Building trust in the embedded world
Security is no longer optional—it’s a matter of trust. Whether it is protecting intellectual property, ensuring critical infrastructure, or managing the product lifecycle, security is a crucial success factor for companies providing embedded technology.
By establishing trust as part of your development process, you can ensure that critical intellectual property is protected against overproduction and counterfeiting, that software releases and updates are robustly managed, and that your customers are protected from malware intrusion and theft or loss of data.
What it comes down to is simplifying the incorporation of security at the foundations of your product, and bridging the gap from development to manufacturing.
Embedded Trust integrates security into your workflow: defining identity, simplifying security development, streamlining secure manufacturing, and enabling management of devices across their lifecycles.
Embedded Trust delivers security development seamlessly integrated into the world’s favorite development workflow, enabling trust from development to deployment. The environment leverages the secure hardware built into next-generation microcontrollers to provide the low-level trust anchors and secure services needed for trustworthy IoT solutions. Five core security domains is covered:
Embedded Trust is fully integrated with the complete development toolchain IAR Embedded Workbench, including the highly optimizing IAR C/C++ Compiler and the comprehensive C-SPY Debugger. The integration enables you to include security development as part of your day-to-day workflow, while making sure your code is fast, effective and highly compact. For complete code control, static and runtime code analysis is also available.
Embedded Trust provides a Security Development Environment for developing a full range of security functions, including creating unique device identities, secure application development and manufacturing mastering.
The Embedded Trust assisted setup simplifies the configuration of security, from the root of trust and key storage on your secure device, to the creation of security profiles and projects. It enables customization of the secure boot manager to achieve the level of security suitable for your product. Thanks to its scalability, you can achieve a standardized workflow for different classes of devices, from multiple vendors.
Identity is at the center of secure systems, providing authentication, authorization, non-repudiation and confidential communications. It is also at the center of the product value, defining ownership and providing a guarantee of the product’s origin in a secure supply chain.
Embedded Trust integrates an identity and certificate configurator. It enables you to define and visualize how your certificate hierarchies will span across multiple product ranges, whilst enabling the creation of a product device framework which can be dynamically resolved and injected at manufacturing time. The system enables a wide array of functionality, including separate development and manufacturing certificate frameworks, certificate revocation lists, and dynamic mapping of existing certificate structures.
A robust Root of Trust is essential in every connected device, providing low-level secure services and foundation update management. The configurable Secure Boot Manager functionality within Embedded Trust leverages secure device hardware and is configurable from a small trusted core, through to a powerful set of execution, management, and update functions operating below the RTOS or application. This configurable security ensures that trust can be applied also to cost-sensitive and resource-limited secure devices.
Once an application has been created, Embedded Trust can be used to master it. The mastering process enables the transition from developer certificates to formal manufacturing certificates, inhibiting early firmware leakage. The code is signed and encrypted for the target device, ensuring that malware cannot be appended and that the code will only execute on the target devices. The application code is then delivered to the device fully encrypted, and decrypted in place on the device, ensuring that it is never transmitted in the open.
To extend the scope of use into volume manufacturing, Embedded Trust integrates with the full Secure Deploy framework from Secure Thingz, enabling secure provisioning, programming, manufacturing and device updates.
Lifecycle management, versioning, and update strategies are major issues as IoT devices evolve multi-decade lifecycles. Companies can no longer just ship devices, but must evolve multi-year support releases, with the challenges this delivers. Embedded Trust integrates version management and update management into the development flow, ensuring that updates can be easily released and that lifecycle management is not a lifelong burden.
Companies must find ways to make security simple and scalable in order to safeguard intellectual property, as well as provide protection of code and data. Embedded Trust enables the establishment of secure workflows throughout the development and manufacturing process.
In order to provide you with complete, powerful solutions for guaranteed data security, we have acquired an equity stake in Secure Thingz, a provider of advanced security solutions focused on the IoT. Together, we are delivering solutions that bridge the gap from development to manufacturing and enable an extended unified security workflow.
We are dedicated to provide you with the superior technology and close-at-hand support you need to be confident in your code when building the products of today and the innovations of tomorrow. Using the right tools, you can trust your application and create for the future.