In our next project we are going to use an LPC55S MCU with the below integrated security features:
I went over the documentation for each of these features, and it seems to me that adding an external secure element for my application seems redundant. In fact it might cause more harm than benefits if the I2C bus is sniffed.
As a brief description, I have a wireless transceiver connected to the MCU. In order to join the network, I need to provide 2 128BIT keys. These keys need to be provisioned (and match) on the device and on the server for the joining process to succeed.
Given the above and making sure that the firmware implements the secure features in an optimal manner without compromising the security. Would an external secure element such as the SE050 offer any additional security to the device ? Or would it become redundant and maybe a liability if the attacker had physical access to the PCB.
Hi Xiangjun Rong,
Thank you for your reply and sharing the application note, i will go through it.
I understand the security features of the LPC55S, my question is would a secure element like the SE050 add any additional security ?
Obviously, the SE050 can provide additional security, but it is dependent on the security level and security features you required.
Hi Xiangjun Rong,
Thank you again for your reply.
As I mentioned in my original post, I need to generate and store 2 keys on my device to access a wireless network (LoRa). The same keys will need to be provided to the server during manufacturing.
I was thinking about using the SRAM PUF on the LPC to generate and store the keys. In addition to the PUF, I will use PRINCE to encrypt critical flash areas and I will use ARM Trustzone to separate secure and non-secure code.
I don't need NFC connection and I don't need to connect a sensor directly to the SE050. In that case would an external SE050 add any additional security to my application ? Tamper detection will be done using a GPIO and RTC module on the LPC.
I would like to use maximum possible security, so if the external SE050 adds any additional security to the above mentioned implementation I will add it to the system. But for now, I don't see the benefit in my specific application.
Regarding the LPC55Sxx, as you know that it can do the following job with hardware. module.
Security features module:
1)can generate random number
2)support hash and perform SHA-1 and SHA-2 with 256-bit digest (SHA-256).
3)support asymmetric encryption/decryption , AES and 3DES
support asymmetric encryption/decryption
2)support ECC, can generate private key and public key with ECC, can do ECDH and ECDSA.
Pls refer to the AN:
Hope it can help you