Renesas RA family MCUs achieve CAVP certification for comprehensive suite of cryptographic algorithms
The Renesas RA6M4, RA6M5, RA4M2, and RA4M3 MCU groups all received NIST CAVP certification of a comprehensive suite of cryptographic algorithms, including multiple modes of advanced encryption standard (AES), hashing, rivest shamir adleman (RSA) and elliptic curve cryptography (ECC) key generation and authentication, key agreement schemes, and deterministic random bit generator (DRBG). NIST CAVP certification provides independent verification of the correct implementation of the cryptographic algorithms, which is vital to ensure connectivity interoperability.
Renesas announced last year that RA devices received both PSA certified level 2 and security evaluation standard for IoT platforms (SESIP) certifications.
“With CAVP certification, in conjunction with the existing SESIP1 and PSA Certified Level 2, Renesas provides the industry’s most comprehensive IoT security solutions,” says Roger Wendelken, senior vice president in Renesas’ IoT and infrastructure business unit. “Customers in a broad range of connected application segments can implement the RA family with supreme confidence that their data will be secure.”
Renesas’ integrated security architecture provides a time and energy efficient solution with unlimited secure key storage. An independent evaluation to compare SCE9 protected mode operation to a selection of secure elements was recently completed. “The SCE9 doesn’t just pack a significant amount of cryptographic compute power, but getting rid of a serial interface (usually I2C) to an externally connected device provides various advantages, says Mario Noseda from Zurich University of applied sciences, school of engineering. “The high clock frequency of the internal data bus greatly reduces the data transmission time between the MCU and the SCE9. But even more important is the complete elimination of a point of attack, which is a huge selling point for an MCU containing the SCE9.”
A white paper detailing the evaluation is available at here.
Proper handling of cryptographic keys is vital to maintaining the integrity of a secure product. The new security key management tool provides a straight forward mechanism for preparing keys for secure installation and updates, supporting development, production provisioning, and key updates for products in the field. The GUI interface is designed to assist developers, particularly those new to security solutions, to create prototypes and proofs of concepts with test keys. The command line interface coordinates across multiple developers and supports production key management of key provisioning and update. Downloadable application projects demonstrate how to perform secure key installation and updates for both development and production using the available Renesas tools. Find the complete list of security orientated software, tools, and solutions at Renesas.
In addition to these widely recognised industry certifications, Renesas RA MCUs offer customers the ultimate IoT security by combining secure crypto engine IP with NIST CAVP certifications on top of Arm TrustZone® for Armv8-M. RA family devices incorporate hardware-based security features from simple AES acceleration to fully integrated crypto subsystems isolated within the MCU. The Secure crypto engine provides symmetric and asymmetric encryption and decryption, hash functions, true random number generation (TRNG), and advanced key handling, including key generation and MCU key wrapping. An access management circuit shuts down the crypto engine if the correct access protocol is not followed, and dedicated RAM ensures that plaintext keys are never exposed to any CPU or peripheral bus.