Security coprocessor marks a new approach to provisioning for IoT edge devices

---

It’s worth noting that security breaches rarely involve breaking the encryption code; hackers mostly use techniques like spoofing to steal the ID.

---

The advent of security coprocessor that offloads the provisioning task from the main MCU or MPU is bringing new possibilities for the Internet of Things product developers to secure the edge device at lower cost and power points regardless of the scale.

Hardware engineers often like to say that there is now such thing as software security, and quote Apple that has all the money in the world and an army of software developers. The maker of the iPhone chose a secure element (SE)-based hardware solution while cobbling the Apple Pay mobile commerce service. Apparently, with a hardware solution, engineers have the ecosystem fully in control.

Security is the basic building block of the IoT bandwagon, and there is a lot of talk about securing the access points. So far, the security stack has largely been integrated into the MCUs and MPUs serving the IoT products. However, tasks like encryption and authentication take a lot of battery power — a precious commodity in the IoT world.

Atmel’s solution: a coprocessor that offloads security tasks from main MCU or MPU. The ATECC508A uses elliptic curve cryptography (ECC) capabilities to create secure hardware-based key storage for IoT markets such as home automation, industrial networking and medical. This CryptoAuthentication chip comes at a manageable cost — 50 cents for low volumes — and consumers very low power. Plus, it makes provisioning — the process of generating a security key — a viable option for small and mid-sized IoT product developers.

A New Approach to Provisioning

It’s worth noting that security breaches rarely involve breaking the encryption code; hackers mostly use techniques like spoofing to steal the ID. So, the focus of the ATECC508A crypto engine is the tasks such as key generation and authentication. The chip employs ECC math to ensure sign-verify authentication and subsequently the verification of the key agreement.

The IoT security — which includes the exchange of certificates and other trusted objects — is implemented at the edge node in two steps: provisioning and commissioning. Provisioning is the process of loading a unique private key and other certificates to provide identity to a device while commissioning allows the pre-provisioned device to join a network. Moreover, provisioning is carried out during the manufacturing or testing of a device and commissioning is performed later by the network service provider and end-user.

Presently, snooping threats are mostly countered through hardware security module (HSM), a mechanism to store, protect and manage keys, which requires a centralized database approach and entails significant upfront costs in infrastructure and logistics. On the other hand, the ATECC508A security coprocessor simplifies the deployment of secure IoT nodes through pre-provisioning with internally generated unique keys, associated certificates and certification-ready authentication.

It’s a new approach toward provisioning that not only prevents over-building, as done by the HSM-centric techniques, but also prevents cloning for the gray market. The key is controlled by a separate chip, like the ATECC508A coprocessor. Meaning, if there are 1,000 IoT systems to be built, there will be exactly 1,000 security coprocessors for them.

Certified-ID Security Platform

Back at ARM TechCon 2015, Atmel went one step ahead when it announced the availability of Certified-ID security platform for the IoT entry points like edge devices to acquire certified and trusted identities. This platform leverages internal key generation capabilities of the ATECC508A security coprocessor to deliver distributed key provisioning for any device joining the IoT network. That way it enables a decentralized secure key generation and eliminates the upfront cost of building the provisioning infrastructure for IoT setups being deployed at smaller scales.

Atmel, a pioneer in Trusted Platform Module (TPM)-based secure microcontrollers, is now working with cloud service providers like Proximetry and Exosite to turn its ATECC508A coprocessor-based Certified-ID platform into an IoT edge node-to-cloud turnkey security solution. TPM chips, which have roots in the computer industry, aren’t well-positioned to meet the cost demands of low-price IoT edge devices.

Additionally, the company has announced the availability of two provisioning toolkits for low volume IoT systems. The AT88CKECCROOT toolkit is a ‘master template’ that creates and manages certificate root of trust in any IoT ecosystem. On the other hand, AT88CKECCSIGNER is a production kit that allows designers and manufacturers to generate tamper-resistant keys and security certifications in their IoT applications.

5 challenges of IoT connectivity

At last month’s MIT Technology Review Digital Summit, PubNub CEO Todd Greene discussed the importance of connecting Internet of Things embedded devices on a reliable and secure realtime network. CPU, battery, and bandwidth consumption, as well as security are all paramount considerations that need to be taken into account when connecting low-powered embedded devices.

You’ll find that when developing and networking Internet of Things devices in the lab, connectivity is fairly seamless. You may have a few embedded devices connected to a backend server, so latency isn’t an issue.

However, deploying that IoT app on a global scale, to thousands or even millions of users simultaneously, is a whole other ball game. Unfortunately, the Internet isn’t just one big network, but rather is composed of an infinite amount of heterogeneous networks, including proxy servers, firewalls, cell towers, and WiFi networks, all slower and faster than one another.

As a result, there are 5 major challenges when it comes to Internet of Things connectivity. Keep scrolling down to see them, or watch the video below:

At PubNub, we think a lot about IoT connectivity and how we can make it as reliable, secure, and fast as possible. So to make PubNub the best network for connecting and signaling between Internet of Things devices, we first had to understand the challenges of doing so. Presenting the 5 challenges of IoT connectivity:

1. Signaling

When connecting IoT embedded devices, you need to start with bidirectional signaling to collect and route data between devices. Whether it’s embedded devices talking to a server to collect data, or devices signaling one another, you need to stream IoT signals and data quickly and reliably. You need to be 100% sure that that stream of data or signal is going to arrive at its destination every time.

2. Security

Security is a huge umbrella, but it’s paramount in Internet of Things connectivity and should be forethought, not an afterthought. For example, what good is a smart home if anyone can open your garage door? Here are three considerations for IoT security:

• Authorization: When publishing or subscribing to stream of data or IoT signal, it’s essential to make sure that the IoT device or server has proper authorization to send or receive that stream of data.
• Encryption: You need end-to-end encryption between devices and servers.
• Open ports: An IoT device is dangerously vulnerable when it’s sitting and listening to an open port out to the Internet. You need birectional communication, but you don’t want to have open ports out to the Internet.

3. Presence Detection

Who’s there, (or in terms of IoT, what device is there)? It’s important to immediately know when an IoT device drops off the network and goes offline. And when that device comes back online, you need to know that as well.

Presence detection of IoT devices gives an exact, up to the second state of all devices on a network. This gives you the ability to monitor your IoT devices and fix any problems that may arise with your network.

4. Power consumption

IoT embedded devices are small and expensive, so CPU and power consumption need to be considered. When you have hundreds or even thousands of devices sending data and signaling one another, it takes a toll on power and CPU consumption. You need to maximize efficiency while minimizing power and CPU drain.

5. Bandwidth

In addition to power and CPU, bandwidth consumption is another challenge for IoT connectivity. Bandwidth on a cellular network is expensive, especially with hundreds of thousands of IoT devices on a network sending request/response signals to your server.

That’s a huge server issue and a requires a large scale server farm handling all this data. You need a lightweight network that can seamlessly transfer data between devices and servers.

Connecting IoT Devices with PubNub

Connecting devices in the lab is one thing, but once they’re out in the wild, it’s a whole new ballgame. So where do you start? Having a scalable IoT network to connect embedded devices and servers is especially critical for IoT applications with a large user base.

These are the types of Internet of Things challenges we’ve solved at PubNub. With over two hundred million connected devices connected to our global realtime network in fourteen data centers, we average 50 to 60 thousand transactions per second, peaking at over 3 million. PubNub is used to stream data and signal for hundreds of different IoT uses cases including:

• Automotive: Connected cars need a realtime communication layer to stream data and signal between their fleet, dispatch, and the consumer on the app. Examples: Sidecar, Lyft, Easy Taxi, Gett, Zoomy
• Home Automation: A realtime network can be used to signal and trigger actions for smart devices and home automation solutions. Examples: Insteon, Revolv, Vivint
• Wearables: IoT wearables require a low latent, lightweight network to stream data between the device and a server. Battery, CPU, and bandwidth consumption are all important considerations that must be taken into account. Examples: 3rd Eye

By 2020, it’s estimated that there will be between 20 and 30 billion connected devices on the Earth. As a result, how we connect those devices should take precedence as the IoT field grows exponentially.

Atmel celebrates 50 billion with ARM

ARM – which employs over 2,000 people around the globe – has billions of RISC-based processors in the wild and powers approximately 95% of the world’s smartphones. Recently, the British company marked a major milestone: 50 billion ARM-powered chips shipped.

Commenting on the milestone, Reza Kazerounian, Senior Vice President of Microcontrollers at Atmel, noted that ARM helps embedded developers significantly accelerate the development cycle by offering access to standard cores and an extensive ecosystem, including software and reference designs.

Kazerounian also said the next 100 billion chips will likely be led by intelligent connectivity, primarily in the context of the Internet of Things (IoT).

As we’ve previously discussed on Bits & Pieces, Atmel offers an extensive portfolio of microcontrollers (MCUs) and microprocessors (MPUs) based on the world’s most popular 8- and 32-bit architectures: Atmel AVR and ARM. Indeed, Atmel’s two decades of microcontroller leadership and innovation include many industry-firsts:

• The first Flash microcontroller, the first ARM7-based 32-bit Flash microcontroller
• The first 100nA microcontroller with RAM retention
• The first ARM9-based Flash microcontroller

“In order to simplify the embedded design process, we’ve meticulously built a robust ecosystem around our ARM microcontrollers,” an Atmel engineering rep told Bits & Pieces. ”Meaning, Atmel offers a wide range of software tools and embedded software that support leading operating systems, along with low-cost evaluation kits.”

In addition, Atmel’s flexible and highly integrated ARM-based MCUs are designed to optimize system control, user interface (UI) management and ease of use. That’s why our ARM Cortex-M3 and M4 based architectures share a single integrated development platform (IDP): Atmel Studio 6. This platform offers time-saving source code with more than 1,600 example projects, access to debuggers/simulators, integration with Atmel QTouchtools for capacitive touch applications and the Atmel Gallery online apps store where embedded software extensions can be downloaded.

Meanwhile, Atmel ARM-based MPUs range from entry-level devices to advanced highly-integrated devices with extensive connectivity, refined interfaces and ironclad security.

“Whether you are working on new, existing or legacy designs, a wide range of Atmel ARM-based devices provides the latest features and functionality. These devices also feature the lowest power consumption, a comprehensive set of integrated peripherals and high-speed connectivity,” the engineering rep added.

Interested in learning more about Atmel’s extensive ARM portfolio? You can check out our ARM MCUs here and our ARM MPUs here.