October 2015
32
M
icrocontrollers
is an important asset for them to protect, they
are more likely to spend money on tamper-re-
sistant security features.
Combining a microcontroller with a secure
element can add banking grade security to
your embedded system (figure 2). A secure
element is a tamper-resistant IC that provides
secure storage locations for keys and certifi-
cates and often includes hardware-accelerated
RSA and ECC for faster authentication. While
the hardware-accelerated AES encryption is
still handled by the faster microcontroller, the
secure element improves device integrity and
takes the lead in establishing trust and pro-
tecting AES keys.
NXP Semiconductors recently announced
LPC18Sxx and LPC43Sxx microcontrollers
– extensions of their existing LPC1800 and
LPC4300 Series – that add hardware features
for code and data protection (figure 3). The
LPC18Sxx and LPC43Sxx families include
a number of high-end connectivity features
such as Ethernet, two Hi-Speed USB, SDIO
(important for fastest connectivity to WiFi
modules). There are versions with support for
Graphic LCD connectivity. Most NXP LPC
microcontrollers offer a Code Read Protec-
tion (CRP) feature that can be used to protect
the developer’s code. The security features
added include an AES-128 hardware accelera-
tor, a true random number generator and two
128-bit locations in one-time programmable
memory for storage of AES keys. The two 128-
bit one-time-programmable (OTP) key loca-
tions help protect against attempts at remote
key extraction via a software hack. Once the
keys are written (in a scrambled format) into
OTP, they are no longer accessible via software
or JTAG boundary scan. The keys can only be
accessed by the internal AES hardware block.
The LPC18Sxx and LPC43Sxx microcon-
trollers include both flash (512kB to 1MB
internal) and flashless versions. The flash-
less versions must boot on reset from exter-
nal memory locations – say an external QSPI
flash – and then run from the large internal
RAM. To protect the code from being seen
during the boot, an encrypted image can be
stored in the QSPI and on reset, the LPC18Sxx
or LPC43Sxx will read the encrypted image,
verify it with a built-in CMAC message
authentication, decrypt using the AES block
and 128-bit key stored in OTP, and begin exe-
cuting decrypted code from internal RAM.
Both microcontrollers are suited to any IoT
application requiring extensive connectiv-
ity and microcontroller performance. This
could include industrial controls, industrial
automation or diagnostic applications, smart
home products including thermostats and
access control, automotive aftermarket, and
consumer products like musical instruments,
printers and other internet connected acces-
sories. Another application is a secure IoT
gateway. Here, the microcontroller provides
high-speed encrypted connectivity with hard-
ware-accelerated AES via Ethernet or SPI to
WiFi. Cypherbridge Systems, an NXP soft-
ware partner, provides an IoT and cloud-con-
nected software development kits for the
LPC18Sxx and LPC43Sxx that take advantage
of the AES hardware acceleration.
To add banking grade security, an NXP A7-se-
ries secure element can be connected to the
microcontroller via an I2C interface. The A7
secure element will handle hardware-acceler-
ated authentication and provide secure stor-
age for persistent certificates for cloud storage.
Two evaluation boards that include the
LPC18S37 or the LPC43S37 microcontroller
and an A70CM secure element are available
from distributors. ESL Smart Solutions has
created EMap, a secure IoT Gateway, using the
LPC18S57 microcontroller and Cypherbridge
Systems software security libraries. EMap is a
highly secure Internet of Things (IoT) gate-
way. It is available as an off-the-shelf product
or as part of a cloud development kit (CDK).
Growth in connect devices is inevitable and
with it comes various levels of risk. NXP offers
a spectrum of solutions to embedded design-
ers to address the appropriate level of code
and data security for their applications.
n
Figure 3. LPC43Sxx block diagram. The LPC18Sxx offers similar features with a Cortex-M3 core.
Product News
Microchip doubles Flash memory and
adds new security options PIC24F MCUs
Microchip announces the expansion of its
eXtreme Low Power (XLP) PIC microcon-
troller portfolio. Features of the new PIC24F
“GB4” family include an integrated hardware
crypto engine with both OTP and Key RAM
options for secure key storage, up to 256 KB
of Flash memory and a direct drive for seg-
mented LCD displays, in 64-, 100- or 121-
pin packages. Dual-partition Flash with Live
Update capability allows the devices to hold
two independent software applications, and
permits the simultaneous programming of
one partition while executing application
code from the other. These advanced fea-
tures make the PIC24F “GB4” family ideal
for designers of industrial, computer, med-
ical/fitness and portable applications that
require secure data transfer and storage, and
a long battery life.
