Kinetis + mbed = the secure connection in IOT - Arm · PDF fileKinetis + mbed = the secure...
Transcript of Kinetis + mbed = the secure connection in IOT - Arm · PDF fileKinetis + mbed = the secure...
EXTERNAL USE
PING LIANG SENIOR TECHNICAL MARKETING MANAGER OF
MICROCONTROLLERS & MICROPROCESSORS
Kinetis + mbed = the secure
connection in IOT mbed Connect China, Shenzhen
Dec 15, 2015
1 EXTERNAL USE
SECURE EMBEDDED PROCESSING SOLUTIONS
for the
2 EXTERNAL USE
Internet of Tomorrow Smart, Connected
and Secure
Increasing complexity of data collection,
handling & processing for delivering value added information.
Smart
Healthcare
Smart Thermostat
Smart Home
Smart Wearable
Smart Vehicle
Smart Hospital
Smart Home
Smart City
Smart Health
Smart Highway
V2V & V2I
3 EXTERNAL USE
Connecting ‘Things at the Edge’ to the ‘Cloud’
MCU
Sensors
Energy
RF
Edge Nodes PAN/LAN
Connectivity
Gateway WAN
Connectivity
Cloud
Application/Action
BIG Data
4 EXTERNAL USE
Connecting ‘Things at the Edge’ to the ‘Cloud’
MCU
Sensors
Energy
RF
Edge Nodes PAN/LAN
Connectivity
Gateway WAN
Connectivity
Cloud
Application/Action
BIG Data
5 EXTERNAL USE
Time to
Market
Scalable
Ease of
Use
Energy
Efficiency
Highly
Integrated
System Level
Costs
Software
Performance
Software
Updates
Security
and
Integrity
IoT Challenges
6 EXTERNAL USE
7 New Security Challenges
• New challenges for the smart, secure,
connected world include: − Connected accessibility:
Connectivity opens new doors for attacks
− Physical accessibility:
Unlimited attacks of remote nodes
− Data dependence:
Harmful repercussions for missing data
− Number: Network overload threats
− Data miss-use:
Data used beyond intended methods
− Mitigation of weaknesses as they arise:
Need for secure firmware updates.
− Social responsibility: The public is no
longer forgiving of security breaches
The embedded community has a
social responsibility to secure the
smart and connected world…
7 EXTERNAL USE
Needs of a Secure Embedded Application
User Identification
Confirmation of the parties involved in a transaction
Assured Service
Protection against denial of service attacks
Secure Connection
Encryption and
decryption of data
Manage Secure Content
Ensure data integrity and protection
Secure Network Access
Network layer
security
Tamper Resistance
Protection against physical attacks
Secure Application Requirements
PC
Client Browser
Client Browser request Server secure connection
Server sends the browser copy of SSL certificate
Browser check the authentication of SSL certificate and
acknowledges the serverServer sends back digitally signed acknowledgment
to start an SSL encrypted session
Encrypted Data shared between browser and server
Server
1
2
3
4
5
8 EXTERNAL USE
Security in
Kinetis MCUs
9 EXTERNAL USE
Ultra efficient dynamic
power
Ultra low static power
with full retention
Low power
peripherals
Optimized Architecture
Focused on Low Power
Low Power
RF transceivers
supporting:
ZigBee, BLE 4.2
802.15.4, Thread
Wi-Fi Partners
Connected
Multiple Levels of
Scalable Security
options for ultimate
flexibility and
protection
Ensuring your
communication,
software and physical
system is protected
from threats.
Security
Tools for Software and
Hardware Development
and Low Power Design.
SDKs, Hardware Kits,
Reference Designs,
and Walk-throughs
Easy to Use
Kinetis MCUs
Aligned to the needs of a connected world
Leveraging Low Power design, plus Wireless Connectivity, and decades of Security expertise…all with a focus on customers Ease of Use
All on a common technology platform for maximum re-use of Software and Hardware designs
10 EXTERNAL USE
Cortex-M0+/M4/M7 cores
Kinetis MCU Portfolio
The right series for the application
11 EXTERNAL USE
2MB
1MB
512kB
256kB
128kB
64kB
32kB
16kB
8kB
4kB
FLA
SH
PINS 16 20 24 32 48 64 80 100 121 144 169 256
Note: 32 (32, 35, 36) 48 (44, 48, 49) 64 (60, 63, 64) 121 (120, 121) 144 (142, 143, 144)
L Series
Ultra-Low Power
K Series
ARM Cortex-M0+
based MCUs
• 32-bit performance and
energy efficiency with
8-bit look, feel and fast
time to market
• Rich feature integration
• Ultra small packages
ARM® Cortex®-M4 based MCUs
• 32-bit power and performance efficiency, with added DSP and FPU
• Scalability across the portfolio
• Ranging from 50MHz to 180MHz Frequency
• Memory expansion options, including QSPI execution in place (XiP)
• Rich feature integration, including analog, connectivity, HMI, and the
most advanced security and protection
• Balanced for a broad range of applications, including consumer,
POS, industrial, medical, metering and smart energy markets
• Rich package options, including WLCSP, QFN, QFP and BGA
Performance & Integration
Kinetis General Purpose Portfolio Overview Solutions for the General Embedded Market
12 EXTERNAL USE
Crypto
Anti-Tamper
Trust
Authorized Access • Code I/P Protection
− Internal Memory
Protection
− External Memory
Protection
• Debug Port Protection
• Authentication
− Software Updates
− Device Verification
• Secure Boot
Data Protection
• Symmetric Encryption
− DES/DES3, AES
• Asymmetric Encryption
− RSA, ECC
• Hashing
− CRC, MD5, SHA
• True Random Number
Generation
• Security Protocols
− SSL, HomeKit, Thread
Monitoring of physical and environmental attacks
• Tamper Detection
− Physical
Enclosure Intrusion
Drilling and Probing
• Tamper Detection
− Environmental
Voltage
Temperature
Frequency
• Secure Storage
Kinetis Security Overview
13 EXTERNAL USE
+ Performance
+ Memory
+ Crypto throughput
+ Ext. memory
expansion &
protection
Advanced Security Secure RAM & Boot,
Memory Protection Unit, Low Power Trusted Crypto. Engine
(DES/3DES/AES/RSA), Tamper Detection,
ISO7816-3 EMVSIM, Random Number Generator
128/96KB Flash/SRAM,
USB, FlexIO, QuadSPI (XIP), 121 MBGA / 80 LQFP
Kinetis KL8x MCU 72MHz ARM Cortex-M0+
Advanced Security +
Crypto. Acceleration Unit,
On-the-Fly Decryption for external
memories
256/256/16KB Flash/SRAM/Cache,
USB, FlexIO, QuadSPI (XIP),
SDRAM, SD/eMMC, FlexBus,
121 XFBGA / 100 LQFP
Kinetis K8x MCU 150MHz ARM Cortex-M4
Hardware and software compatibility with PCI-certified enablement
Kinetis KL8x to K8x World’s most secure ARM® Cortex®-M based MCUs
14 EXTERNAL USE
• TWR (full evaluation) or FRDM (entry-
level) development modules
• KL8x MCU
− TWR-KL82Z72M
− FRDM-KL82Z
• K8x MCU:
− TWR-K80F150M
− FRDM-K82F
• 8MB SDRAM, 8MB Serial NOR Flash
• Multiple TWR and Arduino™ form-factor
compatible peripheral modules
• Available Nov/Dec 2015 (K8x/KL8x)
Tower & Freedom Modules
• Freescale Kinetis SDK software drivers for
public key cryptography
• Support for multiple toolchains including
GNU GCC, IAR, Keil, and Kinetis Design
Studio
Security Software
• POS PIN Pad Reference Design for
customers seeking Payment Card
Industry certifications
• Kinetis K81/KL81 MCU: tamper pins,
chip security, EMVSIM, Kinetis SDK w/
Cryptographic Driver s/w
• Chip-and-PIN keypad based on Cirque®
SecureSense™ technology (PCI PTS
compliant without requiring physical
protection for touch sensor)
• Compatible with -
• Contact/contactless card reader
module (NXP NFC PN5180)
• TWR-LCD (colour graphics)
• Available under NDA Dec. 2015 (incl.
PCI certification s/w & documentation)
TWR-POS-K81
PIN Pad Reference Design
TWR-POS-K81
TWR-POSCARDS
• Secure EMV
Kernel for Contact
and Contactless
Payment
• Formally proven,
highly secure OS &
Hypervisor for IoT
Kinetis K8x/KL8x MCUs: Enablement
15 EXTERNAL USE
mbed Supports
16 EXTERNAL USE
The first mbed hardware:
• NXP LPC1768 Cortex-M3
• 40-pin DIP package
• 5V USB or 4.5-9V supply
• Built-in drag ‘n’ drop flash programmer
mbed Hardware – mbed LPC1768
17 EXTERNAL USE
Kinetis K6x and FRDM-K64F Overview
• Kinetis K6x MCUs − ARM® Cortex ®-M4 core,
up to 180MHz
− 256KB to 2MB Flash, 128
to 256KB SRAM
− Sophisticated power mode
controller
− Ethernet MAC (w/
IEEE1588 real-time
support)
− 6-bit ADCs and 12-bit
DACs
− Hardware Encryption
(3DES, AES, etc.)
− 32-bit Random Number
Generator
− USB, CAN, SPI, I2C,
UART, etc.
− Secure Digital (SD) Host
Controller
www.freescale.com/FRDM-K64F/startnow
FRDM-K64F Cortex-M4, 120MHz, 1MB Flash,
256KB SRAM
3-axis accelerometer/3-axis
magnetometer
RGB LED
Add-on Bluetooth Module
Built-in Ethernet w/ add-on
Wireless Module
Micro SD card slot
Arduino shield compatible
ARM mbed Examples mbedOS:
example-mbedos-blinky
Security: uvisor-helloworld
Connectivity: mbed-client-examples
mbed-example-network (TCP)
mbed-example-network (UDP)
Thread: mbed-client-example-6lowpan
Available
on Github
18 EXTERNAL USE
ARM mbed IoT Starter Kit on FRDM-K64 – Ethernet Edition for IBM Internet of Things Foundation and Microsoft Azure
Cloud Service solution
1
8
.
19 EXTERNAL USE
mbed enabled MCU boards from new NXP
1
9
.
20 EXTERNAL USE
• Kinetis K8x MCUs – Scalable and Secure
−ARM Cortex-M4, 150MHz, up to 256KB Flash and SRAM
−Execute-in-Place QuadSPI interface with on-the-fly AES decryption
−512-bit True Random Number Generator (TRNG)
−HW acceleration for asymmetric cryptography including RSA and Elliptical Curve Crypto
−Physical anti-tamper capability
• Kinetis KW4x MCUs – Integrated Wireless Connectivity
−ARM Cortex-M0+ with integrated 2.4 GHz transceiver
−BLE 4.1 with HCI and GATT interfaces
Multiple BLE profiles
− IEEE 802.15.4 PHY-MAC
ARM mbed-Enabled Platforms - Coming Soon
21 EXTERNAL USE
mbed Thread Platforms
FRDM-MCR20A
The Freescale Freedom development board
platform supports the MCR20A 2.4GHZ wireless
transceiver. The FRDM-CR20A evaluation board
is a small, low-power, cost-effective reference
design for the MCR20A transceiver in a shield
form factor, compatible with existing Freedom
development platforms, FRDM-K64F and FRDM-
KL46Z.
End Node
End Node + Application
Boarder Router
22 EXTERNAL USE
Target Development Systems: Gateways/Border Routers
K64F Freedom Board
• 120 MHz Cortex-M4F
• Up to 1 MB Flash, up to 258 KB RAM
• Integrated Ethernet
• Thread and ZigBee
• Launching Oct. 6th
i.MX6Ul EVK
• 528 MHz Cortex-A7 CPU
• 4 GB DDR3L DRAM memory
• 256 MB Quad SPI Flash
• Arduino/Freedom connector
• Launching Oct 6th
K64F
RTOS Border Router
(PN512)
i.MX6UL
Linux Gateway/Border Router
(PN7120) KW2x