The new HW-TLS platform provides an interface between software TLS packages and the ATECC508A cryptographic co-processor.
With the rise of the Internet of Things, security has become a pressing topic because autonomous remote devices are now routinely connecting to wireless networks to form complex smart device and cloud-service ecosystems. As a result, autonomous IoT gadgets constitute a significant part of those networks and must be able to authenticate themselves to the network resources to maintain the integrity of the ecosystem. In addition, these remote, resource-constrained clients must be able to perform this authentication using minimal processing, memory and power.
Cognizant of this, Atmel has launched the industry’s first hardware interface library for TLS stacks used in Internet of Things edge node applications. Hardening is a method used for reducing security risks to a system by applying additional hardware security layers and eliminating vulnerable software. This new Hardware-TLS (HW-TLS) platform provides an API that allows TLS packages to utilize hardware key storage and cryptographic acceleration even in resource constrained edge node designs. HW-TLS is a comprehensive solution pre-loaded with unique keys and certificates designed to eliminate the complexities of generating secure keys in the manufacturing supply chain.
OpenSSL is a general-purpose cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and TLS protocols. wolfSSL is a cryptography library that provides lightweight, portable security solutions with a focus on speed and size. Atmel’s new ATECC508A-OpenSSL and ATECC508A-wolfSSL are available for immediate download at their respective software distribution repositories, offering seamless adoption of more secure elements without disruption to the developer workflow.
Secure hardening for both OpenSSL and wolfSSL is made possible with HW-TLS which enables those TLS software packages to interface seamlessly with the ATECC508A CryptoAuthentication co-processor. This IC provides protected key storage as well as hardware acceleration of Elliptic Curve Cryptography (ECC) cipher suites including mutual authentication (ECDSA) and Diffie-Hellman key agreement (ECDH). As such, HW-TLS allows developers to substantially harden Transport Layer Security (TLS), enhancing security for IoT ecosystems.
When used together, HW-TLS and the ATECC508A let even extremely small, low-cost IoT nodes implement strong cryptographic security. All private keys, certificates and other sensitive security data used for authentication are stored in secure hardware and protected against software, hardware and back-door attacks. Beyond that, the integrated ECC accelerators in the ATECC508A offload cryptographic code and math from the MCU allowing even a low-end processor to perform strong authentication.
“Everyone with an interest in IoT security should be excited about Atmel HW-TLS with wolfSSL,” explains Larry Stefonic, wolfSSL CEO. “The combination of our secure software and Atmel’s new chips brings TLS performance and security to a level unrivaled in the industry. Atmel’s HW-TLS platform also makes it easier than ever for developers to incorporate truly hardened security into our TLS stack.”
Traditionally, TLS performed authentication and stored private keys in software. However, Atmel’s latest platform closes the vulnerability gap in this arrangement by offloading the crucial key management responsibility to dedicated, tamper-resistant secure elements such as the ATECCC508A crypto engine. What’s more, the intensive crypto algorithms are processed in the CryptoAuthentication device, offloading the MCU on the remote devices and enabling the IoT edge node to authenticate to the cloud without a user-perceptible delay. Furthermore, Atmel Hardware-TLS comes as a complete platform pre-loaded with unique keys and certificates for eliminating the complexities of adding secure keys to each device in a manufacturing supply chain.
“With more and more remote devices being connected to the cloud every day in the era of the IoT, it becomes increasingly critical to ensure these devices are not vulnerable to attack,” adds Nicolas Schieli, Senior Director of Atmel’s Secure Products Group. “Such devices can be entirely secure only when they are hardware secure, meaning the ‘secret’ keys are stored in a separate hardware unit. We are excited to bring this innovation to market, enabling device manufacturers that need to connect to the cloud to take advantage of hardware security.”
The Hardware-TLS complements Atmel Certified-ID, a seamless and secure keys provisioning platform for assigning trusted identities to devices joining the IoT.