Hardware cryptographic acceleration and secure storage for TLS in IoT apps

February 23, 2016 // By Graham Prophet
Atmel has disclosed a hardware interface library for TLS stacks used in Internet of Things (IoT) edge node applications. Hardening is a method used for reducing security risks to a system by applying additional hardware security layers and eliminating vulnerable software.

Atmel’s Hardware-TLS (HW-TLS) platform provides an API that allows TLS packages to use hardware key storage and cryptographic acceleration even in resource constrained edge node designs. HW-TLS is a comprehensive solution pre-loaded with unique keys and certificates designed to eliminate the complexities of generating secure keys in the manufacturing supply chain.

OpenSSL is a general-purpose cryptography library that provides an open-source implementation of the Secure Sockets Layer (SSL) and TLS protocols. wolfSSL is a cryptography library that provides lightweight, portable security solutions with a focus on speed and size. Atmel’s ATECC508A-OpenSSL and ATECC508A-wolfSSL are available for immediate download at their respective software distribution repositories, offering seamless adoption of more secure elements without disruption to the developer workflow.

Secure hardening for both OpenSSL and wolfSSL is made possible with HW-TLS which allows those TLS software packages to interface seamlessly with the Atmel ATECC508A CryptoAuthentication co-processor. The ATECC508A provides protected key storage as well as hardware acceleration of Elliptic Curve Cryptography (ECC) cipher suites including mutual authentication (ECDSA) and Diffie-Hellman key agreement (ECDH). As such, HW-TLS allows developers to substantially harden Transport Layer Security (TLS), enhancing security for IoT-device and cloud-service ecosystems.

When used together, HW-TLS and the ATECC508A allow even extremely small, low-cost IoT nodes to implement strong cryptographic security. All private keys, certificates and other sensitive security data used for authentication are stored in secure hardware and protected against software, hardware and back-door attacks. In addition, the integrated ECC accelerators in the ATECC508A offload cryptographic code and math from the MCU allowing even a low end processor to perform strong authentication.

“Everyone with an interest in IoT security should be excited about Atmel HW-TLS with wolfSSL,” said Larry Stefonic, CEO, wolfSSL. “The combination of our secure software and Atmel’s new chips brings TLS performance and security to a level unrivalled in the industry. Atmel’s HW-TLS platform also makes it easier than ever for developers to incorporate truly hardened security into our TLS stack.”