Due to lack of better alternatives, TLS implementations have historically stored private keys and authentication credentials in software where they are more vulnerable to attack. In addition, the mathematics used for authentication and asymmetric key agreement were also done in software which is less feasible in small IoT devices that have limited code space and processing power.

The Atmel Hardware-TLS platform provides an interface between software TLS packages and the ATECC508A cryptographic co-processor. wolfSSL and OpenSSL implementations can now utilize hardware-based secure storage for private keys and authentication data and also allow resource-constrained IoT nodes to implement full elliptic curve authentication and Diffie-Hellman key agreement and session key derivation. With Atmel HW-TLS, TLS communications links can have hardened security even out to the smallest IoT edge node.



Device
Description

ATECC508A crypto element hardened wolfSSL with private key protected storage and secure execution environments.
Download from wolfSSL: https://wolfssl.com/wolfSSL/Home.html

ATECC508A crypto element hardened OpenSSL with private key protected storage and secure execution environments.
Download from OpenSSL: https://wiki.openssl.org/index.php/Binaries
Download from GitHub: https://github.com/AtmelCSO/cryptoauth-openssl-engine

Key Features

  • Elliptic Curve Cryptography (ECC) hardware acceleration for resource-constrained IoT nodes — ECDSA authentication for node identification. ECDH Key Agreement for data encryption. Minimizes code and processing in the main device controller. Rapid execution of ECC processes even on M0-class processors.
  • Tamper-resistant secure storage of private keys, certificates and other sensitive data
  • Internal private key generation — Private keys are never accessible external to the device
  • Atmel Certified-ID Support — DIY secure certificate signing and provisioning
  • Low power consumption for battery operated IoT products
  • Flexible application for authentication on multiple network layers: Application, Transport, Link