Proving the Business Case for the Internet of Things

STM deploys digital security to protect utilities

Steve Rogerson
June 5, 2018
Swiss semiconductor company ST Microelectronics is using digital security techniques in a single chip to protect utilities against cyber threats.
Focused on providing security for connected objects, the STSafe-J100 gives an object an unalterable identity that can be authenticated; it also handles encrypted communications and provides secure storage.
It can be integrated into IoT devices such as smart meters, data concentrators and utility gateways. Customisable with market-specific applets, the secure element combines CC EAL5+ certified hardware and a CC EAL5+ certified secure operating system. Device designers can take advantage of the freedom to create their own security profiles, or get to market faster using STM’s pre-certified profiles such as German BSI and French Enedis smart-utilities specifications.
The STSafe-J100 extends STM’s track record in robust, user-friendly, hardware-digital security for e-government, transportation, banking and consumer projects, with over a billion embedded secure elements delivered yearly to protect devices and networks worldwide.
“Today’s on-line services and connection to remote objects need a high level of protection against ever-evolving cyber threats,” said Laurent Degauque, marketing director at ST Microelectronics. “It is crucial to offer device makers state-of-the-art security for a minimum integration effort. The flexible STSafe-J100 raises the bar with extra performance and support for the latest encryption algorithms and security standards, including security profiles for the important German and French smart-metering markets.”
To help users take advantage of its flexibility and ensure threat protection, STM provides a secure device-personalisation service. Personalising each device with its identity and cryptographic keys is a fundamental part of the secure-element philosophy to create trusted hardware resistant to cloning or hacking. The service is safe and cost-effective, and relieves users of responsibility for secure programming, preventing exposure of keys and secrets, and distributing programmed devices.
The device comes in either a 5 by 5mm VFQFPN32, 6.0 by 4.9mm SO8N or 4.2 by 4.0mm UDFN8 package.
It is backwards compatible with its predecessor, STM’s Kerkey embedded secure element, to preserve existing investment in software and development expertise. The new chip adds extra memory, offering up to 66kbyte of user data storage; it executes cryptographic algorithms faster, leveraging its updated and higher-performing secure microcontroller embedding dedicated hardware accelerator.
Running on this improved hardware, the latest JavaCard secure OS, version 3.0.4 Classic with GlobalPlatform provides security features, including support for the Pace password authenticated connection establishment protocol.
Using STM’s crypto library including DES/3DES, RSA, ECC and AES, SHA-1, SHA-256, SHA-512, CRC32 and CRC16, the STSafe-J100 is certified to CC EAL5+, the highest level for commercial electronic-security equipment. Middleware complies with the latest PKCS #11 public-key cryptography standards.
Protection profiles, run as applets on the JavaCard OS, help speed customisation to meet the needs of individual markets and use cases. It can be supplied ready for users to integrate their own applets, or with selected off-the-shelf applets that reduce integration and certification overhead and allow faster time to market.
STM has extended the selection of pre-certified applets available, which includes generic applets as well as the latest BSI-CC-PP-0077-V2 and Enedis protection profiles so users can quickly and cost-effectively configure products for the German and French smart-utility markets.
Also part of the STSafe-J100 ecosystem, in addition to the turnkey applets and secure personalisation service, the STS-J-ProgQ32ELx development board allows engineers to interact with the chip using general-purpose MCU development boards. The STSafeE-J100 is delivered with all documentation, software libraries, drivers and test tool, and a code example to help personalise the device.