Securing IoT Platform with Multiple RoTs

Article By : Nitin Dahad

IoT security platform addresses 'end-to-end security' with provisioning, onboarding and monitoring...

Quantum security startup Crypto Quantique (London) has opened up its internet of things (IoT) security management platform, QuarkLink, to work with roots of trust (RoT) from multiple vendors as well as its own quantum-derived intellectual property RoT.

In an interview with EE Times, the company’s CEO Shahram Mossayebi highlighted why the fear of cyberattacks is preventing the full exploitation of the capabilities of IoT, and the market response to its hardware/software solution. He also hinted at partnerships for its QuarkLink software platform (which include Renesas, Silex Insight and EPS Global), and to expect a possible ‘big name’ chip customer in the next few months for its own hardware root of trust IP, QDID.

Shahram Mossayebi - Crypto Quantique
Shahram Mossayebi

First, on the topic of addressing the challenges of IoT exploitation and scaling, he sets the background. Mossayebi said, “Everyone talks about end-to-end security, but they often assume that key injection has already occurred. There are three key stages that need to be addressed from the software platform point of view. First is secure provisioning, where the chip is on board and requires key injection; then there is automated secure onboarding, where the device in the field is then connected to the cloud platform; and then there is security monitoring, which includes life cycle management.”

“Not everybody does all three. Several of the solutions might do onboarding and monitoring, or just provisioning, or just key management. Other IoT software platforms for device management and security are incomplete.”

This is where he believes the Crypto Quantique differs. The QuarkLink platform is available to semiconductor manufacturers and systems integrators that use root-of-trust (RoT) solutions of their own, or those sourced from other vendors. The platform was originally designed to work with Crypto Quantique’s own quantum-derived root-of-trust IP, called QDID (which stands for quantum-driven identity). QuarkLink handles provisioning, including secure firmware and cryptographic keys, automated secure onboarding, and security monitoring, including firmware encryption, signing and secure updates over-the-air, and certificate and key renewal and revocation. With some RoTs, including QDID, QuarkLink eliminates the need for hardware security modules (HSMs) and key injection.

Crypto Quantique IoT-Security-QuarkLink
The QuarkLink platform is available to semiconductor manufacturers and systems integrators that use root-of-trust (RoT) solutions of their own, or those sourced from other vendors. (Image: Crypto Quantique)

Mossayebi explained that cryptography is tough as it is a very specialist field. As a result, he said, “In reality, the industry is not fully exploiting IoT, because of fears of cyberattacks. In addition, it is also difficult to scale up the deployment of security. The other big challenge is that different market segments have different security requirements.”

Hence, while Crypto Quantique is targeting mainly semiconductor manufacturers, its IoT platform is supposed to be simple to set up. The company said QuarkLink can be set up in minutes by engineers without specialist IoT security knowledge. End-point devices are then connected to servers through cryptographic APIs, using just a few keystrokes to initiate an automated process capable of onboarding thousands of devices in seconds to a server platform, or to multiple platforms simultaneously. AWS, Microsoft and Mosquito are among the cloud services currently supported, with more following.

“Making QuarkLink available for use with root-of-trust solutions other than our own enables engineers to rapidly and securely scale IoT deployments for their existing devices. It also creates a seamless path for upgrading to our own unforgeable root-of-trust IP, QDID, in future designs,” Mossayebi added.

Crypto Quantique’s RoT, QDID, generates random, unforgeable cryptographic keys on-demand in silicon by measuring the quantum effects in chips manufactured on standard CMOS processes. The company notes that measuring and authenticating at quantum-level forms the basis of unique device identity and unbeatable security. Other hardware and physical unclonable functions (PUFs) can’t offer full security it claims.

Chips require secret key injection for authentication, which adds a point of vulnerability. The premise with Crypto Quantique’s solution is that a unique, silicon-based identity can secure billions of IoT devices without these risks. By harnessing quantum effects, it said this creates unforgeable identities and originate independent, tamper-proof cryptographic keys on demand.

Market adoption

Founded in London in 2015, and with $8 million raised to date (see: Startup Raises $8m to Deliver Unforgeable Secure Identities), we asked Mossayebi, who is one of the co-founders, about market interest and adoption of its hardware IP and software platform. He explained that they already have partners signed up to its products, including Renesas, Silex Insight, and EPS Global; and that they were in discussion with a couple of “big name” semiconductor companies for its HDID root of trust hardware IP. For the hardware IP, it is based on delivering in 65nm and 55nm processes, but the potential new customer engagement would be on a process node lower than 55nm.

The company’s business model is based on licensing its hardware RoT IP, and then offering its QuarkLink security management platform either as a service or enable partners and customers to offer it as a white-labelled service under their own name.

Security ecosystem partners

Although not yet formally announced, Crypto Quantique is busily working with security ecosystem partners Renesas, Silex Insight and EPS Global to offer its QuarkLink based solution to their customers.

With Renesas the companies have partnered to integrate QuarkLink’s automated device onboarding and management into the Renesas RA ecosystem. Using Crypto Quantique’s cryptographic APIs, the QuarkLink platform will enable Renesas customers to rapidly and securely connect the roots-of-trust embedded in their microcontrollers to servers. According to the company, thousands of devices can be automatically onboarded within seconds, overcoming the scalability challenges presented by alternative solutions, without compromising security. QuarkLink supports devices that use Renesas’ secure cryptographic engine (SCE) and trusted secure IP (TSIP) blocks across the RA, RX and RZ microcontroller families.

Silex Insight, which offers embedded IoT security IP, is partnering to combine its eSecure IP standalone security module with QuarkLink to enable rapid, automated, and secure onboarding of IoT end-point devices to cloud-based or in-house servers without involving other parties. The intention is that, with no requirement for security expertise, engineers will be able to use QuarkLink’s cryptographic APIs to connect thousands of devices to services with just a few keystrokes, enabling their devices and data to be protected.

The third partner, EPS Global, provides secure IC programming-as-a-service to tier 1 automotive electronic suppliers, OEMs and contract manufacturers. The two companies have partnered to offer joint customers secure programming using the Crypto Quantique solution on EPS Global’s programmers at their programming facilities all around the world. This will enable customers using the Crypto Quantique QDID IP to program their microcontrollers securely at an EPS facility located close to their manufacturing factories. EPS Global will also promote and offer to its customers the full Crypto Quantique ‘QuarkLink’ software solution for end-to-end security capabilities.

Leave a comment