Secure Provisioning a Necessary “Provision” for Your IoT Journey | Cypress Semiconductor
Secure Provisioning a Necessary “Provision” for Your IoT Journey
Back in the American “Old West,” settlers wouldn’t set off on a lengthy journey without the proper provisions at hand. Uncertain of weather and road conditions ahead, they packed plenty of food and supplies, making sure they were well prepared to get their covered wagons from one town to the next.
In a similar way, makers of IoT devices must prepare themselves to deal with complex issues as they set off to build products for the market. These include such things as connectivity, power management, monetization, and even choosing the right ecosystem partner for connecting to the cloud. But perhaps the biggest roadblock they will face is security.
Security is an end-to-end proposition that impacts the entire lifecycle of a product—and, it is only as strong as its weakest link. Undoubtedly, there are extra costs to secure an IoT product, but not securing a product is likely to cost a company so much more, from a tarnished reputation to bankruptcy.
To securely manufacture an IoT device, keys must be installed securely in the MCU, stored securely, and made accessible only to trusted software. The equipment required for provisioning secure MCUs follows custom software programming protocols in secure facilities that are expensive to maintain. Only companies producing millions of units could justify such a capital outlay.
Cypress’ secure provisioning capabilities gives manufacturers the same standard of security in provisioning that payment card manufacturers enjoy. The platform consists of three elements: the PSoC® 64 Secure MCU, The SentriX™ security provisioning platform from Data I/O, and access to secure programming facilities from Arrow Electronics. This cryptographically secured solution can be offered to low-volume device makers at a fraction of the cost of custom provisioning processes, because equipment and facilities expenses can be shared.
Using unique authentication software built into every Cypress PSoC 64 Secure MCU, the SentriX programming equipment can validate the authenticity of each PSoC 64 unit before programming secure firmware into it. This eliminates the need for custom authentication protocols. Additionally, Arrow’s secure programming facility uses a standard programming and key-generation process for every customer’s PSoC 64-based product. If we cryptographically bound the identity to customers during manufacturing, rather than in the supply chain, each order would require a minimum order quantity (MOQ) and be non-cancellable. PSoC 64 provisioning eliminates this business challenge.
This secure provisioning solution protects against cloning and malicious software programming. If an attempt were made to program a PSoC 64 device with unauthorized equipment or firmware, the PSoC 64 would reject it. Likewise, cloning or counterfeiting is impossible because user code is stored in Arrow’s secure programming facility.
If you’re like most engineers, your IoT product development journey is sure to be riddled with plenty of surprises and uncertainty. As you hitch up your team, be sure your provisions include a solution for secure provisioning, such as the one described above. For more information about PSoC 64, please visit us at www.cypress.com/PSoC64.