4.1 HSM

HSM on the PIC32CX SG family of devices presents a wide variety of cryptographic features and security functions. Offers high-performance accelerators for cryptographic functions, secure key storage capabilities, secure boot, Message Authentication Code generation, debug functions, and a real-time clock with integrated tamper response features. Integrating an HSM can help developers make their product more secure, it also helps protect against different types of cyber threats and attacks.

The following are the key features of HSM on the PIC32CX SG60/SG61 family of devices:

• High-Performance Cryptographic Accelerators: The HSM includes hardware accelerators for various cryptographic algorithms, providing high performance and efficiency for security operations. Some supported algorithms are AES-CMAC, HMAC, SHA-256, RSA, and ECC.
• Secure Non-Volatile Key Storage: The HSM stores cryptographic keys securely in non-volatile memory, protecting them from unauthorized access. Nonvolatile memory is utilized for storing certificates and secret or private keys. The device’s external pins do not provide direct access to this memory.
• Secure Boot: The HSM supports secure boot functionality, which ensures that the microcontroller only executes authenticated and authorized firmware. This prevents the execution of malicious or tampered code.
• AES Encryption/Decryption Support: The AES is a popular encryption method that uses the same key for both encrypting and decrypting information. In contrast, the RSA is an encryption technique that employs a pair of keys and is often utilized for secure key exchange, digital signatures, and verifying identities. Incorporating dedicated hardware for these operations allows the microcontroller to process sensitive data with greater security and efficiency.
• Random Number Generator (RNG): A RNG is a tool or algorithm designed to generate a series of numbers that do not follow any discernible pattern. This RNG adheres to the NIST SP800-90A/B/C standard guidelines.