Share

Tweet

Share

Share

Email

Comments

Mark Patrick, Mouser Electronics

With the prevalence of connected devices (over 10 billion deployed), the opportunities for carrying out cyberattacks are at an unprecedented level. Few people or organizations are immune, with both companies and government organizations being successfully attacked recently. As security is strengthened, the attacks become more sophisticated, and many are now hitting the headlines as a result of the scale involved. The ransomware cryptoworm known as WannaCry had a huge impact, successfully compromising almost 250,000 computers and costing hundreds of millions of dollars.

One of the weak points is that these billions of nodes rely on the public Internet to make their all-important cloud connection. As a result, effective security is important to make sure that system access and sensitive data are only available to those for whom they are intended. However, nodes located at the edge of the network have limited resources in terms of processing capability and power, and cannot cope with many current cryptographic mechanisms. To protect these outlying nodes, equally effective but less resource-hungry approaches must be found.

The use of secret security keys embedded in nodes during the manufacturing process is one solution that is growing in popularity. On that subject, this article from Mouser looks at how Microchip’s dedicated ATECC608A security can provide hardware authentication using Google’s Cloud IoT Core service while at the same time requiring few processing and power resources – and enabling designers to meet bill-of-material (BoM) targets.

Billions of devices within the IoT connect to the cloud via the public Internet, and while this is convenient, it leaves them open to attack. The nature of the attack depends on the type of node involved and can range from simple loss of data to important control systems being targeted in a malicious manner. As a result, security is becoming an important consideration, especially for communication and authentication

Many IoT devices are placed at what is known as the “network edge,” meaning they are remotely located and have limited processing power. So, not only must security provisions be robust, they also need to be able to operate within the processing and power restraints at the network edge.

Adding embedded security keys to IoT nodes during the manufacturing process is one method that can meet the conflicting needs of strong security and limited resource usage. In this article, we will look at the Microchip ATECC608A security IC and how it can be used for hardware-based authentication in conjunction with Google’s Cloud IoT Core service.

Security is Critical in the Industrial IoT (IIoT)

Industrial and commercial systems are increasingly becoming the target of cyberattacks. The reasons are not always clear – it may be simply for financial gain, part of industrial espionage or even part of cyberwarfare waged by rogue governments. What is clear is that there have been many high-profile examples in recent years.

• 2010: Iran’s nuclear processing plants were impacted by the Stuxnet worm.
• 2014: OpenSSL security software was infiltrated by the Heartbleed bug, and this was successfully used to steal information from several systems. Even though the bug was rapidly fixed, systems that have not been patched and updated remain vulnerable.
• 2016: Many connected devices including hardware routers and security cameras were employed as “botnets” by the Mirai malware, and distributed denial of service (DDoS) attacks were launched from these unwitting helpers.
• 2017: Millions, or in some reports billions, of dollars have been estimated as the damages following the WannaCry ransomware that impacted more than 200,000 computers across 150 countries.
• 2018: A sustained four-year attack on the reservation database of the Marriott hotel chain exposed personal details of around 500 million people.

Compared to an attack on a single device in the personal space, attacks in the industrial space have the potential to be much more significant. Once an attack is successful, the identity of communications can be spoofed, with the potential to compromise many more devices. For businesses, attacks of this nature are usually highly publicized and damage reputations as well as directly impacting customers and, ultimately, revenues.

Key-Based Cryptography

Public key cryptography is behind most of the secure communication on the Internet. In this case a pair of keys is used – one is public and can be used by anyone who has it, while the other is stored securely. Once a message is encrypted with one key (usually the public one) then the other key (usually the non-public one) is needed to decrypt the message.

However, this method requires a reasonable amount of computational power, so tends to be used for brief messages only. All public key encryption relies on some form of mathematical algorithm, and there are several in current use. The early approaches rely on the notion that factorizing a large number is more difficult than generating the number from prime factors. In fact, this is the root of the popular RSA algorithm that was named after its inventors, Ron Rivest, Adi Shamir and Leonard Adleman.

Since the RSA algorithm was invented, several methods have been discovered to attack communications protected by it. This became easier as more computing power became available, and longer keys are now required to provide adequate security.

Elliptic curve cryptography (ECC) provides a far greater level of security, and even though it is already some 30 years old, there are no known shortcuts to breaking the security that it offers. Therefore, short keys can still be used successfully with ECC techniques, enabling secure encryption to be performed with reduced-power computing resources, such as those found in the IoT. ECC is therefore relatively quick and efficient.

In order for the system to work, you need to know that a public key is owned by the relevant person or organization, and this is done through the use of a trusted certification authority (CA). CAs actually generate the key pairs, providing the owner with the relevant private key and certifying the public key by signing it with a private key that belongs to the CA. While there are quite a few CAs, organizations known as root CAs (of which there are relatively few) generate keys to sign the certificates, thereby creating a “chain of trust.” This chain of trust is not limited to the systems that are communicating with each other – it is also required to include the providers of the hardware and software.

There are a number of ways that public key cryptography can be used:

• Anyone can encrypt a message with the public key, but the message can only be read by the intended recipient who holds the associated private key.
• A sender can use their private key and an attached copy of the encrypted message to sign a message. The signature can be authenticated by anyone decrypting it using the sender’s public key. This is usually accomplished by generating a number corresponding to the message text (a hash function) and then encrypting this hash as the signature.
• Digital signatures can also be used to verify message integrity. When the decrypted signature is different from the clear-text version, it is obvious that tampering has taken place and the message cannot be trusted.
• The Diffie-Hellman technique allows two systems to generate a shared secret key using one’s secret key and the other’s public key. This key can be used to encrypt and decrypt messages between the two systems. The Diffie-Hellman technique is ideal for longer messages, as it requires relatively little computing power.

These techniques not only protect communications, they are useful for other security needs such as establishing that software updates are from an authorized source – essential to know before they are installed. Of course, every one of these techniques relies heavily on the private key remaining private.

IoT System Secruity Management

Data encryption and authentication are critical to secure IoT communications, meaning that every IoT node must have a trusted, unique and secure identity. As we have seen, this can be achieved through the use of public key cryptography.

It is essential that private keys are managed securely, but this does present certain challenges. The private key can be kept in the normal microcontroller memory, but then anyone with access to the system (authorized or not) can read the key. Unauthorized access is often gained via defects in applications or operating systems, and even though patches are issued to fix these bugs they are often not implemented immediately. While in some cases this may be due to laziness, in others it is for a valid reason, such as the need for extensive testing of updates in critical industrial systems before rolling out the patch. This makes the situation worse, as the vulnerability is common knowledge and large numbers of nodes are potentially exposed.

People are another area of weakness – they can take shortcuts or act carelessly and inadvertently expose systems. They can also be manipulated or persuaded to reveal details through threats or bribery.

The following “rules” are essential to effectively protect private keys:

• Do not store them in microcontroller memory.
• Ensure software does not have direct access to them.
• Ensure humans cannot access them.

One means of following these rules is to use a dedicated security processor that can perform authorization and encryption within secure hardware, meaning the private key is never exposed. One such device is Microchip’s ATECC608A.

Microchip ATECC608A

Microchip’s ATECC608A is a cryptographic co-processor suited to securing IoT nodes. It can support several different encryption algorithms and is able to store as many as 16 certificates or private keys without them being exposed outside the secure environment.

Figure 1: The ATECC608A cryptographic co-processor offers multiple package types. (Source: Microchip).

Among the algorithms supported are the elliptic curve Diffie-Hellman (ECDH) key exchange and the elliptic curve digital signature algorithm (ECDSA), as well as AES-128 and SHA-256.

Designed specifically for IoT applications, the ATECC608A uses very little power and is relatively low cost. Its software needs are not complex, making it compatible with the resource-constrained microcontrollers that are common in IoT applications

In fact, it can be used with any microcontroller due to the CryptoAuthLib library, and can be used with any software security stack due to the JSON Web Token (JWT). No configuration is required, as all necessary certificates and keys are generated and stored in secure hardware during the manufacturing process. The keys are highly secure and never revealed, even during the manufacturing/storage process. Anti-tamper protection protects the keys even during physical access of the hardware.

For ease of use, Microchip has worked with Google to create an integrated cloud authentication process for the device.

Google Cloud IoT Core

Google is a natural partner for IoT cloud services due to its experience with, and knowledge of, communications, data storage and analytics. Its Cloud IoT Core allows IoT nodes to be securely connected and managed, and is easily scalable from a few devices to millions. The service is available globally and facilitates data transfer to the Google Cloud Platform for further processing, which allows data to be visualized in real time as well as providing insights that can be beneficial to any business.

The basic process for authentication and secure communication with the ATECC608A is as follows:

1. Get a root certificate from a CA.
2. Establish an OEM certificate that is signed by the root certificate.
3. Secretly transfer data to Microchip so that the device certificates can be added to the device, within its secure manufacturing environment.
4. Upload the public key to a Google IoT Core account.
5. To authenticate, the ATECC608A signs a token via ECDSA. No sensitive data is shared between the microcontroller and the Microchip device.

Figure 2: Cloud IoT Core authentication process. (Source Microchip).

The signed token is then transferred to the Cloud IoT Core’s device management function, where the signature is validated by the public key. At this point the node is authenticated and secure communication can be initiated.

This is examined in more detail in the technical article entitled “Why Harden Your IoT Security with the ATECC608A for Google Cloud IoT Core?” available free of charge from the Microchip website.

Summary

Security is so important in modern systems, and particularly in connected environments such as the IoT, where attacks can propagate widely and quickly. Public key cryptography is a popular solution for this, as it meets the objective to provide strong security while not requiring sophisticated microprocessors – or consuming significant amounts of power.

Microchip’s ATECC608A cryptographic co-processor makes managing private keys in IoT nodes much easier and takes the processing load away from the microcontroller. It is fully flexible and can be used with any microcontroller and secure software stack, as well as offering simple integration with Google’s Cloud IoT Core.

The solutions described in this article cost cents and provide high levels of security for all IoT nodes. With the prevalence of cyberattacks and their high profile in the press, this seems worth it to avoid your company becoming a headline.