0

‘Initial thoughts on Microchip’s new ATECC608A,’ Part of the #Arduino Uno WiFi Rev2’s Offerings | #IoT #IoTuesday #cryptochip

With the recent announcement of Arduino’s Uno WiFi Rev2 at Bay Area Maker Faire the USA store’s product page launched with this opening description:

Using a brand new 8-bit microprocessor from Microchip for the first time on an Arduino board. Explore the possibilities with the onboard IMU (Inertial Measurement Unit). Connect the board to your Wi-Fi network in a secure manner using the new ECC608 crypto chip accelerator.

“Crypto chip” may sound spooky or at least novel to some but the chip, from Microchip, available in 8-lead SOIC or 8-pad UDFN packages, boasts the following core features:

  • Cryptographic co-processor with secure hardware-based key storage
  • Protected storage for up to 16 Keys, certificates or data
  • ECDH: FIPS SP800-56A Elliptic Curve Diffie-Hellman
  • NIST standard P256 elliptic curve support
  • SHA-256 & HMAC hash including off-chip context save/restore
  • AES-128: encrypt/decrypt, galois field multiply for GCM

Expect to hear more about “crypto chips” (not those kind, silly) in the months and years ahead as devices like the ECC608 make their way into more-mainstream boards. But what does it mean practically for makers and their projects? Thankfully Josh Datko from Cryptotronix has a write-up from late last year about the ECC608 and both its limitations and improvements over its 508 predecessor:

Recently, Microchip announced a new part, the ATECC608A, which is the latest in their CryptoAuthentication Line. It is a crypto co-processor and a nice improvement over the ATECC508A, as long as you understand its limitations.

Section 3.1.1 of the summary datasheet lists 17 new features on this part from the ATECC508A but the three that stand out to me are: AES encrypt/decrypt, Galois Field Multiplication calculations to support AES Galois Counter Mode, and Key Derivation Functions. One limitations of previous parts is the lack of an encryption engine. The ATAES132A does have encryption, but I’ve found it a bit harder to use then the ATECC parts. So with the encryption engine built in, the ATECC608A is a single-chip solution if you need a secure symmetric key storage.

But, the mode of encryption is critical which is why I’m excited to see GFM support. It appears that to fully implement AES GCM in your product, the host side software may have to coordinate with the ATECC608A, so I’m curious on how exactly AES-GCM works with this part. Authenticated encryption schemes, like AES-GCM provide both confidentiality and authentication and should generally be used over non-authenticated ciphers. Lastly, having KDFs built-in, especially HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for TLS 1.3 support is handy. Besides TLS support, HKDF can be used to generate sub keys for different uses in your design so that you can keep each key isolated to a single key purpose (which is a UL 2900-1 requirement and best practice).

Read more.


Join 6,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython in 2018 – Python on Microcontrollers is here!

Have an amazing project to share? Join the SHOW-AND-TELL every Wednesday night at 7:30pm ET on Google+ Hangouts.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Follow Adafruit on Instagram for top secret new products, behinds the scenes and more https://www.instagram.com/adafruit/


Maker Business — Aquarium troubles: the cost of iteration and troubleshooting with a manufacturers abroad

Wearables — Plastic gem know-how

Electronics — Counting Pin Numbers

Biohacking — Exploring Our Inner Reality : Entopic Visions

Python for Microcontrollers — CircuitPython 3.0.0 Release Candidate 0 released!

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !



No Comments

No comments yet.

Sorry, the comment form is closed at this time.