eSecure

Single module for multiple security challenges

The eSecure IP is a complete standalone module that enables security applications by shielding the secret information from the non-secure application running on the main processor. The firewall prevents any unauthorized access to the secret data. The secure controller embedded in the eSecure module keeps full control of the execution of the security functions. In some designs, the secure controller can be optionally virtualized in the host processor.

eSecure IP core diagram

Software/firmware authentication

picto_software
One of the key elements of a secure device is to execute authenticated and trusted software in order to prevent malicious code execution. The eSecure IP provides a strong authentication of the software/firmware at boot-time (secure boot) and during run-time. It will also optionally decrypt the code before execution by the host processor

Device unique identity

picto_device
In order to protect applications and products against counterfeiting and cloning, it is important to be able to uniquely identify each manufactured part. This identification also enables device authentication and per device rights management.

Secure storage of secret information

picto_storage
A secure application always requires some data to be kept secret. The eSecure IP can store secret keys and other information inside a secure or non-secure storage area. For non-secure area such as external flash memories, the eSecure IP will guarantee the confidentiality and authenticity of the data with strong cryptographic algorithms.

Secure communication

picto_secure_communication
In today’s connected world, most applications involve secure communication protocols. The eSecure cryptographic engine supports all the latest algorithms for TLS/DTLS 1.3, Thread Networking, Apple HomeKit, Bluetooth, Zigbee and more.

eSecure Features

  • Secure Boot
  • Firmware update in the field
  • Secure key storage
  • Cryptography algorithms off-loading
  • Side Channel Attack protection
  • Secure Debugging
  • Key Management
  • Low power and high performance
  • Very wide range of cryptographic algorithms supported

 

Efficient secure hardware solution for any application

The eSecure IP is a very efficient solution to enable any secure application on chip. The hardware module shielded from the main processor brings a high level of security. Also the hardware offloading of the cryptographic operations from the main processor to the eSecure module guarantees a low power operation. The eSecure module is tuned to the target application in terms of feature and performance.

Anti-tampering management

Most secure chips involve one or multiple tamper detection mechanisms. The advanced anti-tampering management unit of the eSecure IP enables fine control of the tamper detection source, and actions to be taken when an event occurs, such as instantaneous zeroisation of the secret data. The configurability of the unit makes it suitable for basic up to advanced security requirements.

Scalable cryptographic engine

The scalable cryptographic engine supports symmetric encryption (AES, DES, …), asymmetric operations (ECDSA, ECDH, RSA, …), hashing (SHA-1, SHA-256, …) and random number generation. The cryptographic engine can be configured to reach the performance level required by your application, enabling efficient offloading of the main CPU.

Applications

  • Wireless Communication (Wifi, thread protocol, Zigbee, BLE..)
  • V2V, V2X
  • M2M
  • HSM
  • Secure Communication (TLS/DTLS, IPSec, 5G, others)
  • Disk Encryption
  • General MCU/MPU

 

Markets

  • Home Automation
  • Automotive
  • Payment
  • General MCU/MPU
  • Industrial
  • Smart Cities
  • Healthcare
  • Data Center
  • 5G
  • Defence

Reference: BA470