The netX 90 SoC is unique in having a dual-CPU ARM architecture, one serving the network-side real-time data communications, the other serving device-side application. This separation of functions reduces or eliminates the risk of external attacks reaching critical applications. This is reinforced by a central block of shared functions including secure boot and firewall protection, ensuring that in the world of industrial communications, netX 90 is the most secure interface component produced by Hilscher in its 30-year history. netX 90 can support Defense-in-Depth security solutions in accordance with IEC 62443 standards.
netX 90 provides a range of mechanisms for protecting against attack and ensuring data integrity. Users have considerable choice in how security features are deployed. At switch-on, the mask-based ROM code drives a “secure boot” process to establish the Root-of-Trust on which application software modules are loaded. The resulting “Chain of Trust” guarantees systems start up in a well-defined state. Protection against unauthorized modification is ensured with verification of the software publisher/vendor using a signature scheme based on public-key mechanisms (ECC, RSA).
Properly implemented, this means users can be confident that the device has been deployed correctly, safely and securely. To conform with fast start-up requirements, the secure boot procedure is fully hardware accelerated.
Ensuring that the right data is transferred to the correct recipient without interference is achieved using cryptographic techniques applied by the embedded TLS from ARM, which offers a lightweight library that’s well-suited to embedded devices. Public and private keys can be used, with the choice of cipher suite decided by the user. There are 141 cipher suites in total. The on-chip hardware accelerator handles the computationally expensive cryptographic functions, including decryption, key-generation, key exchange, authentication, data integrity algorithms, etc.
This relieves the main CPU of load and at the same time reduces on-chip memory footprint. Compared to software-based solutions this significantly improves performance and assures the real-time capability of the device. Download netX 90 Whitepaper.