G-Shield Chip Programmer: Writing Digital Certificates to Chips at the Production Stage
G-Shield Programmer (GPW-01)
GlobalSign announced a technology partnership with startup Big Good Intelligent Systems , which released a product called G-Shield . This is a registration server plus a chip programmer for physically recording digital certificates for microcircuits: Big Good calls these microcircuits “crypto chips” ( HVCA Module / ECDH Crypto Chip ).
The idea is that the manufacturer physically protects the devices from the moment they appear, that is, right at the production stage.
GPW-01 chip programmer
The G-Shield platform includes an enroll server and GPW-01 chip programmer. It works automatically, performing the tasks arriving at the server.
- Parallel operation of multiple programmers with mutual connection.
- Size: 310 × 115 × 35 mm
- LCD screen: 3.5 inches, resolution 320 × 480 pixels
- Processor and memory: ARM V8 quad-core Cortex A53 1.2 GHz, 1 GB SDRAM
- Power supply: AC 100 V - 240 V 50/60 Hz
- OS: Linux 3.x
- Ports: Four I2C ports
- Chip Connectors: Four
For servicing certificates, IoT Identity Platform from GlobalSign is used with RESTful APIs. It is a flexible and scalable PKI platform that can handle requests from billions of IoT devices. Physical certificate integration is especially relevant for IoT devices. Big Good is going to integrate these crypto chips into its own smart home devices, but also offers crypto chips to other manufacturers.
Realtek Semiconductor, the renowned manufacturer of microchips for telecommunications equipment, computer peripherals and multimedia applications, will be the first to introduce the system into its production cycle. Realtek microchips are used in many computers, laptops and tablets: network controllers, PHY microchips, network access controllers, multimedia gateway controllers, wireless LANs, as well as High Definition Audio codecs, card reader controllers, clock generators and LCD controllers.
Realtek Semiconductor, together with Big Good and GlobalSign, is now exploring how best to integrate technology into the pipeline.
IoT device protection
The physical implementation of digital certificates at the production stage is a logical solution for protecting IoT devices in an environment where an attacker is able to not only intercept and replace traffic, but also gain physical access to these devices.
Weak IoT protection is one of the biggest challenges in the industry. Just look at the news:
- “Smart bulbs thrown into the trash are a valuable source of personal information”
- "Casinos hacked through a thermostat in an aquarium"
- “Vulnerabilities Hack Diqee 360 Robot Vacuum Cleaner and Spy on Its Owners”
- “Effective reverse engineering techniques for IoT devices” (scientific article, security analysis of 16 popular IoT devices)
All this could be avoided due to the competent implementation of encryption, including by programming a crypto chip with a digital certificate at the production stage. Big Good HVCA
cryptographic module with integrated digital certificate
IoT crypto module specifications
- PKI Algorithms: ECDSA (FIPS186-3), ECDH (FIPS SP800-56A)
- NIST P-256 Standard Elliptic Curve
- SHA-256 Hash Algorithm with HMAC Option
- 256 bit key length
- Store up to 16 keys
- Unique 72-bit serial number
- Built-in random number generator
- 10 KB EEPROM for storing keys, certificates and data
- Logging options, protection against external interference
- One pin GPIO
- Standard I2C 1 MHz Interface
- Power Supply 2.0V to 5.5V Supply Voltage Range
- Power consumption in sleep mode less than 150 nA
Obviously, not only smart home gadgets need protection, but also medical implants, industrial devices, and other Internet of things devices.
The GlobalSign digital certificate management platform with hardware support for Big Good crypto chip supports a complete device identification life cycle, from the initial preparation of certificates (which are flashed during production or locally during deployment) to the life cycle of certificates with their final completion, including decommissioning or transfer property rights.
If each device or endpoint has a unique identifier, then when they access the Internet, they are authenticated, and then throughout their lives they prove their integrity and can safely communicate with other devices, services and users.
The IoT Edge Enroll service provides a flexible and scalable way to deploy and maintain this system with additional features such as Registration Authority (RA) and advanced protocol support. GlobalSign issues certificates with a speed of more than 3000 per second, which is a record among registration centers.
Security by design - the principle of software development, which is designed from the very beginning to ensure maximum security. This principle can be extended to the development of equipment.
Thus, today digital certificates are used not only to protect websites and sign computer programs, but also to ensure the authenticity of physical devices. The firmware is performed directly on the conveyor of the chip manufacturer.
“As IoT technology evolves, it is important that security is part of the design from the start,” saysRoger Wu, CEO of Big Good Intelligent Systems. “Security should start at the component (chip) level and be supported by a strong, stable and secure PKI infrastructure at the device, gateway and cloud level.”
SPECIAL CONDITIONS for PKI solutions for small and medium-sized businesses until 11/30/2019 by promo code AL003HRFR. Offer valid for new customers. For details, contact the managers +7 (499) 678 2210, firstname.lastname@example.org.