Issue link: https://resources.mouser.com/i/1437738
Methodologies for Secure Communication A proactive approach to securing communication between internet-enabled devices requires multiple tiers of protection. To safeguard a device against multiple security threats requires securing the device's identity through hardware-based key generation. This identity should be securely stored in internal flash, leveraged to create trust, and provide privacy when added to designs and configured for target applications. Establishing a strong device identity allows every device to be singularly identified and authenticated as unique. Once established, strong device identity addresses core embedded security requirements in a number of ways, as device identity can ensure authentication and identification when devices are connected to one another. Serialized approaches to device identity, based on product serial numbers or individual device IDs, is a simple way to establish unique device identities, but asymmetric cryptographic approaches offer stronger security and a greater range of use cases. Key-based encryption. The first step in creating cryptographic device identity is key generation. The keys can be either generated inside the device or they can be generated externally in a secure facility and injected into the device. Once the device keys are generated or injected, an entity called the Certificate Authority (CA) issues digital certificates. A CA can be either public (located in the Cloud) or private (located on-premises and typically hosted on a secure server). Once the device identity is created and programmed on the device, it must be securely stored in secure memory that can only be accessed by secure code to prevent the device identity (keys and certification) from being erased or reprogrammed. Asymmetric cryptographic algorithms require the creation of a public key and a private key and are part of a cryptology methodology called public key infrastructure (PKI) that offers authentication via digital certificates. The public key can be made public to anyone, while the private key must be known only by the party who will decrypt the data encrypted with the public key. When a device with a secure and singular identity connects to the network, it must authenticate and establish trust between other similarly identified devices, services and users, enabling trusted members of the system to securely communicate and exchange encrypted data and information. Privacy is another benefit of unique device identity, as data exchanged on secured networks can include personal, sensitive and financial information that must be kept private and secured– often under regulatory compliance. Device integrity applies to both the devices and data being transmitted within the trusted ecosystem. The integrity of a device starts with proving it is what it says it is. With strong device identity, devices are ensured as legitimate–reducing counterfeit products and protecting a company's brand. Securing data in flight. Although device identity is the foundation for secure products, secure manufacturing and secure communication–securing data as it moves across the network–requires a different kind of security. Transport Layer Security (TLS) is a cryptographic protocol that provides communications security over a computer network. It continues to evolve new standards with stronger security measures to keep pace with the emerging threat landscape. Both asymmetric and symmetric encryption are utilized to provide a high degree of security without compromising encryption and decryption speeds. TLS provides privacy and reliability between two communicating applications by enabling: | 4 | | 19 | Headline Headline Learn More 4 Learn More 4 • 120MHz Arm Cortex-M4F Core • Ethernet Controller with DMA • SPI/ I2C Multimaster Interface • Evaluate the features of the RA6M2 32-Bit Microcontroller • Ecosystem and System Control Access • Debug on-board (Segger J-Link ® ) RA6M2 32-Bit Microcontroller Group EK-RA6M2 Evaluation Kit for RA6M2 MCU Group