Home » Electronic News » Tailor-made, Infineon OPTIGA Trust M2 ID2 helps IoT devices to move securely to the cloud

Tailor-made, Infineon OPTIGA Trust M2 ID2 helps IoT devices to move securely to the cloud

Posted by: Yoyokuo 2022-08-05 Comments Off on Tailor-made, Infineon OPTIGA Trust M2 ID2 helps IoT devices to move securely to the cloud

Entering the era of “Internet of Everything”, more and more devices are connected to the Internet of Things. With the development of technology, the Internet of Things is given more and more definitions, and is even called a magical force to change the world. According to data from McKinsey Global Institute, the entire global IoT market will have a rapid growth of US$4-11 trillion in 2025; by then, it is expected that the number of IoT connections in my country will exceed 20 billion units in 2025; by 2022, my country’s IoT The market size has reached 750 billion yuan.

With the help of new technologies such as 5G, cloud computing, artificial intelligence and blockchain, in the form of the Internet of Things, it has brought more convenient services to our lives, such as smart medical care, smart home, smart community, autonomous driving… more More and more emerging industries with the concept of the Internet of Things appear around us. However, with the development of the IoT market comes security risks.

The first sentence of Dickens’s “A Tale of Two Cities” mentioned: “This is the best of times, and it is also the worst of times.” In today’s Internet of Things era, this sentence still has a profound warning effect. There is often only one difference between “the best” and “the worst”. A large number of devices with potential security risks connected to the Internet of Things will bring unpredictable threats to the infrastructure. Consumers’ concerns about security issues have also inhibited the development of the Internet of Things to a certain extent.

Countries around the world, including China, are actively creating some laws and regulations related to information security in the Internet of Things era, hoping to gradually regulate and ensure the security development of the Internet of Things through a top-down approach. At the same time, companies engaged in security have also launched security solutions for the Internet of Things. Among them, OPTIGA Trust M2 ID2, a hardware security chip-based solution recently launched by Infineon, stands out. Cheng Hao, Marketing Manager of Infineon Technologies’ Security and Interconnected Systems Division, said: “The development process of the Internet of Things is similar to the Internet. It will go through a process from questioning to gradual acceptance, habituation to final dependence. We only need to add some reasonable security mechanisms and The solution to solve some of the public’s concerns and concerns about the security of the Internet of Things is bound to help the entire Internet of Things to take a relatively solid step forward.”

Hardware-based security is the most reliable

Currently, there are three commonly used security solutions for IoT devices: no security, software-based security, and hardware-based security.

Tailor-made, Infineon OPTIGA Trust M2 ID2 helps IoT devices to move securely to the cloud

At present, more and more IoT device manufacturers and cloud service providers have gradually realized some security risks in the IoT field of smart homes and other smart industries. If no security solution is cited in the system design, it means that All key data and codes in the system will be directly open to everyone, which undoubtedly faces great risks in practical application.

Based on cost or other considerations, many enterprises and cloud service providers will adopt some solutions based on software implementation. It can be used to prevent illegal access on some logical calls and reduce some risks brought by the software’s own vulnerabilities. However, software solutions generally run in a general-purpose MCU and CPU environment. Such solutions have several major drawbacks: data is easy to be accessed and read, even copied and tampered with, analyzed and understood; pure software-based solutions There is no way to achieve a “root” of trust for the entire system in a secure system.

The OPTIGA Trust M2 ID2 security chip launched by Infineon is a solution based entirely on hardware security chips. The biggest advantage is that it can be used to defend against hardware-level attacks. Some of these specially designed hardware logic can better protect the storage of data; even through very professional reverse engineering, the original data cannot be easily cracked and cracked; in addition, some professionally designed and standard codes are difficult to crack And understand; the most important point is that the hardware-based security chip solution can achieve a trusted “root” for the security of the entire system.

Design process with IoT devices in mind

Cheng Hao said that Infineon customized the security chip product by considering the characteristics and demands of IoT devices from the early stage of the design of the security chip.

Tailor-made, Infineon OPTIGA Trust M2 ID2 helps IoT devices to move securely to the cloud

First, IoT devices have very limited MCU resources. The pure software method is bound to occupy more resources of the already very tight main control and MCU. The security chip will implement security functions with very lightweight resource occupation, and all security functions will run inside the security chip without occupying additional resources.

Second, IoT devices, especially some small home appliances, are getting smaller and smaller. Trust M2 ID2 currently has the industry’s smallest package size, which can meet all kinds of devices, especially portable devices with smaller size and stricter requirements.

Third, IoT devices will have higher and higher requirements for power consumption. Trust M2 ID2 can achieve the state of “0 power consumption” through some suitable peripheral circuits. At the same time, Infineon has selected relatively lightweight encryption algorithms such as ECC and elliptical encryption algorithm, which can achieve “zero power consumption” of the device under a reasonable security level, and at the same time, the device does a certain amount of encryption in a short time. Decryption and security related functions.

Fourth, considering that some home appliances or IoT devices are currently cost-sensitive, Infineon has also controlled costs to a certain extent. Trust M2 ID2 will now be more used in various embedded operating systems.

Fifth, the most critical point is the cross-domain product design, which is the ease of use and integration of the security chip. Trust M2 ID2 has integrated all security-related codes and underlying operating systems into the product, and IoT device manufacturers do not need to develop these complex security application functions by themselves. After embedding the security chip into the device and making a connection with the main control, integrating a small piece of code on the main control side can directly drive the security chip to realize related security functions. At present, the Trust M2 ID2 software code, including the code of the main control terminal driver security chip, have been directly open sourced on Github.

Sixth, at the hardware level, the form of the Trust M2 ID2 package is very simple. It only needs to be connected to the main control terminal in the device through the standard I2C interface.

Five Features of OPTIGA Trust M2 ID2

Tailored to the challenges of IoT design, the Trust M2 ID2 has five main performance characteristics.

Tailor-made, Infineon OPTIGA Trust M2 ID2 helps IoT devices to move securely to the cloud

1. Two-way authentication function. In the entire system architecture of the Internet of Things, in addition to the authentication of the cloud or the server is very important, the identification of the device itself is also very important to the cloud. Trust M2 ID2 can store multiple sets of keys and certificates to complete mutual authentication between IoT devices and the cloud, as well as with other devices. At the same time, the device loaded with the security chip can also perform two-way authentication with other controllers and devices in the ecosystem.

2. Secure communication. In many current IoT devices or applications, the data transmitted on the link or on the road itself does not have any encryption mechanism for data protection, especially involving the transmission of some user privacy data and some sensitive key data. . The Trust M2 ID2 product itself can ensure that the communication between the device and the cloud and with other devices is completely encrypted, eliminating the security risks transmitted on the link. The Shielded Connection function also ensures the security of data transmission within the device.

3. Security firmware upgrade. At present, many IoT attacks actually attempt to gain control over the device by forging some firmware packages. For ordinary users, they have no ability to identify themselves. Trust M2 ID2 can help the device realize the function of identifying the source of firmware upgrade package through the function of “trusted root”.

4. Personalized data writing. The Aliyun Link ID² IoT security token has been preset before the Trust M ID2 leaves the factory. The advantage is that even if the data stored in the security chip is attacked by the outside, the data stored in the security chip cannot be intercepted and analyzed by the outside, which is also a big advantage of the hardware security chip.

5. Platform integrity verification. For some systems that require secure boot, the device has the ability to verify whether the operating system or software installed on the device has been tampered with to defend against attacks.

Three application scenarios

In some application scenarios with high demands on security, Trust M2 ID2 can play its unique advantages.

1. Smart Speaker

In addition to listening to music instead of traditional Bluetooth speakers, smart speakers can also access the Internet in a more convenient voice form, and can interact with users by voice. Now smart speakers are used as a node for voice interaction with smart home appliances in the whole house. Users can control curtains, light switches, etc. through voice. However, with such a convenient voice interaction, many users worry about their personal privacy being monitored.

Tailor-made, Infineon OPTIGA Trust M2 ID2 helps IoT devices to move securely to the cloud

Trust M2 ID2 has the function of data storage encryption, which can store account information, ID information or password inside the security chip. Without the account and password of the cloud service provider, it is impossible to log in for security control.

In addition, the two-way authentication function of the security chip can also ensure that the smart speaker will only process information that has been authenticated by legitimate sources. When hackers or strangers “open the door” or “open the window” by forging remote voice information, the smart speaker has The ability to identify whether the device that manipulates it belongs to a legitimate source.

In addition, through the data encryption function, it can be ensured that all data exchanged between the device and the server cloud are transmitted in encrypted form. Even if the data is intercepted by hackers, the information of the original data cannot be deciphered.

2. Smart Factory

In the past two years, there have been many cases in foreign countries where smart factories were attacked by hackers, causing the entire production line to be paralyzed. In addition to the shutdown of the production line, the more terrible loss is the leakage of some core technologies and key data of the enterprise.

Tailor-made, Infineon OPTIGA Trust M2 ID2 helps IoT devices to move securely to the cloud

Infineon has already implemented the “Industry 4.0 Intelligent Factory” security solution abroad. Through terminal equipment such as robotic arms in intelligent factories, or products on integrated PLCs, and embedded Trust M security chips, industrial equipment and industrial edge The gateway communication data is encrypted.

3. Webcam

Among the IoT devices, the webcam is one of the earliest explosive devices and has entered thousands of households. But at the same time, it is also one of the devices that the hackers focus on. Because of the characteristics of monitoring, the network camera will become the target of many criminals.

One of the main reasons why many cameras are currently hacked is its “weak password”. Integrating the OPTIGA Trust M2 ID2 chip in the camera can ensure secure encryption of the communication data between the camera and the cloud service.

IoT is already changing the way people live. “We don’t need to be resistant to the Internet of Things for some potential security risks. Infineon’s goal is to improve the security level of the entire Internet of Things through the introduction of security chip solutions, including cooperation with partners such as Alibaba Cloud. , to help everyone enjoy the convenience and fun brought by the Internet of Things better and more at ease.” Cheng Hao pointed out.

Highest chip security certification level

As a security chip, how secure is the OPTIGA Trust M2 ID2?

answer:This is a security chip with the highest security level certification, CC EAL6+ certification.

CC EAL6+ certification is actually aimed at the financial field. At present, there is no so-called authoritative third-party security certification level requirement in the Internet of Things field. Infineon hopes to apply the certification system standards with the highest security requirements in the financial field to the field of IoT security. CC certification is a certification for the integration of “software + hardware”. It not only depends on the ability of hardware to defend against physical attacks, but also whether there are loopholes in the software. Therefore, it is a very comprehensive certification level.

In addition to meeting the financial level CC EAL6+ certification, the Trust M2 ID2 also meets the ICA (Alibaba Cloud-led IoT Ecosystem Certification), which focuses more on applications in IoT devices, such as: the security chip is equipped with an Alibaba Cloud Link ID² application, it will perform an application-level authentication on the ID² application security level. Therefore, Trust M2 ID2 has passed different certifications for security level protection from the underlying hardware, software, operating system to upper-level applications.

The Trust M2 ID2 chip is a collaboration between Infineon and Alibaba Cloud, and is launched based on the security requirements for IoT devices to go to the cloud. With Infineon’s highest-level security chips and Alibaba Cloud’s influence in the entire IoT ecosystem, it is expected to influence and strengthen the security awareness of domestic IoT device manufacturers and cloud service providers.

Once it is safe and worry-free, people will enjoy the IoT life more freely!

The Links:   B612F-2T-8653 CM300DY-12HE