LPC55S with EdgeLock

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LPC55S with EdgeLock

1,114 Views
LazyHD
Contributor I

Hello,

In our next project we are going to use an LPC55S MCU with the below integrated security features:

  • PUF
  • Secure boot
  • TrustZone
  • HASH-AES
  • CASPER
  • PRINCE

I went over the documentation for each of these features, and it seems to me that adding an external secure element for my application seems redundant. In fact it might cause more harm than benefits if the I2C bus is sniffed.

As a brief description, I have a wireless transceiver connected to the MCU. In order to join the network, I need to provide 2 128BIT keys. These keys need to be provisioned (and match) on the device and on the server for the joining process to succeed. 

Given the above and making sure that the firmware implements the secure features in an optimal manner without compromising the security. Would an external secure element such as the SE050 offer any additional security to the device ? Or would it become redundant and maybe a liability if the attacker had physical access to the PCB.

 

Thanks 

Labels (1)
0 Kudos
4 Replies

1,091 Views
LazyHD
Contributor I

Hi Xiangjun Rong,

Thank you for your reply and sharing the application note, i will go through it.

I understand the security features of the LPC55S, my question is would a secure element like the SE050 add any additional security ? 

Thanks again

0 Kudos

1,084 Views
xiangjun_rong
NXP TechSupport
NXP TechSupport

Hi, Hisham,

Obviously, the SE050 can provide additional security, but it is dependent on the security level and security features you required.

BR

Xiangjun Rong

0 Kudos

1,075 Views
LazyHD
Contributor I

Hi Xiangjun Rong,

Thank you again for your reply. 

As I mentioned in my original post, I need to generate and store 2 keys on my device to access a wireless network (LoRa). The same keys will need to be provided to the server during manufacturing. 

I was thinking about using the SRAM PUF on the LPC to generate and store the keys. In addition to the PUF, I will use PRINCE to encrypt critical flash areas and I will use ARM Trustzone to separate secure and non-secure code.

I don't need NFC connection and I don't need to connect a sensor directly to the SE050. In that case would an external SE050 add any additional security to my application ? Tamper detection will be done using a GPIO and RTC module on the LPC.

I would like to use maximum possible security, so if the external SE050 adds any additional security to the above mentioned implementation I will add it to the system. But for now, I don't see the benefit in my specific application.

Thanks

0 Kudos

1,097 Views
xiangjun_rong
NXP TechSupport
NXP TechSupport

Hi, Hisham,

Regarding the LPC55Sxx, as you know that it can do the following job with hardware. module.

Security features module:

1)can generate random number

2)support hash and perform SHA-1 and SHA-2 with 256-bit digest (SHA-256).

3)support asymmetric encryption/decryption , AES and 3DES

Casper co-processor:

support asymmetric encryption/decryption

1)support RSA

2)support ECC, can generate private key and public key with ECC, can do ECDH and ECDSA.

Pls refer to the AN:

https://www.nxp.com.cn/docs/en/application-note/AN12542.pdf

Hope it can help you

BR

Xiangjun Rong

 

 

0 Kudos