Infineon Technologies Security Solutions for Artificial Intelligence

More About Infineon Technologies

Artificial Intelligence (AI) systems can be complex and scalable, making them challenging to secure, especially in distributed or edge computing environments. AI systems are also constantly evolving, with threats emerging regularly, making it challenging to stay ahead of potential security risks. Infineon's solutions are designed to protect AI infrastructure from edge-to-cloud, ensuring that AI models, data, and systems remain secure and trustworthy.

Trusted Platform Modules (TPM)

The OPTIGA TPM SLB 9672 and OPTIGA TPM SLB 9673 are ready-to-use Trusted Platform Modules (TPMs) from Infineon, designed to provide a secure environment for a range of applications, including Internet of Things (IoT), industrial control systems, and AI. Both modules are based on the TPM 2.0 specification and provide a secure environment for key storage, encryption and decryption, secure boot, and support post-quantum cryptography (PQC)-protected firmware updates.

These TPM modules are ideal to support computing platforms and embedded system use cases that call for robust security, such as:
• Protection of keys and secrets
• Anti-counterfeiting
• Device health attestation to verify device integrity
• Secured firmware updates
• Secured cloud onboarding
• Secured channel for encrypted, protected communication with Transport Layer Security (TLS)

Hardware-based security with TEE

OPTIGA TRUST M SLS32AIA is a comprehensive security solution and an easy way to add security to existing IoT designs. The solution is based on an advanced security controller with built-in tamper-resistant non-volatile memory (NVM) for secure storage and supports various cryptographic engines. These devices provide extremely flexible, high-performance, secure access to any major cloud provider for industrial and building automation, smart home, and consumer applications.

OPTIGA Trust M provides:
• Hardware-based security
• Trusted execution environment
• Secure key management
• Compliance with AI security standards
• Flexibility and scalability

AI Microcontrollers

PSOC Edge E84 MCUs are highly secure microcontrollers that provide state-of-the-art security features to protect AI applications. The secure boot, hardware-based security, encryption, and secure key storage mechanisms ensure that sensitive data and code are protected from unauthorized access. Additionally, the MCUs AI-specific security features, such as secure AI model storage and secure AI inference, ensure that AI models and data are protected from unauthorized access and tampering.

PSOC Edge E84 provides:
• Secure boot
• Hardware-based security
• Encryption
• Secure key storage
• Trusted Execution Environment (TEE)
• Secure debug
• Anti-tamper (voltage and temperature monitoring)
• Secured firmware updates
• AI model storage and secure AI inference
• Compliance with security standards, including up to PSA Level 4 Certified, SESIP, and IEC 62443

Features

OPTIGA Trust M - a comprehensive security solution providing a trusted environment for AI model development, deployment, and execution
- Based on CC EAL 6+ (high) certified hardware
- ECC - NIST curves up to P-521, Brainpool r1 curve up to 512
- RSA^® up to 2048
- AES key up to 256, HMAC up to SHA-512
- TLS v1.2 PRF and HKDF up to SHA-512
- TRNG/DRNG
- I²C interface with shielded connection
- Hibernate mode for zero power consumption
- USON-10 package (3mm x 3mm)
- Standard and extended temperature ranges from -40°C to +105°C
- Up to 10kB user memory
- Protected updates
- Usage counters
- Dynamic object (e.g., credentials) locking
- Configurable device security monitor
- Lifetime of 20 years for industrial and infrastructure applications
- Cryptographic ToolBox commands for SHA-256, ECC and RSA features, AES, HMAC, and Key derivation
- MIT-licensed software framework on GitHub (github.com/Infineon/optiga-trust-m)

OPTIGA TPM
- High-end standardized security controller
- PQC-protected firmware update mechanism using XMSS signatures
- Support for TCG TPM 2.0 standard (revision 1.59) specifications
- TCG, CC, and FIPS certifications
- Windows HLK certification
- Support for various cryptographic algorithms: up to RSA-4096, AES-128, AES-256, ECC NIST P256, ECC BN256, ECC NIST P384, SHA-1, SHA2-256, SHA2-384
- Extended non-volatile memory (51kB)
- SPI interface
- Thin UQFN-32 package
PSOC Edge E84 MCUs - state-of-the-art security
- Lockstep secured enclave in a low-power always-on domain
- Infineon Edge Protect Category 4 / Platform Security Architecture (PSA) Level 4
- Off-the-shelf trusted Firmware-M enablement and Mbed-TLS for crypto operations