IoT networked devices are becoming more and more popular nowadays. While we enjoy the conveniences brought by these networked devices, we must also bear the risks of these networked devices; and that includes the risk of data being stolen or forged during transmission processes. Therefore security for the data transmission process is a fundamental requirement for all IoT networked devices. The use of cryptography engines to encrypt or encode a series of plaintext data into meaningless garbled codes can significantly reduce the risk of data transmission. However, data encryption and encoding are complicated operational processes and consume significant amounts of CPU resources. Large amounts of data encryption and decryption will cause the CPU performance to decrease; therefore, the use of hardware cryptography is the best option to prevent reduced performance and achieve highest levels of security protection.
Main advantages of hardware cryptography:
- Impregnable security protection: Uses hardware to save and protect keys; entire cryptography processes are performed within the hardware so software programs cannot intervene, crack or steal the keys, achieving the highest level of security protection.
- Increases operational performance: MCU has built-in cryptography processes and does not use up CPU resources; it can also achieve the immediacy requirement for network transmissions.
Hardware cryptography engine types:
||Supports 128bit, 192bit and 256bit key lengths and ECB, CBC, CFB, OFB, CTR, CBC-CS1, CBC-CS2 and CBC-CS3 modes
||Supports ECB, CBC, CFB, OFB and CTR modes
||Supports prime field GF (p) and binary field GF (2m); supports 192bit and 256bit key lengths
||SHA-160, SHA-224, SHA-256, SHA-384與SHA-512
||HMAC-SHA-160, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384與HMAC-SHA-512
- AES (Advanced Encryption Standard)：This is a repeated operation with symmetric key grouping cryptography; it can use 128, 192 and 256 bit keys and uses 128bit (16byte) grouping to encrypt and decrypt data.
- DES/3DES (Data/Triple Data Encryption Standard)：This uses the multiple encryption concept of Shannon with confusion and diffusion methods to break up and reconstruct raw data so that hackers cannot use statistics or other mathematical analysis techniques to restore the encrypted data.
- ECC (Elliptic Curve Cryptography)：This is an algorithm that creates public key encryption based on elliptic curve mathematics. Its greatest advantage is that under the same security strength, the key length used by ECC is shorter compared to RSA keys; so ECC has better execution efficiency. It is very suitable to be used for environments with limited resources such as smart cards or mobile devices.
- SHA (Secure Hash Algorithm)：This algorithm is a member of the cryptographic hash function family. It can calculate the fixed-length string (message digest) coressponding to a digital message, and if the messages entered are different, there are high probabilities that they correspond to different strings.
- HMAC (Hash-based Message Authentication Code)：This is used to ensure the data integrity of the message and for verifying the data source of the message. A key and message is used as input to generate a message digest as the output mainly to ensure the data integrity of the message and perform verification for the validity of the message source.
Nuvoton strives to provide complete MCU platforms and released the NuMicro M480 seriesthat uses the Arm Cortex-M4 as the core with built-in hardware cryptography engines, in order to satisfy the need of security protection for IoT applications. This series not only provides complete security protection, they also have high performance system designs that can provide up to 90 DMIPS to 240 DMIPS under 72 MHz to 192 MHz clocks, in which the dynamic power consumption can even be reduced to 175μA/MHz when the internal flash is operating, simultaneously satisfying the low power consumption needs of IoT devices.