by Erik T. Heidt | November 29, 2017 | Comments Off on IoT Security | Endpoint Hardware Key Storage
While cryptographic algorithms fail from time to time as computational tools advance or analytical breakthroughs occur, failures of this nature are rare events. Key storage or management failures are the leading causes for cryptographic protection failure. Key storage failures are tightly related to the key bootstrap problem – how to securely store a key at rest on storage that attackers can gain access to (i.e. Cold Boot Attack) or using the key in memory the attacker can snoop (i.e. Heartbleed). The most dangerous key management event is the creation of the poor keys, usually this is related to entropy problems (i.e. OpenSSL Debacle) – essentially failing to have as much randomness as needed.
This problems are exacerbated in the IoT security space as the attacker often has physical access to devices. In the case of mass produced devices, attackers may have access to enough units to be able to conduct destructive tests.
The gold standard for addressing key storage and management problems is to use a NIST (or other major standards authority) certified Hardware Security Module (HSM). The problem is that HSMs are expensive and their operation can be quite complex.
Microchip has very interesting option: ATECC608A
These are inexpensive I2C interface, 8 lead devices that cost under a dollar each volume one, and around 65 cents each in 10k volumes. What can get for a under a dollar per device:
- FIPS compliant RNG and key generation
- Hardware based key protection
- Secure (encrypted) on chip key (ECC, AES, SHA HMAC) and data storage
- Guaranteed Unique 72-bit Serial Number
- Boot validation, LoRa node authentication
In addition to these core technical capabilities, Microchip has emerging relationships with Amazon Web Services (AWS) and Google Cloud Platform (more information on the partner programs is available here). Details are emerging on these relationships, keep a lookout for announcements about these partnerships.
Ok, what about getting started?
The ATECC608A datasheet is worth a quick read. Note a past SparkFun Hacker In Residence, Josh Datko developed a cryptoshield which included the ATECC508A. The shield is out of production but the support files should be compatible with the ATECC508A, here is a link.
Have you ever wondered what kinds of techniques attackers have access to? What does a key extraction effort look like? These two YouTube videos document two different key extractions from embedded systems. Keep in mind – these guys are not pros – these are academic exercises. The pros would never identify themselves, have better resources and keep their techniques as trade secrets. That said, the videos are a quite fun (and detailed) view into how a determined attacker can extract keys.
Here you go:
Josh Datko has also blogged a nice piece on this “Initial thoughts on Microchip’s new ATECC608A“. Well worth a read.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.