Platform enables hardware crypto acceleration in IoT
- Supports OpenSSL and wolfSSL TLS implementations for hardware key protection and Secure Execution Environments
- Accelerates core cryptographic processes with Co-Processor in IoT Edge Nodes Applications
- Pre-loaded with Unique Keys and Certificates to Reduce Complexities in Manufacturer Supply Chains
Atmel, currently being acquired by MIcrochip, has launched the industry’s first hardware interface library for TLS stacks used in Internet of Things (IoT) edge node applications.
Hardening is a method used for reducing security risks to a system by applying additional hardware security layers and eliminating vulnerable software. Atmel’s new Hardware-TLS (HW-TLS) platform provides an API that allows TLS packages to use hardware key storage and cryptographic acceleration even in small, resource constrained edge node designs. HW-TLS is pre-loaded with unique keys and certificates designed to reduce the complexities of generating secure keys in the manufacturing supply chain.
|TLS protocol stack (Photo credit: Wikipedia)|
Secure hardening for both OpenSSL and wolfSSL is made possible with HW-TLS which allows those TLS software packages to interface seamlessly with Atmel's ATECC508A CryptoAuthentication co-processor. The ATECC508A provides protected key storage as well as hardware acceleration of Elliptic Curve Cryptography (ECC) cipher suites including mutual authentication (ECDSA) and Diffie-Hellman key agreement (ECDH). As such, HW-TLS allows developers to substantially harden Transport Layer Security (TLS), enhancing security for IoT-device and cloud-service ecosystems.
When used together, HW-TLS and the ATECC508A allow small, low-cost IoT nodes to implement strong cryptographic security. All private keys, certificates and other sensitive security data used for authentication are stored in secure hardware and protected against software, hardware and back-door attacks. In addition, the integrated ECC accelerators in the ATECC508A offload cryptographic code and math from the MCU allowing even a low end processor to perform strong authentication.
“Everyone with an interest in IoT security should be excited about Atmel HW-TLS with wolfSSL,” said Larry Stefonic, CEO, wolfSSL. “The combination of our secure software and Atmel’s new chips brings TLS performance and security to a level unrivaled in the industry. Atmel’s HW-TLS platform also makes it easier than ever for developers to incorporate truly hardened security into our TLS stack.”
With the rise of the IoT, security has become a pressing topic because autonomous remote devices are now routinely connecting to wireless networks to form complex smart-device and cloud-service ecosystems. As a result, autonomous smart IoT devices constitute a significant part of those networks and must be able to authenticate themselves to the network resources to maintain the integrity of the ecosystem. In addition, these remote, resource-constrained clients must be able to perform this authentication using minimal processing, memory and power.
Traditionally, TLS performed authentication and stored private keys in software. The Atmel Hardware-TLS platform closes the vulnerability gap in this arrangement by offloading the crucial key management responsibility to dedicated, tamper-resistant secure elements such as the ATECCC508A CryptoAuthentication device. In addition, the intensive crypto algorithms are processed in the CryptoAuthentication device, offloading the MCU on the remote devices and enabling the IoT edge node to authenticate to the cloud without a user-perceptible delay.Furthermore, Atmel Hardware-TLS comes as a complete platform pre-loaded with unique keys and certificates for eliminating the complexities of adding secure keys to each device in a manufacturing supply chain.
“With more and more remote devices being connected to the cloud every day in the era of the IoT, it becomes increasingly critical to ensure these devices are not vulnerable to attack,” said Nicolas Schieli, Sr. Director, Secure Products Group, Atmel. “Such devices can be entirely secure only when they are hardware secure, meaning the ‘secret’ keys are stored in a separate hardware unit. We are excited to bring this innovation to market, enabling device manufacturers that need to connect to the cloud to take advantage of hardware security.”
The Atmel Hardware-TLS platform complements Atmel Certified-ID, a seamless and secure keys provisioning platform for creating trusted Internet identities for smart connected devices.
Atmel Hardware-TLS: http://www.atmel.com/tools/