Telecoms, Datacoms, Wireless, IoT


Hardware-accelerated security for resource-constrained IoT devices

18 July 2018 Telecoms, Datacoms, Wireless, IoT

Security and the IoT (Internet of Things) are inextricably linked, yet it is apparent that far too many end-points are still being brought to market with little or no security features. In the recent past, manufacturers may have underestimated the resolve of hackers targeting seemingly innocuous devices such as connected thermostats, but high-profile instances of data losses have made the threat only too apparent.

Through cloud connectivity, unsecured end-points can easily become open windows into an organisation’s back office, exposing customers’ financial details to the criminal element.

While these cases have successfully raised awareness of the problem for both manufacturers and consumers, understanding the solution could still be a hurdle. Implementing security is difficult, particularly in headless devices like IoT end-points and even more so for devices based on very low-resourced microcontrollers. For embedded developers in particular, security can be an unknown domain that demands an entirely new set of skills and technologies.

Chain of trust

While technologies, such as the Advanced Encryption Standard (AES), are now implemented as hardware blocks in many microcontrollers, and do a great job of turning plain text into something that can only be deciphered by the intended recipient, the process of encryption and decryption relies on keys. In order to be useful both parties need to have the relevant key, which is where security gets really interesting.

Key management is arguably the most critical part of a security protocol. They must be generated, distributed and stored in a way that shields them from nefarious elements. The IoT is expected to comprise tens of billions of devices in the near future, so while AES is largely accessible, key management in the IoT could be viewed as the real problem with adding security to end-points.

In effect, every single one of those billions of IoT end-points needs to be identifiable in a unique way, in order to know with certainty that it is genuine and authorised to be part of the network. Only then can it be trusted with the key(s) required to implement cryptography.

There are further implications with this topology; keys that have been distributed to trusted end-points are typically generated and stored centrally, in a database. If that database is compromised, all of the keys stored and, therefore, all of the devices in the field with those keys, also become compromised. That means every single key needs to be regenerated and redistributed. Not all IoT end-points will be equipped with over-the-air updates and if they are, it may not be implemented securely, which just compounds the problem even further.

Secure at every level

Often, discussions about security in the IoT focus on the exchange of data over the network, or the way those communication channels may be exploited. But encryption is also used to secure a design, more specifically the firmware in an embedded device, typically referred to as Secure Boot.

In order to validate the firmware hasn’t been changed it needs to be signed and, again, this requires a key. However, storing the key locally in Flash is an inherently insecure solution and one that introduces even more design complexity.

For security reasons, keys are typically installed at the time of manufacture, a process referred to as provisioning. To preserve the chain of trust, keys must be unique and auditable, a process that large manufacturers are empowered to handle in-house but smaller developers need to source; relying on a key provider, known as Certificate Authorities (CA). Once the device is put into service, or commissioned, it becomes a unique and authenticated device on a network.

Local provisioning

Using a CA also incurs a cost for every key issued, which can have implications for low-cost IoT end-points. In addition, many end-points will be based on low-resource microcontrollers that may not have the processing power required to execute complex cryptography algorithms in an efficient way.

To address these challenges a new class of device has emerged, one that provides security functions for resource-limited embedded devices. These crypto engine authentication devices provide hardware features for the secure storage of keys, but they go much further.

The ATECC508A and ATECC608A are members of Microchip’s CryptoAuthentication family and provide a number of security functions. This includes protecting firmware and other digital data through secure boot features, and the secure storage of that data. They can also be used to authenticate the device itself and thereby protect against counterfeit goods; this could be used to validate a peripheral or daughter board, for example, as well as other removable media (such as print cartridges). Figure 1 shows how the device might be used in an embedded design.

Figure 1. Microchip’s CryptoAuthentication devices provide a wide range of security features for embedded devices.
Figure 1. Microchip’s CryptoAuthentication devices provide a wide range of security features for embedded devices.

But perhaps the most relevant function these devices provide, in terms of the IoT, is the authentication of an end-point’s identification and support for key agreement and key creation for message encryption. These co-processors effectively provide hardware-based execution of public key algorithms at high speed, offloading it from the host processor.

Both elliptic curve digital signature algorithm (ECDSA) and elliptic curve Diffie-Hellman algorithm (ECDH) functions are supported and each device has a unique 72-bit serial number. The built-in RNG (random number generator) supports the cryptography functions and is designed to meet the requirements specified by the National Institute of Standards and Technology (NIST).

Deep dive

The devices are capable of implementing a complete asymmetric key cryptographic signature solution using a public and private key, up to 1000 times faster than a software-based implementation. It follows the elliptic curve cryptography and ECDSA signature protocol using hardware-acceleration of the P256 prime curve standard from NIST. This covers a wide range of functions including private key generation, ESDSA public key signature verification and signature generation, and ECDH key agreement.

Despite integrating all these advanced features the devices are small and low-power enough to be used in practically any IoT application. The host processor, which could now be an ultra-low-cost 8-bit microcontroller without any security features, communicates with the CryptoAuthentication device over either I²C or single-wire interface, so it only requires a single GPIO. The serial bus can operate at up to 1 Mbps and it is possible to connect several CryptoAuthentication devices to a single bus, in applications that use removable hardware or media, for example.

The two devices are largely compatible although the ATECC608A introduces some new features, such as secure boot function with I/O encryption and authentication, several new commands (including AES encrypt/decrypt) and an updated NIST SP800-90 A/BC RNG. It also includes a self-test command that can be configured to execute at power-up.

Secure key storage

Both devices are able to generate a private key and store it, so that it is never divulged to any other device. The public key associated with a stored private key is returned when the key is generated or can be calculated at a later time along with other secure elements derived from the private key.

As the key is generated and stored in the device itself during provisioning, there is no need for a central database. Figure 2 illustrates the various ways provisioning can be achieved using the CryptoAuthentication devices, for large, small or prototype volumes, without the need to invest in a hardware secure module (HSM).

Figure 2. CryptoAuthentication provides local provisioning with private key generation and storage, for resource-constrained IoT end-points.
Figure 2. CryptoAuthentication provides local provisioning with private key generation and storage, for resource-constrained IoT end-points.

With growing demand for security solutions developed specifically for IoT end-points and other resource-constrained devices, developers now have a viable alternative to ‘security through obscurity’ or power-hungry, software-based implementations.

For more information contact TRX Electronics, authorised Mouser partner in South Africa, +27 12 997 0509, [email protected], www.trxe.com



Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Quectel partners with GEODNET
Quectel Wireless Solutions Telecoms, Datacoms, Wireless, IoT
Quectel Wireless Solutions has partnered with GEODNET to deliver Quectel’s Real-Time Kinematic (RTK) correction services, enabling high-precision positioning for IoT applications.

Read more...
Bringing Bluetooth Channel Sounding to automotive and beyond with KW47
Altron Arrow Telecoms, Datacoms, Wireless, IoT
NXP’s new Channel Sounding-certified KW47 and MCX W72 wireless MCUs are set to help automakers with distance measurement, bringing an additional ranging solution for car access and autonomous systems, and will be utilised across a broader spectrum of applications.

Read more...
Dual-band GNSS antenna
RF Design Telecoms, Datacoms, Wireless, IoT
The Taoglas Accura GVLB258.A, is a passive, dual-band GNSS L1/L5, high-performance antenna for high precision GNSS accuracy and fast positioning.

Read more...
What is Wi-Fi HaLow and why choose it for IoT?
iCorp Technologies Editor's Choice Telecoms, Datacoms, Wireless, IoT
Wi-Fi HaLow introduces a low power connectivity option that, in contrast to other Wi-Fi options, offers greater range of approximately 1 km, which opens up a raft of IoT use cases.

Read more...
Wi-Fi 6 and Bluetooth LE coprocessor module
Altron Arrow Telecoms, Datacoms, Wireless, IoT
The ST67W611M1 from STMicroelectronics boasts an all-in-one design which, together with its capabilities, contribute to making it an attractive choice for IoT edge devices requiring a single-chip solution.

Read more...
Futureproofing IoT connectivity
SIMcontrol Telecoms, Datacoms, Wireless, IoT
A managed private APN assigns every device to an isolated carrier slice, producing a single ingress to the enterprise network, with traffic bypassing shared internet paths and reducing exposure.

Read more...
Extra slim 2,4 GHz radio module
Telecoms, Datacoms, Wireless, IoT
The Thyone I radio module from Würth Elektronik now has a little sibling: Thyone-e, which takes up 30% less space and represents a cost-effective alternative for applications in which the long-range mode is not required.

Read more...
Wi-Fi 6 plus Bluetooth LE SoC
Altron Arrow Telecoms, Datacoms, Wireless, IoT
Silicon Labs’ SiWx917M SoC is the company’s lowest power Wi-Fi 6 SoC, ideal for ultra-low power IoT wireless devices using Wi-Fi, Bluetooth, Matter, and IP networking for secure cloud connectivity.

Read more...
Two Bluetooth protocols – one module
Telecoms, Datacoms, Wireless, IoT
Würth Elektronik has introduced its Skoll-I, a compact wireless module that combines both Bluetooth Classic and Bluetooth Low Energy version 5.4 into a single solution.

Read more...
Compact high-performance antennas
Electrocomp Telecoms, Datacoms, Wireless, IoT
KYOCERA AVX offers a variety of extremely compact and high-performance internal, on-board, multiprotocol 2,4 GHz antennas ideal for use in SiP applications.

Read more...