Electronic Component Solutions

New Secure Vault Technology Redefines IoT Device Security

Secure Vault technology, a new suite of state-of-the-art security features designed to help connected device manufacturers address escalating Internet of Things (IoT) security threats and regulatory pressures. Silicon Labs’ Wireless Gecko Series 2 platform takes advantage of Secure Vault by combining best-in-class security software features with physically unclonable function (PUF) hardware technology to greatly reduce the risk of IoT security breaches and compromised intellectual property.

Secure Vault’s hardware features provide an optimized level of security implemented in a cost-effective, wireless SoC solution. The security subsystem, including a dedicated core, bus and memory, is separate from the host processor. This unique design of hardware separation isolates critical features, such as secure key store management and cryptography, into their own functional areas, making the overall device more secure. The new combination of security features is ideal for companies working to address emerging regulatory measures, such as GDPR in Europe.

Secure Vault delivers new security features including:

 

  • Secure Device Identity
    One of the biggest challenges for connected devices is post-deployment authentication. Silicon Labs’ factory trust provisioning service with optional secure programming provides a secure device identity certificate during IC manufacturing, analogous to a birth certificate, for each individual silicon die, enabling post-deployment security, authenticity and attestation-based health checks. The device certificate guarantees the authenticity of the chip for its lifetime.

 

  • Secure Key Management and Storage
    The effectiveness of a security scheme for device and data access directly depends on key secrecy. With Secure Vault, keys are encrypted and isolated from the application code. Virtually unlimited secure key storage is offered as all keys are encrypted using a master encryption key generated using a PUF. The power-up signatures are unique to a single device, and master keys are created during the power-up phase to eliminate master key storage, further reducing attack vectors.

 

  • Advanced Tamper Detection
    This feature offers a wide range of capabilities from easy-to-implement product enclosure tamper resistance to sophisticated tamper detection of silicon through voltage, frequency and temperature manipulations. Hackers use these changes to force hardware or software to behave unexpectedly, creating vulnerabilities for glitch attacks. Configurable tamper-response features enable developers to set up appropriate response actions with interrupts, resets, or in extreme cases, secret key deletion.

Mesh Networking Modules Streamline Secure IoT Product Design

Yes, I agree to the privacy and cookie policy
Yes, I want to submit

Newsletter

Next step


Previous step
Next step


Previous step