Secure wireless links in the Internet of Things

Paul Boughton

Atmel has launched a comprehensive security platform that enables businesses of all sizes to assign certified and trusted identities to devices joining the secure Internet of Things (IoT), particularly for wireless networks, writes Nick Flaherty.

The Atmel Certified-ID security platform prevents unauthorized reconfiguration of an edge node to access protected resources on the network. This new platform is available on the Atmel SmartConnect Wi-Fi, Bluetooth, Bluetooth Smart (4.0 and above) and ZigBee solutions that connect directly to Atmel Cloud Partners, providing a secure turnkey solution for IoT edge node-to-cloud connection.

This provides a distributed key provisioning solution, using internal key generation capabilities of Atmel’s ATECC508A CryptoAuthentication device, but without invoking large scale infrastructure and logistics costs. This new platform also allows developers to create certified and trusted identities to any device before joining an IoT network.

With billions of devices anticipated by 2020 in the rapidly growing IoT market, security is a critical element to ensuring devices can safely and conveniently access protected assets through the Internet.

Today, secure identities are commonly created through a centralised approach where IoT device keys and certificates are generated offline and managed in secure databases in Hardware Security Modules (HSM) to protect the keys. These keys are then programmed into the IoT devices by connecting the HSM to automation equipment during device manufacturing. This approach is indispensable in large deployments consisting of millions of devices. It can also entail significant upfront costs in infrastructure and logistics which must be amortised over a large number of devices for cost effectiveness.

By using unique internal key generation capabilities in the ATECC508A, the new platform enables decentralised secure key generation, allowing distributed IoT device provisioning regardless of scale. This eliminates the upfront costs of the provisioning infrastructure which can pose a significant barrier in deploying devices in smaller scales. The new platform enables developers to create secure IoT devices compatible with partner cloud services and the ability to securely join ecosystems.

Atmel is currently working with several cloud service companies including Proximetry and Exosite on the Certified-ID platform. These collaborations allow developers to select from a full suite of ecosystem partners for a secure connection between the edge nodes and the IoT. Other partners will be announced as they are integrated in the Certified-ID platform.

“Streamlining secure processes and simplifying deployment of real world secure networks will be key to unlocking the potential and enabling rapid growth of IoT. We will continue delivering industry-leading solutions in security, a critical element in enabling billions of ‘things’ to be connected to the cloud,” said Nuri Dagdeviren, Vice President and General Manager of Secure Products Group at Atmel.

A security provisioning tool kit also enables independent provisioning for pilot programs or production runs when used with the ATECC508A CryptoAuthentication devices. These are pre-provisioned with internally generated unique keys, associated certificates, and certification-ready authentication once it is connected to an IoT ecosystem.

Developers will need two kits to securely provision their devices: the AT88CKECCROOT tool kit, a ‘master template’ that creates and manages certificate root of trust in any ecosystem, and the AT88CKECCSIGNER tool kit, a production kit that enables partners to provision IoT devices. The AT88CKECCSIGNER kit allows designers and manufacturers the ability to generate tamper-resistant keys and security certifications requiring hardware security in their IoT applications. These keys provide the level of trust demanded by network operators and allows system design houses to provision prototypes in-house—saving designers overall investment costs.

The tool kits also include an easy-to-use graphical user interface that allow everyone to seamlessly provision their IoT devices with secure keys and certificates without special expertise. With distributed provisioning, developers are not required to use expensive HSM for key management and certificate acquisition fees.

In addition to secure IoT provisioning, the new Certified-ID platform provides high-quality random number generation to guarantee a diverse set of public and private keys. It delivers solutions to a variety of IoT security needs including node anti-cloning protection, data confidentiality, secure boot, and secure firmware upgrades over-the-air. The tamper resistance built into the ATECC508A device continues to provide the desired protection even when the device is under physical attack.