M technology enables device makers to:

- Record and attest to manufacturing steps, preventing opportunities for fraud & counterfeiting in the supply chain

- Protect software and IP on devices throughout their entire lifecycle

- Ensure that updates, personalization and secrets can be securely delivered

- Enable devices to identify themselves in the field – for example to enable automatic cloud enrolment       

Trustonic’s solution is supplemented by its breakthrough technology, Digital Holograms, which enables manufacturers to prove that devices connecting to their systems are legitimate and have been through the correct and audited manufacturing stages.

Trustonic’s device attestation can enable proof of secure manufacture or proof of legitimate deploymen

Secure OS and Digital Holograms

In addition to the key advantages of enabling data to be trusted and devices to be kept secure, Kinibi-M also offers:

- Device Provenance: Manufacturing and lifecycle stages can be securely recorded using Digital Holograms. At any future stage in the device lifecycle, Trustonic’s device attestation can enable proof of secure manufacture or proof of legitimate deployment. For example, cloud services can leverage this capability to automatically onboard attested devices and reject counterfeits.

- Supply Chain Protection: Together the secure OS and Digital Holograms prevent individual devices from being cloned, IP or keys from being removed from a device, or devices from being over-produced. Any attempt to create counterfeit devices can be detected in-factory or in-field using Trustonic attestation services and the fraudulent production step can be highlighted.

- Software Isolation & IP Protection: Code modules are isolated from each other, reducing both the risks associated with errors elsewhere on the device and the potential for firmware updates to invalidate assumptions made during certification. This enables others further down the device’s production chain to add additional software or customization in a safe and secure way. Additionally, IP protection ensures that sensitive code and data cannot be extracted, copied, removed, modified or tampered with. This is essential, as the IP on a chip is often of greater value than the complete device.

Trustonic’s mission is to provide the best security and to remove the cost and complexity that often accompanies strong security"

Revolutionary IoT security

IoT end points often require low power and high security,” said Rod Drake, vice president of Microchip’s MCU32 business unit. “However, the growth of IoT nodes is happening so fast that security is not always adequately addressed. The features of the SAM L11 are exactly what customers need to plan for security early in the design cycle and throughout the remainder of the device’s life.”

Ben Cade, CEO of Trustonic, concluded: “Trustonic’s mission is to provide the best security and to remove the cost and complexity that often accompanies strong security. Our technology is already embedded in over 1.5 billion mobile devices, and we’ve now applied our expertise to simplifying the process for developing and deploying secure IoT devices. We are enabling Microchip SAM L11 microcontrollers to have a secured trusted identity when they leave the factory, so that subsequent events, additions and developments are built on a truly secure foundation that can be leveraged through the device’s entire lifecycle. We are committed to ensuring that connected devices have the best possible security protections, and we’re delighted to be working with Microchip to deliver revolutionary IoT security to the market.”