Microchip’s IoT Security Solution for Tomorrow from Edge to Cloud
김기범(Brett Kim) 차장, Sr, ESE, Microchip Technology Korea
3rd IoT Developer Conference 2019
2
Corporate Overview
● Leading Total Systems Solutions provider: ● High-performance standard and specialized Microcontrollers,
Digital Signal Controllers and Microprocessors
● Mixed-Signal, Analog, Interface and Security solutions
● Clock and Timing solutions
● Wireless and Wired Connectivity solutions
● FPGA solutions
● Non-volatile EEPROM and Flash Memory solutions
● Flash IP solutions
● ~ $6 Billion revenue run rate
● ~19,000 employees
● Headquartered near Phoenix in Chandler, AZ
3
Providing Total
System Solutions
Wireless
• Wi-Fi®
• Bluetooth®
• LoRa®
• ZigBee® /MiWi™
Power
Drivers
Motor
Drivers
Encryption
&
Security
LED
Drivers
Amplifiers
Sensors
Filters A/D
D/A
Precision
Voltage
Reference
Auto/Industrial
Communication
• MOST®
• RS232/485
• CAN/LIN
DC-DC Converters
Supervisors & Ref.
LDOs, Battery Mgt.
Discretes & Modules
Power Management
High Voltage
I/Os
Memory
•EEPROM
•Serial Flash
•Serial SRAM
RFICs
MMICs
USB
• Smart Hubs
• Switches
• Transceivers
• Bridges
Smoke Detector
& Piezoelectric
Horn Drivers
Timing
• Clocks
• Timers
• RTCC
Microcontrollers
Microprocessors
FPGA/ SoCs
Ethernet
• Switches
• Controllers
• EtherCAT
• PHYs
• PoE
Touch Sensing
• Proximity/3D
• Buttons/Slider
• Touch Screen
Optical
Networking
Storage
• PCIe Switches®
• Adapters
• Controllers
Voice &
Audio
Processing
Digital
Potentiometer
4
What’s the Risk?
The danger is from a remote location … to launch a large-scale remote attackSecurity Breaches Result in Distributed Denial of Service
(DDoS), Ransomware, Worm proliferation
In common remote attacks, hacking a single device or
transaction is typically not of value to an attacker, scale is!
5
Today’s Weaknesses
Private keys are being handled by software at
best
Passwords and critical secrets are too often in
the clear of the MCU memory
Leave backdoors opened to hackers – they
attack the weakest point, in IoT, the unsecure
hardware and the user
Lack of large scale secure manufacturing
6
Clear Acceleration in IoT Attacks
The increase in connected devices brings more interests to hackers
Meltdown
SpectreMiraiHeartbleed WannaCry BlueBorne
Oct’16 May’172010
Stuxnet
April’14 Sept’17 Jan’18
Worm
attacking
PLC in
nuclear
plants
TLS exploit
exposing
encrypted
data, buffer
overflow
Penetrate air-
gapped
network like
Bluetooth
8.2B devices
Default
password
exploit,
DDoS attack
Network worm
exploiting the
SMB and encrypt
user data -
ransomware
300ku
computers
2.5M devices
Targeting
processors,
memory
access
200k devices
still affected
in 2017
2.5M devices Nearly every
computer
Krack
Nov’17
Wi-Fi WPA2
exploit, key
access
Nearly every
Wi-Fi
9
The Problem: Hardware Remote Hacking in IoT
In October 2016, the
Mirai DDOS Attack
neutralized several major
web services in the US
and Europe.
It created large revenue
losses as the network
was paralyzed and data
streaming was
impossible.
11
Create a unique …
Build a chain of
TRUST
… trusted
… protected
… verifiable identity
Authentication in security is all about keys
Build a Secure Authentication
12
Use IoT Security Best Practices
Select a trusted and experienced vendor in security
Use standard, proven security architectures
Secure the authentication (Root of Trust) by providing a unique, trusted,
protected and verifiable identity
Encrypt your communication (TLS1.2)
Use secure firmware validation with OTA and secure boot
13
How to Strengthen Security?
Strong protection of device identity to
prevent identity spoofing for access
In common remote attacks, hacking a single device or
transaction is typically not of value to an attacker, scale is!
Strong authentication & encryption to
prevent eavesdropping
Strong protection against unauthorized
firmware updates to prevent proliferation
14
The Four Pillars
Isolate private keys from users
Humans are the most unpredictable security risk
Isolate private keys from software
Once a patch is released, it reveals the software weakness to
the attacker. It can take months to patch IoT hardware, which
gives enough time for the attacker to invade the system
Isolate key manipulation from the manufacturing phase
Not only from supply chain equipment but also from the users
in the supply chain
Isolate keys from microcontrollers
Please do not leave private keys in the clear of a flash
memory
15
The Problem to Solve: Protecting Device Identity
I have your keys, so I am YOU!
Are your keys protected?
Are your keys in the software?
They will be exposed, and I‘ll get them.
Are your keys
injected during
manufacturing?
Remember, equipment and
operators = I am YOU.
Are your keys in the MCU?
Remember the debug ports UART
and JTAGs. I am YOU, again!
16
Don’t Ignore Physical Access
Microprobe equipment is cheap and easy to use
Diagnostic ports are very common, easy to abuse
17
How Keys are Protected Matters
Strong multi-level hardware security
Active shield over entire chip
All memories internally encrypted
Data independent crypto execution
Randomized math operations
Internal state consistency checking
Voltage tampers, isolated power rail
Internal clock generation
Secure test methods, no JTAG
No debug probe points or test pads
Designed to defend against
Microprobe attacks
Timing attacks
Emissions analysis attacks
Fault, invalid command attacks
Power cycling, clock glitches
Crypto devices
Standard
devices
18
Secure Factory Provisioning
Private keys generated entirely inside the
ATECC608A
Solid randomness
NEVER readable
NEVER known by anybody
Certificates generated by world-class
HSMs at Microchip
Protected in State-of-the-art Secure
Facilities
24/7 surveillance
No special equipment or procedures
required in the third-party manufacturing
sites
19
Certificate Chain Setup
OEM
OEM signs Tier-1
Signers
Creates OEM
Root
Signer Certificates
(Highly scalable)
Factory
Intermediate
CA’s
Purchase
Order
Devices with
signed certs
chained to root
Microchip Creates Custom PN
With Customer Unique MfrID
Root Certificate
Authority (OEM IT)
Tier-1 signs Tier-1
Factory Signers
Tier-1 Factory
Signer signs
Microchip Signers
This is not new to Microchip. We have shipped millions of provisioned units per year.
HSM
21
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
22
Product Families
Connected Nodes
- Simple Security Upgrade to Any IoT Node
- Seamless Key & Certificate Provisioning
- Node Authentication
- Communication Encryption
Accessories or Disposable authentication
- Contact or Contactless Authentication
IoT
Ac
ce
ss
ori
es
Au
tom
oti
ve
Challenge
Response
SHA204ECC608A
In-Vehicle Network Security
- Simple ECU Security Upgrade
- Secure Boot
- CAN Message Authentication
CAN Bus CAN Bus
MCU
ECU
Border
Security
MCU
ECU
Border
Security
MCU
ECU
Border
Security
MCU +
Connectivity
Node
ECC608A CEC1702
23
Security Portfolio
SHA204A ECC608A CEC1702
Key Features & Use Cases Low-Cost Accessory Authentication
Node / Accessory Authentication
Network Security
Node to Cloud Authentication and
On-Boarding
Key Provisioning
Support minimum TLS1.2
cryptography
Secure Boot
32-bit Arm® Cortex® -M4-based MCU
480 K SRAM
HW Accelerated Cryptography
Node to Cloud Authentication and On-
boarding
Ture Low power MCU with
Various I/O
Secure Boot & Secure FW Update on the
fly encryption/decryption
True RNG
Crypto Algorithms NIST SHA256 NIST SHA256; ECC P256, AES128
SHA1, SHA512,ECC640
RSA 4096
AES256
Non Volatile Memory 4.5 Kbits 8.5 Kbits 64 kB/2.5 kb OTP
I/O Interface I2C, Single Wire I2C, Single Wire I2C, SPI
PackagesUDFN8, SOIC8, SOT23-3,
3-Contact (RBH) UDFN8, SOIC8, SOT23-3 Package
and pin to pin compatible
84 WFBGA
Availability Production Production Production
24
Use Cases
Amazon Web Services IoT
Authentication
Google Cloud IoT Core
Authentication
Microsoft Azure
25
Mic
rochipSecret exchange with
Microchip to allow
certificate generation on the
customer behalf. The rest
of the process happens in
our secure factories
Certificates issued by the
Customer at their site.
All customers have an IT
team that handles this
process – it’s normal
OEM AWS IoT Account
Customer-Specific Production
Signers with BYOC (Bring Your
Own Certificate)
1. OEM creates AWS IoT account, sets up OEM CA
• Existing OEM capability, 3rd party Trusted CA, Microchip CA kit
2. OEM creates certificates for Microchip production signers
3. OEM registers production signer certificates into their AWS account
4. Device Certificates are loaded in the ATECC608A in Microchip
secure factories and signed – to generate the private key
5. Device certificate automatically transferred to AWS and registered
on first TLS connection with AWS IoT JITR
6. Every customers has their own Customized Part Number (CPN)
Customer-Specific
Production Signers
Root of Trust
OEM Certificate
Device
Certificate
Device certs
Loaded with JITR (Just In
Time Registration)
Custo
mer
All handling and
manipulations of certificate
happen at Microchip secure
factories
AWS IoT Use Case
26
Getting Started with AWS IoT
Go to microchip.com/ATECC608A click on “AWS IoT use case”
Click on “Buy” the hardware
CryptoAuth-XPRO-B: includes the ATECC608A soldered on the board. A socketed option is available with
the AT88CKSCKTUDFN
The AT88CKECC-AWS-XSTK-B: Zero touch secure provisioning kit (ATECC508 upgraded for WINC1500
TLS, ATSAMG55) can be upgraded with the ATECC608A
At the bottom of the webpage:
Go to Developer Help for the User Manual: http://microchipdeveloper.com/iot:ztpk
Download the Software/Firmware package HERE
Bonus: a CloudFormation script done by AWS is available in the SW/FW package to download to
automatically configure the AWS IoT policies of one user account.
+
OR+
AT88CKECC-AWS-XSTK-B
AT88CKSCKTUDFNATECC608A
ATCRYPTOAUTH-XPRO-B
27
Google IoT Use Case Details
1. Establish a standard TLS session
Microchip WINC1500 takes care of
establishing a TLS session
2. Connect to the MQTT broker
Issue an MQTT CONNECT request with a
JWT token as password
JWT token is signed by the device private key
28
Google IoT Core Use Case
ECDSA
Sign
Signature
ECDSA
ATECC608A
How the Microcontroller
communicates to the secure
element and JWT created?
CryptoAuthLib library
Signature
ECDSA
Appended to
JWT Token
32-bit Microcontroller
Signed
Send
Part of the JWT token
Token is hashed
Public
Key
Google IoT CoreDevice Management
Signed
29
Go to microchip.com/ATECC608A click on “Google Cloud IoT Core use case”
Click on “Buy” the hardware
CryptoAuth-XPRO-B: includes the ATECC608A soldered on the board. A socketed option is available with
the AT88CKSCKTUDFN
Microcontroller: choice between the Cortex® -M4 ATSAMG55, Cortex® -M0+ ATSAMD21, or the integrated
Cortex® -M0+ with Wi-Fi ATSAMW25
At the bottom of the webpage
Go to Github for the User Manual: HERE
Go to Github for for the Software/Firmware packages: HERE
Bonus: Fan controller example on ATSAMG55: HERE
+
OR +
AT88CKSCKTUDFNATECC608A
ATCRYPTOAUTH-XPRO-B
OR
OR
ATSAMG55-XPRO
ATSAMD21-XPRO
ATSAMW25-XPRO
Getting Started with Google Cloud IoT Core
30
Getting Started with Google Cloud IoT Core
● Go to microchip.com/ATECC608AGCPiotCore
● Click on “Buy” the hardware:
❑ ATCryptoAuth-XPRO-B including ATECC608A soldered on the
board. A socketed option is available with the AT88CKSCKTUDFN
add-on
❑ Microcontroller: choice between the Cortex® -M4 ATSAMG55,
Cortex® -M0+ ATSAMD21
❑ Wi-Fi: ATWINC1500 including the TLS stack for free
● At the bottom of the webpage:
❑ User Manual on Github
❑ Software/Firmware packages on Github
❑ Bonus: Fan controller / Temperature sensor example
+AT88CKSCKTUDFNATECC608A
Secure Element: ATECC608A
ATCRYPTOAUTH-XPRO-B
Microcontroller Cortex® -M4
ATSAMG55-XPRO
Wi-Fi
ATWINC1500-XPRO
Microcontroller Cortex® -M0+
ATSAMD21-XPRO
Wi-Fi
ATWINC1500-XPRO
Secure Element: ATECC608A
ATCRYPTOAUTH-XPRO-B
Microcontroller 8-bit AVR
ATmega4809
31
Software Stacks & Examples
AWS IoT Implementation
www.microchip.com/ATECC608aAWSIoT
Google Cloud IoT Core Implementations
www.microchip.com/GCP
Secure Boot Implementation
www.microchip.com/ATECC608aSecureBOOT
Upgraded CryptoAuthLib (check out the
Python option too)
https://github.com/MicrochipTech/cryptoauthlib
32
CEC1702 Block Diagram
32-bit Arm® -Cortex® -M4 MCU at
48 MHz
480 KB SRAM Code + Data
Low Power 7.75mA Active
0.4mA Sleep
3.0µA Vbat
VCI Logic V-bat powered input/output logic
Best-in-class harward
cryptographic
cipher suite
84 WFBGA Small 7x7mm footprint
Routes on standard PCB
33
Azure
Microchip is an Azure development
partner
CEC1702 provides secure boot and a
robust hardware crypto cypher suite and
is DICE capable
The SecureIoT1702 Demo Board (Part
Number: DM990012) and the CEC1702
Development Board (DM990013) are
Azure Certified for IoT Devices
Both items are available from
microchipdirect.com
CEC1702 Azure Certified Kit with DPS
support is available now.
CEC1702 IoT Development Kit Certified
for MS Azure + DICE
Secure boot for establishing a chain of
trust
Device Identifier Composition Engine
(DICE) for protection of nodes
MS Azure Certified Kit for fast
development with minimal risk
Connector for Plug in Module (PIM) for
CEC1702
Compact, high-contrast, serial graphic
LCD Display Module with backlight
OTP programmability in CEC1702
Wi-Fi 7 Click Board for cloud connectivity
THERMO 5 Click board
34
For More Information
Microsoft Azure Certified for IoT
CEC1702 Azure IOT on CEC1702 Development Board
https://catalog.azureiotsuite.com/details?title=CEC1x02DevBoar
d&source=home-page
Microchip Security Solutions
https://microchip.com/securityics
CEC1702
https://microchip.com/CEC1702
IoT
https://microchip.com/iot
35
Private keys are being handled by software at
best
Passwords and critical secrets are too often in
the clear of the MCU memory
Leave backdoors opened to hackers – they
attack the weakest point, in IoT, the unsecure
hardware and the user
Lack of large scale secure manufacturing
Summary
Microchip offers the solutions
to isolate/hide keys from software
JTAG can be disabled: CEC1702
Disabled by default: SHA204/ECCx08
Microchip has secure facilities
capable of secure manufacturing
Thank You!
The Microchip name and logo and MOST are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. MiWi is trademark of Microchip Technology
Incorporated in the U.S.A. and other countries. Arm and Cortex-M0+ are registered trademarks of Arm Limited (or its subsidiaries) in the EU and other countries. All other trademarks
mentioned herein are property of their respective companies.