Develop security functions efficiently with free sample software
The free sample software "AESEA Sample Security Driver" will be officially released in October 2022 to support software development of security functions for the RL78/F23 and RL78/F24 MCUs.
The sample software uses AESEA and TRNG circuits built into the Renesas in-vehicle RL78/F23 and RL78/F24 16-bit microcomputers and performs encryption/decryption processing based on the AES encryption algorithm. The security function can be used simply by incorporating it into the user application software, which greatly reduces development efforts. It also supports Smart Configurator, a Renesas development tool.
* NDA is required to provide the "AESEA Sample Security Driver".
Figure 1. Software structure of AESEA Sample Security Driver
Main Functions:
- AES ECB and CBC modes are processed by the hardware.
- CMAC generation and verification of message data (Message authentication)
- Detects tampering with user application programs stored in Code Flash. (Secure Boot)
- Generates random number seeds, extends the seeds, and gets pseudo-random numbers.
Customers who want to incorporate the security of Evita-light without experience or development resources can use the software for the actuator applications in the latest E/E architecture where new control mechanisms and security considerations are required.
Table 1. ROM, RAM, stack size of the AESEA Sample Security Driver
| ROM (Byte) | RAM (Byte) | Stack (Byte) | |
|---|---|---|---|
| CC-RL | 9.8K | 36 | Max 334 |
| IAR | 10.8K | 36 | Max 342 |
Following countermeasures against threats to the actuator area are also perfectly supported.
Table 2. Examples of threats to the actuator domain and countermeasures
* For challenge and response, (4) is used to create challenge data, and (2) is used to create and confirm response data.
Following the AESEA Sample Security Driver, the security software libraries shown in Table 3 will be released in sequence. This is free security software that does not require an NDA contract that can be used not only with RL78/F23 and RL78/F24, but also with existing RL78/F13, RL78/F14, and RL78/F15 MCUs. Security processing can be performed efficiently with an in-vehicle 16-bit microcomputer.
*Libraries for RL78/F13 and RL78/F14 will target products with 8KB or more RAM.
Table 3. Security software library
| Item | Description | Release | |
|---|---|---|---|
| Alpha version | Official version | ||
| SHA-256/384/512 | Software library for calculating hash values output 256/384/512-bit message digest | 2022/9 | 2023/2 |
| RSA-2048/3072 | Software library for signature generation and verification of RSASSA-PKCS1-V1.5 with a key length of 2048/3072 bits | 2022/9 | 2023/2 |
| ECDSA (Verification only) | Software library for signature verification using elliptic curve digital signature algorithm | 2023/7 | 2023/12 |
In the case of cryptographic algorithms that do not use a common key or secret key, the processing speed is slow, but the software is device-independent and has a high degree of freedom. If a coprocessor or the like is installed in a product and a vulnerability is found, it will cost a huge amount of effort to fix it.
Remarks: Free sample software has no warranty and no support.
Easy to start security with Renesas Solution Starter Kit for RL78/F23 and RL78/F24
A Renesas Solution Starter Kit (RSSK) bundled with the free sample software (AESEA Sample Security Driver) introduced in Part 1 will be built. It enables software development of security functions while checking the actual operation and results on the actual board and GUI software.
Figure 2. RL78/F24 Security RSSK development schedule
Security RSSK Version 1 is planned to be released in early 2023. It allows encryption/decryption and key registration using RL78/F24 target board and terminal software only for users who have signed NDA.
Figure 3 shows an image of Security RSSK v1. Connecting the serial data transmission (TxD)/reception (RxD) of RL78/F24 to the PC with a serial USB conversion cable, etc., and using terminal software on the PC to support software development of security functions.
Figure 3. Image of software development using Security RSSK v1
As the second step, Security RSSK v2 will be released around October 2023. It is a set with a dedicated security board and GUI. Security RSSK v2 enables security functions such as encryption/decryption, secure boot, key registration, random number generation, and challenge & response to be executed with GUI operations. Beginners of security applications can use it to study security functions. Therefore, users who have not signed an NDA will be able to use it with some functional restrictions (for example, usage of challenge and response for authentication function).
Figure 4 shows the block diagram of Security RSSK v2. CAN FD/CAN, debug and USB interfaces, as well as an output/display LED, LCD, and speaker are prepared. Flash memory is used for reprogramming and as a user program storage area if an NDA is not signed.
Figure 4. Block diagram for Security RSSK v2
Table 4 shows the main functional differences between with and without an NDA. Note that functional restrictions can be removed after signing an NDA.
Table 4. Functional differences with and without an NDA
| Item | With NDA | Without NDA |
|---|---|---|
| Debug function | Available | Not available |
| Option Byte | Configurable | Not configurable (fixed value) |
| Key/Data Length | No limit | Limited |
| Secure Boot | No limit | Limited |
Figure 5 shows the GUI image of the key calculation tool based on SHE, which is one of the GUI images of Security RSSK v2. Current key storage status can also be displayed in the GUI.
Figure 5. GUI image of key calculation tool based on SHE
The development of Security RSSK is ongoing. The content and schedule are subject to change, as it is still in the planning stage. We hope that it can be adapted to various needs, such as those who want to develop software efficiently even with limited security knowledge and/or resources and those who just want to use security functions, or just for study.
If you are interested, please contact your local Renesas sales representative.