End-to-end IoT security simplified

Securing an IoT device's communication with cloud services from end to end can be a daunting challenge. One of the biggest problems is the assignment, protection and management of public decryption keys and certificates for authentication of deployed devices. To simplify those efforts for developers, Microchip in conjunction with Amazon Web Services or AWS has developed a secure provisioning platform and associated support chip that streamline IoT security.

OEMs creating IoT devices, particularly for business and industrial apps, will need to ensure the security of the devices' connections to their web servers. But ensuring security requires more than simply supporting encryption in the design, Microchip's product marketing engineer Eustace Asanghanwa explained in an interview with EE Times. Encryption depends on the use of keys, which must themselves be kept safe if the communications are to be trustworthy. It is the generation, sharing, and management (including protection) of these keys that create the challenges for IoT OEMs.

Some of the key challenges OEMs face, Asanghanwa said, include securely generating a unique key for each device, protecting the confidentiality of keys throughout the manufacturing chain, ensuring that device end users can readily establish a trustworthy connection to the web server, and protecting the device keys throughout the device's operating life. Current solutions to these challenges, Asanghanwa added, involve costly equipment and logistics, including the installation of expensive hardware secure modules and use of secure rooms in factories, and conducting periodic factory security audits.

The recently released Microchip ECC508 seeks to relieve OEMs of such burdens when designing devices to work with AWS. The devices connect to a host processor over I2C and handle all the encryption and security protocol tasks using elliptic curve cryptography or ECC, the ECDH or elliptic curve Diffie-Hellman security protocol and ECDSA or elliptic curve digital signature algorithm sign-verify authentication. Internal generation of unreadable, device-unique, private keys, tamper resistance, and features to defend against microprobe, emissions analysis, timing, and other attacks are all part of the ECC508's attributes.

To read the full article, go to EE Times.