In evidence of blockchain’s promise to help secure IoT devices, Trustonic is leveraging it as part of new technology that it says will better secure connected devices by enabling security at the chip level.
Trustonic’s technology would inject a root of trust and a “Digital Hologram,” at the silicon provider level, adding a hologram at each stage of the manufacturing journey and recording the events on a blockchain. When, for example, product registration is initiated, the holograms are collected, signed by the root of trust and passed on to Trustonic’s cloud-based database for validation. That information is passed on to the Original Equipment Manufacturer (OEM), according to a Trustonic blog explaining the technology.
The new technology can help solve the problem of ensuring IoT security at the scale of connected devices, according to an interview with Trustonic CTO Richard Hayton. By giving each System on Chip (SoC) a root of trust, an OEM can securely record its progress, and attest to the manufacturing chain.
“The industry has been trying to bury its head in the sand for a long time about security,” Hayton said. “It’s hard and no one has been explaining how to do it easily. We have a new technology…solving the problem of trust in the IoT value chain.”
In developing its new IoT security technology, Trustonic drew on experience gained in providing security solutions for the mobile phone space. The Cambridge, UK-based company, which has 100 employees, was launched five years ago as a joint venture by ARM and Gemalto. Trustonic’s security operating system is deployed alongside Android in about 1.2 billion mobile devices today, Hayton said.
But the technology that works well to secure mobile phones (every phone in the production line generates a key and sends that up to a database in the cloud) doesn’t work well for IoT devices, where production spans trusted and untrusted manufacturing points along the supply chain, according to Hayton. Preparing for a supply chain that will build lower cost products eventually containing chips costing less than $1 requires a different approach.
With this information, the OEM can also detect overproduction if the Digital Holograms have been reused in chips and can take appropriate action, according to the blog. Or, if a device lacks the relevant Digital Holograms, or they are linked in the wrong order, the OEM can refuse device enrollment. It can also notify the user that the device must be sent back to a customer service center for further examination, according to the blog.
Trustonic recently conducted a demo of the technology at ARM TechCon using an ARM v8 M23 MPU with TrustZone manufactured by Novoton. When the device attempted to enroll, the holograms were collected, signed by the Roots of Trust (RoT) and passed on to the AWS cloud, where the Trustonic Virtual Private Cloud validated the Digital Holograms. That information was passed back to the OEM’s cloud-based database, a TLS certificate issued and the device allowed access to IoT services.
“It turned on and it worked,” Hayton said. “Security is intrinsically very hard, but that does mean you can’t put a simple face on it.”