What is Secure Provisioning?

Within seconds of searching for "secure provisioning" on the web, you are presented with a myriad of descriptions covering multiple technologies, but very few of which seem to relate to the problems placed upon your classic embedded development engineer. So why should an embedded engineer be interested in secure provisioning-as-a-service?

With the ever-increasing investment in engineering resources required to develop a connected product, it's no surprise that managers are under pressure to find ways of protecting their investment. This pressure flows down to development engineers who are asked to come up with solutions to ensure the company's valuable software is protected. There are many solutions available to help protect software, but a key factor that is often overlooked is the security of the manufacturing process that programs the software into the bare-metal microcontroller.

Can the process be trusted? And how does 'Secure Provisioning' come into the equation?

In this 6 part series, we will highlight four key areas of security, explain how they relate to the manufacture of a secure product, and show why secure provisioning should not be overlooked during product development.

Encryption

This is a complex subject but is probably the key element in ensuring your software is protected and not visible to unauthorized persons. Encryption is often the first thing that comes to mind when the subject of security is raised. To be able to encrypt your software ensures that is can be transported securely, after all, it is common for software images to be sent to remote programming houses to turn bare-metal microcontrollers into useful products. This is a classic point where software is vulnerable to attack.

So, without getting too bogged down in math, what does an embedded development engineer need to know? Well, there are two public key cryptographic techniques that are popular today. These are RSA and ECC.

We will delve into the subject of encryption, cryptographic keys and more in Part II of the Secure Provisioning: Essential Security Measures for the IOT series.

Root of Trust

A hardware root of trust (RoT) is the basis for ensuring security in an embedded system. It is based on the idea that an intelligent system has an immutable (non-interruptible) and repeatable sequence that must be executed during initialization.

In Part III, we will discover how secure provisioning ensures that the RoT is programmed into the bare-metal microcontroller in a secure manner.

Identity

Public Key Infrastructure is a standards-based security technology that has been used to secure network connected devices for some years now. It covers many use cases and provides secure encrypted communications and mutual authentication between devices, services and users. Through the use of digital certificates every connected 'thing' can be bound, by the use of public keys, to entities such as people and organizations. The use of these certificates creates a chain of trust between the connected device and a certificate authority that issued the certificates. However, in a similar way that the RoT is the basis of the security of a microcontroller system, a unique identity is the key to a valid PKI.

So, what's the big deal about identity?

We will cover digital certificates, signatures, HASH functions and more in Part IV of the Secure Provisioning: Essential Security Measures for the IOT series.

Hardware Security Module

Once we have encrypted our software to ensure it is protected from intrusion, how is it decrypted and programmed into the target device? Do we simply send it to a programming house with instructions on how to decrypt the file and load it onto the programmer? Obviously, not.

This is where one of the most important components of a secure provisioning system comes into play and that is a Hardware Security Module or HSM as they are more commonly referred to. A HSM is a special 'trusted' computer performing a variety of cryptographic operations such as key management, key exchange, encryption/decryption etc.

We will examine why a HSM is trusted, and how to package a binary file for the HSM in Part V. Finally, we will conclude this series with a detailed look at the Secure Provisioning Workflow.

Conclusion (or just the beginning, whatever way you want to look at it!)

Security is a complex subject with many specialty areas such as cryptography, public key infrastructure, digital certificates, HSMs etc. At EPS Global we have invested in technologies, both software and hardware, that use these techniques to implement systems that can protect our customers' valuable IP. We have taken care of the heavy lifting when it comes to using these technologies and can provide our customers with easy-to-use tools that greatly simplify the process of ensuring security during manufacturing. Support services are available for customers who may wish to use their own certificates or alternatively for those wishing to use 3rd party certificates.

Development engineers can reduce the stress of designing complex security systems by specifying the use of Secure Provisioning early on in the design of their products. With the hard work, risk and investment in the technologies that enable end-to-end security having been taken care of by EPS, development engineers and their managers can be confident that their valuable software is not stolen, cloned or over-produced during the manufacturing process.

Continue reading: Encryption: Symmetric and Asymmetric Keys

We hope you enjoy this journey through Secure Provisioning. If you require secure provisioning services get in touch, we have local engineering and sales teams ready to help. You can find a full list of our locations here.

Alternatively if you have any questions or would like us to focus on additional topics around IOT security and provisioning in future blogs, don’t hesitate to let us know: programming@epsglobal.com.

Continue Reading: Part II - Encryption: Symmetric and Asymmetric Keys