Secure Your World with Security-Focused MCUs
Security threats are increasing exponentially in terms of frequency, targeted devices, malignancy and costs of attacks. In today’s vast interconnected world, the need to provide greater security within a product or system is becoming a standard requirement. To stay one step ahead of the criminal element and prevent theft of software/hardware, intellectual property and data, or communications services, customers today are designing their products with an eye on providing robust, connected and secure systems.
The CEC1302 and CEC1702 are full-featured 32-bit ARM® Cortex® -M4F-based microcontrollers that enable secure boot of system firmware, providing an immutable identity and a root of trust to ensure that the firmware is untouched and hasn’t been corrupted. These microcontrollers can be used as a standalone microcontroller, while also providing easy-to-use authentication, private key and customer programming flexibility to minimize customer risk.
CEC1302
- Ensures firmware is untouched and uncorrupted with a quick pre-boot authentication of the system firmware
- Protect the system from malware or memory corruption by authenticating firmware updates
CEC1702
- Reduce compute time with the hardware cryptographic cipher suite
- Protect secrets with encryption
- Validate firmware has been digitally signed and untouched using public key cryptography
Security Capabilities
The CEC1x02 device family provides a variety of robust hardware based crypto algorithms to meet your protection needs.Everybody today is worried about security. We see the market moving to authenticated boot as a way to protect your overall system. One of the worries is that when you try to boot your system, it won’t work because someone has compromised it.
One solution being adopted is secure boot which ensures the integrity of the software running on a platform. We provide secure boot capabilities to ensure the authentication of the embedded firmware prior to boot of the system. Secure boot relies on public/private keys to verify the digital signature of the code before execution. This confirms that only the code which you intend to be loaded is loaded and used, protecting your system from malicious code. Every time you boot the machine, you have the exact same expectation of the performance of your machine.
The types of crypto curves that are supported are: AES256, SHA-512, RSA-4096, ECDSA, Curve25519, Ed25519, True Random Number Generator and Public Key Engine (PKE)
| Crypto Curves | CEC1302 | CEC1702 |
|---|---|---|
| Symmetric Encryption | AES128, AES192 and AES256 | same |
| Modes: ECB, CBC, OFB, CFB, CTR | same | |
| One cycle per byte | same | |
| 100x faster than FW | same | |
| Saves up to 8 KB-15 KB code | same | |
| Hashing | SHA-1, SHA-256 | adds SHA-512 |
| One cycle per byte | same | |
| 100x faster than FW | same | |
| Saves up to 2 KB code | same | |
| Public Key Engine (PKE) | 20x-50x faster than FW | 8x faster than CEC1302 |
RSA | RSA-512 to RSA-2048 | RSA-1024 to RSA-4096 |
| Modular Arithmetic Primitives | same | |
ECC | Keys from 160 to 256 bits in GF(p) | Keys with 192 to 640 bits in GF(p) |
| Keys with 160 to 640 bits in GF(2m) | ||
| Curve25519 (ECDSA support) | ||
DSA | no | ECDSA, EC-KCDSA, Ed25519 |
Other | Secure Remote Password (SRP) | |
| Miller-Rabin Primality Testing | ||
| Random Number Generator | True RNG | same |
| 1K FIFO for pre-calculation | same | |
| Monotonic Counter | No | Yes |
| User Programmable OTP | 500 bits | 2.5K bits |
| (in addition to key space) | ||
| Memory Protection Unit | No | Yes |
Please email us at security_help@microchip.com for more information.