07 May 2024
history
IoT security has been a perennial discussion, and rightly so, as the endpoints that make up the IoT are often the first point of vulnerability in any system, especially at the edge. And with all the need for intelligence, ML and compute at the edge, the need for a root of trust is even more critical now than ever.
To address this need, Microchip has paired its ECC608 TrustMANAGER with Kudelski’s KeySTREAM IoT Software as a Service (SaaS) to create an edge-to-cloud IoT security and trust environment.
IoT devices are used for everything from online transactions and sharing sensitive information to command and control industrial systems, and everywhere these connections are used, trust needs to be established at every layer of these digital applications.
So-called static trust can no longer be the law of the land, as threats continually evolve and adapt. Devices need access to remote updates, network auditing, and even ownership changes, all to be done remotely. To do all this, the chain of trust must be dynamic and managed throughout the life of the device.
That’s what the partnership between ECC608 TrustMANAGER and keySTREAM SaaS is designed for, according to the companies. The pair of apps together reportedly manage security for any market, consumer, industrial, automotive and even healthcare. Microchip says this software package makes this possible by managing secure authentication in the cloud.
Microchip’s ECC608 TrustMANAGER is the secure authentication IC part of the company’s CryptoAuthentication family and is designed to securely store cryptographic keys. It comes with a pre-provisioned set of keys that will be controlled by keySTREAM the moment the IoT device connects for the first time. Once this “field provisioning” has occurred, all devices loaded with this software are “claimed” and “activated” to the keySTREAM account.
Kudelski IoT’s keySTREAM SaaS is designed to be the cloud guardian of digital trust. It monitors the cryptographic authentication operations processed by the ECC608 TrustMANAGER secure authentication IC, which lives in the IoT device.
According to the documentation, keySTREAM is ideal for the following situations:
- It is too complex or expensive to set up a custom root CA and associated PKI, but one is needed nonetheless.
- Security credentials within the IoT device must be updated and managed securely and remotely throughout the device’s lifecycle.
- Product ownership must be transferred between multiple owners throughout its life cycle.
- The supply chain logistical challenge in managing custom security ICs with unique keys is too large or too expensive.
With the keySTREAM SaaS and ECC608 TrustMANAGER working together, a network of IoT devices now has a multi-tenant capable HSM space and a custom rootCA certificate and its private key associated with the protected environment. A custom root CA is created using company-specific information, meaning the certificates are unique to the user. All this, without human interaction, so no social engineering is likely.
Security is always a moving target, and adaptability is the only strategy to keep up. A software solution like this collaboration between keySTREAM and ECC608 TrustMANAGER is often the only and best defense you can get at the edge.
Ken Briodagh is a writer and editor with two decades of experience. He’s in love with technology and if he had his druthers, he’d beta test everything from shoe phones to flying cars. In past lives, he was a short-order cook, telemarketer, medical supply technician, funeral parlor body transporter, pirate, poet, partial alliterate, father, partner, and pretender to various thrones. Most of his exploits are exaggerated or blatantly false.
More from Ken
#Microchip #Kudelski #Bring #Power #Trust #Embedded #IoT #Embedded #Computing #Design
Image Source : embeddedcomputing.com