7.1 Use Cases

The ECC608-TMNGTLS was defined to specifically address the IoT market. Through use of the Kudelski keySTREAM SaaS, a wide array of cloud networks and specific authentication services can be accessed. The inherent flexibility built in to the system allows for a custom PKI to be established in-field, with no factory intervention from Microchip. This allows for the ability to modify and rotate certificates, update and maintain security policies for a variety of applications and use cases within those applications. A brief description of some of the use cases that this device addresses is provided below. These use cases can be implemented separately or in combination with each other. To prototype and implement these use cases, Microchip provides both hardware and software tools.

Secure TLS Connection

The ECC608-TMNGTLS allows the creation of a secure authentication in the TLS protocol. The device will store the birth private key generated by Microchip within our certified secure provisioning facilities. This key will issue an ECC-P256 signature to the keySTREAM SaaS, which will authenticate the ECC608 TrustManager. The SaaS will, then, create a custom PKI and provision the new custom certificates in the device. This is the in-field provisioning of the custom PKI. The private keys associated to the root and intermediate certificates are protected in the Kudelski IoT HSMs, which are set up during the customer account setup. This, then, allows for connection to a wide array of cloud providers. Through the various modes of the Key Derivation Function (KDF), appropriate keys can be generated to support TLS1.2, TLS1.3 and earlier secure connection Internet protocols.

Certificate Management

Through use of the custom PKI that was set up in keySTREAM SaaS when the account was set up, the SaaS can be used to manage and monitor the certificate expiration date, certificate revocation and certificate renewal.

After the initial account setup, the expiration date of the certificates can be set and stored in the ECC608-TMNGTLS. When the certificate expiration date is reached, it can be can be configured to renew automatically as specified by the Kudelski IoT policies so as to prevent loss of service due to an expired certificate.

If a security breach or some other incident occurs that warrants the revocation of a certificate, through use of the KeySTREAM SaaS, the ECC608-TMNGTLS device certificates can be revoked. Revocation of the certificate will prevent the device from connecting to the cloud. If so desired, to restore secure authentication to the device, the certificate can be renewed by issuing a new certificate to replace the current certificate stored in the device. Revocation and renewal achieve certificate rotation.

Private Key Rotation

The keySTREAM SaaS is able control the rotation of private keys inside the ECC608-TMNGTLS. If the end product private key is determined to no longer be trustworthy, a new private key, stored in Slot 0 can be regenerated through use of keySTREAM SaaS. The risk is a denial of service on Slot 0, where keySTREAM SaaS will deny access to the SaaS for that particular device.

Secure Boot

Protecting the firmware image of a microcontroller or microprocessor is a concern for many vendors. By providing a mechanism to verify that the code being run is authentic and was not modified, the overall integrity of the system is maintained. The ECC608-TMNGTLS was configured to allow Secure Boot by storing the code digest of the system within a data slot of the device. Upon initial execution of the code, the system can regenerate the digest over the system firmware and compare it with the digest stored in the ECC608-TMNGTLS, verifying that the firmware was not tampered with.

IP and Data Protection

Protecting Intellectual Property (IP) can be crucial to maintaining a company’s competitive edge. IP protection describes the way of protecting the firmware or hardware developed by the customer from being copied. Firmware IP protection can be done with just a software-based approach, but the key information inside the firmware still remains quite vulnerable to attacks.

The ECC608-TMNGTLS device offers hardware-based secure key storage to ensure that a product with the firmware runs. The devices can perform both the Symmetric authentication and Asymmetric authentication where the keys are securely stored in the secure element, thereby, reducing a hacker’s ability to extract and modify the keys. The Slot 15 public key can be used to verify either the hash of a firmware image or the signature of a signed image, respectively, during any point of run-time operations.

End-to-End Data Protection

Through the use of symmetric keys, secure data communication can be implemented. Through the use of the ECDH function, symmetric keys can be generated to allow for encryption and decryption of communication between devices and endpoints. Data can be fully protected from cloud to device and device to cloud.

General Data Storage

Data Slot 8 is used to store specific customer/application onboarding information needed for multiple keySTREAM SaaS operations. This slot is not available for general use by the customer. Sometimes there is a need to store a small amount of additional information for a given system. Data Slot 15 can be used to store additional customer-specific or application-specific information. The ECC608-TMNGTLS can be used for this purpose by utilizing the data slot that allows read and write access. This eliminates the need to add an additional EEPROM memory device to only store data.
Restriction: If data Slot 15 is used for general data storage, the Secure Boot feature cannot be implemented.