Securing Unprotected Devices is Essential in the IoT Age
Download this article in PDF format.
As the Internet of Things (IoT) becomes more mainstream, every device—sensors, actuators, embedded microcontrollers, or smart appliances—needs to be protected from hacking, data breaches, and other security vulnerabilities. In particular, security is always a concern when deploying cloud services because it necessitates storing and using secret keys in the microcontroller—which, if unprotected, can expose them.
One way to hack an IoT device is to physically attack the embedded system and spoof the private key, which may be located in the clear of a microcontroller memory. If the private key is spoofed, the device can be impersonated by an unauthorized user who can then control the device’s transactions. Once accessed, a scalable remote attack could be launched, leveraging corrupted IoT devices as entry points.
Sponsored Resources:
- DM320118 CryptoAuth Trust Platform
- DT100104 Secure Element Add-On Board
- ATECC608A CryptoAuthentication™ Device
Authentication Approach
To counteract this and other threats, cloud providers and IoT developers are turning to hardware-based authentication to protect secret keys from physical attack and remote extraction, prevent spoofing, and defend against unauthorized firmware updates.
There are many compelling reasons why authentication using unique credentials is an effective countermeasure. For starters, it enables you to comply with IoT security models requiring mutual authentication with a remote server to be authorized on the cloud. What’s more, secure-key provisioning defeats the risk of a device being exposed to software, firmware, manufacturing sites, end users and other third parties during and after production.
But here’s the thing: Adding authentication presents several challenges of its own, including securely storing the private key in the device, possibly shipping the private key across the globe for a project and ensuring a secure manufacturing flow.
To do all of this usually involves extensive security expertise, development time, and cost. As such, manufacturers typically have only been able to support configuring and provisioning for high-volume orders, leaving companies with low- to mid-sized deployments with lesser options.
The Trust Platform
That tradeoff, however, is coming to an end. One of Microchip Technology’s latest creations is a Trust Platform for its CryptoAuthentication family, enabling companies of all sizes to easily implement secure authentication (Fig. 1). According to the company, this pre-provisioned solution is the industry’s first to provide secure-key storage for low-, mid- and high-volume device deployments while eliminating the need for extensive knowledge about handling and securing keys.
1. Microchip’s three-tiered Trust Platform for its CryptoAuthentication family enables OEMs of any size and security expertise to implement secure hardware device authentication. (Source: Microchip)
The Trust Platform consists of a three-tier offering, providing out-of-the-box, pre-provisioned, pre-configured, or fully customizable secure elements, allowing developers to choose the platform best suited for their individual design. The three tiers are Trust&GO, TrustFLEX, and TrustCUSTOM. Let’s look at these tiers one at a time:
Trust&GO
The Trust&GO platform was developed to be a quick and easy way to implement secure authentication in IoT designs. With a minimum orderable quantity (MOQ) of just 10 units, this solution is well-suited for small projects as well as larger-scale deployments.
Stack code examples available for Trust&GO include authentication for Amazon Web Services (AWS) IoT, Microsoft Azure IoT Hub, LoRaWAN networks and Third-party Transport Layer Security (TLS) protocols, all designed to facilitate privacy and data security for communications over the Internet.
The CryptoAuth Trust Platform consists of three secure elements: ATECC608A-TNGTLS (Trust&GO), ATECC608A-TFLXTLS (TrustFLEX) and ATECC608A-MAHDA (TrustCUSTOM). Each of the secure elements has a different I2C address that enables its communication with the host MCU, which eliminates any line-contention issues.
As with all CryptoAuthentication devices, the Microchip family also delivers low-power consumption, requires only a single GPIO over a wide voltage range, and has a small form factor, suiting it for a variety of applications that require longer battery life and flexible form factors.
Microchip’s ATECC608A-TNGTLS is the Trust&GO secure element. Thanks to the CryptoAuthLib library, it can be paired with any microcontroller and microprocessor running encryption/decryption algorithms. CryptoAuthLib works on a variety of platforms, including Arm Cortex-M-based or PIC microcontrollers, PCs running the Windows operating system, or an embedded Linux platform. The CryptoAuthLib software support library is available in both C and Python versions.
ATECC608A-TNGTLS streamlines the process of enabling network authentication; device credentials are pre-programmed, shipped, and locked in the device (and not changeable) for automated cloud or LoRaWAN authentication. The part comes preconfigured with default thumbprint certificates, reducing the cost incurred by a third-party certificate authority as well as the complexity of dealing with certificates as a whole.
Supplying a full range of security functions such as confidentiality, data integrity, and authentication, ATECC608A-TNGTLS provides Common Criteria Joint Interpretation Library’s (JIL) “high” rated secure-key storage, giving customers confidence that devices implement industry-proven security practices. Another important feature integrated in the device is its AES128 hardware accelerator, which enables secure-boot capabilities for very small microcontrollers and hardware-based cryptographic countermeasures that eliminate potential backdoors linked to software weaknesses.
TrustFLEX
As its name implies, TrustFLEX has more flexibility than the Trust&GO option. Like Trust&GO, TrustFLEX products have been developed to simplify the way hardware security is added to IoT Cloud solutions.
TrustFLEX offers the flexibility to use the customer’s certificate authority while benefiting from pre-configured use cases to speed up development and reduce the complexity of the onboarding process. These use cases include baseline security measures such as TLS-hardened authentication for connecting to any IP-based network using any certificate chain, LoRaWAN authentication, secure boot, over-the-air (OTA) updates, IP protection, and key rotation.
Managed Cloud services like AWS IoT, Microsoft Azure, and Third-party TLS connections support certificate-based authentication, but the trust in the device identity will depend entirely on how well the device’s private key is protected. This challenge can be addressed by using the TrustFLEX ATECC608A-TFLXTLS, which is pre-configured and provisioned with a changeable default thumbprint certificate. TrustFLEX has a MOQ of 2,000 units.
TrustCUSTOM
TrustCUSTOM enables customer-specific configuration capabilities and custom credential provisioning. TrustCUSTOM takes longer to implement and has more steps, but it’s fully customizable. Developers start with the ATECC608A-TCSM secure element and use tools provided by Microchip to meet the security requirements they choose. TrustCUSTOM requires contact with Microchip sales and a non-disclosure agreement (NDA) must be established. MOQ must be at least 4,000 units.
Development Tools
Development tools are provided for both software and hardware to assist in prototyping. Microchip's DM320118, for example, is a USB-based development kit including a SAM D21 MCU, debugger, mikroBUS socket, and on-board ATECC608A secure element with Trust&GO, TrustFLEX, and TrustCUSTOM options.
Other development tools include:
- The ATECC608A Trust Platform Kit, an add-on board (DT100104) for the CryptoAuth Trust Platform and other Microchip development platforms that contain a MikroBUS header. This kit provides a MikroBUS footprint for adding soldered-down versions of Trust&GO, TrustFLEX, or TrustCUSTOM secure elements.
- The Google Cloud IoT Core Secure Authentication Kit with 32-bit MCU, which can be used to learn how to implement a hardware root of trust and secure your authentication to the Google Cloud IoT Core. It includes an ATWINC1500 Wi-Fi device, SAM D21 microcontroller, and ATECC608A secure element.
- Mikroelektronika Click add-on boards, an easy way to add sensors, a human-interface, control, or wireless communications (e.g., transceivers, LED displays, and more) to a design. Click boards include an ATWINC1500 Wi-Fi module and can be used to add TCP/IP and TLS links to the CryptoAuth Trust Platform Development Kit (DM320118) (Fig. 2).
- The MikroBUS shuttle, a small add-on board, intended to be used with Shuttle Click to expand the MikroBUS socket with additional stacking options. One Shuttle Click can support up to four MikroBUS Shuttles.
2. The DM320118 is a USB-based development kit that includes a SAM D21 MCU, debugger, mikroBUS socket, and on-board ATECC608A secure element with Trust&GO, TrustFLEX, and TrustCUSTOM options.
Using these development tools and Microchip provisioning systems allows for even low-volume projects to readily implement secure authentication into an application.
Summary
Microchip’s Trust Platform provides hardware-based secure-key storage for low-, mid- and high-volume deployments. Its CryptoAuthentication devices are small, low-power devices that work with any microcontroller or microprocessor to provide flexible solutions for securing IoT nodes used in home automation, medical devices, wearables and many other applications. The platform offers hardware-based secure storage to effectively keep secret keys hidden from unauthorized users and can be used to protect the authenticity of consumables and accessories.
So, in a nutshell, for deployments of as few as 10 units to up to many thousands of devices, the Microchip Trust Platform presents a cost-effective, flexible solution for onboarding secure elements in your design and accelerating a product’s time-to-market.
Sponsored Resources: