Reference Design Reference Design Provides All Necessary Protocols to Enroll and Sign Microsemi PUF?based Public Keys with Escrypt's CycurKEYS Hosted Cloud CA
ALISO VIEJO, Calif., Feb. 24, 2015 -- Microsemi Corporation (Nasdaq: MSCC), a leading provider of semiconductor solutions differentiated by power, security, reliability and performance, today announced a reference design with Escrypt GmbH that utilizes the security features of SmartFusion2® SoC FPGAs and IGLOO2® FPGAs along with Escrypt's CycurKEYS® cloud-based Certificate Authority (CA). The collaboration with Escrypt reinforces Microsemi's position as a secure SoC FPGA leader and enhances its strategy for providing crucial solutions that secure the Internet of Things (IoT). The Microsemi and Escrypt solution enables state-of-the-art service that allows customers to cost-effectively integrate Public Key Infrastructure (PKI) functionality into their systems without the costs, complexity, risks and distraction from their core business associated with building and hosting their own infrastructure.
All security solutions and cryptographic mechanisms require cryptographic keys or certificates. CycurKEYS is a security server that offers the management of cryptographic keys and certificates, especially designed and implemented for automotive, industrial, embedded and cyber physical system applications.
CycurKEYS addresses all the weaknesses associated with using traditional PKI solutions for machine-to-machine (M2M) applications by targeting devices (not users), and addressing long lifecycles as well as the devices' lack of full-time connectivity to a server. CycurKEYS offers all commonly used cryptographic schemes and offers all standardized cryptographic algorithms including RSA, Elliptic Curve Cryptography (ECC), AES and SHA. It supports the full PKI life-cycle from generating digital certificates in a choice of formats, to maintaining updated keys, and finally to certificate revocation.
As shown in the reference design, a user key pair is generated by the Microsemi SmartFusion2 SoC FPGA using its built-in TRNG and ECC engine with the secret key—which never leaves the chip—protected by the FPGA's state-of-the-art physically uncloneable function (PUF) technology. The public key is securely exported, validated using credentials proving the FPGA's and the key's authenticity, and then digitally signed by the user's root or intermediate certificate authority hosted in the secure Escrypt cloud server, thus enrolling users' systems into their own private PKI. The user PKI certificates enable positive identification of all authorized machines in the user's virtual private network, and secure authenticated communications while rejecting imposter machines and forged messages.
"We are excited to work with Escrypt to enhance our strategy of providing the most secure FPGA solutions on the market," said Tim Morin, director of product marketing, Microsemi. "The new solution helps lower the cost of implementing a PKI, which is a requirement for securing the IoT."
This reference design, ideal for system architects, program managers and security professionals, shows how to securely sign public keys and is supported by Escrypt's secure cloud-based CA necessary in any PKI scheme.
According to a report by the Ponemon Institute, the cost of a data breach can be up to approximately $246 per compromised record, which can have a significant effect on the long-term viability of a business. This, along with the wide variety of mainstream applications now being developed with FPGAs that have limited security features, illustrates that addressing a multi-layered approach to security such as PKI is more important than ever. Additionally, the use of hardware-based security creates a more secure system than software-only solutions, and forms the root-of-trust for secure software systems.
Microsemi's SmartFusion2 SoC FPGA and IGLOO2 FPGA programmable devices are the industry's most secure, boasting the three key elements needed for secure programmable devices: secure hardware, design security and data security. Built through a secure supply chain management system, Microsemi data-security enabled devices feature the only:
- FPGAs with licensed patent-protected DPA countermeasures
- FPGAs with integrated true random number generator
- FPGAs with a PUF
- FPGAs with a DPA-protected ECC accelerator
- FPGAs with integrated X.509 device certificate
- Security-enabled FPGAs with an end-user DPA license, built-in tamper detectors and active tamper responses (including NSA-approved zeroization), and NIST-certified hardware-based implementations of AES-256, SHA-256, HMAC-SHA-256, ECCDH-P384 and a AES-CTR-based 256‑bit security strength DRBG
- Reference design with secure M2M enrollment and communications protocols that have been validated with Escrypt's CycurKEYS® hosted cloud CA service.
Microsemi's SmartFusion2 SoC FPGA and IGLOO2 FPGA product families with PUF, ECC core, TRNG, DPA license and Escrypt's hosted CA service technology are available now. For more information visit: http://www.microsemi.com/products/fpga-soc/soc-fpga/smartfusion2. Customers can also contact Microsemi's sales team at firstname.lastname@example.org.
About SmartFusion2 SoC FPGAs
SmartFusion2 SoC FPGAs integrate inherently reliable flash-based FPGA fabric, a 166 megahertz (MHz) ARM Cortex-M3 processor, advanced security processing accelerators, DSP blocks, SRAM, eNVM and industry-required high performance communication interfaces, all on a single chip. Microsemi's SmartFusion2 SoC FPGAs are designed to address fundamental requirements for advanced security, high reliability and low power in critical communications, industrial, defense, aviation and medical applications.
About IGLOO2 FPGAs
Microsemi's IGLOO2 FPGAs continue the company's focus on addressing the needs of today's cost-optimized FPGA markets by providing a LUT based fabric, 5Gbps transceivers, high speed GPIO, block RAM, a high-performance memory subsystem, and DSP blocks in a differentiated, cost and power optimized architecture. This next generation IGLOO2 architecture offers up to five times more logic density and three times more fabric performance than its predecessors and combines a non-volatile flash based fabric with the highest number of general purpose I/Os, 5Gbps SERDES interfaces and PCI Express end points when compared to other products in its class. IGLOO2 FPGAs offer best-in-class feature integration coupled with the lowest power, highest reliability and most advanced security in the industry.
Microsemi Corporation (Nasdaq: MSCC) offers a comprehensive portfolio of semiconductor and system solutions for communications, defense & security, aerospace and industrial markets. Products include high-performance and radiation-hardened analog mixed-signal integrated circuits, FPGAs, SoCs and ASICs; power management products; timing and synchronization devices and precise time solutions, setting the world's standard for time; voice processing devices; RF solutions; discrete components; security technologies and scalable anti-tamper products; Power-over-Ethernet ICs and midspans; as well as custom design capabilities and services. Microsemi is headquartered in Aliso Viejo, Calif., and has approximately 3,400 employees globally. Learn more at www.microsemi.com.