As part of a preliminary development, SYS TEC electronic has further enhanced the security of the flexible control solution sysWORXX CTR-700 and integrated a dedicated cryptoprocessor into the firmware of the Linux-based edge controller.

The chip used, from Microchip's CryptoAuthentication(tm) family[1], makes it possible to store secrets (so-called crypto keys) in hardware in an access-proof manner. Furthermore, device certificates can now be cryptographically securely integrated in the sysWORXX CTR-700. This opens up the possibility of certificate-based device authentication in the operating environment.

The solution created uses algorithms recommended by both the BSI (German Federal Office for Information Security) and its US counterpart NIST (National Institute of Standards and Technology)[2][3]. Because of these advantages, cryptoprocessors of the same series are also integrated into the IoT cloud offerings of Amazon (AWS IoT) and Google (GCP IoT Core).

The cryptoprocessor provides hardware acceleration for the most important algorithms of asymmetric cryptography, based on Elliptic Curve Cryptography. The comparatively short but equally secure key and hash lengths make this approach perfectly suited for embedded devices. Specifically, the digital signature algorithm based on the elliptic curve secp256r1[4] was implemented.

A PKI (public key infrastructure) specially designed for the sysWORXX CTR-700 is available for managing the device certificates and the device-specific keys. With its help, the authenticity of your device can be guaranteed and all necessary license keys can be managed.

During implementation, we made sure to keep the solution flexible for our customers. For example, it is possible to store additional data in the cryptoprocessor on request. This can be used in many ways to protect customer-owned applications and licenses. We will be happy to support you in word and deed with the adaptation in customer-specific applications.


^{[1] Microchip 2021:www.microchip.com/en-us/products/security-ics/cryptoauthentication-family}

[2] BSI 2021: BSI Technical Guideline: Cryptographic Mechanisms:Recommendations and Key Lengths (BSI TR-02102-1) www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf

^{[3] NIST 2019: Digital Signature Standard (DSS)dx.doi.org/10.6028/NIST.FIPS.186-5-draft}

^{[4] CRoCS 2021: Centre for Research on Cryptography and Securityhttps://neuromancer.sk/std/secg/secp256r1/}