Microchip and Kudelski secure IoT products

  • April 3, 2024
  • Steve Rogerson

To increase security on IoT products and facilitate easier setup and management, Microchip Technologyhas added the ECC608 TrustManager with Kudelski IoT KeyStream software-as-a-service (SaaS) to its Trust portfolio of devices, services and tools.

As the world comes to rely on interconnected IoT systems – for everything from household items such as smart thermostats, virtual assistants and digital door locks to medical and industrial applications –the need for reliable cyber security on embedded systems has never been greater.

With security credentials managed and updated in the field via KeyStream – instead of being limited to a static certificate chain implemented during manufacturing – the ECC608 TrustManager allows custom cryptographic credentials to be accurately provisioned at the end point without requiring supply-chain customisation, and it can be managed by the end user. KeyStream offers a device-to-cloud option for securing key assets end-to-end in an IoT ecosystem throughout a product’s lifecycle.

The ECC608 TrustManager relies on a secure authentication IC that is designed to store and protect cryptographic keys and certificates, which are then managed by the KeyStream SaaS. The combined silicon component and key management SaaS allow the user to set up a self-serve root certificate authority (CA), and the associated public key infrastructure (PKI) secured by Kudelski IoT, to create and manage a dynamic certificate chain and provision devices in the field the first time they are connected. Once claimed in the SaaS account, the devices are automatically activated in the user’s KeyStream service via in-field provisioning.

“As the volume of connected devices rapidly increases and security standards and regulations tighten, IoT designers are seeking more efficient ways of managing their devices once products are in their customers’ hands,” said Nuri Dagdeviren, corporate vice president at Arizona-based Microchip. “Our partnership with Kudelski and adding KeyStream to our ECC608 TrustManager enable customers to manage, scale and update IoT ecosystems efficiently via a cloud-based security SaaS for in-field provisioning and certificate management.”

Security standards and upcoming regulations are increasingly requiring upgradability of security infrastructure for IoT devices. This is difficult with traditionally static IoT security implementations, which require physical upgrades such as changing out the security ICs in each device to stay in compliance. With the ECC608 TrustManager (www.microchip.com/en-us/products/security/trust-platform/trustmanager), the process is automated and scalable, allowing devices to be managed securely and efficiently throughout their lifecycle. It also enables easy device ownership management without needing to change hardware, as security keys are updated digitally from the cloud into the device. This approach streamlines the supply chain processes for distribution partners as well.

“The ECC608 TrustManager with KeyStream marks a pivotal moment in our quest to secure the IoT landscape and make provisioning easier,” said Hardy Schmidbauer, senior vice president of Kudelski IoT (www.kudelski-iot.com). “Our collaboration with Microchip is not just about bringing advanced security to the market, it’s about setting a new standard for smart device security across the board. By leveraging Microchip’s renowned semiconductor technologies alongside Kudelski IoT’s security services, we are poised to deliver protection and a new ease of provisioning for IoT device manufacturers.”

This type of dynamic in-field provisioning and device management meets IoT security standards and should be useful in device certificate updates needed to stay in compliance with evolving security requirements. The KeyStream SaaS allows for ongoing updates of keys designed to prevent and protect against evolving threats and security requirements. In-field provisioning also removes the need for customisation for more efficient manufacturing.

The ECC608 is the first security IC in Microchip’s TrustManager series. It is available from www.microchipdirect.com.