In the age of the IoT, hardware-based security is the only way to protect secret keys from physical attacks and remote extraction. However, extensive security expertise, development time, and costs are required to configure and provision each device. Microchip has developed a key security service, called Microchip’s Trust Platform for its CryptoAuthentication family, that provides an easy way for OEMs, small or large, to implement secure authentication for hardware devices. The service provides a secure system to manufacture device keys and a supply chain to generate custom part numbers
“You need keys for all devices,” said Xavier Bignalet, Product Marketing Manager of the Secure Products Group for Microchip Technology, in a conference call with FierceElectronics last week. “The problem is you need keys for all devices and need to be able to easily customize them."
Based on the ATECC608A secure element, the Trust Platform is available in three tiers to meet the needs of users ranging from out-of-the-box pre-provisioned to fully customizable. The ATECC608A provides Common Criteria Joint Interpretation Library (JIL) “high”-rated secure key storage, giving customers confidence that devices implement industry-proven security practices and the highest level of secure key storage. Hardware-based root of trust storage and cryptographic countermeasures protect the device against the widest classes of known physical attacks.
RELATED: Report projects embedded security semiconductor shipments to exceed 4 billion units by 2023
The first Trust Platform service, called Trust&GO, is aimed at low-volume users who require a complete security solution developed by Microchip. The customer does not need to know how to choose a root certificate, define an authentication model, or understand other security concepts. It provides zero-touch pre-provisioned secure elements with a Minimum Orderable Quantity (MOQ) as low as 10 units. Device credentials are pre-programmed, shipped and locked inside the ATECC608A for automated cloud or LoRaWAN authentication onboarding.
The second, Trust Flex, starts with pre-configured only device policies and covers the most common use cases. These use cases include baseline security measures such as Transport Layer Security (TLS) hardened authentication for connecting to any IP-based network using any certificate chain, LoRaWAN authentication, secure boot, Over-the-Air (OTA) updates, IP protection, user data protection and key rotation. Customers would need to supply information such as the secure boot public key, secure boot public master key, accessory/IP protection master secret, and PKI chain. This reduces the time and complexity involved in customizing the device without requiring customized part numbers.
A third option, TrustCUSTOM, gives the user the most flexibility by starting with a blank device. It allows customer-specific configuration capabilities and custom credential provisioning.
Microchip worked with Amazon Web Services (AWS) to enable a straightforward and simplified onboarding process into AWS IoT services for products designed with all variants of the Microchip Trust Platform.
The ATECC608A secure element can be paired with any microcontroller and microprocessor. For rapid prototyping of secure solutions, designers can use the Trust Platform Design Suite, which includes a guided “use case tool,” executable Python tutorials running on Jupyter notebooks, C code examples for each use case, a “secret exchange” utility and Trust Platform hardware development kits.