Version 10


    IoT III: IoT Security

    Sponsored by


    The element14 ESSENTIALS of IoT Security covers the fundamentals of IoT security, including types of security threats, standard security algorithms, error correction, cryptography, and security from end-nodes through applications.  To extend the knowledge covered in the main module, this supplementary guide discusses the types of related components or development boards available for prototyping new products or building projects.

    Go to Learning Module


    Secure Element


    A71CH Plug & Trust Secure Element

    Buy NowBuy Now

    The A71CH is a ready-to-use solution providing a root of trust at the IC level. It is a platform capable of securely storing and provisioning credentials, securely connecting IoT devices to cloud services, and performing cryptographic node authentication. The A71CH solution provides basic security measures protecting the IC against many physical and logical attacks. It can be used with various host platforms and host operating systems to secure a broad range of applications.

    Protected Access storage, generation, insertion or deletion of 4 key pairs (ECC NIST P-256)

    Secure key management

    Protected Access storage, insertion or deletion of 3 public keys

    Signature generation and verification (ECDSA)

    Shared secret calculation for Key Agreement (ECDH or ECDH-E)

    Protected Access storage and use of 2 monotonic counters (32 bits each)

    Protected Access storage, insertion or deletion of symmetric secrets (8x 128 bits); longer keys can be used by using a Constructed Secret type

    Content protected access to keys

    A unique chip ID (18 bytes)

    HKDF key derivation using the symmetric secrets as key, Extract & Expand or Expand only modes

    HMAC SHA256 calculation in one shot or sequential

    Freezing of credentials (= OTP behavior)

    Secure channel SCPO3 GP support

    (Optional) trust provisioning of key pairs, public keys, symmetric secrets, etc.


    OM3710/A71CHARD - Development Board, A71CH Plug & Trust Secure Element

    Buy NowBuy Now

    The OM3710/A71CHARD is a complete development kit for the A71CH Plug & Trust secure element, enabling easy and fast development of secure IoT applications. It contains an A71CH-MiniPCB board connected to an Arduino-R3 compliant board thru I2C male/female 4-pin strip connectors. There is also the option to connect and test an A1006 secure authenticator device (contained in OM13589) to the same I2C bus.

    Easy plug-and-play of A71CH MiniPCB on Arduino-R3 compliant adaptors, compliant to any NXP MCU/MPU development board with Arduino compatible headers

    Easy IoT application development using the A71CH API and available MCUxpresso examples

    Compliant with any NXPMCU/MPU development board with Arduino compatible header, including many i.MX, Kinetis and LPC boards


    Secure Authenticator IC


    A1006UK/TA1NXZA1006UK/TA1NXZ - Secure Authenticator

    Buy NowBuy Now

    The A1006 Secure Authenticator provides a security solution to prevent counterfeits. With low power consumption, a small footprint, and flexible interfaces, the A1006 offers superior security that is easy to integrate into a range of electronic devices that are common targets of electronic counterfeiters. The A1006 Secure Authenticator IC is built with strong protection against various invasive and noninvasive attacks. The IC is manufactured in NXP's certified secure manufacturing facilities to prevent key leakage during the fabrication process and certified secure servers are used to create and provision die-individual keys and certificates.

    Strong authentication using asymmetric authentication protocol based on NIST B-163 elliptic curve

    Digitally signed certificates using 224bit ECDSA and SHA-224 digest hash

    4Kbit EEPROM supports two certificates, system memory, and user needs

    Flexible interfaces: 400kbps I2C or a 100Kbps bus powered one wired interface with 8kV IEC61000-4-2 ESD protection

    Very low power consumption (50µA typ, 500µA max) and a deep sleep mode with power consumption 1µA at 1.8V power supply


    NXP Rapid IoT Prototyping KitNXP Rapid IoT Prototyping Kit

    Buy NowBuy Now

    The Rapid IoT Prototyping Kit is a comprehensive, secure and power-optimized solution designed to accelerate prototyping and development of an IoT end node. It integrates 11 NXP devices (microcontroller, low-power connectivity, sensors, NFC, secure element, power management, interface) in a small form-factor hardware design, and combines them with proven software enablement (e.g., drivers, RTOS, middleware, cloud connect) and a web IDE with GUI based programming.

    Kinetis® K64 MCU based on Arm® Cortex®-M4 Core

    KW41Z Wireless MCU (BLE, Thread, Zigbee)

    NT3H2211 NFC Forum Type 2 Tag

    A1006 Secure Authentication & anti-counterfeit IC

    Automatic source code & project generation for MCUXpresso IDE/SDK)

    Expandable to most IoT end-node use cases with 400+ Click boards™

    Compatible with NXP IoT Modular Gateway


    MCU with basic security hardening


    FRDM-KL82ZFRDM-KL82Z -  Development Board, Kinetis Ultra-Low-Power KL82 MCUs

    Buy NowBuy Now

    The FRDM-KL82ZFRDM-KL82Z is a Freedom development board, based on the KL82 MCU family, featuring high performance, encryption features, and ultra-low power capabilities.

    Hardware asymmetric cryptography – high-speed, code and power-efficient data authentication with support for the latest encryption protocols

    EMV®-compatible with ISO7816-3 SIM interfaces – architected for EMV compliance and supported by an EMV Level 1 software stack

    QSPI interface to expand program memory

    Sleep mode power consumption from 2.5 µA with the SRAM content retained and RTC enabled

    Crystal-less USB OTG controller, 16-bit ADC and multiple serial communication interfaces can all function autonomously in low-power modes with minimal CPU intervention


    LPC54005JBD100E -- LPC540xx 32-bit ARM Cortex-M4 Microcontroller

    Buy NowBuy Now

    The LPC54005JBD100E is based on the NXP LPC540xx family of ARM Cortex-M4 based microcontrollers for embedded applications. The ARM Cortex-M4 is a 32-bit core that offers system enhancements such as low power consumption, enhanced debug features, and a high level of support block integration.

    ARM Cortex-M4 processor, running at a frequency of up to 180 MHz

    Floating Point Unit (FPU) and Memory Protection Unit (MPU)

    ARM Cortex-M4 built-in Nested Vectored Interrupt Controller (NVIC)

    Non-maskable Interrupt (NMI) input with a selection of sources

    On-chip memory: Up to 360 KB total SRAM consisting of 160 KB contiguous main SRAM and an additional 192 KB SRAM on the I&D buses. 8 KB of SRAM bank intended for USB traffic

    Secure Hash Algorithm (SHA1/SHA2) module supports boot with dedicated DMA controller


    MIMXRT1064-EVK -  Evaluation Kit, i/MX RT1064 Processor

    Buy NowBuy Now

    The i.MXRT1064-EVK development platform is based on the i.MX RT1064 series crossover processor. The i.MX RT1064 is a new processor family featuring NXP’s advanced implementation of the Arm Cortex®-M7 core, which operates at speeds up to 600 MHz to provide high CPU performance and best real-time response. The i.MX RT1064 processor has 4 MB on chip Flash and 1 MB on-chip RAM. 512 KB SRAM can be flexibly configured as TCM or general-purpose on-chip RAM, while the other 512 KB SRAM is general-purpose on-chip RAM.

    Supports single Arm Cortex-M7 MPCore

    Integrated MPU, up to 16 individual protection regions

    Tightly coupled GPIOs, operating at the same frequency as Arm

    Up to 512 KB I-TCM and D-TCM in total

    Frequency of 600/528 MHz

    Secure Hash Algorithm (SHA1/SHA2) module supports boot with dedicated DMA controller

    Security functions are enabled and accelerated by the following hardware:

    High Assurance Boot (HAB)

    Data Co-Processor (DCP): AES-128, ECB, and CBC mode; SHA-1 and SHA-256; and CRC-32

    Bus Encryption Engine (BEE); AES-128, ECB, and CTR mode; and On-the-fly QSPI Flash decryption

    True random number generation (TRNG)

    Secure Non-Volatile Storage (SNVS): Secure real-time clock (RTC) and Zero Master Key (ZMK)

    Secure JTAG Controller (SJC)


    MPU/AP with basic security hardening and TrustZone



    Buy NowBuy Now

    The Layerscape LS1012A Freeway (FRWY-LS1012A) board is a development platform based on the QorIQ® LS1012A processor, which is optimized for battery-backed or USB-powered, space-constrained networking and IoT applications. It integrates a single Arm® Cortex®-A53 core running up to 1GHz with a hardware packet forwarding engine and high-speed interfaces to deliver line-rate networking performance in an ultra-small size envelope at 1W typical power dissipation. The LS1012A incorporates the same Trust Architecture and software compatibility of higher-tier QorIQ LS family devices, enabling scalable, secure applications that leverage a common 64-bit software platform. LS1012A contains one 64-bit Arm® Cortex®-A53 core processor with the following capabilities:

    256 kB L2 cache w/ECC

    Neon SIMD Co-processor

    Arm v8 Cryptography Extensions

    Packet Forwarding Engine (PFE)

    Cryptography acceleration (SEC)

    QorIQ Platform’s Trust Architecture


    *Trademark. NXP is a trademark of NXP Semiconductors N.V. Other logos, product and/or company names may be trademarks of their respective owners.