Depending on what stage of the product development cycle you’re at, one part of the chain can often be perceived as a mystery: just how do you go about embedding security into a device?
In other words, you’ve established a security policy and a chain of trust. You’ve now given the device a strong unique identity, so that within the IoT network it can be authenticated when coming online to ensure secure and encrypted communication between it and other devices, services and users. And now you’re ready to provision the device. This means programming the device with its unique certificate and keys plus any boot manager firmware.
So who does this provisioning and how?
At Secure Thingz, we partner with our distributors who can provide secure programming facilities at many locations worldwide. Using security tools designed by Secure Thingz, secrets such as keys and configuration data can be securely injected into secure elements with complete confidence and assurance to you as the OEM that your secret keys are not seen by anyone other than yourself.
We do this by providing OEMs with a PC based tool which can be referred to as the secret ‘wrapping tool’. As part of our ‘zero trust’ philosophy this tool enables provisioning information to be cryptographically signed and encrypted, or ‘wrapped’. One critical input to this tool is the security certificate of the actual programming system (Guardian) that the OEM will allow to receive the wrapped information. This means the information is protected and can be securely transmitted to a specific provisioning system at the programming center even over an unsecure internet connection. The unwrapping of the OEM’s secret information only occurs inside the targeted, secure, tamper-resistant hardware security module (HSM, the Guardian) where it is stored and protected. This process of wrapping takes place at an OEM premise by the OEM and the wrapped file is then sent to the secure programming center.
The programming center is responsible for provisioning devices for the OEM customer at its premise. The process starts with product creation, where the wrapped OEM public and private information is imported into the programming system (Data I/O Sentrix) and cryptographically bound (by creating a device certificate) to a Unique Product ID and a Unique OEM ID within the target device. Thus, a unique product representation (OEM ID and Product ID) is created which includes a verifiable chain of trust from provisioned device to OEMs root certificate.
The use of a secure programming center at our distributors eliminates the need for OEMs and developers to have their own infrastructure and provides important provisioning services to OEMs at various volume levels ranging from first article to hundreds of thousands of units.
Our solutions are designed to enable OEMs to implement embedded security, including integrated identity and certificate management, a scalable secure boot manager, secure deployment with integrated manufacturing mastering, and release management with versioning and update infrastructure. Our provisioning injects secure loaders, keys and certificates into the system to define the immutable identity and provide the RoT (Root of Trust) for a secure IoT device.
The entire process is analogous to developers designing and testing their software and then sending a release version of the software to ‘production’ for deployment. When designing a secure IoT product, secure provisioning and programming of the microcontroller at remote locations can expose weaknesses in the chain of trust. The Secure Thingz solution enables a ‘zero trust’ philosophy to provide confidence to developers that the provisioning of their microcontrollers and secure elements is carried out in a secure manner during all stages of the development process, even if outsourced to an external secure programming facility such as that found at our distributors.