Image
RX Security Solutions
Jump to Page Section:
In response to growing threats to IoT devices, RX 32-bit microcontrollers (MCUs) provide security solutions that will protect against threats throughout the lifecycle of IoT devices, from autonomous security and the design phase to end-of-life.
Features
Autonomous security for IoT endpoint devices is provided by Renesas' proprietary hardware secure IP (Trusted Secure IP)
IoT devices that are located in a network environment are constantly exposed to a variety of threats. However, if the IoT endpoint device itself is secure, it can protect itself from threats and prevent malicious and unauthorized behavior, even in an unsafe network environment. RX has strong security technology using Trusted Secure IP, Renesas' proprietary hardware for secure IP, and provides autonomous security for IoT endpoint devices.
RX Security Solutions
Hardware: RX Microcontroller with Security Hardware IP to Protect Against Threats
RX is equipped with Trusted Secure IP, which cannot be accessed externally. Key data and the cryptographic engine in Trusted Secure IP are strongly protected. Also, it combines area protection features and RX-specific features to protect authentication programs from tampering threats. With this, you can build a system with Root of Trust that provides self-sustaining security and provides easy and robust protection from a variety of threats.
Image
Microcontrollers with Trusted Secure IP
| On-board IP Function Comparison | Trusted Secure IP-Lite | Trusted Secure IP | ||
|---|---|---|---|---|
| Supported RX MCU | RX200 | RX231 RX23W RX26T | — | |
| RX600 | RX66T | RX651 RX65N RX671 RX66N | ||
| RX700 | RX72T | RX72N RX72M | ||
| Basic Functions | Common Key Encryption | AES (128/256): ECB/CBC/GCM/CCM | AES (128/256): ECB/CBC/GCM/CCM | |
| — | TDES (56/56x2/56x3): ECB/CBC | |||
| Public Key Encryption | — | RSA (1024/2048): Encryption/Decryption Signature generation/Signature verification Key generation (1024/2048) ECC (p-192/224/256): Encryption/Decryption Signature generation/Signature verification Key generation (192/224/256) | ||
| Hash | — | SHA-1, SHA-256, MD5 | ||
| Message Authentication | CMAC (AES), GMAC | CMAC (AES), GMAC, HMAC | ||
| Random Number Generator | Random number generator (SP800-90 compliant) | Random number generator (SP800-90 compliant) | ||
| Key Update Function | AES key update | Key update for AES, TDES, RSA, ECC key update | ||
| SSL/TLS Integration Function | — | SSL/TLS support function (TLS1.2 compliant) | ||
Software
We provide you with the drivers that make Trusted Secure IP work, as well as secure update and secure boot sample programs to use the RX-specific features so you can deploy security quickly and easily.
| Software Components | Description |
|---|---|
| Trusted Secure IP Driver | Write keys and firmware to a dedicated driver that runs Trusted Secure IP for the microcontroller |
| Secure Updating | A sample program that provides tamper detection/prevention by authentication when updating a program (Included in Trusted Secure IP driver package) |
| Secure Boot | A sample program that prevents hijacking by detecting tampering during program execution (stops execution) (Included in Trusted Secure IP driver package) |
Securely Encrypt Your Keys with Our "Key Wrap Service"
Securely encrypt keys on the dedicated Renesas webpage
- Keys are delivered using secure Pretty Good Privacy (PGP)*
- Instantly generate and provide encrypted keys with auto attendants
- This is immediately available after initial user registration
*Pretty Good Privacy (PGP): Public-key cryptography based cryptographic software used to encrypt files and emails
To request this service, contact your Renesas sales representative or through a technical inquiry.
Evaluation Kits: Trusted Secure IP Ready Evaluation Kits
Renesas offers evaluation kits that allow you to evaluate robust security immediately, contributing to reducing the turn-around time (TAT) for development of security-enabled devices. An NDA is not required for the manual and driver for Trusted Secure IP.
Trusted Secure IP Ready Evaluation Kits
| Renesas Starter Kits | Gadget Renesas GR-ROSE Board | Envision Kits | Renesas Flexible Motor Control CPU Board | |
|---|---|---|---|---|
| External Appearance |  |  | Image
 | Image
 |
| Supported MCU | RX231 RX66T RX72T RX65N RX671 RX72N RX72M | RX65N | RX72N | RX26T |
| Features | Renesas evaluation kits that enable you to evaluate the full functionality of the MCU | Small evaluation kit for Wi-Fi-equipped IoT devices | Ideal for evaluation of HMI and security functions. Built-in debugger. | Ideal for evaluation of motor control and security functions. Built-in debugger. (Separately sold inverter board required for motor control) |
| How to Purchase | Contact Renesas* | Akizuki Denshi Tsusho Chip One Stop, Inc. Marutsu | Buy | Buy |
*Contact your Renesas sales representative or sales office.
Achieving DLM with RX Security Solutions
There are various threats during the lifecycle of a user's product. You need not only security features for the device, but also secure operations throughout the lifecycle to respond to these threats. This way of thinking is called Device Lifecycle Management (DLM). RX security solutions support DLM and also make robust and advanced security management from the product lifecycle operation aspect possible.
Partners
Provides Trusted Secure IP enabled SSL/TLS
Enables differentiated software security features on the RX100 MCU Series
Certification
General-Purpose MCUs that Comply with International Security Standards
RX microcontrollers with Trusted Secure IP are robust and reliable general purpose microcontrollers with NIST*2 FIPS*3 140-2 Level 3 CMVP certification applicable to HSM*1 and IC cards. Also, each of the cryptographic algorithms in the Trusted Secure IP is CAVP certified, so they can be used with confidence.
*1. HSM: Hardware Security Module
*2. NIST: National Institute of Standards and Technology
*3. FIPS: Federal Information Processing Standards
1) CMVP: Cryptographic Module Validation Program
A program that verifies that the FIPS 140-2 requirements are met
CMVP Certification with RX65N (2MB Devices)
| Certificate #3849 | |
|---|---|
| Module Name | RX65N-2MB Security Management Module |
| Standard | FIPS 140-2 |
| Overall Level | 3 |
| Module Type | Hardware |
| Embodiment | Single Chip |
2) CAVP: Cryptographic Algorithm Validation Program
A program that verifies that the algorithms approved for FIPS 140 are implemented correctly
CAVP Certified Cryptographic Functions (Cryptography in Trusted Secure IP)
| Cryptographic Algorithm | Validation Number | Operating Environment |
|---|---|---|
| AES | A988 | TSIP |
| RSA | A988 | TSIP |
| ECDSA | A988 | TSIP |
| KAS (ECDH) | A988 | TSIP |
| SHS | A988 | TSIP |
| HMAC | A988 | TSIP |
| DRBG | A988 | TSIP |
| AES | A987 | TSIP-Lite |
| DRBG | A987 | TSIP-Lite |
play_circle_filledVideos
RX Family Secure Firmware Update
Sixth in the RX security video series – Renesas walks through the process of encrypting the application program and performing a Secure Firmware Update using the Renesas Secure Flash Programmer so that the plain text of the application program to be updated is not exposed when updating the application program.
0:00:00 Opening
0:00:23 Recommended Viewing
0:00:53 Secure Factory Programming
0:02:10 Secure Firmware Update
0:06:45 For More Information
Video List
News & Blog Posts
| Protecting 'Highly Confidential Data' in IoT Devices (Part 2) | Blog Post | Sep 12, 2023 | |
| RX Family Software – The Past and the Future – #10 Design of OTA for RX MCU via AWS/Azure | Blog Post | Sep 6, 2023 | |
| RX Family Software – The Past and the Future – #9 Design IoT Latest Provisioning Scheme with RX MCUs | Blog Post | May 31, 2023 | |
| Essential Security Measures to Safeguard Against Threats in IoT Devices | Blog Post | May 19, 2023 | |
| RX Family Software – The Past and the Future - #8: Security for IoT Applications | Blog Post | Apr 18, 2023 | |
| Realizing Secure and High-Speed Communications with RX MCU and wolfSSL's TLS Library | Blog Post | Jun 27, 2022 | |
| RX Family Software – The Past and the Future - #2 | Blog Post | Mar 11, 2022 | |
| Edge Trust Security Service Using RX Microcomputer CMVP Certified | Blog Post | May 20, 2021 | |
| Solution that Strongly Supports the Development and Manufacturing of Secure IoT Devices | Blog Post | Apr 20, 2021 | |
| Implement Robust IoT Security Easily with RX Security Solutions | Blog Post | Feb 13, 2021 |
