Trustonic is working with Microchip Technology Inc. to embed its security technology at the chip level, with the latter releasing a new family of secure MCUs that will cost in the $1 range at volume.
Security is an expensive thing to consider in low-cost, low-power devices run by an MCU, according to Richard Hayton, chief technology officer of Trustonic. As a result, security is often not included in the design stages of IoT devices, opening them up to risks in everything from fraud and counterfeiting during the supply chain process, to theft of IP, to risks when they connect to the Internet.
The embedded security technology combines Trustonic’s Kinibi-M software, a modular, hardware-secured Trusted Execution Environment (TEE), a secure operating system (OS) that has been specially designed for size-constrained IoT chipsets, and Trustonic’s digital hologram technology to enable, for instance, device authentication, ensure legitimate devices connect to the cloud and propagate firmware updates.
“It is a game changer, to be able to do security at this price point,” Hayton said.
Trustonic is a Cambridge, UK-based company launched five years ago as a joint venture by Arm and Gemalto. Trustonic’s security operating system is deployed alongside Android in about 1.2 billion mobile devices today. Microchip’s new SAM L10 and SAM L11 families of MCUs are based on the Arm Cortex-M23 core, and offer the industry’s lowest power consumption, as well as having capacitive touch capability with best-in-class water tolerance and noise immunity, according to a press release.
With Kinibi-M technology, device makers can record and attest to manufacturing steps, ensure that updates, personalization and secrets can be securely delivered, and enable devices to identify themselves in the field – for example to enable automatic cloud enrollment, according to a Trustonic press release.
In turn, Trustonic’s technology would inject a root of trust and a “Digital Hologram,” at the silicon provider level, adding a hologram at each stage of the manufacturing journey and recording the events on a blockchain. When, for example, product registration is initiated, the holograms are collected, signed by the root of trust and passed on to Trustonic’s cloud-based database for validation. That information is passed on to the Original Equipment Manufacturer (OEM), according to a Trustonic blog explaining the technology. By giving each System on Chip (SoC) a root of trust, an OEM can securely record its progress, and attest to the manufacturing chain.
The boards will be released very soon, according to Hayton.
“In IoT generally, there is a pressure toward saving money,” Hayton said, adding that by including security at a low cost can help secure use cases which haven’t been to date.