Home

/ / /

Hardened TLS

Security ICs

Security ICs

Hardened TLS Benefits

Mitigate remote attacks, use a unique trusted identity

Transport Layer Security 1.2 (TLS 1.2) has become the de facto standard for connecting embedded systems to a network. While TLS 1.2 is undeniably robust, an embedded system still requires a unique, secure and trusted identity to prevent large-scale remote attacks. For example, a malicious attack can cause a hospital power grid to go down and potentially risk human lives, interrupt online services and advertising activities resulting in a loss of revenue, or suspend the production capabilities of industrial plants and their supply chains to almost instantaneously affect their profitability. When combined with the TLS 1.2 protocol, Microchip’s ATECC508A CryptoAuthentication™ device offers a unique, trusted, and verifiable identity that can help protect billions of connected devices

How do Microchip's CryptoAuthentication devices help enhance TLS?

By physically isolating keys and secrets from the application

Secure Key Storage

In order to harden the TLS protocol, trust in the system, the device provider, the manufacturer must be optimum to decrease potential backdoors and threats. The main philosophy is to completely isolate keys and secrets from any software exposure at any point of time of the product development as well as when the product is in the user’s hands. The ATECC508A is your solution.

Physical Protection

Microchip ECC based devices integrate various vital physical protection schemes to strengthen your TLS security at the root of the hardware design. The ECC based secure element family is architected with anti-tampering features such as active shield and side attack counter measures as well as robust secure key storage with locking mechanisms.

Hardware Cryptography

In terms of cryptography, the most important function is to provide a high entropy FIPS compliant random number generators (RNG). The ATECC family integrates best in class RNG enabling high entropy capabilities. In addition, the device is capable of providing both an ECC hardware accelerator and SHA256 hashing as well as a unique serial number per device.

Trusted Provisioning

Trust cannot rely only on the hardware device but also on the manufacturing process. Exploiting 3rd party weaknesses is one of the top target of hackers. Isolating keys and secrets from manufacturing is equally vital. Customers can now leave this burden to Microchip secure factories and leverage our trusted provisioning service already used by thousands of companies.

ECC Based

Hardware based root of trust based on X509 certificate
Public Key Infrastructure (PKI)
ECC hardware accelerator
ECDHE-ECDSA sign
Tamper resistant
Keys are never sent, exposed, nor disclosed

Integrated TLS

Free integrated TLS stack from WiFi module ATWINC1500
Free integrated TLS stack from Bluetooth/Wifi combo ATWINC3400
Cost efficient solution
Enable connectivity to small microcontrollers

3rd Party Solutions

Certified 3rd party security partner TLS stacks
Certificate Authority options
Years of experience
Offer agnostic implementation to connectivities and microcontrollers
WolfSSL, CycloneSSL, OpenSSLstacks

Application Notes BOM Brochures Data Sheet Getting Started Schematics User Guides White Papers

Application Notes

Title D/L

AN_8984 - CryptoAuthLib: Driver Support for CryptoAuthentication Devices

AN_8974 - ATECC Compressed Certificate Definition

AN_8971 - ATECC Production Provisioning Guide

AN_8834 - ATSHA204 Authentication Modes

AN_8826 - PCB Mounting Guidelines for Surface Mount Packages

AN_8754 - Application Brief: Analyzing Strength of Security

AN_8750 - ACES Overview

AN_42724 - AT17284: Proximetry Cloud Based Smart Plug User Guide

AN_42720 - AT16267: Firmware User Guide on JD Smart Cloud Service Integration with Smart Plug

AN_42707 - AT16268: JD Smart Cloud Based Smart Plug Getting Started Guide

BOM

Title D/L

AT88CK460WHITE Bill of Materials

Brochures

Title D/L

ATECC508A Flyer

Data Sheet

Title D/L

ATECC508A - Summary Datasheet

Getting Started

Title D/L

Forward Secrecy Made Real Easy

Schematics

Title D/L

CryptoAuth Xplained Pro Schematic

User Guides

Title D/L

Security Provisioning Signer Module Kit User Guide - User guide for the AT88CKECCSIGNER USB Provisioning Signer Module kit to ea

ATSHA204A and ATECC108A/508A Firmware Development Library User Guide

AT88CK490/590 Kits Quick Start User Guide - AT88CK490/590 USB dongle demo-evaluation quick start guide for ATSHA204A, ATAES132A,

AT88CK490/590 Kits Hardware User Guide - AT88CK490/590 USB dongle demo-evaluation hardware user guide for ATSHA204A, ATAES132A,

White Papers

Title D/L

Security for Intelligent, Connected IoT Edge Nodes

Evaluation Kit

Title	Description
AT88CK590 Evaluation Kit	Evaluation Kit for the Microchip CryptoAuthentication™ ATSHA204A, ATAES132A, and ATECC508A Devices
CryptoAuth Xplained Pro	Evaluation and development extension platform for embedded Microchip ATSHA204A, ATAES132A, and ATECC508A design applications
AT88CKSCKTSOIC-XPRO	The AT88CKSCKTSOIC-XPRO is an XPRO extension board that attaches 8-pin SOIC CryptoAuthentication devices to Microchip MCU's that support an XPRO interface. All Microchip Crypto Authentication devices regardless of interface can be used with this board.
AT88CKSCKTUDFN-XPRO	The AT88CKSCKTUDFN-XPRO is an XPRO extension board that attaches 8-pin UDFN CryptoAuthentication devices to Microchip MCU's that support an XPRO interface. All Microchip Crypto Authentication devices regardless of interface can be used with this board.
ATXPANDER-XPRO	The ATXpander-XPRO passively expands an XPRO extension header from a single kit to up to 3 kits. The board also allows for easy wiring modifications to be made if so required.

Starter Kit

Title	Description
AT88CKECC-AWS-XSTK	AWS Zero Touch Secure Provisioning Kit

Development Kit

Title	Description
AT88CK101 Development Kit	Single socket secure authentication development kit for the Microchip ATSHA204A, ATECC508A, and ATAES132A CryptoAuthentication™ devices. Supports the Xplained Pro series.

Programmer

Title	Description
Security Provisioning Kits	Part of the Microchip Certified-ID platform, these USB module kits are used for provisioning Microchip ECC-based devices during production of boards/products.

Software Libraries

Title	Description
Microchip Hardware-TLS Platform	Microchip Hardware-TLS software libraries for wolfSSL and OpenSSL enable hardware-based elliptic curve mutual authentication for TLS using the ATECC508A Crypto co-processor. With Microchip HW-TLS support libraries, system designers using wolfSSL or OpenSSL can take advantage of Microchip Crypto hardware to enable strong mutual authentication between communicating devices as well as store keys, certificates and other sensitive data in a protected hardware storage.
CryptoAuthLib	Software library support for the ATSHA204A, ATECC108A, and ATECC508A CryptoAuthentication devices written in C.

Title

Description

Microchip Hardware-TLS Platform

Microchip Hardware-TLS software libraries for wolfSSL and OpenSSL enable hardware-based elliptic curve mutual authentication for TLS using the ATECC508A Crypto co-processor. With Microchip HW-TLS support libraries, system designers using wolfSSL or OpenSSL can take advantage of Microchip Crypto hardware to enable strong mutual authentication between communicating devices as well as store keys, certificates and other sensitive data in a protected hardware storage.

CryptoAuthLib

Software library support for the ATSHA204A, ATECC108A, and ATECC508A CryptoAuthentication devices written in C.

Software Tools

Title	Description
Microchip Crypto Evaluation Studio (ACES)	The ACES package is a suite of software tools to configure and demonstrate the Microchip CryptoAuthentication Family of devices using various evaluation kits.