Geneva, Switzerland and Paris, France – STMicroelectronics and Prove & Run are demonstrating their joint scalable security platform for IoT (Internet of Things) devices. The platform combines Prove & Run’s ProvenCore-MTM highly secure operating system with the advanced security capabilities of ST’s STM32L4™ microcontrollers (MCU), and its Common Criteria -certified STSAFETM-A100 secure element. The platform covers the full range of IoT security needs, from the most basic to the highest level of security requirements with Common Criteria -certified parts.
The new security platform eases the creation of highly secure IoT products, allowing customers to concentrate on the development of the functional part of their application. Product developers without any special skills in security will benefit from already validated and proven security services, including application isolation, secure boot, secure firmware update, and key-storage resistant to physical attacks.
The platform components include:
The STM32L4 MCUs combine ST’s ultra-low-power microcontroller technology with ARM® Cortex®-M4 core, targeting next-generation energy-conscious consumer, industrial, medical, and metering applications. STM32L4 devices achieve up to 100 DMIPS at just 37µA/MHz of active power consumption. In addition to a large set of smart peripherals, advanced and low-power analog circuits, and up to 1 MB of Flash and 320 KB of SRAM, STM32L4 MCUs integrate numerous security mechanisms (MPU, debug life-cycle, execute-only protection) that allow development of highly secure, robust, and reliable embedded solutions.
P&R-ProvenCore, a highly secure RTOS with proven properties for enforcing the isolation of applications and stability of the platform. Conceived as a micro-kernel, it aims at having a minimal impact on integrating existing code as an application, while providing strong security services and enforcing state-of-the-art secure coding recipes. It also includes dedicated secure boot and secure application-update mechanisms that can optionally be integrated with STSAFE-A100 platform integrity services.
STSAFE-A100 Secure Element, a Common Criteria EAL5+ -certified turnkey state-of-the-art security solution for preventing counterfeiting, cloning, and stealing information, and helping to fight against denials of service. The STSAFE-A100 features a secure embedded operating system that provides authentication, secure communication, secure data-management and platform integrity services, such as secure boot and firmware upgrade. It is personalized with keys and secrets at ST facilities.
The combination of ProvenCore-M running inside the STM32L4 with the external features of the STSAFE-A100 provides a scalable level of security:
The ProvenCore-M RTOS delivers the market-unique level of security by enforcing strict isolation between each application, relying on the STM32L4 hardware mechanisms. It guarantees proper system behavior, even in case of bugs or attacks, and strict integrity and confidentiality of the assets of each task. It also allows the control of which peripheral can be accessed by each application, thus limiting the attack surface of existing drivers, and ensuring platform stability by detecting a denial of service and unresponsive application that can be relaunched automatically.
The STSAFE-A100 completes the STM32L4 and ProvenCore-M platform by providing a tamper-proof device with secure storage and cryptographic coprocessor to execute secure boot, firmware updates, and ProvenCore-M applications, e.g. TLS key storage and negotiations. The high level of resistance to attacks, including physical ones, of the STSAFE-A100 guarantees that the most sensitive secrets of the platform are safe from divulgation or cloning. The protection provided by the STSAFE-A100 against physical attacks, fault injection, and side channel attacks is very effective. By enforcing direct and exclusive control of the STSAFE-A100, ProvenCore-M is capable of enforcing strict usage of its secrets and of preventing any malicious usage by MCU applications, such as when a low-level driver may serve as an entry point for attack due to internal bugs.