NXP – Kinetis® K8x MCUs: Essential Security Considerations for the Edge Node


In today’s interconnected and globalized world, almost every electronic product and application is at risk of loss due to theft of information. The impact of this loss can take one or more of the following forms:
• Financial – loss of revenue, funds or brand equity
• Safety – endangering lives
• Operational – reducing availability of services or equipment
• Privacy – loss or theft of personal information

In the Internet of Tomorrow, more devices will be connected to each other, bringing greater utility to our daily lives, but also offering a myriad of opportunities for security breaches. As technology propagates in the form of millions upon millions of nodes, the physical accessibility of devices will pose a problem allowing the possibility of unlimited attacks. In addition, with new usage cases delivering critical information, there will be a growing dependence on the data provided by edge nodes. There will be a need for assured service and protection from network overload threats. Access to data must be protected to address the possibility of data misuse. Edge nodes must be built with support for firmware updates to mitigate weaknesses as they arise.

Types of Attacks
The creativity and resourcefulness of attackers is astounding. Types of attacks can be classified in terms of investment, the type of attacker and equipment used. There are invasive, semi-invasive and passive attacks, which can all lead to a security breach. Protection schemes (physical or electrical) can vary broadly, from secure packaging to secure electrical tamper meshes.

Essential Security Strategy
The essential security strategy must consider these four features:

  • Trust – Ensuring that edge nodes are used as intended every time is basic, so firmware will not be at risk from outside attacks like malware.
  • Cryptography – Encoding and decoding data to prevent malicious attackers from accessing valuable information.
  • Anti-Tamper – Detecting if an attack is occurring and then reacting accordingly creates a strong defense for a broad range of attacks.
  • Firmware Updates – Updating firmware safely allows edge nodes to mitigate weaknesses as they arise.


Security with Kinetis K8x MCUs
Kinetis MCUs leverage years of security expertise and resources to make it easier for designers to protect their products from various types of attacks. Kinetis MCUs integrate secure functions that previously required a multi-chip solution, into a single monolithic design.

NXP’s Kinetis K8x MCUs make it easier than ever to implement security into your design. Kinetis K8x MCUs deliver:

  • On-chip flash security and protection mechanisms, debug port configuration, unique ID, and boot from internal memory only, to help avoid the use of edge nodes from outside attacks.
  • Hardware asymmetric cryptography that completes sign and verify functions with an order of magnitude improvement over software, reducing power, improving code efficiency, while meeting the needs of the latest secure communications protocols.
  • Embedded tamper resistance capabilities to protect against both physical and passive attacks.
  • The ability to execute from encrypted external memory, supporting on-the-fly AES-128 decryption with zero cycle incremental delay for high throughput external serial NOR flash with built-in ROM routines, including boot ROM to support encrypted firmware updates.

Addressing security must be a priority as edge nodes physical accessibility represents a challenge of broad attacks. Access to data must be protected to tackle the possibility of data breaches. The Kinetis K8x MCU family is the most secure ARM® Cortex®-M class platform with advanced technology to support the growing need for security and evolving designs for the Internet of Tomorrow, while having features and enablement to reduce development time, optimize cost and power consumption.

* Documentation for the Kinetis K81 MCU family, featuring anti-tamper capabilities, requires a non-disclosure Agreement (NDA) with NXP.