Manualshelf

Product Specs

ManualsBrandsBriki ManualsElectronicsMBC-WB
12345678910
Table Of Contents
MBC – WB01 Product Specifications
9 Copyright © 2018 METECA SA. All rights reserved.
6. Security
A key point of IoT and IIoT is security. Since many industrial companies are extensively implementing the Internet
of Things at the edge of their networks and increasing the capabilities of the network itself, connecting many devices
presents a huge security threat. This big number of connected devices offers a much larger surface prone to cyber-
attack than the IT space where, by comparison, the volumes of data are lower and its exchanging can be more
precisely controlled.
In the industrial sector, huge amounts of data are being processed by physical devices at the edge (through their
firmware), sent back to the cloud for further analysis and used by different applications or, after processing, by the
devices themselves to control the processes or the plant environment. Attackers can exploit these devices and their
software to subvert and compromise the hardware itself. Significant numbers of IoT devices are not being used with
security in mind, so every single device and sensor in the IoT represent a potential risk and an easy entry point to
the network.
The MBC-WB01 features a double security layer.
The first directly inside the ESP32, that, along with TLS v1.2, implements secure boot, flash content encryption and
cryptographic hardware acceleration (with AES, SHA-2, RSA, elliptic curve cryptography (ECC) and random number
generator (RNG) support).
The secure boot support ensures that when the ESP32 executes any software from flash, that software is trusted
and signed by a known entity. If even a single bit in the software bootloader and application firmware is modified,
the firmware is not trusted, and the device will refuse to execute this untrusted code. This is achieved by building a
chain of trust from the hardware, to the software bootloader, to the application firmware.
The flash encryption support ensures that any application firmware, that is stored in the flash of the ESP32, stays
encrypted. This allows manufacturers to ship encrypted firmware in their devices.
The second is the Microchip ATECC608A that integrates ECDH (Elliptic Curve Diffie Hellman) security protocol - an
ultra-secure method to provide key agreement for encryption/decryption - along with ECDSA (Elliptic Curve Digital
Signature Algorithm) sign-verify authentication.
It also offers an integrated AES hardware accelerator extending the secure boot features to both the MBC’s MCU
and supplying the full range of security such as confidentiality, data integrity, and authentication to MBC’s system.
The ATECC608A employs ultra-secure hardware-based cryptographic key storage and cryptographic
countermeasures which eliminate potential backdoors linked to software weaknesses.
It can also perform Elliptic Curve Diffie Hellman Key Exchange which means that the part can securely store the
asymmetric keys (private key) for a TLS (v. 1.3) exchange and deliver the master secret to the microcontroller for
the symmetric portions of the protocol, simplifying the connection and the authentication to Azure, AWS, and Google
cloud platforms.