Our recent announcement with Microchip, the world leading microcontroller supplier, brings a vision that Trustonic has had around delivering secure connected devices a step closer to reality. We are reaching critical mass in the Android phone space, having now secured well over 1.7 billion devices, but when you start talking about the IoT, that number feels rather small. The analyst firms are banding around numbers like 20 billion connected devices within 18 months and, if I’m honest, I don’t think that security is at the forefront of the minds of many of those device makers – and it should be. Security is all too often added as an afterthought and that’s a bad idea. It’s not some sort of fairy dust to sprinkle on at the end; it should be the foundation upon which everything else should be built.
What we are doing with Microchip is exciting and ground-breaking for these low-cost chips. We are embedding our hardware-secure O/S, Kinibi-M, right into the heart of the silicon, along with a unique trusted device identity. The Microchip SAM L11 microcontroller chips will come with Kinibi-M pre-embedded, enabling device developers to build properly secured products. But building secure products is only part of the story; protecting your IP, ensuring that your products aren’t illegally overproduced and stopping rogue devices from gaining access to your cloud services are all becoming more of an issue.
Fortunately, we have addressed those challenges too. Kinibi-M includes a unique technology called Digital Holograms™, enabling you to prove that devices are genuine and that they have passed through the appropriate manufacturing steps. For more information on Digital Holograms see our dedicated page here.
And then there’s the cloud connection itself. Over the last year, we have demonstrated several secure microcontroller devices connecting to the cloud. However, due to the relatively limited processing capability of these microcontrollers, we have used a separate device, acting as a router both to convert the messages into ones that the AWS cloud could understand and to add the TLS security layer. We have now gone a step further and have created a cloud-connector, designed specifically for these tiny devices. They are too small to run a full TLS stack, but are perfectly capable of encrypting messages with AES and performing a mutual authentication. A gateway server, hosted in a datacentre or in the cloud, can authenticate the device’s identity, make a request to the attestation server to validate the device lifecycle steps and bridge the TLS messages to a public cloud, such as Google or AWS.
You can now have hardware-secured IoT devices, protected from overproduction and tampering, that are capable of automatically connecting to cloud services and proving their identity, I think that’s a big step closer to where we need to be! I’m eager to see what device makers and the Google Cloud can do together, comfortable in the knowledge that the future is a little more secured.