The National Institute of Standards & Technology (Nist) has certified a family of 32bit microcontrollers from Japanese electronics giant Renesas to provide security when deployed in IoT devices.

The RA family of MCUs has achieved CAVP cryptographic algorithm verification programme certification for its suite of cryptographic algorithms.

The 32bit Arm Cortex-M microcontrollers offer IoT security with Renesas’ SCE secure crypto engine and Arm TrustZone.

The drivers use the certified SCE9 protected mode and are included in the RA family’s flexible software package (FSP) v3.6.0 and later.

The Renesas RA6M4, RA6M5, RA4M2 and RA4M3 MCU groups all received Nist CAVP certification of a suite of cryptographic algorithms, including multiple modes of AES, hashing, RSA and ECC key generation and authentication, key agreement schemes, and DRBG. CAVP certification provides independent verification of the correct implementation of the cryptographic algorithms, which is vital to ensure connectivity interoperability.

Rnesas announced last year that RA devices received both PSA Certified Level 2 and Security Evaluation Standard for IoT Platforms (Sesip) certifications.

“With CAVP certification, in conjunction with the existing Sesip 1 and PSA Certified Level 2, Renesas provides the industry’s most comprehensive IoT security,” said Roger Wendelken, senior vice president at Renesas. “Customers in a broad range of connected application segments can implement the RA family with supreme confidence that their data will be secure.”

Renesas’ integrated security architecture is time and energy efficient with unlimited secure key storage. An independent evaluation to compare SCE9 protected mode operation to a selection of secure elements was recently completed.

“The SCE9 doesn’t just pack a significant amount of cryptographic compute power, but getting rid of a serial interface, usually I²C, to an externally connected device provides various advantages,” said Mario Noseda from Zurich University of Applied Sciences. “The high clock frequency of the internal data bus greatly reduces the data transmission time between the MCU and the SCE9. But even more important is the complete elimination of a point of attack, which is a huge selling point for an MCU containing the SCE9.”

Proper handling of cryptographic keys is vital to maintaining the integrity of a secure product. The security key management tool provides a straight-forward mechanism for preparing keys for secure installation and updates, supporting development, production provisioning and key updates for products in the field.

The GUI is designed to assist developers, particularly those new to security, to create prototypes and proofs-of-concept with test keys. The command line interface coordinates across multiple developers and supports production key management of key provisioning and update. Downloadable application projects demonstrate how to perform secure key installation and updates for development and production using the available Renesas tools.

In addition to these industry certifications, the RA MCUs provide IoT security by combining SCE IP with Nist CAVP certifications on top of Arm TrustZone for Arm v8-M. RA devices incorporate hardware-based security features from simple AES acceleration to integrated crypto subsystems isolated within the MCU.

The secure crypto engine provides symmetric and asymmetric encryption and decryption, hash functions, true random number generation (TRNG), and key handling, including key generation and MCU-unique key wrapping. An access management circuit shuts down the crypto engine if the correct access protocol is not followed, and dedicated RAM ensures that plain-text keys are never exposed to any CPU or peripheral bus.