The Zero Touch for AWS IoT Secure Provisioning Platform for AWS IoT offers the industry’s first end-to-end security solution for Internet of Things (IoT) devices that connect to the Amazon Web Services’ (AWS) cloud. The product was developed jointly with AWS and will help IoT devices complying quickly and easily with AWS’s mutual authentication IoT security model. Then new security model states that a device must use mutual authentication with a remote server to be authorized on the AWS cloud. Adding Microchip’s pre-configured ECC508 device and software kit to a system is now the simplest and most secure solution available to connect to the AWS IoT service.
In the Internet of Things (IoT) space, security is by far the greatest challenge that designers need to overcome. Microchip’s Zero Touch Secure Provisioning Platform for AWS IoT offers the industry’s first end-to-end security solution for IoT devices that connect to the Amazon Web Services (AWS) cloud. This platform was developed jointly with AWS to help designers to quickly and easily develop IoT devices that are in compliance with the new AWS security. This new state security mods states that a device must use mutual authentication with a remote server to be authorized on the AWS cloud. Incorporating Microchip’s preconfigured ECC508 secure crypto device and software kit into your system provides you with the simplest and most secure method to connect your design to the AWS IoT service.
All cloud-connected devices need a unique and protected identity that can be securely authenticated. There two main challenges to achieving this goal: providing a secure authentication method and managing the private keys in a large-scale production environment. The AWS-ECC508 meets these challenges by complying with AWS IoT just-in-time registration. While one-way authentication has commonly been used to secure systems, AWS IoT now offers mutual authentication between devices and the remote server. The AWS-ECC508 is an easy, flexible and cost-effective solution for adding this new, mutual authentication process to your device design. Simply solder the tamper-resistant AWS-ECC508 on your board and connect it to the host microcontroller (MCU) over I2C. The AWS-ECC508 is preconfigured to be automatically recognized by the AWS IoT service. All information is contained in a small, easy-to-deploy crypto companion device that is agnostic to surrounding hardware. This solution has been fully evaluated by AWS to comply with all of its security requirements.
Since the AWS-ECC508 generates unique device keys internally, it eliminates the need the need for IoT product developers to externally generate and securely manage databases of unique device keys amongst various custodians in their manufacturing and supply chains. This can be a costly, complex and risky procedure, involving the installation of Hardware Secure Modules (HSM) and frequent audits to assure trust. The AWS-ECC508 eliminates these costs and the complexity of assuring that secret information is kept secure during the manufacturing process.
The AWS Zero Touch Secure Provisioning Platform provides all that is needed in every stage of the life cycle of an AWS connected product development:
- AT88CKECC-AWS-XSTK complete starter kit for demonstration, evaluation and development.
- AWS IoT pre-configured ATECC508A-xxxAW-x for prototyping and pre-production pilots. The pre-configuration includes extensions for the product developer to experiment with choices of a Certificate Root, from self-signed to using third party Certificate Authorities (CA).
- A custom CPN AWS-ready ATECC508A fitted with internally generated unique keys chained to customer chosen certificate root and having signer certificates pre-registered to customers AWS account. The customer just needs to assemble the custom AWS-ECC508 device into the IoT product.
Source: AWS Secure Provisioning