When it comes to IoT security, private keys are the most sensitive material. If a private key is accessed by an unintended party, that person can now impersonate the IoT hardware and undertake undesired or malicious operations. Because of this, the most basic security practice to follow is to implement a secured hardware root of trust to remove exposure of private keys to software, firmware, manufacturing sites, end users or other third parties. Microchip’s ATECC608B secure element provides a JIL “high” rated secure key storage area to isolate keys. This is especially valuable in Linux® environments where software is a living entity and software backdoors to keys are likely to show up.
To further help adding hardware secure key storage, Amazon Web Service (AWS) offers IoT Greengrass Hardware Security Integration as part of its IoT Greengrass Core software. It is an interface between the IoT Greengrass Core and a hardware secure module based on PKCS#11. The ATECC608B is used in this implementation as the hardware secure key storage to isolate private keys needed for the authentication between AWS IoT and AWS IoT Greengrass from the Linux-based system enabled with IoT Greengrass. This microprocessor-agnostic solution adds true hardware secure key storage to any Linux-based IoT products. The ATEC608B is now part of the AWS Device Qualification Program supporting AWS IoT Greengrass.
The scalable IoT Greengrass Hardware Security Integration relies on a PKCS#11 interface. This architecture makes the usage of a secure element very portable from one Linux-based design to another, saving significant development time and accelerating time to market.