Secure Key Storage for IoT Devices

Secure key storage is a critical security capability that must be built into IoT devices by the OEM. IoT devices must protect encryption keys used for authentication and data encryption. Secure Key Storage methods include Hardware Secure Elements, Protected World provided by TrustZone, or a software secure key storage solution. This video also discusses: Hardware-based secure key storage (2:19) o A security chip can be used for secure key storage and for performing crypto operations using private keys. Either a Trusted Platform Module (TPM) or a specialized hardware Secure Element (SE) designed for IoT devices can be used. TrustZone based secure key storage (3:20) o TrustZone is a single chip solution with hardware support for isolating security critical operations from application software. Keys can be stored within the secure world to protect them from applications running in the normal world. Software based secure key storage (4:42) o Devices without a TPM, Secure element or TrustZone must rely on a software-based secure key storage solution. These solutions utilize a Storage Root Key (SRK) to encrypt keys used by the device. The SRK is protected using obfuscation techniques to ensure it cannot be easily discovered by hackers. Secure key storage considerations (5:54) o In designing a security solution for IoT devices it is important to determine how and when keys are created. If keys are to be generated on the device care must be taken to ensure the keys are sufficiently random so they cannot be guessed or discovered by a brute force attack. Keys are often used as part of certificate-based authentication, requiring a PKI implementation. Secure key storage use case (7:38) o Software-based secure key storage can be used for legacy devices to enable higher levels of security and to enable certificate-based authentication in legacy devices. This provides a foundation for security that can be extended by adding a hardware secure element to the next generation of devices being designed. Sectigo: Your trusted partner for IoT security (8:23) o Sectigo is a leading provider of security for IoT devices, providing robust, mature solutions that are scalable across a wide variety of embedded hardware platforms. Sectigo is a leading provider of security for IoT devices, providing robust, mature solutions that are scalable across a wide variety of embedded hardware platforms. For more information, visit: https://sectigo.com/enterprise/sectigo-iot-platform https://sectigo.com/resource-library/root-causes-1-55-californias-new-iot-security-law https://www.engineering.com/IOT/ArticleID/20216/Sectigo-and-Infineon-Partner-for-Greater-Security-Management.aspx Audience: This video is for security engineers, developers, product managers and anyone using or developing IoT devices.