Deploy a secure Cloud-connected IoT device network complete with Edge computing capabilities
the extensive set of AWS offerings (Figure 8).
Figure 7: A Greengrass Core device relies on secure storage of private keys using secure elements such as the ATECC608A device integrated in the Microchip ATSAMA5D27- WLSOM1 wireless SOM. Image source: Amazon Web Service
Conclusion
Deployment of an IoT network with Edge computing resources can prove a daunting enterprise with multiple requirements for endpoint devices, Edge computing systems, and secure Cloud connectivity. Individual pieces of the required solution exist but integrating them into a coordinated IoT application has left developers to face the complex tasks of implementing the service interfaces, communications methods, and security protocols required by IoT Cloud providers. As shown, a set of Cloud-ready endpoint and Edge computing products from Microchip Technology provides an off-the- shelf solution designed to connect easily with AWS IoT services and the AWS IoT Greengrass Edge computing service. Developers can use Microchip’s AWS qualified endpoint boards and a wireless system-on-module Edge computing platform to provide near transparent connectivity to the AWS Cloud and accelerate IoT network deployment. Further reading Flash Memory with a Built-In MAC Address Can Really Help During Development
Devices in a Greengrass group rely on digital certificates to authenticate each other and their messages within the group and with Cloud-based AWS services (Figure 6). If the underlying security mechanisms and protocols are compromised due to exposed private keys or fraudulent certificates, the group and even Cloud-based resources can be compromised in turn. AWS protects itself and its users’ applications by permitting interactions only with trusted devices that incorporate a hardware secure element able to protect the private keys used for secure communications between the Greengrass Core device and the AWS IoT Core, and between the Greengrass Core device and endpoints (Figure 7). AWS has identified the WLSOM1 as well as the ATECC608A secure element as Greengrass qualified solutions able to meet its security requirements. In fact,
using a combination of integrated hardware accelerators, integrated processors, and stack firmware. The WLSOM1 also offers wired connectivity managed by a Microchip KSZ8081RNAIA Ethernet transceiver. Microchip includes its 64 Mbit SST26VF064BEUI flash, which comes pre-provisioned with an IEEE allocated 6-byte extended unique identifier (EUI-48) and 8-byte EUI-64. This ensures a globally unique MAC address in order to reliably connect to the public Internet. (See ‘Flash Memory with a Built-In MAC Address Can Really Help During Development’.) Finally, the WLSOM1 includes the ATECC608A secure element for hardware-based security. Thanks to its high level of integration, the WLSOM1 requires relatively few components beyond decoupling capacitors and pullup resistors to implement the hardware interface in a board design. Bringing up a WLSOM1-based board on AWS IoT Greengrass
requires very little effort. In fact, most of the effort involves setting up AWS services for its use. Microchip provides developers with step-by-step guides for this, including how to create an AWS account and how to define a Greengrass group of Greengrass core and endpoint devices. After building the target system on a Linux development system, developers upload the target image, Greengrass Core software, and certificates to the WLSOM1, typically using a secure digital card (SDCard) flash drive. Authentication and secure communications operate transparently to the developer thanks to the hardware-based security provided by the ATECC608A secure element. For Greengrass Edge systems, however, the ATECC608A plays a deeper role in protecting the private keys underlying secure communications between the Greengrass Core running on the Edge system and the AWS Cloud.
Figure 8: AWS IoT Greengrass enables Edge systems to provide local processing including use of AWS Lambda functions for simple integration with AWS Cloud services for data storage, machine learning, and other capabilities. Image source: Amazon Web Service
the ATECC608A supports AWS’ enhanced security capability provided in IoT Greengrass Hardware Security Integration (HSI). HSI uses the Public Key Cryptography Standards #11, which defines an industry standard application programming interface (API) for communications between a processor and a hardware security module (HSM) used to store private keys. In the WLSOM1, the ATECC608A is designated as an AWS Greengrass qualified HSM Support for this standard security interface is particularly important for Linux-based systems used in Edge systems in general, and in Greengrass Core devices in particular.
Using this secure software foundation, developers can safely extend their Greengrass Core Edge systems with local processing capabilities using AWS Lambda functions, which provide a relatively simple event-driven programming model. While custom code running on the Greengrass Core device can support specific application requirements, AWS Lambda functions allow these devices to interact directly with AWS Cloud services. For example, developers can easily implement Lambda functions that connect endpoints with AWS services, such as Amazon’s NoSQL DynamoDB database management system for data storage or other services in
we get technical
52
53
Powered by FlippingBook