First end-to-end security solution for IoT devices connected to AWS

11-08-2016 | By Paul Whytock

The industry’s first end-to-end security solution for Internet of Things (IoT) devices that connect to Amazon Web Services (AWS) IoT has been developed following collaboration between Microchip and AWS.

The security solution will help companies to implement these security best practices from evaluation through to production.

Third-party manufacturers of devices that connect to AWS IoT service must comply with the advanced security model. First, they must pre-register their security authority to AWS servers in order to establish a trust model. Second, for each IoT device they must generate unique cryptographic keys that are mathematically linked to the pre-registered security authority. Finally, the unique device keys must remain secret for the life of the device.

In volume production the generation and secure handling of these unique keys can be a daunting challenge in the chain of manufacturing especially where third-parties with different trust and compliance levels are involved.

Microchip’s end-to-end security solution handles this process during three production steps.

First, the AT88CKECC kit will allow customers to meet the security standard of AWS’ mutual authentication model and easily connect to the AWS IoT platform during the evaluation and engineering phase. Second, the AWS-ECC508 device assists with meeting security standards during the prototyping and pre-production phase. Finally, devices will be customised for production stages to ensure information security in customer applications.

Customers simply solder the device on the board and connect it over I2C to the host microcontroller (MCU) which runs an AWS Software Development Kit (SDK) leveraging the ECC508 device for AWS IoT. Once this is complete, there is no need to load unique keys and certificates required for authentication during the manufacturing of the device as the AWS-ECC508 is pre-configured to be recognised by AWS without any intervention. All the information is contained in a small (3x2 mm), easy to deploy, crypto companion device.

The device is said to have strong resistance against environmental and physical tampering including countermeasures against expert intrusion attempts. It also features a random number generator, the internal generation of secure unique keys and the ability to seamlessly accommodate various production flows in the most cost-effective manner.

A typical IoT device consists of a small 8bit microcontroller and is battery powered. It is typically constrained for resources such as central processing unit performance to provide low latency responsiveness, memory and code space for security protocols and for how much power they consume in order to preserve battery life. The ECC508 device has a low-power processor-agnostic cryptographic acceleration.

paul-whytock.jpg

By Paul Whytock

Paul Whytock is Technology Correspondent for Electropages. He has reported extensively on the electronics industry in Europe, the United States and the Far East for over thirty years. Prior to entering journalism, he worked as a design engineer with Ford Motor Company at locations in England, Germany, Holland and Belgium.