Security using Secure Element

What is a Secure Element?

A Secure Element (SE) is tamper-resistant hardware (secure black-box) capable of securely storing confidential and cryptographic data. It is a cryptographic co-processor chip that, by design, protects from unauthorized access and is used to run secure applications (such as password manager) by providing secure network authentication and data protection.

VEST Embedded Solutions integrates SE chips into their hardware offerings and utilizes the applicable encryption protocols to provide a secure connection to any cloud, protecting data in motion, over-the-air transmissions, and ensuring data flow of highest integrity across any network.

Using VEST SE solution significantly reduces your development time because the Secure Element supplies a full range of configuration tasks for confidentiality, data integrity, and authentication.

Most application environments require that data and messages be protected against eavesdropping, manipulations, and proof of source authenticity.

VEST embedded platforms integrate the cryptographic co-processor IC device that provides a full range of customizable security tools. In most crypto chips, the private key is generated externally and injected into the secure element. The device selected by the VEST team takes it a step further by enabling the private key generation by the secure element itself, never exposing the private key. The SE uses a Random Number Generator (RNG) to create the key, making it secure. The VEST team selected this SE because it provides a complete security solution for Transport Layer Security (TLS) based network security with sign-verify authentication, confidentiality, and data integrity.

The crypto-authentication chip uses a single-wire I2C interface to send/receive commands. This crypto chip supports hardware based RNG, and hash-based message authentication code (HMAC) functions to speed up the slower software’s implemented cryptographic commands significantly. This device is ideal for the rapidly growing IoT market by supplying the full range of hardware security-based solutions to systems running encryption/decryption algorithms.

In some forms of hacking or hijacking, it is possible for the device to execute an unauthorized code. The VEST solution can configure the device to check the HMAC signature stored in the SE to ensure that an unauthorized code is not executed on the hardware.

With this cryptographic security device, the VEST Embedded platform can be used as an Edge Compute device providing a secure connection to the VESTconnect360 cloud solution or any network/cloud of choice. Additionally, the SE employs secure hardware-based cryptographic key storage eliminating potential backdoors linked to software weaknesses. Most microcontrollers or microprocessors are not equipped with a cryptographic co-processor to deal securely with secret cryptographic keys.

An additional benefit of using VEST solution is that it uses an automatic provisioning infrastructure to securely handle the private key storage without the risk of exposing the credentials during a production environment or deployment.

This secure provisioning helps devices comply with the AWS IoT security model.

VEST embedded platforms with cryptographic co-processor chip supports the following use cases:

  • Hardware support for Symmetric/Asymmetric algorithms
  • Network key management & exchange (IoT edge device)
  • Encryption for messages and data
  • Secure boot and protected download
  • Safe storage of sensitive data and a secret cryptographic key

In Summary:

The demand for dedicated hardware security-based solutions is growing. VEST embedded platforms with integrated Secure Element provide protection against eavesdropping, manipulations of data, and proof of source authenticity. With this cryptographic security device, VEST Embedded platform can be used as an Edge Compute device providing a secure connection to VESTconnect360 cloud solution or any network/cloud of choice. Using VEST Secure Element solution can significantly reduce your development time because the secure element configuration tasks are already done.

All development platforms use the same production-ready software and arrive preloaded with the choice of Embedded Linux or Android Operating System (OS) and come with a built-in 802.11 b/g/n/ac “Wave 2” WiFi and Bluetooth connectivity module.

All VEST solutions are cloud-ready. VESTconnect360 enables equipment manufacturers to incorporate intelligence into their products, giving users the power to monitor and control assets in real-time, through the cloud, anytime and anywhere.

You can find VEST solutions suitable for market segments such as industrial, commercial, and consumer electronics.

VEST would welcome the opportunity to discuss how your company can leverage VEST’s unsurpassed customer service, including electrical/electronic, firmware, and software system design expertise, to take your project to the next level.