Issue link: https://resources.mouser.com/i/1512203
66 ADI | Engineering a More Sustainable Future R&D IP investments of device developers from theft—related to AI algorithms, for example—is a common consideration that can drive the decision to adopt the protection that a turnkey security IC can support. Another important point is that insufficient cybersecurity may negatively impact functional safety. Functional safety and cybersecurity interactions are complex and discussing them would deserve a separate article, but we can highlight the following: X IEC 61508: Functional Safety of Electrical/Electronic/ Programmable Electronic Safety-Related Systems mandates cybersecurity risks analysis based on IEC 62443. X While IEC 61508 focuses primarily on hazard and risk analysis, it mandates subsequent security threat analysis and vulnerability analysis each time a cybersecurity occurrence is serious. The IACS edge devices we listed are embedded systems. IEC 62443-4-2 defines specific requirements for these systems such as malicious code protection mechanisms, secure firmware updates, physical tamper resistance and detection, the root of trust provisioning, and integrity of the boot process. Meet Your IEC 62443 Objectives with ADI's Secure Authenticators Secure authenticators, also referred to as secure elements, from Analog Devices have been designed to address these requirements with ease of implementation and cost efficiency in mind. Fixed- function ICs that come with a full software stack for the host processor are turnkey solutions. As a result, security implementation is delegated to ADI and components designers can focus on their core business. Secure authenticators are the root of trust by essence, providing secure and immutable storage of root keys/secrets and sensitive data representative of the state of the equipment, such as firmware hashes. They feature a comprehensive set of cryptographic functions including authentication, encryption, secure data storage, life cycle management, and secure boot/update. ChipDNA™ physically unclonable function (PUF) technology utilizes the naturally occurring random variation in wafer manufacturing processes to generate cryptographic keys rather than storing them in traditional EEPROM of Flash. The variations exploited are so small that even the expensive, most sophisticated, invasive techniques used for chip reverse engineering (scanning electron microscopes, focus ion beams, and microprobing) are inefficient to extract keys. No technology outside of integrated circuits can reach such a level of resistance. Secure authenticators also enable certificates and chains of certificate management. 9 In addition, ADI offers a highly secure key and certificate preprogramming service in its factories, so that original equipment manufacturers (OEMs) can receive parts already provisioned that can seamlessly join their public key infrastructure (PKI) or enable offline PKI. Their robust cryptographic capabilities enable secure firmware updates and secure boot. Secure authenticators are the best option to add high grade security to an existing design. They save the R&D effort of rearchitecting a device for security for a low BOM cost. For example, they do not require changing the main microcontroller. As examples, the DS28S60 and MAXQ1065 secure authenticators address all levels of the IEC 62443-4-2 requirements as illustrated in Figure 5. The DS28S60 and MAXQ1065 3 mm × 3 mm TDFN packages make them suitable for the most space-constrained design and their low power consumption perfectly addresses the most power- constrained edge devices. Table 2. DS28S60 and MAXQ1065 Key Parameters Summary ACS component architectures already featuring a microcontroller with the security functions to address IEC 62443-4-2 requirements can also benefit from secure authenticators for keys and certificate distribution purposes. This would save the OEMs or their contract manufacturers from investing in costly manufacturing facilities needed to handle secret IC credentials. This approach would also protect keys stored in microcontrollers to be extracted through debugging tools such as JTAG. Full portfolio and product details can be found at analog.com/en/ product-category/secure-authenticators.html. Conclusion By putting together and adopting the IEC 62443 standard, IACS stakeholders have paved the road for dependable and safe infrastructures. Secure authenticators are the bedrock of the future of IEC 62443 standard-compliant components requiring robust hardware-based security. OEMs can design with assurance, knowing that secure authenticators will help them achieve the certifications they seek. Device Features DS28S60/MAXQ1065 Operating Temperature –40°C to +105°C Host Interface SPI (I2C in development) Supply Voltage 1.62 V to 3.63 V Maximum Active Current 3 mA Typical Idle Current (25°C) 0.4 mA Power Down Current (25°C) 100 nA Adobe Stock / WilliamJu – stock.adobe.com