Cloud-based software as a service leverages secure authentication ICs to enable self-service custom PKI, streamlined in-field provisioning and lifecycle management for IoT devices
As the world comes to rely on interconnected IoT systems—for everything from household items like smart thermostats, virtual assistant technology and digital door locks to medical and industrial applications—the need for reliable cybersecurity on embedded systems has never been greater. To increase security on IoT products and facilitate easier setup and management, Microchip Technology has added the ECC608 TrustMANAGER with Kudelski IoT keySTREAM, Software as a Service (SaaS) to its Trust Platform portfolio of devices, services and tools.
With security credentials managed and updated in the field via keySTREAM—instead of being limited to a static certificate chain implemented during manufacturing—the ECC608 TrustMANAGER allows custom cryptographic credentials to be accurately provisioned at the end point without requiring supply chain customization and can be managed by the end user. keySTREAM offers a device-to-cloud solution for securing key assets end-to-end in an IoT ecosystem throughout a product’s lifecycle.
The ECC608 TrustMANAGER relies on a secure authentication IC that is designed to store and protect cryptographic keys and certificates, which are then managed by the keySTREAM SaaS. The combined silicon component and key management SaaS allow the user to set up a self-serve root Certificate Authority (root CA), and the associated public key infrastructure (PKI) secured by Kudelski IoT, to create and manage a dynamic certificate chain and provision devices in the field the first time they are connected. Once claimed in the SaaS account, the devices are automatically activated in the user’s keySTREAM service via in-field provisioning.
“As the volume of connected devices rapidly increases and security standards and regulations tighten, IoT designers are seeking more efficient ways of managing their devices once products are in their customers’ hands,” said Nuri Dagdeviren, corporate vice president of Microchip’s security computing group. “Our partnership with Kudelski and adding keySTREAM to our ECC608 TrustMANAGER enables customers to manage, scale and update IoT ecosystems efficiently via a cloud-based security SaaS for in-field provisioning and certificate management.”
Security standards and upcoming regulations are increasingly requiring upgradability of security infrastructure for IoT devices. This is a difficult task with traditionally static IoT security implementations, which require physical upgrades like changing out the security ICs in each device to stay in compliance. With the ECC608 TrustMANAGER, the process is automated and highly scalable, allowing devices to be managed securely and efficiently throughout their lifecycle. It also enables easy device ownership management without needing to change hardware, as security keys are updated digitally from the cloud into the device. This approach streamlines the supply chain processes for distribution partners as well.
“The ECC608 TrustMANAGER with keySTREAM marks a pivotal moment in our quest to secure the IoT landscape and make provisioning easier. Our collaboration with Microchip is not just about bringing advanced security solutions to the market, it’s about setting a new standard for smart device security across the board,” said Hardy Schmidbauer, senior vice president of Kudelski IoT. “By leveraging Microchip’s renowned semiconductor technologies alongside Kudelski IoT’s security services, we are poised to deliver protection and a new ease of provisioning for IoT device manufacturers.”
This type of dynamic in-field provisioning and device management meets IoT security standards and will be useful in device certificate updates needed to stay in compliance with evolving security requirements. The keySTREAM SaaS allows for ongoing updates of keys designed to prevent and protect against evolving threats and security requirements. In-field provisioning also removes the need for customization for more efficient manufacturing.
The ECC608 is the first security IC in Microchip’s TrustMANAGER series. To get started, download the Trust Platform Design Suite and test the keySTREAM use case under the ECC608 TrustMANAGER.