Long-Term Support for Infrastructure Environments

As more devices and infrastructure systems connect to the network, the potential risk and implications of a security breach continue to climb. Renesas is bringing its industry-leading track record to bear on security issues facing civil infrastructure and industrial devices, as well as developing Open Source Software (OSS) that will form the foundation for highly reliable civil infrastructure systems.

As part of Renesas’s commitment, we have been contributing to the Civil Infrastructure Platform™ (CIP™) Initiatives, an open collaborative project hosted by the Linux Foundation™ and driven by the world's leading manufacturers of civil infrastructure systems, to establish a “base layer” of industrial-grade tooling using the Linux kernel and other open source projects. In addition, cybersecurity is a key element for CIP in order to secure civil infrastructure. For the details of CIP project, please refer to https://www.cip-project.org/.

Learn more

Security Solutions

RZ/G Series

RZ/G series products incorporate Renesas’s Trusted Secure IP, hardware security IP which allows for protection of keys and the cryptography engine. The security software is provided as a part of the “Verified Linux Package”, consisting of a security driver, an encrypted kernel loader, and security middleware.

RZ/G security hardware and software
Definition Contents
Security Driver

Driver software for Trusted Secure IP

  • For Encrypted Kernel boot
  • For Encrypted Communication (SSL/TLS)
  • Basic encryption for secure storage

[ AES CBC (128 bits, 256 bits), RSA (1024 bits, 2048 bits), SHA-1, SHA-256, HMAC (SHA-1, SHA-256), CMAC (AES-128, AES-256) ]

Encrypted Kernel Loader Loader software for Encrypted Kernel Boot
Security M/W

Middleware that provides security functions

  • TLS v1.2 (SSL/TLS) -- cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
  • Secure Storage -- Function of encryption/decryption by IP unique key
图像
Verified Linux Package Block Diagram

Based on a robust set of security features in both hardware and software, the RZ/G security solution offers a broad range of security features that addresses encrypted kernel booting, encrypted communications, secure software update, and secure storage, protecting user products from network threats in the age of IoT.

RZ/G security solution features
RZ/G security function using built-in Trusted Secure IP Security effect
Software tamper detection / authentication
  • Encrypted kernel boot function (tampering judgement at startup).
  • Update mechanism of software linked with cloud server.
Tamper detection by software authentication / prevention (protection)
Encrypted communication
  • Function for SSL/TLS protocol communication.
  • Utilize Secure IP to protect keys for authentication and to establish secure communication path.
Communication protection
Storage protection
  • Data protection function secured in products.
  • Data encryption/decryption with Secure IP unique key.
Data protection

Learn more about RZ/G Series

RZ/G IEC 62443-4-2 READY

As an initiative for the IEC 62443 series which has attracted attention as the de facto standard for cyber security in the industry, we will provide solutions for the RZ/G Linux platform which are suitable for industry, including highly robust security features. These solutions will let suppliers of Industrial Automation and Control System (IACS) certify using the IEC 62443-4-2 standard.

Learn more about RZ/G IEC 62443-4-2 READY

视频

Secure OTA for MIRACLE Secure OTA IoT

Secure OTA for MIRACLE Secure OTA IoT

Miracle Linux Corporation

MIRACLE Secure OTA is a cloud system that realizes secure data deployment and updates that can be used by RZ/G. The premise is that the IoT device will be connected to the internet, and because a lot of people will be able to access it network-wise and physically, it will be exposed to various threats that were not there before. Here, in order to avoid unauthorized operation, it is important to update as a countermeasure once a weakness is spotted, and to control unexpected behavior by preventing such as unauthorized logins and software intrusion.

MIRACLE Secure OTA uses various certification and performs mutual authentication of the developer and the device, preventing unauthorized software to enter the IoT device. The developer will be given a developer certificate and authenticated in order for them to use the MIRACLE Secure OTA. Once the developer uploads an update file, it will be signed at the MIRACLE Secure OTA cloud. The MIRACLE Secure OTA cloud checks the product certificate of the destination device, and verifies if it is a regulated device. In RZ/G’s case, the product certificate is stored in the security region TSIP. Because the certificate cannot be controlled from the outside, the certificate’s safety can also be secured. When the distribution is performed, the update file will be downloaded only for the device that has a certificate. The electric signature and the product certificate will be compared, and only the correct software will be applied. By using this system, you will be able to prevent the application of unauthorized software and tampering of content by rogue developers, and protect the correct operation of IoT devices. As the distributable data ranges from a few bytes up to several gigabytes, it can widely support from the modification of minute contents to the major version upgrade of firmware and OS level.