By Xavier Bignalet, Product Marketing Manager, Secure Product Group at Microchip Technology
The Internet of Things (IoT) has massively broadened the potential threat landscape for the entire market. Each IoT device represents a vulnerable endpoint, and the uptick in successful attacks on software-based defenses has proven that this approach is wholly inadequate, especially in applications where small microcontrollers are used. To mitigate this vulnerability, industry best practices dictate that the authentication model of the connected device be strengthened using a secure element that has been configured for storing private keys and handling crypto-algorithmic secrets. Unfortunately, due mostly to supply chain logistic constraints, this approach has been challenging to onboard for most small-to-medium sized deployments—begging the question: How can the industry mainstream a customized manufacturing process for the mass market that enables a unique key to be provisioned to each device at an affordable cost?
With the right platform, it is possible to give IoT applications the hardware-based protection of pre-provisioned secure elements—and with a minimum order quantity (MOQ) as low as 10 pre-provisioned devices. This platform must combine secure element manufacturing with IoT device pre-configuration and pre-provisioning during the manufacturing process. Only then can hardware-based secure key storage be delivered with a generic certificate at a lower total cost per device and with significantly less complexity than has been possible from third-party provisioning, public key infrastructure (PKI) service providers and certificate authorities. As the industry begins to move to this type of platform, even a basic IoT application such as a gateway, an air conditioner or a surveillance camera can be protected at the hardware level with pre-generated, device generic certificates that are locked inside a secure element for autonomous cloud authentication onboarding.
Benefits of Secure Elements in a Multilayered Security Strategy
There is no “one-size-fits-all” approach to IoT security and each implementation requires its own multilayered strategy. But it is widely acknowledged that even if everything about a cryptosystem is public knowledge, it should still be secure as long as its key remains private, per Kerckhoffs’s principle of cryptography. The key plays a critical role by providing the response to a challenge that enables client and host to establish the authenticity of a device’s “trusted identity” before it can communicate, exchange data or transact.
It is vitally important that the key be defended against physical attacks and remote extraction. The optimal solution isolates industry-standard cryptographic keys in a secure element and provides an isolated secure boundary so that they are not exposed. It is a complex endeavor that requires the proper security expertise while also adding development time to the IoT solution. Nevertheless, it remains a fundamental security practice that is necessary to implement.
First, each IoT device must be given a secure element that acts as a companion to the device’s microcontroller. Next, the secure element must be properly configured for the given use cases and provisioned with the credentials and other cryptographic assets that are used for the given authentication model. Then, the device must be provisioned with each of the defined use cases’ corresponding secrets—without being exposed at any point during manufacturing. This process has often not been affordable for most small or mid-sized projects.
IoT manufacturers have typically only been willing to shoulder the burden of this hardware-based authentication mechanism for high-volume orders, but now the semiconductor industry is paving the way for its mainstream adoption. Microchip Technology is the first provider to offer the capability at small enough volumes so that secure authentication can be implemented for any size of project deployment.
With a platform in place, there is the opportunity for multiple options for deploying secure key storage for device authentication, in any volume. For instance, some IoT product companies may prefer the zero-touch option of pre-provisioned secure elements. With this option, the secure element’s private key and generic certificates are generated during manufacturing in a secure facility and remain unexposed throughout the secure provisioning process. They remain safely locked inside the secure element during shipping and on through automated IP-based cloud or LoRaWAN™ network onboarding.
Alternatively, manufacturers may need more than just device-to-network authentication for some or all of their products. As an example, some may want to work with their own certificate chain but still take advantage of pre-configured use cases, which reduces customization time and complexity while eliminating the need for customized part numbers. Examples of pre-configured use cases range from such baseline security measures as Transport Layer Security (TLS) certificate-based authentication to LoRaWAN authentication, secure boot, Over-the-Air (OTA) updates, IP protection, user data protection and key rotation. Other manufacturers will need customizable options beyond the basic use cases.
The latest developments in hardware-based security make it simple and cost-effective for companies with any project size to implement a secure element with their IoT devices. The barriers traditionally associated with configuring and provisioning secure elements have been removed, the secure supply chain has been mainstreamed and it will now be possible to extend industry best practices for any connected-device authentication throughout the IoT.
About the Contributor
Xavier Bignalet is the Product Marketing Manager, Secure Product Group at Microchip Technology
