Microchip and Kudelski Bring Power of Trust to Embedded IoT

May 07, 2024

Story

IoT security has been a perennial discussion, and well it should be, since the endpoints that make up the IoT are often the first point of vulnerability in any system, especially at the edge. And with all the need for intelligence, ML, and compute at the edge, the need for a Root of Trust is even more critical now than ever.

Addressing that need, Microchip has paired its ECC608 TrustMANAGER with the Kudelski IoT keySTREAM Software as a Service (SaaS) to create an environment of security and reliability in IoT from the edge to the cloud.

IoT devices are being used for everything from online transactions and sharing sensitive information to commanding and controlling industrial systems, and everywhere these connections are in use there is a need to establish trust at every layer of these digital applications.

So-called static trust can no longer be the law of the land, as threats continuously evolve and adapt. Devices need access to remote updates, network audit, and even changes of ownership – all to be remotely accomplished. To do all this, the chain of trust needs to be dynamic and managed throughout the life of the device.

That is what the partnership between the ECC608 TrustMANAGER and keySTREAM SaaS is designed to do, according to the companies. The pair of applications together reportedly manage security for any market, consumer, industrial, automotive, and even healthcare. Microchip says that this software package makes this possible by managing secure authentication in the cloud.

Microchip’s ECC608 TrustMANAGER is the secure authentication IC part of the company’s CryptoAuthentication family, and it is built to securely store cryptographic keys. It comes with a pre-provisioned set of keys that will be controlled by keySTREAM at the time the IoT device connects for the first time. Once this “in-field provisioning” has happened, any devices loaded with that software are “claimed” and “activated” in the keySTREAM account.

The keySTREAM SaaS from Kudelski IoT is designed to be the cloud guardian of digital trust. It oversees cryptographic authentication operations that are processed by the ECC608 TrustMANAGER secure authentication IC, which lives in the IoT device.

According to the documentation, keySTREAM is ideally suited for the following situations:

• It’s too complex or costly to set up a custom root CA and associated PKI, but one is needed, nonetheless.
• Security credentials inside the IoT device need to be securely and remotely updated and managed throughout the device lifecycle.
• Product ownership needs to be transferred across multiple owners throughout its lifecycle.
• The supply chain logistical challenge in handling custom security ICs with unique keys is too great or expensive.

With the keySTREAM SaaS and the ECC608 TrustMANAGER working together an IoT network of devices now has an HSM space with multi-tenant capability and a custom rootCA certificate and its associated private key in the protected environment. A custom root CA is created using specific company information, meaning the certificates are unique to the user. All of this, with no human interaction, so no social engineering is likely.

Security is always a moving target, and adaptability is the only strategy to keep up with it. A solution in software like this collaboration between keySTREAM and the ECC608 TrustMANAGER is often the only and best defense you can get at the edge.