Secure IoT Message formats
For security to work we must provide Confidentiality, Integrity & Authentication in hardware.
Normal IoT data is normally very small in size 1-255 bytes. Exceptions to this are when devices & gateways negotiate security & session keys. For session keys either AES or DES can be used. These session keys have a life span that is calculated on the value of the data. To attain secure session keys first we must secure the communications link. For this we must perform our C.I.A. requirements.
We use a secure hash to gain Integrety. We can later check to see if the data has been manipulated my a man-in-the-middle attack.
We sign the secure hash and payload for Authentication by the end user. This proves that this exact device sent this data.
We then encrypt the signed secure hash & payload with the recipients public key. So only they can decrypt the payload. From here the signature can be checked along with the secure hash. If every thing checks out fine then we know we can trust this data and the sender.
Secure IoT with MICROCHIP ATECC508A crypto element
The ATECC508A crypto element is the first crypto device to integrate ECDH (Elliptic Curve Diffie–Hellman) key agreement, which makes it easy to add confidentiality (encryption/decryption) to digital systems including Internet of Things (IoT) nodes used in home automation, industrial networking, accessory and consumable authentication, medical, mobile and other applications. In addition to ECDH, the ATECC508A has ECDSA sign-verify capabilities built-in to provide highly secure asymmetric authentication.
The combination of ECDH and ECDSA makes the device an ideal way to provide all three pillars of security such as confidentiality, data integrity, and authentication when used with MCU or MPUs running encryption/decryption algorithms (i.e. AES) in software.
Similar to all Microchip CryptoAuthentication products, the new ATECC508A employs ultra-secure hardware-based cryptographic key storage and cryptographic countermeasures which are more secure than software-based key storage. This next-generation CryptoAuthentication device is compatible with any microprocessor (MPU) or microcontroller (MCU) including SMART and Microchip AVR MCUs or MPUs.
As with all CryptoAuthentication devices, the ATECCC508A delivers extremely low-power consumption, requires only a single GPIO over a wide voltage range, and has a tiny form factor making it ideal for a variety of applications including those that require longer battery life and flexible form factors. The ATECC508A is downward compatible with the ATECC108A, ATECC108, ATSHA204A, and ATSHA204 crypto element devices.
MICROCHIP release new 608a for the PDF look here ATECC608A