Cloud IoT Core Authentication Use Case



hello and welcome to microchip code today we will go over the google IOT core authentication use case using the ATEC c60 8a let's start by looking at what is the main risk in IOT today with security accessing remotely to one iota hardware caused damage in itself but more importantly being able to remotely access a multitude of our util hardware is the real target of the black hat it can result into the treated denial of service run somewhere warm proliferation and etc the impact is on your brand your company your revenue your IP and your customers let's look a little more details into the pillar of hardware authentication the first concept is to isolate private keys from user's human or the most unpredictable security risk the second concept is to isolate private keys from software once a patch is released it reveals the software weakness to the attacker it can take months to patch an IOT hardware which gives enough time to the attacker to penetrate the system the third concept is to isolate key manipulation from the manufacturing phase not only from the supply chain equipment but also from the operators in the supply chain and the fourth concept is to isolate keys from microcontrollers please don't leave the private key in a clear of flash memory we ought to talk about certificate authority concept leakage of any of the private keys involved in a certificate chain leads to the ability to spoof the identity of devices and to create an unlimited number of illegitimate devices to build a chain of trust we recommend at least three levels of certificates the higher level of certificate is the eco system certificate authority it's typically stored and protected by ecosystem authority the second level is the intermediate certificate it's stored on a computer on device manufacturing line that's where possible security flow could occur and finally the lowest level certificate is the device level certificate which is typically stored in the memory of the device that's another possible place for security flow let's look now at the details of the quality core use case the higher level certificates are issued by the customer at their site the customers obtain your boot certificates and create an OEM certificates then a secret exchange process is established between the customer and microchip to allow the generation of certificates on the customers we have microchip generate production signers and then device level certificates that are loaded into the AEC six or eight a the public key is then loaded into the device management of Google oolitic or the private keys is generated inside the 1866 zero at a inside or microchip secure factoids and all the handling and manipulation of certificates happen within the same secure factories now we are switching to the marketplace environment once the finished product is deployed the Mike control generator JWT token which stands for JSON web token part of the JWT token is hushed and presented to the secure element the private key is then used to sign the hash token to create an EC DSS signature the signature is then pushed back to the mic controllers and the signature is appended to the jet ability token the private key is always included a Tec c60 a never leaves the device it is protected with anti tampering protections and silent axonal protections to communicate between the microcontroller and the secure element microchip offers the crypto or sleep library which also helps to create the JWT the sign jadibooti token is then presented to the device management function of Google ID core and with the public key previously stored google core is verifying the sign GWT token a genuine to authorize the rest of the communication now the full chain of trust is closed the benefits the JWT implementation offers a very light code that animal security for very small microcontrollers the solution is completely agnostic of the TLS stack that offers design portability and finally the solution is completely agnostic of the my controller which referred design flexibility to know more about the ATEC c60 a please visit us at 3w my kottshicken / 18 ECC 6 0 a thank you very much

One Comment

  1. Joao Paulo said:

    Where else can I learn everything I need to get started with cryptography? I'm currently working on an IoT project which must read a couple of sensor, and share data through GSM. We are going to use google IoT Core solution with JWT ( Signature with EC algorithm). How do I secure my data? Where should I start?

    Up to now things are a bit obscure, but soon I'll get to the rights terms and right questions. Thanks

    June 29, 2019
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *