Skip to content

Latest commit

 

History

History
22 lines (17 loc) · 2.24 KB

240630.device_provisioning.md

File metadata and controls

22 lines (17 loc) · 2.24 KB

2024-06-30

https://discordapp.com/channels/918498540232253480/918498540232253483/1256859331781984299

Timmy77 — Yesterday at 11:30 PM Hello Friends, I am facing a new challenge about my IoT service provisioning. At first, our customer has bought an ESP32 Wi-Fi board from us. Then, how do we authorize him and his board to log in and use our IoT service? Here, I think of at least 2 methods, namely, (1) the Wi-Fi chip`s MAC address (2) an on-board key chip like Microchip ATECC608.

Which one method is easier and cheaper? Could you share your experience? Thanks for your attention. (edited) June 30, 2024

@Timmy77 Hello Friends, I am facing a new challenge about my IoT service provisioning. At first, our customer has bought an ESP32 Wi-Fi board from us. Then, how do we authorize him and his board to log in and use our IoT service? Here, I think of at least 2 methods, namely, (1) the Wi-Fi chip`s MAC address (2) an on-board key chip like Microchip ATECC608. Which one method is easier and cheaper? Could you share your experience? Thanks for your attention. (edited)

floitsch — Today at 3:11 AM It depends a lot on your needs. In some cases just letting users sign up with some account and then connecting a specific device with that account is good enough. There, you actually don't require the device to have any specific identifying information. You could, for example have a code on a paper shipped with the device that allows the user to sign up. Sometimes, just using the hardware id (Mac address) is also good enough. It's not super secure, but if the damage of leaking the id isn't high, I would go for the simplest approach. You can often blocklist devices/IDs on the server side if one ID really leaks. You can also flash a certificate onto the device in your factory. This authenticates the device. It requires a bit of setup but we have done something like that before. Unless you have keys that absolutely must not leak (like decryption keys for TV channels) I don't see the need for crypto chips. They might be harder to hack than the ESP32 (and I'm not saying it's easy to hack the ESP), but once the ESP is compromised it can just use the crypto chip for itself anyway. The crypto chip just makes it harder/impossible to duplicate the device.