Home >

Locking Down IoT: The Key Role of Secure Elements

Dan Ujvari- Watch Now - Duration: 19:41

Locking Down IoT: The Key Role of Secure Elements
Dan Ujvari
In this talk, we emphasize the pivotal role of secure elements in fortifying IoT cybersecurity. With an emphasis on safeguarding keys, secrets, and cryptographic primitives, we explore how secure elements offer robust protection. Moreover, we illustrate how integrating secure elements in IoT devices can facilitate compliance with existing and forthcoming globally recognized regulations that will shape the IoT industry. Join us to discover how secure elements can bolster IoT security and align your devices with the changing landscape of cybersecurity regulations.
M↓ MARKDOWN HELP
italicssurround text with 
*asterisks*
boldsurround text with 
**two asterisks**
hyperlink
[hyperlink](https://example.com)
or just a bare URL
code
surround text with 
`backticks`
strikethroughsurround text with 
~~two tilde characters~~
quote
prefix with 
>
Thomas.Schaertel
Score: 1 | 1 year ago | 1 reply

Hi Dan, thank you very much for your interesting presentation. The features of a SE are undoubtable, but how do I implement this device in an embedded application? Do you have any links to learn more? For decryption of some data, I keep the Private Key within the SE, while putting a public key and some encrypted data in would return the unencrypted data. But what about keys I'd like to store? Do I need to write an algorithm to return the value I need? There are so many application scenarios for which I sometimes can't see, why such a SE would help. Maybe you can point me in the right direction.
Thank you again for your great talk, which made me really thinking if I miss something...

Dan.UjvariSpeaker
Score: 0 | 1 year ago | no reply

There are several ways of implementing a hardware-enforced persistent-secure key vault in embedded devices. One could use a separate device which would communicate to the microcontroller or processor. A library/driver would be needed on the CPU to invoke the functions of the device, but would be a small footprint.
Alternatively, you could use a controller/processor which had built in security, either as part of its fabric or as a "system in package" (SIP) where the external device is mounted inside the package with the CPU chip.
It is not recommended to encrypt/decrypt with asymmetric keys (PKI - public key infrastructure). I recommend using your PKI keys to spawn symmetric session keys via key agreement. Ephemeral Diffie-Hellman (EDH) would be my first choice, but if your system struggles to create PKI keys, one could differentiate DH of the primary identity keys by hashing it with a random number or using a KDF (if you want to get fancy :-) ).
As for are storing static keys, there are plenty of slots in these devices to do that.
I'll warn about key exhaustion here. It's usually not an issue with IoT as the message rate and lengths are usually low, but if you're streaming video or something else large, keep in mind the key becomes more mathematically vulnerable the more you use it to encrypt. This occurs when keys encrypt millions of messages, and I'm assuming robust key lengths (128 minimum).
As for examples, these can be found via the search function on my company's website microchip.com.