NXP ST Micro. Infineon Silicon Labs Microchip Espressif

NXP make secure elements as well as Arm-based MCUs with embedded security, for which they provide two distinct provisioning schemes:

NXP EdgeLock 2GO

EdgeLock 2GO is the NXP service platform for provisioning and managing IoT devices based on the EdgeLock SE05x secure element.

Three options are proposed:

• Ready: secure element pre-provisioned with default keys and certificates.
• Custom: custom provisioning, download device certificates.
• Managed: OTA management of device identities, revocation, overproduction control.

With this platform, NXP handle the overall provisioning process (keys and certificates), from the silicon to the PKI. Certificate provisioning could be made at the chip factory, device factory, or in the field.

NXP extended the EdgeLock 2GO scope in March 2024:

• To let programming partners (e.g. Arrow Electronics, Avnet Silica, EBV Elektronik, EPS Global, Future Electronics) offer secure provisioning services based on the EdgeLock 2GO solution;
• By supporting not only secure elements, but also a series of NXP MPUs and MCUs.

NXP MCUXpresso Secure Provisioning Tool

Alongside their new generation of Arm-based MCUs (Cortex M33), NXP offers a dedicated provisioning tool. The MCUXpresso Secure Provisioning Tool allows for secure firmware, keys and certificates injection. Two options are available: Smart Card Trust Provisioning and Device HSM Trust Provisioning.

NXP Smart Card Trust Provisioning is a turnkey solution for OEMs to securely delegate device provisioning to contract manufacturers without a trusted environment. It also provides production limit control and a record of all device-unique certificates.

STM32 microcontrollers are provisioned at factory with a unique hardware identity, in the form of a device dedicated public/private keys (unique ECDSA key pair per device) and an X.509 certificate signed by STMicroelectronics.

STMicroelectronics have a strong focus on protecting OEMs against untrusted manufacturing environments: firmware IP protection, avoiding counterfeited or clone products as well as overproduction. This is the main objective of their STM32 Secure Firmware Installation framework, that rely on the chip unique keypair to individually pass the AES secret key encrypting the firmware.

However, STMicroelectronics do not propose secure provisioning services: they rely on partnerships with third-party pure players to assist OEMs on this topic and PKI, such as Kudelski IoT keySTREAM for their latest Arm Cortex M33-based MCU with STM32Trust TEE Secure Manager.

On the other hand, ST Microelectronics launched chip to Cloud initiatives (development of dedicated software packages) to plug their STM32H5 series MCUs into Microsoft Azure IoT Hub (Azure RTOS port) and Amazon AWS IoT Core (Amazon FreeRTOS integration). This should accelerate the provisioning of unique identity by relying on the device hardware security key. This feature was first introduced to work with the STSAFE-A110 Secure Element, and was then extended to the latest STM32 MCUs.

Infineon have developed the Cirrent Cloud ID service to provision devices with a unique identity at scale. Cirrent is based on the Optiga Trust M Express secure element:

• The secure elements are pre-provisioned with certificates (Infineon act as a Certificate Authority).
• A QR code (on the reel of chips) enables binding of the chip to an OEM, establishing ownership.
• The OEM can import these certificates into a Cloud or can interface with a certificate authority.

Silicon Labs advertise a chip that received a PSA level 3 certification. Their view is to allow for early personalization of the chips. Therefore they have developed the Custom Part Manufacturing Service (CPMS), a secure provisioning service to allow device manufacturers to customize the hardware at the chip factory, from a dedicated web portal at the time of order.

With this approach, OEMs can provision their own certificates directly at the birth of the MCUs, among other useful personalization services (see above), thus no longer needing to trust their contract manufacturers. Unlike other chipmakers who may propose custom services for high volume orders, Silicon Labs make these advanced personalization features available to all.

Microchip have a large portfolio of secure elements, especially the ATECC608 for IoT applications. These components can be personalized thanks to the Trust Platform Design Suite, that comes with four possible levels of customization:

• Trust&GO: pre-configured and pre-provisioned secure element for Cloud authentication with generic certificates.
• TrustFLEX: pre-configured secure element with custom provisioning (including customer unique credentials as PKI, symmetric keys).
• TrustCUSTOM: Fully customizable secure element including custom provisioning.
• TrustMANAGER: a partnership with Kudelski to enable in-field provisioning and lifecycle management.

Trust&GO

Trust&GO generic certificates allow for (later) Cloud provisioning with Azure IoT or AWS IoT Core. But OEMs that want to setup their own PKI should use Trust Flex to provision dedicated certificates instead.

TrustMANAGER

TrustMANAGER combines Microchip ECC608 secure authentication IC with Kudelski IoT keySTREAM services. The main advantages for the OEM are the easy onboarding of the Root CA of its choice without having to deal with key materials, and the in-field provisioning feature.

Technically, Kudelski provide a dedicated agent that integrates in the MCU. This allows the IoT device to retrieve its operational certificate from the keySTREAM SaaS at the first connection in the field. Optionally, further PKI services can be seamlessly offered, such as certificates renewal or transfer of ownership.

Espressif ESP32-xx chips and modules are widely used in various IoT sectors. Nevertheless, we found no explicit procedure for identity provisioning at scale of their components, nor public information regarding the custom pre-provisioning services they provide upon request.

AWS IoT Core Azure IoT

AWS offer several options for device identity provisioning, allowing the device manufacturer to use its own (self-signed) PKI, a third-party CA or AWS Private CA.

Every device connected with AWS IoT Core is associated with:

• An IoT Thing: a Cloud-based representation of the physical device.
• An X.509 Certificate: containing the public key and identifier of the device.
• An IoT Policy: defining device authorizations.

More details are available in AWS whitepaper.

AWS architecture schemes are:

• Just-in-Time Provisioning (JITP) & Just-in-Time Registration (JITR)
• Multi-Account Registration without a CA
• Fleet Provisioning with CSR
• Zero-Touch Provisioning (ZTP)

JITP and JITR

For devices that are already provisioned with certificates signed with the OEMs designated CA and private keys before onboarding to AWS IoT. The CA must be registered in AWS IoT, and the target region must be known in advance.

With JITP the device is automatically registered at the first connection (according to a policy template), whereas JITR allows some custom logics (such as CRL check or association of a user to a device) before granting device activation.

Multi-Account Registration without a CA

Instead of registering a CA, every device certificate is individually registered in AWS IoT. This can be used for devices with chipmaker certificates pre-provisioned in the main chip or secure element. Certificates signatures are not checked.

Devices can be registered in one or many regions with the corresponding policy before the first connection.

Fleet Provisioning with CSR

AWS recently updated their architecture to integrate device hardware-based root identity (embedded asymmetric keypair) using the CSR workflow shown in the picture below. This is particularly interesting in the general case where devices are manufactured with a UDID and a keypair but do not contain an X.509 certificate.

Under this scheme, the provision by claim is the preferred sub-option, for which the device manufacturers must provision the UDID list of authorized devices into AWS IoT.

The choice of the CA is left open as explained by AWS: “The new self-managed certificate signing capability allows you to integrate with an external certificate authority, your own public key infrastructure, or popular CA services such as AWS Private CA, to sign certificate signing requests (CSRs) when provisioning your fleet.”

Zero-Touch Provisioning (ZTP)

AWS define a ZTP service provider as a third-party actor to whom the device manufacturer delegates key provisioning and PKI. ZTP vendors can interface with AWS IoT to support the certificate lifecycle management services through the customer AWS account.

This option presents several advantages:

• No need to know where the device will be connected at manufacturing.
• Automatic onboarding & registration per batch.
• Simplifies multiple AWS accounts.

The ZTP service provider is a trusted authority, responsible for registering devices to the OEMs AWS account and for other critical lifecycle operations such as factory reset, transfer of device ownership, or decommissioning.

LwM2M GSMA IoT SAFE LoRaWAN Sigfox PUF Matter

The Open Mobile Alliance designed the Lightweight Machine-to-Machine (LwM2M) protocol for managing lightweight and resource-constrained devices in IoT deployments. LwM2M is a standardized way for device communication with management platforms, enabling functionalities such as remote device management, firmware updates, or data reporting.

LwM2M is mostly used in industrial IoT contexts, involving millions of battery-constrained cellular LPWAN devices such as water meters.

The Enrollment over Secure Transport (EST) protocol is used for securely provisioning and managing cryptographic credentials (e.g. X.509 certificates) in IoT devices. The Constrained Application Protocol (COAP) is a lightweight web transfer protocol designed for IoT scenarios with constrained nodes and networks.

When combining LwM2M with EST over CoAP, it is possible to establish a secure mechanism for retrieving unique device identities (X.509 certificates) anchored to public key pairs stored in the secure hardware of IoT devices.

A LwM2M implementation involves a server (LwM2M server) and a client (SDK or library). There are many commercial solutions available on the market today:

• Ioterop
• Avsystem
• Open Mobile Alliance (open source)

What is IoT SAFE?

The GSMA IoT SIM Applet For Secure End-2-End Communication (IoT SAFE) is a standard focused on managing device identities. It enables IoT device manufacturers and service providers to use the SIM (including the newest eSIM and iSIM form factors) as the hardware root of trust, The SIM can now serve to perform mutual (D)TLS authentication to any applicative service, through standardized APIs. The GSMA IoT SAFE standard should simplify provisioning and credential lifecycle management according to their whitepaper.

Kigen

Beyond IoT SAFE, Kigen have defined the Open IoT Safe zero-trust architecture as an extension of the GSMA standard with IETF Enrolment over Secure Transport (RFC 7030). Their goal is to simplify device provisioning and end-to-end integration from any device to any Cloud.

However, these initiatives do not seem to have gained much traction on the market yet.

LoRaWAN uses a symmetric authentication scheme. There are two methods for provisioning a device onto a LoRaWAN network: Activation by Personalization (ABP) and Over-The-Air Activation (OTAA). The difference between these two methods is how the keys are handled. OTAA is more secure and should be preferred.

With OTAA, an activation workflow allows the device and the network to generate new security keys. The device is uniquely identified with a 64-bit globally-unique identifier (DevEUI) assigned by the manufacturer, and a device secret key (AppKey) must be shared with the head-end prior to the initial activation. This shared key will be used at both sides to derive an authentication key (NwkSKey) and an encryption key (AppSKey).

Each device must therefore be provisioned with a unique (DevEUI, AppKey) couple at manufacturing. A secure process must be defined to keep these secret keys confidential until devices are provisioned on a LoRaWAN network.

Device credentials in Sigfox are similar to LoRaWAN. They are defined by Unabiz (Sigfox owner since 2022). Manufacturers (chip or device) must pass the Sigfox certification and request device credentials to a Central Registration Authority who sends them back an encrypted file containing (device ID, key) pairs for the required number of devices. This information must then be provisioned at (chip or device) manufacturing, similarly to LoRaWAN.

Synopsys (Intrinsic ID)

The SRAM Physical Unclonable Function (PUF) is a cryptographic primitive that leverages the inherent variations in Static Random Access Memory (SRAM) cells to generate unique, device-specific keys. These keys are derived from the subtle manufacturing differences that exist between individual SRAM cells, making them impractical to replicate or predict.

SRAM PUF is adaptable to any SRAM. Unlike other key storage methods, SRAM PUF does not store keys in non-volatile memory. Instead, it generates them dynamically at boot time. This approach significantly reduces the risk of key exposure.

Synopsis proposes PUF-based security solutions for IoT devices. They offer two product lines: hardware and software IP.

• Quiddikey: a hardware IP family used by several silicon vendors (NXP, Microchip, Silicon Labs) in their secure chips to build a strong hardware root-of-trust and a hardware unique identity. Moreover, Quiddikey 300 obtained a PSA level-3 certification for the root-of-trust component.
• Zign: a software IP family targeting specific use-cases, such as late provisioning of hardware-based root identity. Zign makes it possible to fully separate IoT device identity provisioning from the chip manufacturing process. The setup process can take place later in the supply chain or on deployed devices (remote retrofit).

Intrinsic ID white paper provides more information on key provisioning with SRAM PUF.

Crypto Quantique

Crypto Quantique is another player in the PUF field. Instead of being based on SRAM, their PUF technology is based on quantum tunnelling and requires dedicated hardware.

• QDID PUF: a hardware IP developed for RISC-V IoT chips from Andes Technology. However, unlike SRAM PUF, it cannot apply to existing chips.
• Quarklink, a platform for chip-to-Cloud onboarding. This client-server solution can directly connect IoT devices to Cloud-based application from their root hardware public key. It includes device certificate generation and management. This is an option to consider to set up a basic PKI with AWS for instance.

Matter is a unified standard designed by the Connectivity Standard Alliance (CSA) to enhance interoperability and security of smart home devices, enabling seamless communication and integration within the IoT ecosystem.

Matter is conceived to be secure by design, requiring authentication of every device in the ecosystem via a certificate attesting their authenticity and identity.

In Matter, the PKI ensures secure communication between devices. Each Matter device must be provisioned at factory with a Device Attestation Certificate (DAC), that enforces its unique identity and genuineness. The Matter certification authority role is held by the CSA, who delegates the status of Product Attestation Authority (PAA) to selected organizations who become root certificate authorities, and in turn delegate the charge of issuing DACs to the devices to entities named Product Attestation Intermediate (PAI).

The Distributed Compliance Ledger (DCL) is a blockchain-based database that allows the CSA to update devices compliance state, and manufacturers to publish public information about their devices.

A dozen of organizations are certified as PAA, mainly PKI providers and silicon vendors. Matter identity provisioning is ideally realized at the chip factory and most vendors propose a dedicated service:

• NXP are an approved PAA and provide Matter DAC provisioning through their EdgeLock 2GO service infrastructure.
• ST Microelectronics delegate the Matter identity provisioning to a third-party PKI provider.
• Silicon Labs partner with Kudelski to generate DAC certificates within their CPMS provisioning infrastructure.
• Infineon also partner with Kudelski.
• Espressif claim to be an authorized PAA and propose a dedicated Matter pre-provisioning service.