Category Archives: Hardware

Atmel’s new car MCU tips imminent SoC journey

The fact that these MCUs are targeting highly-sophisticated connected car applications like infotainment and ADAS means that the journey toward bigger and more powerful chips is now inevitable.

The automotive industry has reached a new era marked by giant initiatives like infotainment, connected car and semi-autonomous vehicles. And, no one seems more excited than the MCU guys who have been a part and parcel of in-car electronics for the past two decades. However, the humble microcontroller is going through a profound makeover in itself in order to come to terms with the demands of the connected car environment.

Take Atmel Corporation, one of the top MCU suppliers, who has launched its SAM DA1 family of microcontrollers at Embedded World 2015 in Nuremberg, Germany. The automotive-grade ARM Cortex-M0+-based MCUs come with capacitive touch hardware support for human-machine interface (HMI) and local interconnect network (LIN) applications. The SAM DA1 series integrates peripheral touch controller (PTC) for capacitive touch and eliminates the need for external components while minimizing CPU overhead. The feature is aimed at capacitive touch button, slider, wheel and proximity sensing applications.

Moreover, SAM DA1 microcontrollers offer up to 64KB of Flash, 8KB of SRAM and 2KB read-while-write Flash. The other key features of SAM DA1 series include 45 DMIPS and up to six serial communication interface (SERCOM), USB and I²S ports. SERCOM is configurable to operate as I²C, SPI or USART, which gives developers flexibility to mix serial interfaces and have greater freedom in PCB layout.

Atmel | SMART SAM DA1 ARM based Cortex-M0+ microcontrollers

The automotive-grade MCUs — operating at a maximum frequency of 48MHz and reaching a 2.14 Coremark/MHz — are qualified to the AEC Q-100 Grade 2 (-40 to +105degreeC). According to Matthias Kaestner, VP of Automotive at Atmel, the company is targeting the SAM DA1 chips for in-vehicle networking, infotainment connectivity and body electronics.

Atmel-Automotive-Touc-Surface-Demo-PTC demo board

Automotive touch surface demo at Embedded World 2015

The fact that the SAM DA1 devices are based on powerful ARM cores clearly shows a trend toward more performance and the ability to run more tasks on the same MCU. The Cortex-M0+ processor design comes with a two-stage pipeline that improves the performance while maintaining maximum frequency. Moreover, it supports a new I/O interface that allows single cycle accesses and enables faster I/O port operations.

That’s no surprise because the number of electronic control units (ECUs) is on the rise amid growing momentum for connected car features like advanced driver assistance systems (ADAS). However, a higher number of ECUs will make the communication among them more intense; so automotive OEMs want to reduce the number of ECUs while they want more value from the MCU.

Moreover, car vendors want to bring down the number of ECUs to avoid complexity within the larger car network. The outcome of this urge is the integration of more performance and functionality onto the MCU. Each ECU has at least one microcontroller.

Atmel and the Evolution of MCU

Atmel’s SAM DA1 device is another testament that the boundaries between MCU and SoC platforms are blurring. The fact that these MCUs are targeting highly sophisticated connected car applications like infotainment and ADAS means that the journey toward bigger and more powerful chips is now inevitable.

Atmel is an MCU company, and this product line has played a crucial role in its transformation that started in the late 2000s. At the same time, however, the San Jose, California–based chipmaker seems fully aware of the critical importance of the system-level solutions. Atmel calls the SAM DA1 family of chips MCUs; however, its support for more peripherals, larger memories and intelligent CPU features show just how much the MCU has changed over the course of a decade.

Memory Protection Unit in Cortex-M0+

Atmel has a major presence in the automotive market with its MCUs and touch controllers being part of the top-ten car vendors. It’s interesting to note that, beyond its MCU roots, Atmel has a lot of history in automotive electronics as well. Atmel was one of the first chipmakers to enter the automotive market.

Moreover, Atmel bought the IC division of Temic Telefunken Microelectronic GmbH for approximately $110 million back in 1998. Telefunken was an automotive electronics pioneer with an early success in electronic ignition chips that made way into Volkswagen cars back in 1980.

The release of SAM DA1 series marks a remarkable opportunity as well as a crafty challenge for Atmel in the twilight worlds of MCU and automotive electronics. Tom Hackenberg, a senior analyst at IHS, calls the phenomenon ‘SoC on wheels.’

Hackenberg says that the automotive industry consumed approximately a third of all MCUs shipped in 2013. However, now there is an SoC on the road, the brain behind the connected car, and it commands a deeper understanding of the AEC-Q100 standard for automotive quality and ISO 26262 certification for car’s functional safety.

Atmel’s AvantCar touchscreen demo at the CES 2015

The integration of touch controller into SAM DA1 chips can be an important value proposition for the car OEMs who are burning midnight oil to develop cool infotainment platforms for their newer models. Next, while AEC Q100 Grade 2 qualification is a prominent part of the SAM DA1, Atmel might have to consider augmenting the ISO 26262 certification for functional safety, a vital requirement in ADAS and other connected car features.

Majeed Ahmad is author of books Smartphone: Mobile Revolution at the Crossroads of Communications, Computing and Consumer Electronics and The Next Web of 50 Billion Devices: Mobile Internet’s Past, Present and Future.

Connect and control your IoT devices with the SmartEverything dev board

1 Reply

Arrow’s latest development board is optimized for Internet of Things connections.

Arrow Electronics has launched an Atmel | SMART based development board packed with sensor options, communication interfaces and connection to the cloud for Internet of Things (IoT) designs.

The board, which is aptly named SmartEverything, utilizes the SIGFOX global network cellular connectivity solution to enable access to the IoT.

SmartEverything is equipped with an Atmel | SMART ARM Cortex-M0+ based CPU USB host orchestrator chip to manage traffic between peripherals, while an Atmel CryptoAuthentication device (ATSHA204) enables the implementation of a full security SHA-256 hash algorithm with message authentication code.

Additional features of the dev board include STMicroelectronics proximity, humidity, temperature and acceleration sensors, a TDK Bluetooth Low Energy interface for short-range connectivity, and an NXP NFC tag with I2C serial interface for authentication. A Dynaflex 868MHz antenna and Linear Technology power management devices are also incorporated.

Introducing the SAM DA1 series of Atmel | SMART MCUs

2 Replies

Atmel launches automotive grade ARM Cortex-M0+-based MCUs with capacitive touch hardware support for HMI and LIN applications.

Just in time for Embedded World 2015, Atmel has officially launched its next-generation family of automotive-qualified ARM Cortex-M0+-based MCUs with an integrated peripheral touch controller (PTC) for capacitive touch applications.

The SAM DA1 is the first series in this Atmel | SMART MCU automotive-qualified product family, operating at a maximum frequency of 48MHz and reaching a 2.14 Coremark/MHz. Atmel’s SAM DA1 series is ideal for capacitive touch button, slider, wheel or proximity sensing applications and offers high analog performance for greater front-end flexibility. The new devices are available down to a very compact QFN 5x5mm package with wettable flanks for automated optical inspection.

Eliminating external components and offering more robust features, devices in the SAM DA1 series come with 32 to 64 pins, up to 64KB of Flash, 8KB of SRAM and 2KB read-while-write Flash and are qualified according to the AEC Q-100 Grade 2 (-40 to +105°C).

“As a leader in both automotive touch and LIN solutions, we are committed to bringing innovative, cost-effective solutions to next-generation vehicles,” explained Atmel’s VP of Automotive Matthias Kaestner. “With a comprehensive peripheral set for connectivity and state-of-the-art touch support, the SAM DA1 series allows system designers to perfect the human-machine interface in the automobile with capacitive touch. We are committed to offering a wide range of cost-optimized auto-qualified products for in-vehicle networking, infotainment connectivity and body electronics.”

Key features of the SAM DA1 series include:

Atmel | SMART ARM Cortex-M0+-based processor
45 DMIPS
Vcc 2.7 to 3.63V
16kB to 64kB Flash; 32 to 64 pins
Up to six SERCOM (Serial Communication Interface), USB, I2S
Peripheral Touch Controller
Complex PWM
AEC Q100 Grade 2 Qualified

To accelerate the design development, the ATSAMDA1-XPRO development kit is available to support the new devices. Furthermore, the new SAM DA1 series is also supported by Atmel Studio, Atmel Software Framework and debuggers.

Interested? The company is currently working on the SAM DA1 series with lead customers, with general sampling slated to begin at the end of April 2015. In the meantime, you can head over to the MCU family’s page here.

Atmel and Sequitur Labs bring robust adaptive security to the IoT

1 Reply

The recent partnership highlights a new approach to IoT security and management along with ultra-secure hardware at Embedded World 2015.

Sequitur Labs, a developer of advanced security solutions and policy management for the mobile computing and connected devices markets, and Atmel will be demonstrating a joint platform for enhanced security and manageability of Internet of Things (IoT) devices and applications at Embedded World 2015 in Nuremberg, Germany.

The Seattle-based company has integrated their programmable, context aware security and manageability platform for embedded and smart gadgets with Atmel’s SAMA5D4 and SAM D21 MCUs, ATWINC1500 Wi-Fi modules, as well as ATECC508A crypto element devices employing ultra-secure hardware-based key storage. The joint solution significantly raises the bar on countering threats aimed at the IoT by implementing a system-wide, dynamic approach to security policy enforcement.

As recent reports suggest, the IoT market is projected to grow significantly with 69% of U.S. consumers planning to buy network-connected technology for their homes by 2019. And, with the number of intelligent devices entering the market on the rise, enhanced security and manageability of data becomes critical for IoT adoption. Threat vectors are expected to multiply quickly as connected nodes increase in volume with immense potential repercussions for business, critical infrastructure, medical systems, transport systems and personal data.

“Security and manageability of IoT nodes are the primary needs in this market. ‘Thing’ makers must stay ahead of the game by creating devices that are ‘secure by design’ and that employ a systems-driven approach. This means robust security and management need to be designed right from the outset and not added as an afterthought,” explained Phil Attfield, CEO of Sequitur Labs.

It should be noted that Sequitur’s security framework includes secure, policy driven command and control, enhanced data protection and hardware encryption, secure firmware updates, and programmable policy for greater customization.

“As a leader in security, Atmel is committed to delivering comprehensive, ultra-secure solutions to the billions of forthcoming connected devices,” said Bill Boldt, Atmel Senior Marketing Manager for Crypto Products. “Atmel’s innovative ecosystem partner, Sequitur Labs, is accelerating and simplifying IoT and embedded system development to provide the full complement of security capabilities, specifically confidentiality, data integrity and authentication. We are excited to work with Sequitur Labs to continue bringing ultra-secure, hardware-based key storage solutions to a wide range of applications including IoT, wireless, consumer, medical, and industrial, among others.”

The Sequitur Labs and Atmel product demonstration platform can be seen in the Atmel booth (4A-230) all week long at Embedded World. Additionally, Sequitur Labs CEO Phil Attfield will present “Reducing Risk and Liability of IoT with a Systems-based Approach to the 20 Critical Security Controls,” while Atmel’s very own Kerry Maletsky will explore “Making IoT a Reality—Leveraging Hardware Security Devices.”

Interested in learning more? Head over to Sequitur Labs’ official page here.

The politics of IoT privacy

Leave a reply

Kaivan Karimi, Atmel VP and GM of Wireless Solutions, explores the ongoing privacy issues around the Internet of Things.

When it comes to the Internet of Things (IoT), most people use the security and privacy issues of IoT as a two-in-a-box item that go hand-in-hand. This means, if you don’t have security, you cannot have privacy and vice versa, right? Well, yes and no. There is a lot being said and done to secure the end-to-end IoT systems via advanced policy-driven private and public keys, and threat management systems. More needs to be done, and we will have to figure it out. That is, until someone finds a vulnerability and the technology race starts over with new best practices being promoted. I plan to blog on some of the pitfalls we are experiencing in security technology rollouts in the future. But, for this specific blog, I will only focus on the privacy issues of IoT, since privacy issues can only be resolved through strong legislation and enforced by governments (aided by privacy and security technologies).

Today, I am promoting Privacy by Design (PbD). In the U.S., I am less hopeful that we will get real privacy legislation correct. As an IoT evangelist, my issue with the privacy requirements of IoT is not with the governments collecting meta data for fighting terrorism, but more so with private sectors having access to my personal data. Specific to this angle, my views are very similar to Blackberry CEO John Chen, who articulated his views here. (My hats off to John for a piece well done on this topic.)

A couple of years ago, I talked about my privacy concerns of private sectors having access to my personal data at a Gigaom conference. The Internet of People is the Wild Wild West. Today in the Internet of People, any time someone is surfing the web, there are over 200 private entities shadowing you. Unfortunately, our laws in the U.S. support “Opt Out,” meaning you have to opt out of a “service” in order to get out of it — unlike in most European countries that have implemented “Opt in” policies. In the U.S., companies have made it extremely difficult to opt out of this intrusion with methods that are still entirely legal. So in my humble opinion, the American government didn’t get it right when it came to the privacy of its citizens on the Internet of People. The government caved in to special interest groups who advocated for “Opt Out” policies in their own interest to use one’s data to advertise goods and service. While for the Internet of People, our government failed us, we all know that for the Internet of Things, the stakes will be much higher.

With IoT on the cusp of rapid growth, and intelligent sensors being integrated into every aspect of one’s lives, without sound privacy laws there will be a few thousand “intruders” following you, via your homes, cars roads, at work, in school, and more. Add your contextual compute platforms (smart devices) along with local and remote data analytics engines to the mix, and the “intruders” would know everything about you — even better than you do. Are you comfortable with that? Not to mention what criminal elements would do with that data.

Among the many benefits of IoT, I believe the healthcare industry will be revolutionized through discoveries on many scientific parallel fronts and the evolution and convergence of disciplines that are disjointed today (e.g. biogenetics, data analytics, sensor fusion, database linkages, etc.). One such technology is the impact that wearables with integrated biometric sensing will have on the future of healthcare. This new category of wearables will put the focus on prevention versus disease management, but new privacy laws need to be in place so that people are not turned off by their “fitness” data (politically correct with the new FDA ruling – subject of another blog) in the hand of these “intruder-advertisers.” Here’s a link to one of my talks on “healthcare revolution,” which includes the required privacy laws, from Toronto’s Smart Week 2014 held last October. The talk starts at 2:55:00 here.

A couple of years ago, I wrote a blog entitled “The need for Internet of Things (IoT) Consumer Bill of Rights.” There, I talked about the privacy and security concerns of IoT and posted a link to What your Telco knows about you: six months of data visualized.

If you click on the link and press the “play” button below the map, you will see how cell phones are being tracked by various towers and all that data is available through your wireless operators. Die Zeist (which means “The Time” or “Times”) is the most widely read and highly-accredited German weekly newspaper. This paper is not a news outlet from the fringes of sanity. In this paper, you can see ‘black-and-white’ how easily your center of universe (your smart phone) is allowing you to be tracked. Nothing new here, but It has a different effect when you can actually visualize it in black and white. With the Internet of Things, this would be the tip of the iceberg.

Regarding opting out, when you are using a screened device (your computer or smart device) and have no clue how to “Opt out,” how are you expected to “Opt out” through a ‘headless’ (screenless) device or sensor? The only way is to enforce privacy laws through legislation.

Due to these scenarios and (the lack of) privacy of our web, I have been keenly following FTC’s hearings and positions on IoT privacy issues. The first FTC conference on IoT was held in November 2013, a time when there was lot of talk around IoT privacy — especially after FTC’s 2012 Privacy Report — where it defined a number of categories deemed to be ‘sensitive’ data. One of the more fascinating talks at that conference was the keynote by Mr. Vint Cerf, Vice President and Chief Internet Evangelist of Google. For those of you who don’t know, Mr. Cerf was a lead engineer on the Army’s early 1970s Internet prototype, ARPANET, hence a celebrity around the web and one of the pioneers of the Internet.

During the keynote, Mr. Cerf mentioned: “Privacy is something which has emerged out of the urban boom coming from the industrial revolution. [Therefore] privacy may actually be an anomaly [and not the norm].” In fact, this is a creation of the industrial age. He basically promoted the idea that privacy rules of the Internet of Things should be as hopeless as the privacy laws for the Internet of People. I was amazed at the cavalier approach displayed with that keynote by Mr. Cerf at the FTC event, making the wrong impression on the FTC officials who were considering making policy choices.

The topic surfaced again at CES this year during a keynote by FTC Chairwoman Edith Ramirez discussing the three privacy challenges of IoT including:

The ubiquitous data collection of personal information, habits, location and physical condition over time
The unexpected uses of consumer data flowing from smart cars, smart device and smart cities
The heightened security risks of the Internet of Things

According to Ramirez, “In the not-too-distant future, many, if not most, aspects of our everyday lives will be digitally observed and stored. That data will contain a wealth of revealing information that, will present a deeply personal and startlingly complete picture of each of us when patched together.” She promoted the ideas of security by design, minimizing and anonymizing data for privacy, and increasing transparency by companies as key steps that need to be taken.

It was a brilliant speech and you can find it here. There is an array of hope for all individuals who want to accelerate the adoption of IoT technologies and the benefit these technologies can bring to society. Ramirez’s views on the privacy laws required for the IoT is a stark contrast to the laws in the book protecting the privacy of individuals in the Internet of People. For a few days I was grateful, and hopeful that the lobbyists wouldn’t bully the legislators into a meaningless version of Ramirez’s speech.

Since CES, several legislators have come out against Ramirez’s speech, stating that legislating privacy of IoT will suppress innovations. They’ve continued to argue against Ramirez’s view and stating that the report issued after that was “without examining costs or benefits… encourages companies to delete valuable data…primarily to avoid hypothetical future harms.” These legislators have also argued that the FTC hasn’t done enough economic analysis to issue industry guidelines or legislative proposals for what he called the “still-nascent Internet of Things.” I have seen this movie before, and it seems again as if the interest of a handful of very large advertising companies strong-arming the legislators will be taking precedence over promoting sound IoT privacy laws.

With the recent talk on Capitol Hill chastising Ramirez’s speech, I am now not very hopeful that the IoT privacy laws in the U.S. are going to be any better than our privacy laws for the Internet of People here. Hence I stand my ground and effectively promote the Privacy by Design principals, as the next best thing to strong privacy laws.

Interested in reading more from Kaivan Karimi? Be sure to check out his recent pieces on both Bluetooth Low Energy connectivity and net neutrality.

IFTTT debuts three new apps to automate your connected world

1 Reply

Do empowers you to create your own personalized button, camera, and notepad.

With the rise of the Internet of Things and smart devices, a growing number of Makers and developers alike have turned to IFFTT (“If This, Then That”) to automate online and mobile actions through “recipes.” Since its launch in 2011, IFTTT has expanded throughout the consumer market, offering integration with many of today’s most popular gadgets from Fitbit to HP printers to Hue lightbulbs.

Despite its popularity, the barrier to entry has been a bit limited to techies willing to browse through channels to create recipes. That was until now. The company has announced the launch of three free new apps for both iOS and Android — Do Button, Do Camera and Do Note — that will make setup as simple as a touch of a button. The suite of Do apps are designed to dumb-down the process by letting users drag-and-drop tools they want to connect and customize recipes through a minimalistic UX. Along with that, IFTTT has rebranded its original app to a much more simple “IF.”

Do Button enables users pair web tools and turn the function into a shortcut widget right on their home screen for everything from their Google Drive to Nest Thermostat, among countless other apps. For instance, you can now set the living room to your favorite temperature or open the garage door all with the tap of a button.

Do Camera possesses similar functionality, allowing users to create actions to share their photos in a much more expedited manner. Now, you can post photos to the Facebook album of choice, or quickly distribute on Tumblr or WordPress pages.

Do Note is a quick text entry app that will take a particular command and instantaneously send it out, whether it’s an appointment in Google Calendar, an added item on the grocery list, or even a quick tweet. You can also use voice commands to trigger a recipe.

At the moment, you can only program up to three recipes on the Do apps. However, IFTTT CEO Linden Tibbets says the team is working on ways to make saving recipes easier for swapping, as well as offering recommended recipes they might enjoy. As the number of connected devices continues to proliferate, expect Do to have a supporting role in the automation process.

IF you’re interested in learning more, THEN you should read more here.

Kanega is like a “wearable OnStar for seniors”

1 Reply

UnaliWear’s latest watch offers discreet support for falls, medication reminders, and a guard against wandering.

Most of you who’ve lived through the late ‘80s and ‘90s can distinctly recollect those Life Alert commercials with Mrs. Fletcher yelling, “Help! I’ve fallen, and I can’t get up!” Lo and behold, the catchphrase would go on to become a pop culture phenomenon throughout the United States. Since then, there have been numerous attempts to develop solutions geared towards providing the elderly real-time support in the event of an emergency, especially when they’re unable to reach a phone. And, as we enter the era of constant connectivity, it’s no wonder more brands are turning to ARM-based wearable technology to help bring senior citizens online.

Inspired by her own 80-year-old mother who refuses to wear some of today’s bulky emergency alert products, UnaliWear CEO Jean Anne Booth decided to take matters into her own hands. Not only are a number of gadgets available today socially stigmatizing and downright ugly, they’re also limited to use in homes unless tethered to a mobile device — something many seniors do not have in their possession.

Dubbed a “Wearable OnStar for seniors,” Kanega is a stylish watch that provides discrete support for falls, medication reminders and a safeguard against wandering, as well as uses an easy-to-use speech interface rather than buttons. The Bluetooth-enabled wearable — which recently made its Kickstarter debut — is connected to a cellular network, meaning that it isn’t reliant upon Wi-Fi or having to be synced to a smartphone much like the Apple Watch or Samsung Gear.

Better yet, UnaliWear’s latest product can be worn 24/7 thanks to its waterproof casing. This allows for the band to be used in the shower or bath, where a majority of falls occur. Its well-lit display and other built-in features can even assist with issues that may arise at night, such as trips to bathroom or the kitchen for a snack.

Aesthetically it appears no different than a traditional watch, thereby eliminating the ignominy often associated with “needing” assistance. Instead, it first requests permission to speak by buzzing on a wearer’s wrist — something that will surely come in handy when in public. The device can even communicate over Bluetooth to newer generation hearing aids, as well as serve as a communications gateway for home telemedicine devices.

Shall an emergency arise, voice-activated assistance will connect you directly to a monitor who will confirm assistance should be dispatched to a location. If a user happens to activate help and doesn’t respond immediately, UnaliWear will call an emergency contact first or dispatch local medical assistance, depending on the preferences set.

At its core, the gadget is based on an Atmel | SMART SAM4L Cortex-M4 MCU and a ATWINC1500 module. While it may appear to be another smartwatch, it’s so much more. Aside from its “work anywhere” support, Kanega packs 200% more battery life, continuous speech recognition, patent-pending quick-swap batteries, GPS for proper tracking, and a 9-axis accelerometer. Detected falls trigger a watch-based query, which significantly reduces false alerts, and eliminate the need to be near a base station or smartphone.

What’s more, data is collected and sent to Verizon’s HIPAA-compliant cloud, which offers an analysis of the wearer’s lifestyle. Artificial intelligence learns the wearer’s lifestyle to determine likelihood of wandering, and updates the information on the watch — including activity and medication reminders — every night while asleep. This also helps a wearer obtain directions home or get help if they happen to stray from home.

Interested in a Kanega for a loved one in your life? Hurry over to its official Kickstarter page, where UnaliWear is currently seeking $100,000. Delivery for early backers is expected to begin in February 2016, while shipments to all other consumers slated for Summer 2016.

UPDATE: UnaliWear has completed a successful crowdfunding campaign, having raised $110,154 from 306 backers.

Forward secrecy made real easy

3 Replies

Taking a closer look at how ATECC508A CryptoAuthentication devices can help in providing robust authentication.

Forward secrecy, which is often referred to as Perfect Forward Secrecy (PFS), is essentially the protection of ciphertext with respect to time and changes in security of your cryptographic session keys and/or primary keying material over time.

A cryptographic session key is used to authenticate messages and encrypt text into ciphertext before it is transmitted. This thwarts a “man in the middle” from understanding the message and/or altering that message. These keys are derived from primary keying material. In the case of Public Key Cryptography, this would be the private key.

Unless you are implementing your own security in the application layer, you probably rely on the TLS/SSL in the transport layer.

The Problem

One can envision a scenario in which ciphertext was recorded by an eavesdropper over time. For a variety of reasons out of your control, your session keys and/or primary keying material are eventually discovered and this eavesdropper could decipher all of those recorded transmissions.

Release of your secret keys could be the result of a deliberate act, as with a bribe, a disgruntled employee, or even someone thinking they are “doing the right thing” by exposing your secrets. Or, it could be the result of an unwitting transgression from protocol. Equipment could be decommissioned and disposed of improperly. The hard drives could be recovered using the infamous dumpster dive attack methodology, thus exposing your secrets.

If you rely solely on transport layer security, your security could be challenged knowingly or unknowingly by third parties controlling the servers you communicate with. Recently leaked NSA documents shows powerful government agencies can (and do) record ciphertext. Depending on how clever or influential your snoopers are, they could manipulate the server system against you.

There are many ways your forward security could be compromised at the server level, including server managers unwittingly compromise it due to bad practices, inadequate cipher suites, leaving session keys on the server too long, the use of resumption mechanisms, among countless others.

Let’s just say there are many, many ways the security of your session keys and/or primary keying material could eventually be compromised. It only takes one of them. Nevertheless, the damage is irreversible and the result is the same: Those recorded ciphertext transmissions are now open to unintended parties.

The Solution

You can wipe out much of your liability by simply changing where encryption takes place. If encryption and forward secrecy are addressed in the application layer, session keys will have no relationship with the server, thereby sidestepping server based liabilities.This, of course, does not imply transport layer security should be discarded.

A public/private key system demonstrates the property of forward secrecy if it creates new key pairs for communication sessions. These key pairs are generated on an as-needed basis and are destroyed after a single use. Their generation must be truly random. In fact, they cannot be the result of a deterministic algorithm. Once a session key is derived from the public/private key pair, that key pair must not be reused.

Atmel’s newly-revealed ATECC508A CryptoAuthentication device meets this set of criteria. It has the ability to generate new key pairs using a high quality truly random number generator. Furthermore, the ATECC508A supports ECDH, a method to spawn a cryptographic session key by knowing the public key of the recipient. When these spawned session keys are purposely short-lived, or ephemeral, the process is known as ECDHE.

Using this method, each communication session has its own unique keying material. Any compromise of this material only compromises that one transmission. The secrecy of all other transmissions remains secure.

The Need for Robust Authentication

Before any of the aforementioned instances can occur, the identity of the correspondents needs to be robustly authenticated. Their identities need to be assured without doubt (non-repudiation), because accepting an unknown public key without robust authentication of origin could authorize an attacker as a valid user. Atmel’s ATECC508A provides this required level of authentication and non-repudiation.

Not only is the ATECC508A a cost-effective asymmetric authentication engine available in a tiny package, it is super easy to design in and ultra-secure. Moreover, it offers protective hardware key storage on-board as well a built-in ECC cryptographic block for ECDSA and ECDH(E), a high quality random number generator, a monotonic counter, and unique serial number.

With security at its core, the Atmel CryptoAuthentication lineup is equipped with active defenses, such as an active shield protecting the entire device, tamper monitors and an active power supply circuit which disallows the ability to “listen” for bits changing. The ECC-based solutions offer an external tamper pin, so unauthorized opening of your product can be detected.

ZRRO lets you touch your TV from the couch

2 Replies

This standalone console wants to revolutionize set-top boxes with a unique interface.

Instead of trying to convince Android developers to customize content for old-fashioned gamepads, one Tel Aviv startup has developed the first controller that enables users to play all touch games and apps the way they are, without any modification. Dubbed ZRRO, the system is comprised of a standalone Android-based console that connects to any TV to make it smart and a touchpad powered by the company’s proprietary zTouch technology.

What’s great is that its controller mimics touchscreen functionality on the big screen, allowing you to interact with both games and apps in a much more natural, intuitive way. Not to mention, users can now access all million-plus Android games and apps directly from their TV, as if it were a huge tablet.

ZRRO consists of three elements: the Pad, the Box and your TV. First there is the Pad, which features a unique touch-based interface that mirrors a finger’s position onto the TV. Hovering lets you use your finger to navigate and select the right item while keeping your eyes on the screen. Special indicators reveal both the position of your fingers and the distance they are from the pad. Other touch gestures — including pinching, dragging and swiping — are supported as well. Meanwhile, a built-in accelerometer and vibration feedback round out the gamer-friendly design.

“Touchscreens today use one of two kinds of sensing technologies. Mutual-capacitance precisely senses individual touch points. Self-capacitance crudely detects fingers further away from the controller, but does not enable multiple detection (causing a ‘ghosting’ interference),” the team explains. “zTouch offers the best of both worlds, effectively solving the ‘ghosting’ problem. By changing the traditional grid layout to a dot matrix layout and developing special algorithms to analyze this new data, it has become the first multi-touch technology that precisely senses conductive objects (like fingers) up to 1.2 inches away from the pad with sub-pixel resolution.”

Secondly, the ZRRO Box is a set-top console with HDMI output that supports up to 4K resolution. Designed especially for gaming and entertainment, the device runs Android OS 4.4 on a 2.0GHz quad-core processor, packing 2 GB RAM and 16 GB of internal storage. There are also two USB ports on-board along with a a microSD card reader for expandable memory.

Ready to touch your TV from the couch? Head over to ZRRO’s official Kickstarter page, where the team is currently seeking $200,000.

Report: 1.2 billion smartphones were sold in 2014

Atmel and the Evolution of MCU

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

The Problem

The Solution

The Need for Robust Authentication

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: