Security-on-a-Chip with Certified Protection Profiles for European Utilities

STMicroelectronics has brought together the latest digital security techniques in a single chip to protect Smart Things and Networks including those for utility infrastructure against cyber threats. Focused on providing state-of-the-art security for connected objects, the STSAFE-J100 gives the object an unalterable identity that can be authenticated; it also handles encrypted communications and provides secure storage. It is easily integrated in IoT (Internet of Things) devices like smart meters, data concentrators, and utility gateways.

Customizable with market-specific applets, the STSAFE-J100 secure element combines CC EAL5+[1] certified hardware and a CC EAL5+ certified secure operating system. Device designers can take advantage of the freedom to create their own security profiles, or get to market faster using ST's pre-certified profiles such as German BSI and French Enedis smart-utilities specifications.

The STSAFE-J100 extends ST's successful track record in robust, user-friendly, hardware-digital security for e-government, transportation, banking, and consumer projects, with over 1 billion embedded secure elements delivered yearly to protect devices and networks worldwide.

"Today's on-line services and connection to remote objects need a high level of protection against ever-evolving cyber threats. It is crucial to offer device makers state-of-the-art security for a minimum integration effort," said Laurent Degauque, Marketing Director, Secure Microcontroller Division, STMicroelectronics.

"The flexible STSAFE-J100 solution raises the bar with extra performance and support for the latest encryption algorithms and security standards, including security profiles for the important German and French smart-metering markets," Degauque added.

To help customers take full advantage of the flexibility of the STSAFE-J100 and ensure uncompromising threat protection, ST provides secure device-personalization service. Personalizing each device with its unique identity and cryptographic keys is a fundamental part of the secure-element philosophy to create trusted hardware resistant to cloning or hacking. ST's service is safe and cost-effective, and relieves customers of responsibility for secure programming, preventing exposure of keys and secrets, and distributing programmed devices.

Security:

• AIS-31 class PTG.2 compliant true random number generator (TRNG)
• AIS-20/31 class DRG.3 deterministic number generator (DRNG)
• Enhanced cryptographic algorithms:
  • DES/3DES, ECC and AES
  • SHA-1, SHA224, SHA-256, SHA384, SHA512, MD5 and CRC16
  • Generic Mapping primitive for Password Authenticated Connection Establishment (PACE) protocol
• Hardware security DES accelerator
• Hardware security AES
• Differential power analysis (DPA) and differential fault analysis (DFA) countermeasures against side-channel attacks
• Active shield
• Unique serial number on each die

The STSAFE-J100 occupies minimal real-estate on the main system board. It is available in a 5mm x 5mm VFQFPN32, a 6.0mm x 4.9mm SO8N, or a 4.2mm x 4.0mm UDFN8 package.