Access the latest quantum technology

Quantum technology in Bristol and bath - find out more about how you can access the commercialisation of quantum technology for sensing and security

Thursday, August 11, 2016

Vital end-to-end encryption for embedded IoT applications uses Amazon

By Nick Flaherty www.flaherty.co.uk

Securing the Internet of Things is a key challenge that is vexing many designers.Developing a secure end-to-end solution all the way to the cloud can be extremely challenging with lots of different hardware and software involved. Often the IoT node developers leave this for the gateway, leaving the end points vulnerable.

This is why the Embedded Blog has focussed not only on the hardware and software of the embedded node, but the links up to, and through, the cloud such as crypto accelerator cards - Kalray Launches Krypto128 Accelerator Card. So Microchip's launch of an end-to-end security IoT module that connects directly to Amazon Web Services IoT (AWS IoT) is highly significant.
Microchip used its acquisition of Atmel to work with AWS to use the AWS mutual authentication IoT security model. This should help companies to implement these security best practices from evaluation through to production. The solution adds a high level of security, simplifies the supply chain, and is now one of the fastest ways to connect to the AWS Cloud. 

Currently, third-party manufacturers of devices that connect to AWS IoT service must take specific actions to comply with the advanced security model. First, they must pre-register their security authority to AWS servers in order to establish a trust model. Second, for each IoT device they must generate unique cryptographic keys that are mathematically linked to the pre-registered security authority. Finally, the unique device keys must remain secret for the life of the device. In volume production, the generation and secure handling of these unique keys can be a daunting challenge in the chain of manufacturing especially where third-parties with different trust and compliance levels are involved.
All of this is a bit of a nightmare, to say the least, and one key reason why IoT security has been such a big issue.

Instead, the AT88CKECC development kit will allow customers to meet the security standard of AWS’ mutual authentication model and easily connect to the AWS IoT platform during the evaluation and engineering phase. Then the AWS-ECC508 device assists with meeting security standards during the prototyping and pre-production phase. Finally, devices will be customised for production stages to ensure information security in customer applications.

Customers simply solder the device on the board and connect it over I2C to the host microcontroller which runs an AWS Software Development Kit (SDK). Once this is complete, there is no need to load unique keys and certificates required for authentication during the manufacturing of the device as the AWS-ECC508 is pre-configured to be recognised by AWS without any intervention. All the information is contained in a small (3x2 mm), easy to deploy, crypto companion device.
The ECC508 device has strong resistance against environmental and physical tampering including countermeasures against expert intrusion attempts. In addition, the device features a high quality random number generator, the internal generation of secure unique keys and the ability to seamlessly accommodate various production flows in the most cost-effective manner. A typical IoT device consists of a small 8-bit microcontroller, and is battery powered. It is typically constrained for resources such as central processing unit (CPU) performance to provide low latency responsiveness, memory and code space for security protocols and for how much power they consume in order to preserve battery life. The ECC508 device has a low-power processor-agnostic cryptographic acceleration for compatibility with the widest range of resource-constrained IoT devices.

The AWS-ECC508 kit (AT88CKECC-AWS-XSTK, above) is available today priced at $249 each. The AWS-ECC508 (ATECC508A-MAHAW-S and ATECC508A-SSHAW-T) is available in UDFN and SOIC packages and is available today for sampling and volume production.

See www.atmel.com/tools/at88ckecc-aws-xstk.aspx for more information

No comments: