I'd like to open a small discussion about what would be the best usage of STSAFE-A110 to enhance the hardware-level security of our IoT device. To be more specific, in our application we want to use the STSAFE-A110 to store the customized device private key and certificate (not the standard leaf certificate in zone 0), that will be used for TLS authentication at the server.
I'm trying to think how this will help in case that a malicious adversary gets hold of our hardware. I suppose nothing is completely secure and it all depends on how good one needs to be protected and/or how many obstacles one wants to make it for the attacker.
Let's however, do a thought experiment. What can the attacker do with our hardware?
I suppose that since the device private key and certificate are not in the MCU flash but in the A110, the attacker
- cannot get hold of the private key, but can use it for signing (right?)
- can read out the device certificate
What can one do with the above? Could one clone our device and create others that imitate the original?
What is the real benefit of storing this information inside the STSAFE-A110 instead of the MCU flash directly, since, in the end, one can still use the private key for signing and has access to the certificate.
Would it make sense to protect the link between the MCU and the STSAFE-A110 using the host secure channel? What extra security would that add to our above scenario?
