Rick Merritt of the EE Times reports that Rambus is broadening its security portfolio to include a service that manages cloud connections for IoT devices. As Merritt points out, STMicroelectronics and Qualcomm are the first two chip makers showing support for Rambus’ IoT Device Management service.
“The new offering adds software modules for managing encrypted services such as authentication and over-the-air updates to Rambus CryptoManager, its existing [platform] for provisioning IoT keys,” writes Merritt.
“The Rambus offering aims to ease the job of securing IoT nodes to cloud services to prevent breaches such as distributed-denial-of-service attacks. The Mirai attack late last year raised attention on the need for better IoT security, an issue being addressed by an increasing number of products and industry initiatives and expected increases in spending on IoT security.”
According to Merritt, Rambus aims to integrate code for its service in the SDKs of chip sets and cloud services.
“The service will support secure booting, certificate refreshes and security disaster recovery. Its memory and CPU requirements vary depending on the used chipset’s architecture and available hardware cryptographic resources,” he explains. “The Rambus service [also] leverages existing hardware root-of-trust capabilities that the company said its CryptoManager provides to more than a billion chip sets. Alternatively, it can use third-party root-of-trust services that the chip maker uses.”
Indeed, to accommodate the various requirements of OEMs and service providers, the Rambus CryptoManager IoT Device Management client can be pre-integrated in three device architectures. Rambus provides all the required components to enable seamless integration for both the OEM and service provider.
CryptoManager Security Engine with pre-provisioned keys
In this configuration, the IoT device utilizes a hardware-based CryptoManager secure core that includes pre-provisioned unique device keys to provide IoT OEMs and service providers with an out-of-the-box secure cloud connection. Since the key is burned into silicon during manufacturing, additional OEM provisioning isn’t required. Deliverables include a client SDK, documentation, reference dashboard and API.
Third-party secure hardware
With a third-party root-of-trust configuration, Rambus can leverage a chipset’s pre-provisioned key or offer key provisioning solution with the CryptoManager Infrastructure platform. Deliverables include those listed above, with the addition of the CryptoManager appliance and keys.
No Security Hardware
If a hardware security engine isn’t available, IoT devices can utilize Rambus’ software-based security engine, which is included in the IoT Device Management Client SDK. Keys are then provisioned by the CryptoManager Infrastructure platform. Deliverables are the same as those listed under the third-party secure hardware section.
Interested in learning more about Rambus’ CryptoManager IoT Device Management service? You can check out our Trusted Services page here.