- Getting Started
- Trusted Platform Module
- Design Partners
AWS IoT Greengrass Hardware Security Interface (HSI)
For the ATECC608A Secure Element
When it comes to IoT security, private keys are the most sensitive material. If a private key is accessed by an unintended party, that person can now impersonate the IoT hardware and undertake undesired or malicious operations. Because of this, the most basic security practice to follow is to implement a secured hardware root of trust to remove exposure of private keys to software, firmware, manufacturing sites, end users or other third parties. Microchip’s ATECC608A secure element provides a JIL “high” rated secure key storage area to isolate keys. This is especially valuable in Linux® environments where software is a living entity and software backdoors to keys are likely to show up.
To further help
Benefits of using the AWS IoT Greengrass Hardware Security Integration:
- Leverage secure elements for AWS IoT Greengrass ecosystems
- Provide a unique, trusted and protected
- Optimum hardware security with secure key storage
- Anti-tampering protection
- Side-channel attack protections
- JIL rated “high” secure key storage
PKCS#11 is part of the Public Key Cryptography Standard (PKCS). To put it simply, it’s an interface or API that defines the communication between a controller (microcontroller or
There are two authenticated links that IoT Greengrass Hardware Security Integration will look in for a signature:
- The authentication between the IoT Greengrass Core to AWS IoT
- The authentication from the IoT Greengrass Core to the IoT edge node connected to the gateway.
Both authentication paths are relying on a mutual TLS1.2 protocol. Consequently, the system could require two private keys to address the two authentication links, one for each. Alternatively, a single private key can be used to authenticate both links. The choice will depend on the application and the security model decided on by the designer. The IoT edge node will still require having its own private key to be stored in a secure element like the ATECC608A within the end-node itself.
The scalable IoT Greengrass Hardware Security Integration relies on a PKCS#11 interface. This architecture makes the usage of a secure element very portable from one Linux-based design to another, saving significant development time and accelerating time to market.
Start Developing Your IoT Greengrass Hardware Security Integration Solution
- Step one: Buy the “Secure 4 click” and the adapter that already includes the ATECC608a and the Raspberry Pi to MikroBUS™ adapter from MikroElektronika.
- Step two: Procure a Linux system such as a Raspberry Pi (example documented) or a Microchip SAMA5Dx MPU.
- Step three: Go to the user manual hosted on GitHub and start implementing the ATECC608A secure element within your IoT Greengrass-enabled system.
- Step four: Use AWS IoT Greengrass documentation to get started with IoT Greengrass and deploy IoT Greengrass Core software to your device. Follow directions for making changes to your config.json file to use the
ATECC608A private key.
- Benefit from strong authentication between AWS IoT Core and AWS IoT Greengrass with secure key storage.