People always habitually lock or door a place where they feel important. This is mainly to ensure that things will not be lost, and today's Internet age has been fully integrated into people's lives. When we enjoy the benefits of this Internet, we also bear all kinds of risks, interconnection. It records many of our personal privacy. Now it faces a huge threat.
The Internet of Things without security is not an Internet of Things! This has become the basic consensus of everyone in the Internet of Things era.
According to statistics, by 2020, there will be 50 billion devices connected to the Internet of Things in the world. Considering the diversity of interconnected communication links and cloud deployments, it is conceivable to maintain the complexity of the security of such a large network system. Some analysts pointed out that 83% of the attacks targeting the Internet of Things are targeted at edge devices, and the largest group of tens of billions is the most unpredictable security in the Internet of Things. "Short board".
Figure 1: In the security attack against the Internet of Things, a large number of terminal devices become the main target
More deadly, in the eyes of hackers, edge devices are not their ultimate target. They will use the edge device as an attack interface and become a convenient "gate" for invading the Internet of Things. In this regard, Terence Li, senior product manager of Shijian Company, said: “Once an intruder enters (or pretends to be) an IoT node into the IoT network, the security of the entire network becomes more vulnerable. They can steal important databases and destroy The normal workflow, the access to the cloud service and the operation of the node itself are difficult to estimate. Therefore, the security protection of the Internet of Things edge device is gradually becoming the highlight of the Internet of Things development. In short, we need to A "security door" is added to the connected edge devices to keep possible security threats."
So what kind of edge device is a safe IoT node? Some people have summarized the basic elements of their security as "CIA."
n ConfidenTIality: Data stored or being sent should be visible only to the authorized person;
n Integrity: Messages sent should not be modified before reaching the destination;
n AuthenTIcity: It can be assured that “the sender of the message is the claimed personâ€.
In order to achieve the goal of "CIA", it is common practice to use a key or a private key as a unique part of the verification identification tag, and to manage the storage and communication of these keys to ensure the security of the system. Although there are many security technologies that can meet the above requirements, developers will still find it difficult to implement them.
There are two reasons for this. First, edge devices are often very "simple" and it is difficult to equip "security" with redundant resources. Any security strategy needs to balance computing power, memory, power, cost and more. Second, developers lack targeted, easy-to-use "tools" to solve this problem efficiently.
"The good news is that there are already 'tools' like this!" said Terence Li, senior product manager at Shijian. "This is the cryptographic component - it is integrated into the edge device and can be used as a hardware cryptographic accelerator instead of the main The control processor performs complex encryption and decryption algorithms and also ensures that the key involved in the encryption operation must be stored in concealed protected hardware, ensuring that the key is 'transparent' in software or unprotected hardware. ATECC508A, the latest addition to Microchip's family of cryptographic components, is the most iconic of its kind.
Figure 2: ATECC508A is used in conjunction with a microprocessor to achieve the safety requirements of the edge device "CIA"
ATECC508A supports both Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Key Exchange (ECDH). Simply add an ATECC508A to the IoT edge node to easily and efficiently implement confidentiality, integrity and authentication mechanisms.
The ATECC508A uses a single bus or I2C bus communication with a small pin count and a minimum package size of only 2 mm &TImes; 3 mm, standby sleep current less than 150 nanoamps, and very low power consumption. So with a small cost and resource budget, you can add it to your edge devices.
ATECC508A receives the input provided by the processor, performs calculations internally and returns calculation results such as signature, authentication, session key, etc., and does not leak the calculation method during the whole process. A high quality True Random Number Generator (TRNG) helps to successfully prevent transactions from being played back. Internal serial numbers help ensure the uniqueness of the key, while large-capacity counters can be used to track the authentication process.
In addition, to guard against adjacent attacks and physical attacks, the ATECC508A has been specially designed—the entire chip is covered with a serpentine metal pattern that prevents internal signal release from being detected externally and provides visual impairments that prevent the attacker from opening the package to the chip. Internal observation and detection operations. At the same time, the device protection case is connected to the rest of the circuit. If the protection case is broken, the chip will no longer operate, in case the attacker obtains the key by detecting the circuit node.
Terence Li, senior product manager at Shijian, concluded: "The ATECC508A supports configuration in the production process, and the configuration can be easily accomplished by using simple modules to ensure that the key and signature certificate are securely inserted into the encrypted component. The process can be carried out by Microchip or by an authorized distributor such as Excelpoint to provide technical support and convenience to the user."
In short, mastering the tools such as ATECC508A, developers can immediately start to decorate the "security door" for the Internet of Things edge devices.
Figure 3: ATECC508A can be easily configured in production
Figure 4: The ATECC508A package specification is only 2 mm &TImes; 3 mm minimum for easy integration in edge devices.
The handheld addresser is used to program the address of the monitoring module offline. When in use, connect the two output wires of the handheld encoder to the communication bus terminal (terminal label 1, 2) of the monitoring module, turn on the black power switch on the right side upwards, and press "ten Add", [Subtract ten", [Add one place" and [Subtract one place" to program the address.
Position Encoder,Magnetic Rotary Encoder,Hybrid Encoder,Channel Encoder
Changchun Guangxing Sensing Technology Co.LTD , https://www.gx-encoder.com