Microchip offers pre-provisioned IoT security for small deployments
October 2, 2019
Arizona electronics company Microchip says it is simplifying hardware-based IoT security with pre-provisioned devices for deployments as low as ten units in Amazon Web Services (AWS), LoRa and Google Cloud applications.
Its basic Trust & Go package will offer basic pre-provisioned security for low volume users. Those who want more custom offerings can opt for the Trust Flex with a minimum order of 2000 units or the Trust Custom at 4000 units.
“This is not just a small piece of silicon, it is a full device for embedded use,” said Nicolas Demoulin (pictured), Microchip’s marketing manager for EMEA. “It uses a secure element, or vault, and all its secrets are generated during manufacturing. The keys are never exposed.”
Device credentials are pre-programmed, shipped and locked inside the ATECC608A secure element for automated cloud or LoRaWan authentication on-boarding. In parallel, corresponding certificates and public keys are delivered in a manifest file, which is downloadable via Microchip’s purchasing ecommerce store and select distributors.
Microchip worked with AWS to enable a straightforward and simplified on-boarding process into AWS IoT services for products designed with all variants of the Microchip Trust platform.
As well as pre-configured use cases for AWS, Google Cloud and LoRa, a stack is planned for use with Microsoft Azure before the end of the year
In addition to saving up to several months of development time, this should simplify provisioning logistics, making it easier for mass market users to secure and manage edge devices without the overhead cost of third-party provisioning services or certificate authorities.
“There is no need for the customer to understand what is security,” said Demoulin. “Everything has been done.”
With the ability to authenticate to any public or private cloud infrastructure, the Trust platform is also flexible and customisable. For those who want more customisation, the programme includes the Trust Flex and Trust Custom platforms.
The second tier in the programme, Trust Flex, offers the flexibility to use the customer’s certificate authority of choice while still benefiting from pre-configured use cases. These use cases include baseline security measures such as TLS transport layer security hardened authentication for connecting to any IP-based network using any certificate chain, LoRaWan authentication, secure boot, over-the-air (OTA) updates, IP protection, user data protection and key rotation. This reduces the time and complexity involved in customising the device without requiring customised part numbers.
For those who would like to customise their designs entirely, the third tier in the programme – Trust Custom – provides user-specific configuration capabilities and custom credential provisioning.
The ATECC608A provides common criteria JIL joint interpretation library high-rated secure key storage, giving users confidence that devices implement industry-proven security practices and a high level of secure key storage. With hardware-based root of trust storage and cryptographic countermeasures, the device protects against a wide class of known physical attacks.
Microchip’s secure manufacturing facilities provision keys, ensuring keys are never exposed to any party during provisioning or the lifetime of the device.
The ATECC608A can be paired with any microcontroller and microprocessor. For rapid prototyping of security, designers can use the Trust Platform Design Suite, which includes a guided use case tool, executable Python tutorials running on Jupyter notebooks, C code examples for each use case, a secret exchange utility, and the Trust Platform hardware development kits.