Atmel launched the industry’s first hardware interface library for TLS stacks used in IoT edge node applications. Hardening is a method used for reducing security risks to a system by applying additional hardware security layers and eliminating vulnerable software.
Atmel’s new Hardware-TLS (HW-TLS) platform provides an API that allows TLS packages to utilise hardware key storage and cryptographic acceleration even in resource constrained edge node designs. HW-TLS is a comprehensive solution pre-loaded with unique keys and certificates designed to eliminate the complexities of generating secure keys in the manufacturing supply chain.
Complete Secure Solutions for OpenSSL and wolfSSL Implementations
OpenSSL is a general-purpose cryptography library that provides an open-source implementation of the Secure Sockets Layer (SSL) and TLS protocols. wolfSSL is a cryptography library that provides lightweight, portable security solutions with a focus on speed and size. Atmel’s new ATECC508A-OpenSSL and ATECC508A-wolfSSL are available for immediate download at their respective software distribution repositories, offering seamless adoption of more secure elements without disruption to the developer workflow.
Secure hardening for both OpenSSL and wolfSSL is made possible with HW-TLS which allows those TLS software packages to interface seamlessly with the Atmel ATECC508A CryptoAuthentication™ co-processor. The ATECC508A provides protected key storage as well as hardware acceleration of Elliptic Curve Cryptography (ECC) cipher suites including mutual authentication (ECDSA) and Diffie-Hellman key agreement (ECDH). As such, HW-TLS allows developers to substantially harden Transport Layer Security (TLS), enhancing security for IoT-device and cloud-service ecosystems.
When used together, HW-TLS and the ATECC508A allow even extremely small, low-cost IoT nodes to implement strong cryptographic security. All private keys, certificates and other sensitive security data used for authentication are stored in secure hardware and protected against software, hardware and back-door attacks. In addition, the integrated ECC accelerators in the ATECC508A offload cryptographic code and math from the MCU allowing even a low end processor to perform strong authentication.
“Everyone with an interest in IoT security should be excited about Atmel HW-TLS with wolfSSL,” said Larry Stefonic, CEO, wolfSSL. “The combination of our secure software and Atmel’s new chips brings TLS performance and security to a level unrivaled in the industry. Atmel’s HW-TLS platform also makes it easier than ever for developers to incorporate truly hardened security into our TLS stack.”
Accelerated Crypto Processes
With the rise of the IoT, security has become a pressing topic because autonomous remote devices are now routinely connecting to wireless networks to form complex smart-device and cloud-service ecosystems. As a result, autonomous smart IoT devices constitute a significant part of those networks and must be able to authenticate themselves to the network resources to maintain the integrity of the ecosystem. In addition, these remote, resource-constrained clients must be able to perform this authentication using minimal processing, memory and power.
Traditionally, TLS performed authentication and stored private keys in software. The Atmel Hardware-TLS platform closes the vulnerability gap in this arrangement by offloading the crucial key management responsibility to dedicated, tamper-resistant secure elements such as the ATECCC508A CryptoAuthentication device.
In addition, the intensive crypto algorithms are processed in the CryptoAuthentication device, offloading the MCU on the remote devices and enabling the IoT edge node to authenticate to the cloud without a user-perceptible delay. Furthermore, Atmel Hardware-TLS comes as a complete platform pre-loaded with unique keys and certificates for eliminating the complexities of adding secure keys to each device in a manufacturing supply chain.
“With more and more remote devices being connected to the cloud every day in the era of the IoT, it becomes increasingly critical to ensure these devices are not vulnerable to attack,” said Nicolas Schieli, Sr. Director, Secure Products Group, Atmel. “Such devices can be entirely secure only when they are hardware secure, meaning the ‘secret’ keys are stored in a separate hardware unit. We are excited to bring this innovation to market, enabling device manufacturers that need to connect to the cloud to take advantage of hardware security.”
The Atmel Hardware-TLS platform complements Atmel Certified-ID, a seamless and secure keys provisioning platform for creating trusted Internet identities for smart connected devices.