An Exclusive Interview with Xavier Bignalet, Product Marketing Manager, Security and Computing Business Unit, Microchip Technology
Electronics Era: The demand for security requirements in consumer electronics as well as industrial, automotive and data center markets continue to increase as we see data management, network and intelligence upgrades. What do you think are the main security problems faced in these markets?
Xavier: IoT security and counterfeiting, at a high level. These security problems deal with not only remote attacks but also physical attacks. Supply chain security is also a challenge in these markets as it is considered as high value target for hackers.
Electronics Era: What is the estimated market size of such security demand?
Xavier: Embedded security continues to be a high priority, and architects need vetted, easy-to-use and cost-optimized security solutions that are compliant with industry best practices.
Electronics Era: Microchip has recently expanded its secure authentication IC portfolio. What types of problems in embedded security will be solved? What are the features and benefits of these products?
Xavier: Problems to solve: build trust in an ecosystem of embedded devices to control the ecosystem of devices.
Cryptographic Trust is important to implement in order to protect the user experience, ensure safety (by authenticating an ECU in a car for example), protect revenue, and the brand, from counterfeiting. At the embedded level, devices must have a proper secure key storage area tested by a third-party security laboratory along with the cryptographic accelerators. In addition, the same IC must be very low power in sleep mode as it will stay in sleep mode most of its lifetime.
Electronics Era: The new products meet Common Criteria Joint Interpretation Library (JIL) high rated secure key storage and support certified algorithms that comply with the Federal Information Processing Standards (FIPS). There are different standards for security certification levels, for example, EAL and ARM also have PSA safety certification, etc. What are some elements to consider when evaluating between security certifications and applications?
Xavier: Please refer to this video explaining the commonality between EAL and JIL. JIL is actually part of EAL
What is JIL : https://www.youtube.com/watch?v=1aH-4r7SGiw
What is JIL inside EAL : https://www.youtube.com/watch?v=C17jJ0oERy8&t=52s
PSA has been a push from ARM to compete with common criteria in an attempt to set an evaluation of TrustZone based devices which morphed into a broader effort.
Testing for security is an industry of its own and customers are still learning to distinguish what standard or consortium they should follow. Right now, the key standards are EN303645 for consumer, ISO21434 for automotive and IEC62443 for industrial.
Electronics Era: The sixth new device, TA010, in the new IC portfolio is designed for the automotive market. With the development of electric vehicle and intelligence, what are OEMs looking for in secure authentication?
Xavier: In automotive, OEMs need to make sure the battery in EV vehicles are genuine. To achieve this, a cryptographic proof using an ECC signature and its associated private key is isolated for supply chain, users and equipment and stays outside the flash of the MCU. The solution also needs to scale across the multiple ECUs inside the car. That’s where secure authentication ICs come in.
Electronics Era: How will Microchip’s products provide corresponding support?
Xavier: Microchip provides support via the Trust Platform Design Suite software tool, the microcontroller agnostic CryptoAuthLib and our trained technical salesforce.
Electronics Era: Adding secure authentication ICs will increase cost, how will Microchip maintain high product performance while staying cost competitive in order to attract and retain users?
Xavier: Comparing the cost added to the BOM versus cost of recovery from a counterfeited portfolio or hacked IoT products, the cost of recovery is much greater than spoofing with secure authentication IC. A better analogy is why not give your debit card pin code to the world? Because it’s your money at stake. For a company, it’s the revenue and brand recognition at stake and this all relies on how well the product is secured. The product is secure if you start with protecting the cryptographic keys inside a secure authentication IC. In fact, there is a secure authentication IC inside a debit card.
Electronics Era: These types of secure authentication ICs cover a wide range of applications. Which market is Microchip more focused on/optimistic about? What are your initiatives?
Xavier: Microchip aims to make this secure authentication IC technology accessible, available and adoptable by all market segments. Our technology is present in consumer, industrial, medical, defense, data center, automotive and computing markets.