In the last few weeks the technology news spotlight has been turned towards the Internet of Things, thanks to recent breaches of security – botnet attacks and the like. This should be a powerful reminder to all in the industry that security can no longer be considered optional, or an after-thought.
One solution to increasing data security in Internet of Things devices is with Microchip’s new ATECC508A security co-processor – a small device which can be pre-loaded with cryptographic keys, keeping these keys securely stored within your embedded and IoT devices.
The ATECC508A can also function as a cryptographic co-processor, executing strong cryptographic algorithms without burdening the resources of the host microprocessor or microcontroller. It is well-suited for use in networked IoT devices in security-conscious applications – markets such as industrial control or SCADA networks, medical devices, utility metering and home automation.
Furthermore, the ATECC508A features a high-quality random number generator, entropy and seed sources, internal generation of secure unique keys and the ability to seamlessly accommodate various different kinds of provisioning workflows – where your product is initially set up with secure keys, in the most cost-effective manner depending on manufacturing volume.
These devices are compact, very low in cost, and require very little additional hardware integrated into your design. As with other CryptoAuthentication devices, the ATECCC508A delivers extremely low-power consumption, requires only one or two host microcontroller pins, operates over a wide voltage range – and has a tiny form factor, making it ideal for a variety of IoT applications that require longer battery life and compact form factors.
This slightly increased hardware cost may be easily compensated for by the reduced need for computational resources on the main microcontroller. The ATECCC508A device is compatible with any microprocessor or microcontroller including Atmel SMART and Atmel AVR devices.
The device provides secure hardware-based key storage based around elliptic-curve cryptography (ECC), and provides secure digital signature and mutual authentication capability through the use of Elliptic Curve Digital Signature Algorithm (ECDSA) techniques.
Secure key agreement, through Elliptic Curve Diffie-Hellman technology, is also provided. The combination of ECDH and ECDSA makes the ATECC508A a powerful security and cryptography platform that effectively provides three pillars of information security – confidentiality, data integrity, and authentication – when used with microcontroller systems that would otherwise be dependent on cryptographic algorithms such as AES running in their software.
Atmel/Microchip’s CryptoAuthentication portfolio now includes two series of devices offering advanced Elliptic-Curve Cryptography capabilities. Because the new ATECC508A has ECDH and ECDSA built-in, it enables design engineers to provide a high assurance of confidentiality, data integrity and authentication in today’s connected IoT devices.
The ATECC508A safeguards private keys, certificates and other sensitive security data to ensure authentication and protection against security threats such as physical tampering, cloning, RF and power analysis attacks. The compact device is integrated into your hardware alongside the host microprocessor, and it interfaces to the host over an I2C bus.
The chip features strong resistance against environmental and physical tampering, providing countermeasures against advanced intrusion techniques.
This security co-processor also simplifies the mutual authentication needed to connect networks of IoT devices to cloud ecosystems such as Amazon Web Services IoT, and it eliminates the complexity associated with software-centric security implementations.
Moving away from relatively complex, computing-intensive and less secure software-based security solutions does not come at a high cost, though. The device also provides dedicated hardware for cryptographic acceleration, so it can offload mathematically-intensive strong cryptology from the main microprocessor or microcontroller in the system, saving CPU resources.
This is particularly valuable in connected IoT devices employing low-power, low-cost microcontrollers, as it allows strong security capabilities to be maintained without the cost and power consumption of a more powerful processor.
To make prototyping and designing easier, Microchip provides the Zero Touch Secure Provisioning Kit for Amazon Web Services IoT. This kit allows you to seamlessly connect to the AWS IoT platform while maintaining strong security – complying with the AWS mutual authentication security model.
In an AWS-connected IoT installation, the host microprocessor runs an AWS Software Development Kit that integrates support for the ATECC508A, so the device – and the private keys and certificates that it stores – is automatically recognised by AWS IoT, and when the device connects to AWS mutual authentication and key provisioning is carried out automatically. This allows highly secure IoT node-to-cloud environments to be easily and quickly deployed, even with smaller-scale installations.
Thanks to Microchip’s new ATECC508A, an increased and useful level of security can be incorporated in your Internet-of-Things device. And here at the LX Group we have the systems in both hardware and software to make your IoT vision a success. We have end-to-end experience and demonstrated results in the entire process of IoT product development, and we’re ready to help bring your existing or new product ideas to life. Getting started is easy – click here to contact us, telephone 1800 810 124, or just keep in the loop by connecting here.
LX is an award-winning electronics design company based in Sydney, Australia. LX services include full turnkey design, electronics, hardware, software and firmware design. LX specialises in IoT embedded systems and wireless technologies design.
Published by LX Pty Ltd for itself and the LX Group of companies, including LX Design House, LX Solutions and LX Consulting, LX Innovations.