Gartner Blog Network


IoT Security | Endpoint Hardware Key Storage

by Erik T. Heidt  |  November 29, 2017  |  Comments Off on IoT Security | Endpoint Hardware Key Storage

While cryptographic algorithms fail from time to time as computational tools advance or analytical breakthroughs occur, failures of this nature are rare events. Key storage or management failures are the leading causes for cryptographic protection failure. Key storage failures are tightly related to the key bootstrap problem – how to securely store a key at rest on storage that attackers can gain access to  (i.e. Cold Boot Attack) or using the key in memory the attacker can snoop (i.e. Heartbleed).  The most dangerous key management event is the creation of the poor keys, usually this is related to entropy problems (i.e. OpenSSL Debacle) – essentially failing to have as much randomness as needed.

This problems are exacerbated in the IoT security space as the attacker often has physical access to devices. In the case of mass produced devices, attackers may have access to enough units to be able to conduct destructive tests.

The gold standard for addressing key storage and management problems is to use a NIST (or other major standards authority) certified Hardware Security Module (HSM). The problem is that HSMs are expensive and their operation can be quite complex.

Microchip has very interesting option: ATECC608A 

These are inexpensive I2C interface, 8 lead devices that cost under a dollar each volume one, and around 65 cents each in 10k volumes. What can get for a under a dollar per device:

  • FIPS compliant RNG and key generation
  • Hardware based key protection
  • Secure (encrypted) on chip key (ECC, AES, SHA HMAC) and data storage
  • Guaranteed Unique 72-bit Serial Number
  • Boot validation, LoRa node authentication

The ATECC608A builds on the capabilities of the ATECC508A, ATSHA204A and other members of the CryptoAutehtication family.  (Note, I am planning on doing some proof of concepts for my IoT Lab series.)

ECC508A Block Diagram

In addition to these core technical capabilities, Microchip has emerging relationships with Amazon Web Services (AWS) and Google Cloud Platform (more information on the partner programs is available here). Details are emerging on these relationships, keep a lookout for announcements about these partnerships.

Ok, what about getting started?

The ATECC608A datasheet is worth a quick read. Note a past SparkFun Hacker In Residence, Josh Datko developed a cryptoshield which included the ATECC508A. The shield is out of production but the support files should be compatible with the ATECC508A, here is a link.

Hacking Bonus

Have you ever wondered what kinds of techniques attackers have access to? What does a key extraction effort look like? These two YouTube videos document two different key extractions from embedded systems. Keep in mind – these guys are not pros – these are academic exercises. The pros would never identify themselves, have better resources and keep their techniques as trade secrets.  That said, the videos are a quite fun (and detailed) view into how a determined attacker can extract keys.
Here you go:

Thanks,
Erik

Update:
Josh Datko has also blogged a nice piece on this “Initial thoughts on Microchip’s new ATECC608A“. Well worth a read.

Category: internet-of-things  risk-management  security  

Erik T. Heidt
IoT Agenda Manager, Research VP
5 years at Gartner
26 years IT Industry

Erik Heidt is the IoT Research Agenda Manager for Gartner for Technical Professionals (GTP). Mr. Heidt covers Internet of Things (IoT) architecture, strategy and execution as well as security and risk management within the IoT context. Mr. Heidt focuses on developing and delivering research related to the architecture, development and operation of IoT for both users and suppliers. Mr. Heidt has more than 26 years of industry experience, with a significant focus on information security and risk management. Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.