Japanese electronics company Renesas has extended its IoT security offering with PSA Certified level two and SESIP certification for its RA family of devices.

The 32bit Arm Cortex-M microcontrollers provide IoT security with the firm’s secure crypto engine and Arm TrustZone.

It has announced both PSA Certified level two and Security Evaluation Standard for IoT Platforms (SESIP) certifications for the microcontrollers (MCUs).

The RA6M4 MCUs with the FSP flexible software package have been PSA level-two certified, expanding on the PSA level one achieved by RA4 and RA6 MCUs. The RA6M3, RA6M4 and RA4M2 MCU groups have achieved SESIP1 certification with physical and logical attacker certifications.

In addition to these recognised industry certifications, the MCUs provide IoT security by combining secure crypto engine IP with Nist CAVP certifications on top of Arm TrustZone for Arm v8-M.

“Renesas understands that security is essential for IoT designers, so we have engineered the RA family from the ground up with security in mind,” said Roger Wendelken, senior vice president at Renesas. “These industry certifications augment what is already the most secure device family in the industry for IoT applications.”

The devices incorporate hardware-based security features from simple AES acceleration to integrated crypto subsystems isolated within the MCU. The secure crypto engine provides symmetric and asymmetric encryption and decryption, hash functions, true random number generation, and key handling, including key generation and MCU-unique key wrapping. An access management circuit shuts down the crypto engine if the correct access protocol is not followed, and dedicated RAM ensures that plain-text keys are never exposed to any CPU or peripheral bus.

“We are glad to work with Renesas on the SESIP and PSA Certified certifications,” said Carlos Serratos, senior director at Dutch security laboratory Brightsight. “Renesas RA family certifications are prime examples of the relevance of security standards for the industry. From an OEM perspective, there is an increasing awareness of the value of certified devices as a tool for managing risk, and for aligning with multiple device certifications. While this is particularly relevant for devices used in critical infrastructures, it is steadily becoming the norm for the rest of the IoT domain.”

PSA Certified offers a framework for securing connected devices, from analysis through to security assessment and certification. The framework provides standard resources addressing the growing fragmentation of IoT requirements, ensuring security is no longer a barrier to product development. PSA Certified through a third-party laboratory evaluation of a PSA root of trust (PSA-RoT), PSA Certified level two provides evidence of protection against scalable software attacks. Evaluation labs use vulnerability analysis and penetration testing of the PSA-RoT to establish if the nine security requirements of the PSA-RoT protection profile have been met.

SESIP is an optimised version of common criteria methodology (ISO 15408-3) for the evaluation of IoT components and connected platforms. It defines a catalogue of security functional requirements (SFRs), which product developers can use to build their secure devices, scaling appropriately for specific threat models and use cases. SESIP also incorporates and refines common criteria security assurance requirements, including the requirement ALC_FLR.2 flaw reporting procedures, which Renesas addresses with its PSIRT product security incident response team process and public web interface. Specifically designed for SFR reuse and mapping to other certifications, the SESIP methodology enables product developers to pursue appropriate certification of their device to other industry-standard certifications such as IEC 62443.

The RA family ecosystem accelerates the development of IoT applications with core technologies such as security, safety, connectivity and HMI. Designing with RA MCUs is said to make it easier for engineers to develop IoT endpoint and edge devices for industrial and building automation, metering, healthcare, and home appliance applications. The family includes the RA2 up to 60MHz, RA4 up to 100MHz, RA6 up to 200MHz, and the single and dual-core RA8, to be released later.