Introduction

Author: James Boomer – Microchip Technology Inc.

Over time, security capabilities and expectations evolve within the security world along with the capabilities of attacks that seek to compromise secure systems. Recognizing these changes, Microchip has developed a security-enhanced version of the ATECC608A, known as the ATECC608B. The security changes implemented in the device are largely behind the scenes and are not directly observable during normal operation. The ATECC608B has been designed to allow an easy migration from the ATECC608A, while improving the overall security.

For new designs, it is recommended that users start directly with the ATECC608B. For designs that are going through an upgrade or a revision, it is recommended that part of the upgrade include the ATECC608B. For other designs, users must do an overall security assessment and determine if they need to migrate to the ATECC608B.

The ATECC608B continues the line of security products developed as part of the Microchip CryptoAuthentication™ family of high-security cryptographic devices. These devices combine world-class hardware-based key storage with hardware cryptographic accelerators to implement various authentication and encryption protocols. All applications and use cases previously supported by the ATECC608A are also supported by the ATECC608B.

Applications Summary

  • Network/Internet of Things (IoT) Node Endpoint Security – Manages node identity authentication and session key creation and management. Support is provided for the ephemeral session key generation flow for multiple protocols including TLS 1.2 and TLS 1.3.
  • Firmware Validation (Secure Boot) – Supports the microcontroller (MCU) host by validating code digests and optionally enabling communication keys upon a successful secure boot. For an enhanced performance, various configurations are available.
  • Small Message Encryption – Hardware Advanced Encryption Standard (AES) engine to encrypt and/or decrypt small messages or data such as Personally Identifiable Information (PII). The device supports the AES-ECB mode directly. Other AES modes are supported with help from the host. Additional Galois Field Multiply (GFM) calculation functions support the AES Galois Counter Mode (AES-GCM).
  • Secure Over-the-Air (OTA) Updates – Supports local protected key generation for downloaded images. Both broadcasts of one image to many systems, each with the same decryption key, and point-to-point download of unique images per system are supported.
  • Accessory/Disposable Authentication – Validates the authenticity of a system or component. This capability is often sought where disposable components are part of a system.