CryptoAuthentication™ products — Offers product designers an extremely cost-effective, easy to design, tiny and ultra-secure hardware authentication capability.
Trusted Platform Module — The Microchip Trusted Platform Module (TPM) provides strong hardware-based public key (RSA) security on a single device for personal and tablet computers as well as embedded processor-based systems.
CryptoMemory® products — The Microchip CryptoMemory family offers a range of cost-efficient, high-security electrically erasable programmable read-only memory chips (EEPROMs) and host-side security for applications requiring comprehensive data protection.
CryptoRF® products — Microchip CryptoRF is a 13.56 MHz RFID device family employing a 64-bit embedded hardware encryption engine, mutual authentication and up to 64 Kbits of user memory.
For the ATECC608A Secure Element
When it comes to IoT security, private keys are the most sensitive material. If a private key is accessed by an unintended party, that person can now impersonate the IoT hardware and undertake undesired or malicious operations. Because of this, the most basic security practice to follow is to implement a secured hardware root of trust to remove exposure of private keys to software, firmware, manufacturing sites, end users or other third parties. Microchip’s ATECC608A secure element provides a JIL “high” rated secure key storage area to isolate keys. This is especially valuable in Linux® environments where software is a living entity and software backdoors to keys are likely to show up.
To further help adding hardware secure key storage, Amazon Web Service (AWS) offers IoT Greengrass Hardware Security Integration as part of its IoT Greengrass Core software. It is an interface between the IoT Greengrass Core and a hardware secure module based on PKCS#11. The ATECC608A is used in this implementation as the hardware secure key storage to isolate private keys needed for the authentication between AWS IoT and AWS IoT Greengrass from the Linux-based system enabled with IoT Greengrass. This microprocessor-agnostic solution adds true hardware secure key storage to any Linux-based IoT products. The ATEC608a is now part of the AWS Device Qualification Program supporting AWS IoT Greengrass.
Why would you harden your IoT Security with the ATECC508A for AWS IoT?
An easy way to hack an IoT device today is to physically attack the embedded system and spoof the private key which is likely located in the clear of a microcontroller memory. But hacking a single device or transaction is typically not of value to an attacker. Hackers are looking for weaknesses that will enable them to exploit a large number of connected devices. Once the keys are spoofed, the devices are accessed, a scalable remote attack can be launched leveraging the corrupted IoT devices as entry points
Why would you harden your IoT Security with the ATECC608A for AWS IoT?
Securing communication with a Cloud service and manipulating keys comes with many challenges: storing and using keys in the microcontroller exposes them, operating systems and software have bugs, the Heartbleed bug for OpenSSL was notable by easily exposing keys. Consequently, governments and corporations across the globe are working to protect individual identities and privacy. Strong authentication is the start of robust security. This leads cloud providers to push towards hardware-based security to obtain strong device identity protection, prevent identity spoofing, but also to protect against unauthorized firmware updates and prevent proliferation.
An easy way to hack an IoT device today is to physically attack the embedded system and spoof the private key which is likely located in the clear of a microcontroller memory. But hacking a single device or transaction is typically not of value to an attacker. Hackers are looking for weaknesses that will enable them to exploit a large number of connected devices. Once the keys are spoofed, the devices are accessed, a scalable remote attack can be launched leveraging the corrupted IoT devices as entry points
Why would you harden your IoT Security with the ATECC608A for Google Cloud IoT Core?
Securing communication with a Cloud service and manipulating keys comes with many challenges: storing and using keys in the microcontroller exposes them, operating systems and software have bugs, the Heartbleed bug for OpenSSL was notable by easily exposing keys. Consequently, governments and corporations across the globe are working to protect individual identities and privacy. Strong authentication is the start of robust security. This leads cloud providers to push towards hardware-based security to obtain strong device identity protection, prevent identity spoofing, but also to protect against unauthorized firmware updates and prevent proliferation.
An easy way to hack an IoT device today is to physically attack the embedded system and spoof the private key which is likely located in the clear of a microcontroller memory. But hacking a single device or transaction is typically not of value to an attacker. Hackers are looking for weaknesses that will enable them to exploit a large number of connected devices. Once the keys are spoofed, the devices are accessed, a scalable remote attack can be launched leveraging the corrupted IoT devices as entry points
Security With The Things Industries Join Servers
When it comes to LoRa security, provisioning and storing network server and application server keys is as important as it is complex. Because of this, it is also a known security weakness that attackers may try to use to exploit your system by accessing these keys. This can be avoided by implementing a secure hardened key storage both at the node and in the LoRaWAN™ backend which will strengthen the authentication process by removing exposure of authentication keys to software, firmware, manufacturing sites, end users and other third parties. Microchip’s ATECC608A-MAHTN secure element provides a JIL “high” rated secure key storage to isolate keys in the nodes. This is especially valuable in LoRa systems which are based on a shared key security model and leverage a wide variety of traditional low-power microcontrollers.
To make adding hardware secure key storage easier, the secure element is paired with The Things Industries' (TTI) join server service for turnkey secure authentication. The corresponding AES128 authentication keys are also hosted and protected in TTI’s managed join servers. Through a claim procedure via the TTI portal, the protected keys in the secure element are “claimed” and then owned by the company. This process simplifies the cumbersome unsecure provisioning practice used without secure key storage. This join server is completely agnostic to the network server and/or application server providers to preserve business scalability by leaving freedom of choice to the architects. Flexibility doesn’t stop here, the ATECC608A-MAHTN secure element is a microcontroller-agnostic solution that adds true hardware secure key storage to any LoRa-connected products.
Not only do discounted and counterfeit copies corrupt a corporation’s brand image, but they can also negatively impact its revenue streams. Counterfeit protection is critical in preventing such losses. Preserving brand image is not just about attracting new customers; it’s imperative for customer satisfaction and retention, as well. Key to this is the code’s authenticity. The IP protection attached to a brand must be part of product development from inception through all phases of a product’s life cycle. When proper technical protection of the IP is established, revenue protection and optimal user experience is more easily maintained and controlled once the product hits the market. Microchip’s CryptoAuthentication devices offer the protection necessary to empower companies to keep control of their future within their hardware designs.
 |
Trusted Storage In order to establish a robust counterfeit protection strategy, trust in the design, the device provider, the manufacturer must be optimum to decrease potential back-door and threats. The main philosophy is to completely isolate keys and secrets from any software exposure at any point of time of the product development as well as when the product is in the user’s hands.nds. |
 |
Physical Protection Microchip CryptoAuthentication devices integrates various vital features to strengthen your security at the root of the hardware design. The secure element portfolio is architected with various anti-tampering techniques and locking mechanisms such as active shield and side attack counter measures. |
 |
Cryptography The capability of generating randomness is arguably the most critical block within a security device after secure storage. The CryptoAuthentication devices embeds a unique serial number per device, and most importantly provide high entropy FIPS certified random number generators (RNG). |
 |
Trusted Provisioning Trust cannot rely only on the device but also on the manufacturing process. Exploiting human users and 3rd party weaknesses is one of the preferred target of hackers. Customers can now leave this burden to Microchip secured factories and leverage our trusted provisioning service already used by thousands of companies. |
Quickly Integrate Security into Existing Automotive Networks with Minimal Design Impact
More and more consumer conveniences like Bluetooth®, 3G, 4G, LTE, etc. are being added to vehicles each year much to the delight of consumers… as well as the hackers. There is no shortage of real-world vehicle hacking stories and videos available on the web and virtually all OEMs in all regions have been negatively impacted by these attacks. The attack surface will certainly continue to grow so the pressure is mounting for OEMs and Tier 1 suppliers to quickly secure in-vehicle networks with long-term solutions.
New OEM cybersecurity specs have begun to roll out requiring improved security including hardware-based secure boot and CAN message authentication. Implementing these new specs can be burdensome for Tier 1 suppliers to implement with the first investigation typically involving switching out their existing host microcontroller (MCU) to a higher horsepower dual-core 32-bit MCU with crypto. This can introduce significant additional silicon cost, software development expense and introduces risk associated with getting the new security software in the MCU implemented correctly. Microchip has introduced a solution that enables OEMs and Tier 1 suppliers to add security to existing systems without costly redesigns.
This CryptoAutomotive™ Security ICs In-Vehicle Network (IVN) TrustAnchor/Border Security Device (TA/BSD) development kit provides a way for developers to begin architecting their security into existing systems. The emulated secure companion solution initially targets secure boot and CAN message authentication use cases, and upcoming kit software releases for key agreement, TLS, content protection schemes and more will be available in the future. The kit can be conveniently paired with Microchip automotive host microcontroller development kits which include example projects for secure boot.
Making EEPROMs a Safe Place for Sensitive Data
The Microchip CryptoMemory® family offers a range of cost-efficient, high-security electrically erasable programmable read-only memory chips (EEPROMs) and host-side security for applications requiring comprehensive data protection, including mutual authentication between devices and host. CryptoMemory chips are the world's largest family of EEPROMs with a 64-bit embedded hardware encryption engine, four sets of nonreadable, 64-bit authentication keys, and four sets of nonreadable, 64-bit session encryption keys. The result: a truly secure means of preventing product counterfeiting and piracy. The chip family features a choice of memory densities and is easy to implement in a variety of applications.
Designer's choice — The chips are available in memory densities ranging from 1 Kbit to 256 Kbits to accommodate diverse storage and cost requirements.
Multiple access levels — User memory can be divided into as many as 16 separate sections, allowing several different levels of read and write access.
No special expertise — A CryptoMemory design kit offers a library of simple API calls that execute the most complex host operations.
Standard interfaces — The chips provide standard 2-wire communication interfaces to Microchip and other microcontrollers, as well as a standard smart card interface to off-the-shelf readers.
Package options — Options include 8-lead SOIC, TSSOP, uDFN, and PDIP plastic packages, modules for smartcard applications, and wafers thinned down to 6 mils.
Host-side simplicity — The Microchip CryptoCompanion™ chip provides simple, plug-and-play authentication on a host device.
| Device Family | Summary Benefit | Applications | Technologies | Key Parameters |
|---|---|---|---|---|
| CryptoCompanion | Security companion chip to CryptoMemory Securely implements host algorithms and stores host secrets Verifies host firmware digests |
Plug-and-play host-side cryptographic security for embedded systems |
64-bit Cryptographic Algorithm |
Host-side security Hardware security |
| CryptoMemory (2.7V - 3.6V) | Family of secure EEPROMs 64-bit embedded hardware encryption engine EEPROM densities from 1 to 8 kbit available Flexible security feature set to meet a wide variety of applications Supports both 2-wire and ISO7816 interface protocols Mutual authentication capability |
Applications requiring authentication, data protection or secure storage |
64-bit Cryptographic Algorithm |
Hardware security Secure EEPROM Authentication |
| CryptoMemory (2.7V - 5.5V) | Family of secure EEPROMs 64-bit embedded hardware encryption engine EEPROM densities up to 256 kbits available Flexible security feature set to meet a wide variety of applications Supports both 2-wire and ISO7816 interface protocols Mutual authentication capability |
Applications requiring authentication, data protection or secure storage |
64-bit Cryptographic Algorithm |
Hardware security Secure EEPROM Authentication |
The Largest Selection of Memory Solutions for RFID
Microchip CryptoRF® is a 13.56MHz RFID (radio-frequency identification) device family equipped with a 64-bit embedded hardware encryption engine, mutual authentication capability, and up to 64Kbits of user memory. These low-cost chips are virtually impossible to copy and offer hardware security that is superior to software security solutions. CryptoRF ICs are ideal for applications that are prone to counterfeiting, require a permanent chain of ownership, or use contactless smart cards for cash transactions. They are also suitable for use in adverse environmental conditions where dust, dampness, or temperature extremes can cause problems for digital devices.
| Device Family | Summary Benefit | Applications | Technologies | Key Parameters |
|---|---|---|---|---|
| CryptoCompanion | Security companion chip to CryptoRF Securely implements host algorithms and stores host secrets Verifies host firmware digests |
Plug-and-play host-side cryptographic security for embedded systems |
64-bit Cryptographic Algorithm |
Host-side security Hardware security |
| CryptoRF | Secure RFID solution High frequency 13.56MHz ISO 14443 Type B protocol EEPROM densities up to 64 kbits 64-bit embedded hardware encryption engine Flexible security feature set to meet a wide variety of applications Mutual authentication capability |
Product authentication Contactless payment Patient safety Anti-cloning of consumables Loyalty and patron management |
64-bit Cryptographic Algorithm |
ISO 14443 Type B 13.56MHz RFID Hardware Security Authentication Secure EEPROM |
| CryptoRF Reader | ISO 14443 Type B reader Supports both 2-wire and SPI serial interfaces Compatible with both 3.3V and 5V host microcontrollers Performs all RF communication, packet formatting, decoding, and communication error checking, reducing burden on host microcontroller |
Product authentication Contactless payment Patient safety Anti-cloning of consumables Loyalty and patron management |
RFID |
RFID reader 13.56MHz ISO 14443 Type B |
Mitigate remote attacks, use a unique trusted identity
Transport Layer Security 1.2 (TLS 1.2) has become the de facto standard for connecting embedded systems to a network. While TLS 1.2 is undeniably robust, an embedded system still requires a unique, secure and trusted identity to prevent large-scale remote attacks. For example, a malicious attack can cause a hospital power grid to go down and potentially risk human lives, interrupt online services and advertising activities resulting in a loss of revenue, or suspend the production capabilities of industrial plants and their supply chains to almost instantaneously affect their profitability. When combined with the TLS 1.2 protocol, Microchip’s ATECC508A CryptoAuthentication™ device offers a unique, trusted, and verifiable identity that can help protect billions of connected devices.
By physically isolating keys and secrets from the application
|
|
Secure Key StorageIn order to harden the TLS protocol, trust in the system, the device provider, the manufacturer must be optimum to decrease potential backdoors and threats. The main philosophy is to completely isolate keys and secrets from any software exposure at any point of time of the product development as well as when the product is in the user’s hands. The ATECC508A is your solution. |
|
|
Physical ProtectionMicrochip ECC based devices integrate various vital physical protection schemes to strengthen your TLS security at the root of the hardware design. The ECC based secure element family is architected with anti-tampering features such as active shield and side attack counter measures as well as robust secure key storage with locking mechanisms. |
|
|
Hardware CryptographyIn terms of cryptography, the most important function is to provide a high entropy FIPS compliant random number generators (RNG). The ATECC family integrates best in class RNG enabling high entropy capabilities. In addition, the device is capable of providing both an ECC hardware accelerator and SHA256 hashing as well as a unique serial number per device. |
|
|
Trusted ProvisioningTrust cannot rely only on the hardware device but also on the manufacturing process. Exploiting 3rd party weaknesses is one of the top target of hackers. Isolating keys and secrets from manufacturing is equally vital. Customers can now leave this burden to Microchip secure factories and leverage our trusted provisioning service already used by thousands of companies. |
