4 Microchip Security
4 Microchip Security
concept to production
A Leading Provider of Smart, Connected and Secure Embedded Control Solutions
Dinu Varta
May, 2024
Corporate Overview
2
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Providing System Solutions
Portfolio of Hardware, Software and Services
Power Management
RFICs
MMICs DC-DC Converters
Encryption
Supervisors & Ref.
& High Voltage
Precision LDOs, Battery Mgt.
Digital Security I/Os
Voltage Discretes & Modules
Potentiometer
Reference
Motor
Sensors
Drivers
Amplifiers Filters A/D
Voice &
Audio
Power
Processing
Drivers
Touch Sensing
Timing
Memory Microcontrollers
• Oscillators
• Proximity/3D • EEPROM Microprocessors
• Clock Generators
• Buttons/Slider • Serial Flash
• Clock Buffers
• Touch Screen
• Network Sync
• Serial SRAM FPGA/ SoCs D/A
LED
Drivers
Ethernet
USB Auto/Industrial Wireless Smoke Detector
Storage • Switches
• PCIe® Switches • Smart Hubs Communication • Wi-Fi® & Piezoelectric
Optical • Controllers
• Adapters • Switches • MOST® • Bluetooth® Horn Drivers
Networking • EtherCAT ®
• Controllers • Transceivers • RS232/485 • LoRa®
• PHYs
• Bridges • CAN/LIN • ZigBee® /MiWi
• PoE
Dinu Varta
Austria
Legislation Silicon
Service Software
5
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Security across the product lifecycle
Microchip Total System Solution
Hardware products
Development tools and examples
Provisioning services
6
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Europe Driving CyberSecurity Regulation Change
Cybersecurity
Regulations
are evolving
and Europe
drives the
change
Reference: LEVY-BENCHETON, Cédric. Panorama of IoT Cyber Security Regulations Across the World. cetome. https://cetome.com/panorama
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
European Cybersecurity Coming Directives and Acts
https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-policies
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Is Your Security Rating Sustainable over Time?
• How can you sustain proven security over
time?
• Hardware gets hacked on a daily basis
• One of the most significant security risks
in IoT is vulnerabilities in the code
• Supply chain attacks are a growing
concern
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
IoT Module Real Example SOLUTION
Add pre-provisioned secure element reducing exposure
IoT module based on to future hardware, software flaws and provisioning
process risks
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Market Segments
IoT Automotive Industrial Defense
Monotonic counters
14
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Microchip Security solutions
Secure Elements System-on-Module System-in-Package
TA100 TA010
dsPIC33CK51 PIC32C
• CAN message 2MPT608 (Ariel) SAMA5
•
Automotive authentication
EV Battery
Authentication • dsPIC33 DSC • CortexM4F
• CortexA5
• Cloud authentication • TA100
• Ecosystem Control • TA100 • TA100
• (TLS based)
• Secure Boot
• OTA Verify SAMA5 Wireless SOM
• IP Protection • Linux MPU
• Secure Data Storage • ATECC608 Trust&GO
ECC608B • Wifi/BLE
IoT
• Cloud authentication WFI32E01PC PIC32CM LS60
• (TLS based) • High perf 32 bit MCU
• Secure Boot • Wifi CortexM23
• OTA Verify • ATECC608 Trust&GO ATECC608
• IP Protection
• Secure Data Storage
• Ecosystem Control ECC206/206
• Accessory
Accessory SHA204A Authentication
• Low-Cost Accessory
& Disposable
• Low-Cost SHA104/105/106 Authentication
Accessory & • Battery
Authentication
Disposable Disposable
Authentication
SHA206A •
Low-Cost Accessory &
Disposable
• Ecosystem Control
• PCB-less option • WPC Qi 1.3
Authentication
• PCB-less Disposable • Battery
Authentication Authentication
15
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
CryptoAuthenticationTM Portfolio Expands
Existing TA100
TA010
• Battery authentication
New solutions • Qi 1.3
Automotive •
•
Secure boot
Message encryption • Car accessory authentication
• Field upgrade
• CAN message
authentication
• TLS authentication
CEC173x •
Datacenter • Secure boot for Linux
systems
•
Cloud authentication
Firmware upgrade
• Transfer of ownership
• Real-time system bus • In-field device claiming
protection • Custom PKI
ATECC608 • SPI flash image • WPC 1.3
verification • User access privilege
IoT •
•
Cloud authentication
Secure boot
• Real time Root of
Trust
• HDCP
• Firmware upgrade ECC204
• Accessory
authentication • Accessory authentication
• Public key attestation • Disposable authentication
SHA204A • Transfer of ownership • Qi 1.3
• In-field device
Accessories • Accessory
authentication •
claiming
Custom PKI
• Disposable • WPC 1.3
authentication • User access privilege
SHA104/SHA105 SHA106 ECC206
SHA206A
Disposables • Disposable
• Symmetric accessory
authentication
• Disposable symmetric
authentication with no PCB
• Disposable asymmetric
authentication with no PCB
• Disposable authentication
authentication
16
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Form Factors
25 18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Introduction of a NEW service
-Trust Manager
26
Trust Platform : provisioning services
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Logistic Challenges of Cryptographic Keys
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
How to ?
• Remove the hurdle of Secure Exchange / factory provisioning ?
31 18 May
© 2024 Microchip Technology Inc. and its subsidiaries
A simplified onboarding process for sales and
customers
• Remove the salesforces ticket steps
Contact your
Threat Identify the expert or
Model use case(s) Security
Partner
Customer
Production
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Trust Platform : provisioning services
• Transfer of Ownership
• Self service
ECC608
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
In-Field Provisioning and Extra Services
Microchip provision a unique Root of Trust in each compatible Secure Element. keySTREAM authenticates the Secure Elements
using this identity and enables in-field provisioning of new credentials and manage the cryptographic keys lifecycle.
Customer
Root CA
Customer Issuing
e.g. registered
Cas (CQ2’24)
FOTA
MCHP Root CA
e.g. ECC608B, … keySTREAM in-field
Provisioning
• Custom PKI
MCHP birth Certificates
Customer Device • Certificate expiration management
Certificates
• Certificate rotation
• Private Key rotation
• Transfer of ownership
ATECC608 ATECC608 • Public Key rotation
ECC608-TMGNTLS
Trust&GO Managed ECC608-TMGNTLS
Trust&GO Managed
• Symmetric key management
• Data provisioning
MCHP Production Site In Field
• HSM-as-a-Service
Network security Autoclaim workflow • Pay as you activate • Keep security up to date
• Custom root CA+ PKI removes the need for devices
protected In Kudelski manifest* • Manage and scale your
HSM w/ backup • No key exposure in fleet
manufacturing
• Instant creation of • Secure/monitored
custom root CA w/ your * Manifest option still available as management by
alternative
company name keySTREAM
Device Security Distribution enablement • Deploy certificates in the • Expiration date
field programmatic renewal
• ECC608 protect device • No handling of the
private key manifest (w/ Autoclaim) • No secret exchange with • Revocation
a factory • Rotation/Renewal
• Regular fulfillment • Private Key management
Microchip Propietary and Confidential
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
In-field Delivery of Credentials
The flow
Delivery Process of Credentials : High Level Flow
CUSTOMER Account
3. Integrate KTA in
device firmware
• Device Management
• Managed TLS keys
• Transfer of ownership
• User privilege
• H2’24
• Managed OTA verification
• Code Signing
• Enable your subscription model
• Version control
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
ECC608 TrustMANAGER: functions
• Dynamic key management
• Public & private key rotation
• Certificate rotation
• Internal key attestation
• H2’24
• OTA keys
• Symmetric keys
• Dynamic secret data storage
18 May
© 2024 Microchip Technology Inc. and its subsidiaries
Hardware Development Kits
Kits Roadmap
CQ4’24
CQ2’24 CQ3’24
Now
EV10E69A
Fitted for Mass Market with low Architecture Agnostic with any
MoQ including provisioning and cloud, any PKI*, any controller,
Microchip certificates any connectivity
55 *PKI : public key infrastructure 18 May
© 2024 Microchip Technology Inc. and its subsidiaries