Microsoft Azure Smart Secured Nodes
Hackers have become increasingly sophisticated, making it imperative that system designers apply sound security principles in the development of their product. Developed and backed by industry experts from the Trusted Computing Group (TCG), Device Identity Composition (DICE), offers a simple and reliable authentication and encryption method that can be implemented in the hardware of security products during manufacturing.
We’ve removed the complexity from adding authentication and encryption capabilities with our CEC1702 IoT Development Kit which includes support for both DICE and Azure IoT Hub Device Provisioning Service (DPS). The architecture breaks up the boot
process into layers and creates unique secrets along with a measure of integrity for each layer, automatically re-keying and protecting secrets if malware is present. One of the key benefits of using the secure boot features of the CEC1702 microcontroller
(MCU) with the DICE standard is that it enables equipment manufacturers to create a chain of trust for multiple loads of firmware, which is especially important for customers concerned with authenticating system-critical commands, such as in applications
like power plants or online server databases.
- CEC1x02 development board with a Plug-in Module (PIM) that contains the CEC1702 MCU with integrated cryptography accelerators, saving code space and decreasing time to market
- Two headers compatible with Mikroelektronika’s extensive library of click boards™, allowing for flexible design requirements
- MikroElektronika Wi-Fi® 7 click board, equipped with Microchip’s ATWINC1510-MR210PB IEEE 802.11 b/g/n/ module, optimized for low-power IoT applications
- Mikroelektronika THERMO 5 click board, which can measure temperatures across four channels with ranges from 0 to 127 degrees Celsius and an extended range of -64 to 191 degrees Celsius
The DICE standard enables manufacturers to use silicon gates to create device identification based in hardware, making security hardware part of the DNA of new devices from the ground up. Hardware Security Modules (HSMs) are the core security technology used to secure device identities and provide advanced functionality such as hardware-based device attestation and zero-touch provisioning.
The IoT Hub Device Provisioning Service (DPS) is a service for Azure IoT Hub that enables zero-touch, just-in-time provisioning to the IoT Hub without requiring human intervention.
This allows customers to provision devices in a secure and scalable manner.
There are many provisioning scenarios in which the Device Provisioning Service is an excellent choice for getting devices connected and configured to Microsoft Azure IoT Hub, such as:
- Zero-touch provisioning to a single IoT solution at the factory (initial setup)
- Load balancing devices across multiple hubs
- Connecting devices to their owner’s IoT solution based on sales transaction data
- Connecting devices to a particular IoT solution depending on use-case (solution isolation)
- Connecting a device to the IoT hub with the lowest latency
- Re-provisioning based on a change in the device