OPTIGA™ Trust X - easy to integrate turnkey solution for IoT Security
OPTIGA™ Trust X offers enhanced security for connected/IoT devices. It reduces integration effort and is easy to use – making it ideal for customers who lack security expertise but nonetheless need fast time-to-market. This premium security solution offers high performance and low power consumption. It supports non-rich operating systems and comes in compact packages.
It enables new features and business models which help you to differentiate your offering and stay ahead of the competition.
The OPTIGA™ Trust X is available in two temperature ranges:
- for most commercial implementations: SLS32AIA020X4 standard temperature range -25 to +85°C
- for harsh industrial environments: SLS32AIA020X2 extended temperature range -40 to +105°C
Now: Open Source Host Code for OPTIGATM Trust X
OPTIGA™ Trust X`s host code and documentation is now available as open source on GitHub: github.com/Infineon/optiga-trust-x
Customers benefit from a direct communication line to developers and will immediately and directly be informed of new versions, features and bug fixes. Be it the integration of standard open-source crypto software libraries or the integration of the host code into other systems – easily possible now. The host code is licensed under the MIT LICENSE.
Summary of Features:
- High-end security controller
- Turnkey solution
- One-way authentication using ECDSA
- Mutual authentication using DTLS client (IETF standard RFC 6347)
- Secure communication using DTLS
- Compliant with the USB Type-C™ Authentication standard
- I2C interface
- Up to 10 KB user memory
- Cryptographic support: ECC256, AES128, SHA-256, TRNG, DRNG
- PG-USON-10-2 package (3 x 3 mm)
- Standard & extended temperature ranges
- Full system integration support
- Common Criteria Certified EAL6+ (high) hardware
- Cryptographic Tool Box based on ECC NIST P256, P384 and SHA256 (sign, verify, key generation, ECDH, session key derivation)
- Enhanced security for connected devices protecting IP, data, and the business case
- Easy integration reducing design-in and integration effort
- Cost-effective deployment
- Enabling new features and business models
An IoT device needs to prove its identity to other devices in the network and to verify the identity of those devices as well. The mutual authentication feature of OPTIGA™ Trust X supports secured device authentication.
Many IoT devices collect and store valuable data and receive commands from a network. In order to protect critical data on the network and thus the applications running on the device, OPTIGA™ Trust X offers a secured communication feature. It supports the TLS and DTLS protocols to protect against eavesdropping, tampering and message forgery.
For memory-constrained devices, a fully integrated DTLS client is available, eliminating the need for an additional cryptographic library to create a secure communication solution.
In many cases, software running on a microcontroller contains valuable company IP that may hold the key to the company’s competitive edge. To protect this IP, OPTIGA™ Trust X supports one-way ECC-256-based authentication.
To activate this IP protection feature, customers can integrate multiple checks into their software, using the one-way OPTIGA™ Trust X authentication capabilities. The code will only ever run if this authentication process is successfully executed. This feature protects customer IP against simple image cloning.
Power efficiency is particularly important in battery-powered devices. OPTIGA™ Trust X enables users to set a maximum power consumption limit in a range from 6 to 15 mA. The autonomous go-to-sleep feature also helps to conserve power; it can be set to a delay anywhere in the range between 20 ms and 255 ms.
During software updates, it can be challenging to protect both the software itself as well as the device that is being updated. Updates protected by software only are at risk as software can typically be read, analyzed and modified to compromise the update or system.
However, software can become trustworthy by combining it with secured hardware. OPTIGATM Trust X protects the processing and storage of code by means of encryption, fault and manipulation detection, and secured code and data storage.
Device integrity needs to be verified in order to detect unauthorized changes. Protecting the boot process is one of the most effective ways of doing this. Also known as secured, verified or trusted boot, boot access protection blocks unauthorized booting of computing devices to stop compromised devices from exchanging data over the IoT.
OPTIGATM Trust X offers a set of features to enhance boot protection, also off-loading complex, compute-intensive cryptography functions from the IoT device.
IoT environments can make it difficult for manufacturers to protect their ecosystem. For example, if a manufacturer produces both a main system and a smaller accessory or spare part, they may be keen to also secure revenue from spare part sales and harden the main system against lower-quality counterfeit products.
OPTIGA™ Trust X offers a one-way authentication feature so that the main device or server can easily authenticate the new accessory or spare part.
- Secured data storage and key provisioning
- Lifecycle management
Providing a Public Key Infrastructure (PKI) is challenging for any design process. With the IoT, additional constraints, like the number of devices to be connected and the computing power required, significantly increase the complexity of this task. We will review these constraints and show how the OPTIGATM Trust X solution can help you to reduce complexity when adding security to your PKI design.
IoT devices have become the enablers of a new era of innovations adding a significant value to the global economy. This goes nevertheless hand in hand with new security threats. We will analyze these threats, and the importance of addressing security from the very beginning with the OPTIGATM Trust X. Attendees will also learn about EBV´s key and certificate generation services.
Smart homes' appeal is obvious. However, unprotected smart home devices are also a very attractive target for attackers. This is why security has to be integrated into smart home networks right from the initial system design phase. Mixed Mode and Infineon Technologies showcase effective security concepts and solutions, and demonstrate how easy it is to protect smart and connected homes using hardware security.