NXP and Arm Pelion Device Management Secure Deployment of IoT Devices from Chip to Cloud
The Economist Intelligence Unit’s (EIU) 2020 IoT Index recently highlighted that 2020 will be the year when the Internet of Things (IoT) officially moves from “proof of concept” to “mass deployment”, with over half of all companies surveyed now undergoing early or extensive deployment of internal or external IoT networks.
The 2020 study reveals two-thirds of companies across sectors including manufacturing, healthcare, energy, IT and automotive, now see IoT as fundamental to their digital strategies. More than 90 percent of those with extensive IoT deployments see real-time physical data from IoT networks as critical to their commercial artificial intelligence (AI) plans. But reassurances over the integrity of data and the insights gained from Artificial Intelligence of Things (AIoT) is clearly a concern, with 45 percent of companies indicating that consumer IoT adoption is held back by security concerns.
As IoT devices move to mainstream and achieve broad proliferation, the number of unique global connections will reach billions, exposing numerous points for attackers to gain unwanted access to a system. Protecting this growing surface of vulnerability (i.e. those connection points) takes time and resources, which is why NXP made it a priority to raise the level of device protection, as well as lower the cost of security implementation with LPC55S6x, its newest family of microcontrollers. Leveraging the Armv8-M architecture, NXP has delivered a highly efficient Arm® Cortex®-M33 based MCU platform with enhanced security and protection for industrial and IoT applications.
The LPC55S6x MCU family is the first in a series of scalable device families that address high-performance computing and signal processing for low-power applications. With varying levels of security, the embedded protection starts with a technology that derives its device root key from an SRAM based physical unclonable function (PUF), which with the help of the MCU’s protected flash region gives developers added application key storage options. This secure key mechanism, combined with a secure boot and anti-rollback protection, forms the initial root of trust in device manufacturing and end product lifecycle. Within the LPC55S6x MCU architecture are additional layers of security that developers can leverage, including TrustZone for resource isolation in an application, a hardware block cipher for encryption/decryption of internal flash, accelerators for symmetric and asymmetric cryptography, a true random number generator, along with authenticated debug capabilities.
Building a trusted device is just the beginning of the journey, and a device needs to be protected throughout its lifecycle from factory provisioning, through active deployment, to firmware updates, and eventual retirement. Designed specifically for this, the Pelion Device Management Service can manage a disparate range of devices regardless of their stage in life and enables seamless integration with cloud, on-premise, and edge services.
“Our customers are bringing an unprecedented amount of technology and innovation to market spanning a wide range of applications, but with these exciting products come a range of new risks that require mitigation,” said Justin Mortimer, global product manager of microcontrollers at NXP “which is why NXP has partnered with Arm Pelion Device Management to offers our customers with the ability to securely deploy, connect, maintain and manage their end devices through their entire product lifecycle.”
A product or a system that is accompanied by certification from commonly trusted 3rd parties is the best way to establish trust. IoT challenges have led to the definition of new and more IoT-relevant certification schemes such as SESIP and PSA Certified. Having already been awarded PSA Certified Level 1 accreditation for a range of products, NXP is on track to achieve Global Platform SESIP accreditation and PSA Certified Level 2.
Trusted IoT for OEMs and Enterprise starts with trusted chips and extends to devices that are kept up to date via secure onboarding, remote updates, patching, and two-way communication. Partners like NXP are expediting time to market by selecting from a full suite that allows them to build an MCU consisting of a secure framework, chipset and toolchain, and then extend that trust beyond the device into the cloud with a device management platform.
Further reading: Secure by Design - A Cyber Security White Paper by Copper Horse