Today, when manufacturing physical devices, such as Internet of Things (IoT) related devices that contain secure credentials, there is a serious challenge with supply chain data security. The cryptographic credentials, such as passwords, encryption keys and the like that are loaded into the device are very sensitive; compromise/leak of these credentials is fatal, effectively collapsing the entire security model. The problem is intensified through the supply chain, where often the manufacturing facilities (where credentials are typically loaded) and/or personnel cannot be trusted.
One of the key principles of end-to-end IoT security is the integrity and trust level of device credentials, hence their protection is in the foundation of IoT security. There are many challenges associated with protecting secrets in general, and particularly with IoT devices. Software obfuscation offers limited protection against hackers. Hardware-based protection has many challenges—additional BoM costs, board layout modifications for existing devices, fragmentation among IoT device versions, models and makers and expensive private key protection procedures during device provisioning at manufacturing or commissioning facilities that are often overseas.
The challenges detailed above result from the introduction of dedicated HW that should be integrated, provisioned, deployed to a huge mix of different devices and platforms.