帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

LPC55S with EdgeLock

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

LPC55S with EdgeLock

‎03-06-2021 01:16 AM
2,888 次查看
LazyHD
Contributor I

Hello,

In our next project we are going to use an LPC55S MCU with the below integrated security features:

  • PUF
  • Secure boot
  • TrustZone
  • HASH-AES
  • CASPER
  • PRINCE

I went over the documentation for each of these features, and it seems to me that adding an external secure element for my application seems redundant. In fact it might cause more harm than benefits if the I2C bus is sniffed.

As a brief description, I have a wireless transceiver connected to the MCU. In order to join the network, I need to provide 2 128BIT keys. These keys need to be provisioned (and match) on the device and on the server for the joining process to succeed. 

Given the above and making sure that the firmware implements the secure features in an optimal manner without compromising the security. Would an external secure element such as the SE050 offer any additional security to the device ? Or would it become redundant and maybe a liability if the attacker had physical access to the PCB.

 

Thanks 

标签 (1)
标签
0 项奖励
回复
4 回复数

‎03-08-2021 02:26 AM
2,865 次查看
LazyHD
Contributor I

Hi Xiangjun Rong,

Thank you for your reply and sharing the application note, i will go through it.

I understand the security features of the LPC55S, my question is would a secure element like the SE050 add any additional security ? 

Thanks again

0 项奖励
回复

‎03-09-2021 02:17 AM
2,858 次查看
xiangjun_rong
NXP TechSupport
NXP TechSupport

Hi, Hisham,

Obviously, the SE050 can provide additional security, but it is dependent on the security level and security features you required.

BR

Xiangjun Rong

0 项奖励
回复

‎03-10-2021 12:40 AM
2,849 次查看
LazyHD
Contributor I

Hi Xiangjun Rong,

Thank you again for your reply. 

As I mentioned in my original post, I need to generate and store 2 keys on my device to access a wireless network (LoRa). The same keys will need to be provided to the server during manufacturing. 

I was thinking about using the SRAM PUF on the LPC to generate and store the keys. In addition to the PUF, I will use PRINCE to encrypt critical flash areas and I will use ARM Trustzone to separate secure and non-secure code.

I don't need NFC connection and I don't need to connect a sensor directly to the SE050. In that case would an external SE050 add any additional security to my application ? Tamper detection will be done using a GPIO and RTC module on the LPC.

I would like to use maximum possible security, so if the external SE050 adds any additional security to the above mentioned implementation I will add it to the system. But for now, I don't see the benefit in my specific application.

Thanks

0 项奖励
回复

‎03-07-2021 07:06 PM
2,871 次查看
xiangjun_rong
NXP TechSupport
NXP TechSupport

Hi, Hisham,

Regarding the LPC55Sxx, as you know that it can do the following job with hardware. module.

Security features module:

1)can generate random number

2)support hash and perform SHA-1 and SHA-2 with 256-bit digest (SHA-256).

3)support asymmetric encryption/decryption , AES and 3DES

Casper co-processor:

support asymmetric encryption/decryption

1)support RSA

2)support ECC, can generate private key and public key with ECC, can do ECDH and ECDSA.

Pls refer to the AN:

https://www.nxp.com.cn/docs/en/application-note/AN12542.pdf

Hope it can help you

BR

Xiangjun Rong

 

 

0 项奖励
回复