FTM / Security & Encryption / Infineon — OPTIGA™ Trust M Express Hardware Security Module

Infineon — OPTIGA™ Trust M Express Hardware Security Module

Security & Encryption

August 3, 2023
Security & Encryption
Issue 6 2023

Hardware security module offers easy way to securely deploy IoT devices to cloud at scale

Infineon has combined the OPTIGA Trust M Express with its cloud services for registering and provisioning IoT devices to provide a complete, off-the-shelf solution for securing the cloud connections of an entire fleet of products.

Infineon supplies a complete, integrated system for securing an IoT device’s connection to the cloud, providing both a secure hardware root-of-trust capability and a complete registration and provisioning service that can be deployed in high volume across a fleet of devices.

The system combines the OPTIGA™ Trust M Express, a hardware security module, and the Infineon cloud provisioning service.

The OPTIGA Trust M Express security chip provides hardware-based security for IoT devices from manufacturing, through cloud provisioning, to field deployment. The encrypted identity of each OPTIGA Trust M Express chip is programmed in a certified secure Infineon fabrication plant. Benefiting from strong security protection, demonstrated by Common Criteria Evaluation Assurance Level (EAL) 6+ security approval, the OPTIGA Trust M Express is protected from exposure at any stage during the host product’s lifetime.

The cloud ID service automates both IoT device certificate registration and the provisioning of the device in the cloud at scale. The OPTIGA Trust M Express is supplied pre-provisioned with ready-to-use certificates and keys for AWS multi-account registration, and for Azure IoT Hub pre-registration.

This complete, off-the-shelf solution for IoT device security from Infineon eliminates the need for OEMs to build and maintain secure manufacturing facilities for device personalization, allowing them to simplify their production flow, accelerate time-to-market, and reduce cost.

Features

Security capabilities:
- ECC cryptography, NIST curves up to P-521
- Brainpool r1 curve up to 512 bits
- RSA cryptography with keys up to 2,048 bits
- AES cryptography with key up to 256 bits
- HMAC cryptography up to SHA-512
- TLS v1.2 PRF
- HKDF up to SHA-512
- True/digital random number generators

16-bit CPU core
10 kbyte non-volatile memory
I2C interface

Applications

Smart cities
- Street lights

Smart mobility
- Electric vehicle chargers
- E-scooters

Commercial HVAC systems
Smart home equipment
- Residential air-conditioning systems
- Large home appliances

Industrial IoT devices
Connected healthcare equipment

Evaluation Kit

Parts supported: OPTIGA Trust M, PSoC 62, CYW43012

Kit part number: TRUSTMIOTSDKTOBO1

Board Club search term: Security and encryption

The OPTIGA™ Trust M IoT Security Development Kit demonstrates an easy way to implement end-to-end security for IoT devices. The kit enables customers to develop prototypes of various security use cases, and to build full-featured IoT applications that are connected to the cloud.

The board features:

OPTIGA Trust M hardware security module
PSoC™ 62, an Arm® Cortex®-M4/M0+ microcontroller
AIROC™ CYW43012 combined Wi-Fi® and Bluetooth® wireless networking chip. A low-power device, the CYW43012 supports dual-band Wi-Fi and the Bluetooth 5.0 specification.

This development board is delivered with two ready-to-use cloud security implementations:

Secured communication with AWS over MQTT using cryptographic support provided by the OPTIGA Trust M chip.
Secured zero-touch cloud provisioning using the Infineon cloud ID solution and the pre-provisioned X.509 certificate delivered with the OPTIGA Trust M.

This development kit can also be used to build additional IoT security applications, such as IP protection, cryptography offloading, and secure firmware updates.

The kit is supported by the ModusToolbox™ software development system. The OPTIGA Trust M host library is available as open-source code.

Video link

Unboxing of the OPTIGA™ Trust M IoT Security Development Kit, at:

https://www.youtube.com/watch?v=SCcFV5euPls