eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
As the IoT economy begins to take shape, the security of all those new devices that will be collecting and shipping data to servers in the cloud is becoming a huge product-making focus for companies new and old. Basically, each new device in the field becomes an additional attack surface for hackers, so therein lies the problem to be solved.
Intrinsic ID wants to make an impact here. The Sunnyvale, Calif.-based company, which was a spinout of Philips based in the Netherlands back in 2008, makes authentication technology for Internet of Things security and other embedded applications. On May 25 the company launched a new-gen suite of authentication tools for IoT devices based on something not widely known: Transport Layer Security (TLS).
The main differentiator for this product is this: Using TLS, Intrinsic ID’s SPARTAN product line enables device makers to ensure authentication based on digital identities derived from the silicon fingerprint of a chip that can be created at any point in the supply chain, the company said.
Following Directive from U.S. DHS
In November 2016 the U.S. Department of Homeland Security announced issuance of Strategic Principles for Securing the Internet of Things (IoT), Version 1.0, which highlights approaches and suggested practices to fortify the security of the IoT and equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems. Intrinsic ID immediately went to work aligning its products to this directive.
The resulting first member of this new product line is SPARTAN Cloud, which is designed to integrate with the major cloud-service providers. SPARTAN Cloud features embedded security software for IoT devices to establish a secure TLS-based connection to Amazon Web Services, Microsoft’s Azure IoT Hub and Google Cloud.
Can hackers penetrate IoT devices through the TLS layer? This is all relatively new, so we’ll soon find out.
SPARTAN Cloud provides integration with cloud-connected applications using a library based on the MQTT messaging protocol, the company said. Use cases include cloud-based data collection and processing from trusted IoT sensor nodes; smart home devices controlled from the cloud; smart city infrastructure; and smart health monitoring services.
SPARTAN Cloud offers several advantages over traditional methods applied to similar use cases, the company contends. The SRAM (static random-access memory) PUF (physically unclonable function)-derived chip identity means the chip cannot be cloned by copying non-volatile memory (NVM) information from one chip to another. No sensitive data is stored in NVM, so the device’s private key is reconstructed on the fly from SRAM PUF.
Can Be Used in Nearly Any Type of Chip
Since standard SRAM memory is used, the solution can be widely deployed in nearly any digital chip, Intrinsic ID said. The reconstructed private key is used directly by the TLS stack for client authentication toward the cloud server. The solution integrates directly with the MQTT protocol library that is offered by the cloud provider to connect to its services.
SPARTAN utilizes Intrinsic ID’s SRAM Physical Unclonable Function – or SRAM PUF – technology that forms the basis for other Intrinsic ID products. SRAM PUF technology extracts a chip’s silicon fingerprint and derives from it a cryptographic root key, which is unique to a particular SRAM and hence a particular chip. Intrinsic ID products utilize the root key to derive additional cryptographic keys that serve as the foundation for ensuring a device’s security.
Intrinsic ID said that forthcoming products include SPARTAN Light, a small-footprint embedded authentication solution for securing an identity between a chip and a host; SPARTAN Broadcast, tailored to protection of broadcast data based on asymmetric cryptography; and SPARTAN Secure Channel, which provides mutual authentication between chips as part of establishing a Secure Authenticated Channel–a method of transferring data which is resistant to overhearing and tampering.
SPARTAN Cloud is available now. Go here for more information.