The IoT Trusted Zone

A breach in security can be devastating, but use of best practices in design, such as isolating security-related hardware into "Trusted Zones," can limit attempts to access content from outside the zone and continually monitor things such as variations in temperature and voltage.

Figure 1:  A generic secure embedded system architecture must isolate security-related MCU hardware, software, and external devices. 

Hardware Accelerator

Implementing an advanced encryption standard (AES), Rivest–Shamir–Adleman) public-key cryptosystem (RSA), or Elliptic-Curve Diffie-Hellman (ECDH) algorithm is computationally intensive, so microcontrollers in secure embedded systems usually contain hardware accelerators to speed up everyday cryptographic operations. Specialized instructions in the MCU then access the accelerators to perform functions such as AES encryption and decryption.

A Secure Real-Time Clock (RTC)

A secure Real-Time Clock (RTC) guards against an attacker tampering with the clock settings to disable system operation. The function is often combined into a supervisor device that continually checks the system voltage and switches to battery backup if primary power fails; if the battery backup voltage drops, the supervisor will signal a tamper event.

True Random-Number Generator (TRNG)

Random numbers are critical in secure systems to generate random cryptographic keys for secure data transmission. A software algorithm can produce a long pseudo-random sequence. However, it is deterministic and therefore vulnerable to attack, so a secure microcontroller should incorporate a hardware True Random-Number Generator (TRNG), which gives an unpredictable output. TRNGs have a colorful history—the numbers from one early online TRNG originated in the waxy blobs generated by a lava lamp—but modern implementations use thermal noise or the interaction between several free-running oscillators as sources of randomness.

Temperature and Voltage Monitoring

In side-channel attacks, measurements and analyses of physical hardware parameters are used to access a system's or chip's cryptographic operation and extract the secret key. Excessive temperatures and voltage variations, for instance, can then be used to mount hardware attacks. In the event that the system voltage is removed, the on-chip environmental monitor switches to backup battery power, and the private keys are zeroed out.

• Secure Hardware Key Storage for up to 16Keys, certificates, or data
• Hardware support for an asymmetric sign, verify, and key agreement with ECDSA (FIPS186-3 Elliptic Curve Digital Signature)
• ECDH: FIPS SP800-56A Elliptic-Curve Diffie-Hellman
• NIST standard P256 elliptic curve support
• SHA-256 and AES-128 support
• Secure Boot support
• Ephemeral key generation
• Random Number Generation (RNG) per FIPS 800-90 A/B/C
• Two high-endurance monotonic counters
• Guaranteed unique 72-bit serial number

The ATEC608A has three different versions, each pre-programmed with essential functions to support common security applications more easily. These three versions are:

• The ATECC608A Trust&GO version, optimized for TLS-based network secure authentication. The device comes pre-configured and pre-provisioned with default thumbprint certificates and a key. The configuration and credentials are locked in the machine and cannot be changed. The cloud infrastructure would not require verification of the thumbprint certificate by a certificate authority, significantly simplifying the implementation and deployment. Other vital features integrated into the ATECC608A-TNGTLS are the AES128 hardware accelerator, hardware-based cryptographic key storage, and cryptographic countermeasures, eliminating potential security attacks linked to software weaknesses. The ATECC608A Trust&Go device is compatible with the  AWS IoT Multi-account registration architecture. 
• The ATECC608A TrustFLEX version, optimized for TLS-based network secure authentication. The device comes pre-configured as a secure device with more use cases than just the device-to-cloud secure authentication Trust&GO offers. The cloud infrastructure, either a public or private network, can implement token-based authentication or customer certificate authentication (the traditional PKI model). It provides a pre-architected implementation for additional authentication, firmware validation, secure boot assistance, key rotation, and more. The ATECC608A TrustFlex device is compatible with AWS IoT, Microsoft Azure, Google Cloud Platform, and, in general, any Transport Layer Security (TLS) networks with code examples for WolfSSL, mBedTLS, and CycloneSSL. 
• The ATECC608A TrustCUSTOM version, a secure element that is fully customizable for applications with security requirements that go beyond the Trust&GO and TrustFLEX use cases. 

Figure 2: The ATECC608A and Block Diagram (Source: Microchip)

A variety of software tools assist the developer in creating applications projects targeting the kit:

• The Microchip Trust Platform for CryptoAuthentication™ includes a variety of examples for famous use cases, configurators, and training material.
• The CryptoAuthLib makes working with Microchip’s CryptoAuthentication devices a straightforward process. CryptoAuthLib has been designed with a Hardware Abstraction Layer (HAL) to make it easily extensible to other microcontrollers. Both C and Python versions of the library are available.

• MPLAB® X IDE is an Integrated Development Environment (IDE) that works on Windows®, macOS®, and Linux® environments. The tools can develop new embedded applications using the onboard SAM D21 microcontroller. The tool will automatically use the onboard nEDBG debugger to program the SAM D21 microcontroller. The debugger can also be used to provide debug information back from the host microcontroller to a terminal window through a COM port.
• You can find out more about the DM320118 from the Mouser product page here: