MERI developed a Software and Hardware Complex for cryptographic protection of IoT devices

MERI engineers developed a Software and Hardware Complex "Zvezda" for cryptographic protection of the information in IoT devices.

The solution consists of a chip integrated into end devices and a cryptographic server, which protects the data communication channel with end devices and manages cryptographic keys.

The microcircuit is a protected microcontroller MIK51BC16D for smart cards with the Trust 3.30i operating system and integrated applications "Endpoint Device Security Element (SE)" and "Cryptoserver Security Element (CSE)". It is supplied in LGA-40 package as a smart card or a SIM-card.  Cryptoservice and the embedded operating system Trust 3.30i are both registered by Rospatent (№2021610059 dated 11.01.2021 and №2021611726 dated 04.02.2021).

In the Internet of Things, it is important to protect the transmitted information, to ensure its integrity, confidentiality and authenticity. "Zvezda" performs the function of a virtual secure data transmission channel between the end device and the application server. The complex has a modular structure and is easily integrated in end devices as well as in server infrastructures. It uses a compact data protection protocol CRISP, specially developed for the Internet of Things and standardized in Russia in 2019. This protocol is failure resistant and doesn’t need a secure session to be set up in advance. All CRISP messages are self-sufficient.

“Zvezda” uses the latest Russian cryptographic algorithms  GOST P34.10-12, GOST P34.11-12, GOST P34.13-15, including block algorithm GOST Р34.12-2015 “Magma”, crypto-envelopes for transferring cryptographic keys, algorithms for generating and verifying electronic signatures.

Using the Software and Hardware Complex it is possible to manage the key information remotely without unmounting the device for routine replacement of cryptographic keys.
“Zvezda” signs messages with a full-fledged electronic signature which allows the end user (application provider) to check the integrity and authenticity of any message, including archived ones, regardless of the communication provider and the complex itself.

The keys are managed in the most secure way using open keys infrastructure. “Zvezda” meets all the security requirements and can be used in critical infrastructure. In the end device Russian first-level microchip is used. It means that the chip is fully designed and produced in Russia. The complex guarantees the high level of security and allows the companies to comply with federal safety law requirements.

It also has additional capabilities such as remote management of cryptographic keys on end devices and generation of electronic signatures by the end devices and the crypto service, and ensures fault tolerance of the crypto service.

On bench tests a cryproservice with a cluster of 8 CSE provided processing of over 10 mln operations per day while emulating the operation of a test network with 10 thousand end devices.

“Globally, the IoT market is growing and its growth will continue: according to J’son & Partners’ forecast, 56 million connected devices will operate in Russia by 2025,” comments Alexander Kravtsov, chief designer of MERI. “The demand for IoT ICs will also grow to improve performance and optimize maintenance. It is extremely important for critical infrastructure facilities in the field of the Internet of Things to ensure a high level of security, since this is directly related to technological and information security. The Zvezda hardware and software complex is based on a "first level" microcircuit developed and manufactured in Russia. Its use provides the required level of information protection and gives new opportunities for the development of national IoT projects. "