Secure MCUs to Open Up Embedded IoT Opportunity

Subscribe To Download This Insight

By Michela Menting | 1Q 2018 | IN-5018

ABI Research has started tracking a fairly nascent market in the microcontroller (MCU) space that is focusing on embedded security. Hitting the market in 2015, but gaining real traction only last year, this class of MCUs is a less resource-intensive, discrete version of a trusted execution environment (TEE), designed specifically for low-end IoT devices. Known as a secure MCU, it is being driven by the likes of Renesas (Synergy), NXP (Kinetis), STMicroelectronics (ST33), and Qualcomm (with the upcoming Snapdragon 845).

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.

 

An IoT Opportunity

NEWS


ABI Research has started tracking a fairly nascent market in the microcontroller (MCU) space that is focusing on embedded security. Hitting the market in 2015, but gaining real traction only last year, this class of MCUs is a less resource-intensive, discrete version of a trusted execution environment (TEE), designed specifically for low-end IoT devices. Known as a secure MCU, it is being driven by the likes of Renesas (Synergy), NXP (Kinetis), STMicroelectronics (ST33), and Qualcomm (with the upcoming Snapdragon 845).

With the market still emerging, ABI Research forecasts 2018 secure MCU shipments to remain low key, coming in at just under 20 million globally by end of year (see the ABI Research market data Digital Authentication and Embedded Security (MD-DAES-106)). However, by 2022, shipments are expected to hit more than 350 million. The driving force behind this dynamic growth is the availability of increasingly powerful MCUs (and notably the Arm Cortex-M family) that can process more resource-intensive security capabilities, and not just for high-end IoT devices. In addition, the growing IoT threat landscape is pushing implementers to demand better security solutions in the embedded space, particularly around authentication, access control, data protection, and functional safety. The primary sectors driving demand for secure MCUs are utilities and industrial applications; smart homes, cities, and buildings; and wearable devices. 

Embedding Security

IMPACT


The secure MCU has emerged under the umbrella of the authentication integrated circuit (IC) to fill the gap between those technologies used in smartcards, and the more resource-intensive hardware security modules (HSM), trusted platform modules (TPM), and TEEs that have traditionally served the PC and mobile markets. Broadly speaking, the secure MCU is a type of authentication IC, but with fuller processing capabilities and the possibility of programming the software to perform different tasks (such as the ability to be provisioned for a hardware-based root of trust, for example), as opposed to a simpler IC that reads data from input and performs actions based on instructions written in the memory (and so generally performs only that one task).

To be precise, a secure MCU is essentially a tamper-resistant microcontroller using a dedicated security-hardened CPU (ranging from 8-bit to 64-bit) with dedicated encryption engines, libraries and random number generators (and accelerators), and secure non-volatile (NV) storage. Further, the features allow for secure communication and data protection, in addition to hash functions for authentication purposes and IP protection. The critical differentiator to other MCUs is that it holds an immutable key embedded in the NV storage/memory. 

Propitious Context

RECOMMENDATIONS


A number of elements are set to bolster the secure MCU market moving forward. The first is a parallel interest by IoT implementers in device life cycle management platforms, in a movement being dubbed “silicon-to-cloud” by solution providers. For semiconductors and OEMs, this is an opportunity to expand on post-market servicing, including secure OTA, updates, and patch management, and anchor trust in those services at the hardware level.

The second is the growing concern in policy and legislative circles on expanding IoT security regulation. Both in the United States and in Europe, efforts are intensifying to address gaps in cybersecurity regulation and national strategies as they relate to IoT devices, networks, and data.

Finally, the Spectre and Meltdown vulnerabilities exposed in recent mainstream media will force the tech industry to take a cold, hard look at DevOps and other product development practices. By sacrificing security for performance in CPUs, semiconductors and OEMs have exposed more than 90% of IT devices released on the market in the last decade, and the fallout is costing them dearly, both financially and reputationally. A similar outcome in the IoT ecosystem, even in a few years’ time, will undoubtedly drive many to ruin. 

Services

Companies Mentioned