AWS, Microchip create a more secure connection to the cloud
January 30, 2017
The rise of the Internet of Things (IoT) has created a new set of security considerations for the cloud. Now not only do you need to safeguard the dat...
The rise of the Internet of Things (IoT) has created a new set of security considerations for the cloud. Now not only do you need to safeguard the data inside an IoT gateway or node, but you must also ensure the device can securely communicate with cloud servers – and this has become one of the next big challenges for design engineers.
One of the most prominent players in the cloud space, Amazon Web Services (AWS), tackled this challenge early by adopting a mutual authentication security model. In order to comply, an IoT device manufacturer must pre-register their security authority to establish a trust model and create a unique cryptographic key for each device that is signed by the security authority. Most importantly, these keys must remain secret for the entire lifecycle of the device. This process is essential for ensuring a high level of security, but it can add some cost and complexity for device manufacturers, requiring secure databases and cryptographic knowledge.
Back in August, Microchip announced the AWS-ECC508, an IC solution designed to meet the requirements for securely connecting to AWS IoT. The device is a small chip that is pre-loaded with the unique cryptographic codes to allow data to be transmitted more securely from an IoT device to the cloud. The chip can be soldered onto any board and connected over I2C to any microcontroller and, having been developed with input from AWS, meets all the requirements of the AWS mutual authentication security model and is pre-programmed to use AWS’s Just-in-Time registration, which allows devices to automatically connect to and be recognized by the AWS IoT cloud the first time they request service from the platform. It also has an array of features, including tamper-resistant technology, that help enhance security.
A kit is available for the evaluation and engineering phase, the standard AWS-ECC508 device will serve engineers during the prototyping and pre-production phases, and, finally, customized devices will be created for production.