Category Archives: Security

Keeping consumables real

2 Replies

The most cost-effective and secure way to keep things real is through symmetric authentication without secret storage on the host using a fixed challenge.

With the ever present threat of counterfeiting, having a cost-effective and highly-secure way to ensure that a consumable product is real is a great idea. In fact, there is a proven industry standard approach to apply sophisticated cryptographic engineering and mathematics to fight counterfeiting; namely, crypto elements like the Atmel ATSHA204A device.

Crypto elements can attach to a consumable good, such as the classic example of an ink cartridge, even without being soldered in. The device can be glued directly outside of the product. When the ink or other consumable is inserted into the host system (where the MCU is), the crypto element makes contact and the host is able to communicate with the item to validate whether or not it is real. This is called authentication.

consumable

The most cost-effective yet secure way to authenticate is through symmetric authentication without secret storage on the host using a fixed challenge.

With symmetric authentication, a client and the host run the exact same calculation on each side, and if the client (the consumable) is real, then the results of those calculations (called the “responses”) will match. There is a way to go about using a very inexpensive MCU without running the crypto calculations within the host side’s MCU. That is where the concept of fixed challenge comes into play. The idea of a fixed challenge is that the calculation done for the host is conducted ahead of time, and the challenge/response pair from that calculation is loaded into the host.

The fixed challenge method is ideal when certain considerations are in play, such as the folowing:

  1. Very limited processing power (e.g. low-cost MCU)
  2. Abundance of available memory to easily store challenge-response pairs (e.g. in a smartphone)
  3. Need to get something out quickly or temporarily (e.g. time to market)
  4. Need a very low cost on the host (e.g. can’t afford adding a key storage device)
  5. Desire to not store a secret key in the host

So, how does a fixed challenge work? Like with other challenge-response operations, the process starts with the host controller sending the client a numerical challenge to be used in a calculation to create a response, which then gets compared to a “response” number in the host. What makes this “fixed” is that, because there is no crypto device in the host to generate random numbers (or make digests using hashing algorithms), the challenge cannot be random. That means that the challenges and their corresponding responses must be pre-calculated using the client’s secret key and the challenge and response pair loaded into the memory of the host. This can be looked at as effectively time-shifting the calculations used for authentication.

fixed 1

Let’s look at an example using the ATSHA204A installed in the client.

Step 1: In the factory when the host manufactured challenges are loaded into the host MCU memory together with a response that is calculated by hashing the client’s secret with that challenge.

Step 2: When the consumable is inserted into the host machine out in the field, the host MCU will ask the client (consumable) to prove it is real by sending it the preloaded challenge.

Step 3: The client will then run the hash algorithm on that challenge number using its stored secret key to generate a response, which it sends back to the host.

Step 4: The host will compare the response from the clients with the preloaded response value stored in its memory.

Step 5: If the client is real, the response from the client (which is the hash value based on the secret key and the challenge) will be the same as the response value that was preloaded in the host.

Since each host is loaded with a different challenge/response pair, each product that the host is incorporated into is then unique by definition. Cloning beyond only one copy is impossible; thus, this is a highly-secure and very cost-effective technique as it can be easily implemented with very inexpensive MCUs.

This approach can be used for firmware protection and designs with no secrets in the host (as noted), as well as be implemented with very low-cost MCUs that do not have the processing power to run the hashing algorithms.

The many benefits of fixed challenge authentication:

  • Symmetric authentication is fast
  • No secrets in the host
  • Can use low-cost MCU of host because less computation is needed for a fixed challenge
  • Prevents cloning
  • Protects investments in firmware
  • Enhances safety
  • Protects revenue stream
  • Protects brand image
  • Better control of the supply channel

Atmel crypto element devices — including ATSHA204AATECC108AATECC508A and ATAES132A — implement hardware-based key storage, which is much stronger than software based storage due to the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software, and hardware products from cloning, counterfeiting, hacking, and other malicious threats.

Revolar is a smart wearable device that’ll keep you safe

1 Reply

A small wearable to solve a big problem.

At one point or another, we’ve all been (or will one day be) in a situation where we do not feel safe and have limited access to loved ones. And as scary as it may sound, one in five women in America will be sexually assaulted in their lifetime. Designed to eradicate this statistic and to help spur a more security-conscious society, Revolar is a new wearable device that syncs with a smartphone’s emergency contacts via Bluetooth and acts as a “magic button” that sends out an SOS with a user’s exact GPS location.

a485c907f286d10ef74d2b3598ec0263_original

The idea was first conceived by Revolar’s founder Jacqueline Ros after her sister was attacked multiple times before the age of 17. Subsequently, Ros was determined to find a solution and curb these sort of occurrences from ever happening again.

Just about the size of a quarter, Revolar can be discreetly placed just about anywhere, from a piece of jewelry, to a pocketbook or backpack, to a shirt or jacket collar. The device itself is comprised of two components: a communications module and its hard shell casing. Revolar features a drop-in system that also lets users to take the module and interchange it into a differently colored shell — currently available in white, blue and black — so that it can match with nearly any sort of attire.

b10e8fe511bb62022290f20466a2716e_original

How it works is easy. First, the unit is attached to an article of clothing, accessory or keychain. A user then inputs his or her emergency contacts into the Revolar mobile app. Only if and when assistance is required, the button is pressed. This sends the wearer’s exact GPS location to its respective recipients.

What’s nice, Revolar can be used by nearly everyone — kids can input the contact information of their parents or caregivers, campus police for college students, or colleagues for business travelers when abroad. Once activated, the user’s mobile phone will automatically switch phone settings to silent, if desired. As soon as a user feels safe, they can simply turn off the alert using their app PIN, and friends and family will be notified with a message that they are indeed okay.

501ff4da995553e61a394aac586848de_original

“Our technology is built upon the most innovative Internet on Things Security Platform, which assures the integrity and confidentiality of our users data while enabling rapid development. This technology also enables secure device-to-device communications management,” the team writes.

Built around Atmel CryptoAuthentication devices, Revolar packs a whole lot of security features for such a tiny gadget. For one, users can take comfort in knowing that each wearable unit is as unique as the wearer themselves and cannot be cloned. Because of its chain of security, devices cannot be impersonated on the network either. Beyond that, data being communicated between each Revolar cannot be intercepted or manipulated by a third party.

Sound like something you or a loved one would like? Head over to Revolar’s official Kickstarter page, where the team is currently seeking $75,000. If all goes to plan, shipment is expected to begin early spring 2016.

Wi-Fi router flaw leaves hundreds of hotel guests vulnerable to hackers

1 Reply

Researchers have discovered 277 devices in 29 countries to be accessible over the Internet.

Another week, another piece of research highlighting the vulnerabilities of Wi-Fi devices. This time, security firm Cylance has discovered routers — which can be been found in eight of the world’s top 10 hotel chains — to be vulnerable to hacking. The experts claim cyber attackers could easily use the flaw to monitor and record data sent over the hotel’s Wi-Fi network.

area-wifi-hotel-a-pisa-3-stelle

Cylance discovered that multiple ANTLabs InnGate models contained a misconfigured, unauthenticated rsync service that listened on TCP port 873 and gave unprivileged users full read and write access to the file system. The Rsync daemon is a tool often used to backup systems since it can be set up to automatically copy files or new parts of files from one location to another.

“When an attacker gains full read and write access to a Linux file system, it’s trivial to then turn that into remote code execution,” Cylance researcher Brian Wallace wrote in a blog post. “The attacker could upload a backdoored version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker.”

For example, hackers could potentially use the security weakness to infiltrate keycard systems to secure and unlock doors, monitor and record data sent over the network, access the hotel’s reservation system, and even distribute malware to guests, among countless other malicious acts.

At the moment, Cylance has confirmed the flaw can be found in 277 devices spanning across 29 countries that are accessible over the Internet. Aside from more than 100 of them being at located in the United States, the researchers have unearthed susceptibility in 16 systems in the UK, 35 in Singapore and 11 in the United Arab Emirates.

darkportal-map.png

“The affected nodes also include quite affluent hotels. Listing those vulnerable devices at this time would be irresponsible and could result in a compromise of those networks,” the team’s blog explains. “Take it from us that this issue affects hotels brands all up and down the spectrum of cost, from places we’ve never heard of to places that cost more per night than most apartments cost to rent for a month.”

ANTlabs has since released a patch to fix the vulnerability. If recent events were to demonstrate anything, it is that hotel networks are a common target to hackers. In fact, just last November, Kaspersky Lab documented the activity of a cyberespionage group dubbed DarkHotel that preyed on business travelers by compromising the networks of luxury hotels in the APAC region. It’s more apparent than ever that, not only are security flaws on the rise, they affect us all. Subsequently, how can you ensure that your network and its devices are protected? Those wishing to read more can head over to a detailed write-up from Wiredas well as check out Cylance’s official blog post here.

Turning on a lamp via the Internet the Big Bang Theory way

Leave a reply

A team of Atmel Norway engineers decided to make their own rendition of the Big Bang Theory Internet-controlled lamp scene. (Yes, even Sheldon Cooper would approve of this one.) 

How many of you are fans of the CBS hit sitcom series, Big Bang Theory? Well, you’re in luck. If you recall an episode from the show’s first season, entitled “The Cooper-Hofstadter Polarization,” the team of Sheldon Cooper, Leonard Hofstadter, Howard Wolowitz and Raj Koothrappali successfully turned on a lamp via the Internet using an X-10 system.

To do so, the gang sent signals across the web and around the world from their apartment to connect not only their lights, but other electronics like their stereo and remote control cars as well.

“Gentlemen, I am now about to send a signal from this laptop through our local ISP racing down fiber optic cable at the of light to San Francisco bouncing off a satellite in geosynchronous orbit to Lisbon, Portugal, where the data packets will be handed off to submerged transatlantic cables terminating in Halifax, Nova Scotia and transferred across the continent via microwave relays back to our ISP and the external receiver attached to this…lamp,”  Wolowitz excitedly prefaced.

800px-X10_1

What’s funny is, the technology that the group of sitcom scientists was simulating could have just as well been done using a Wi-Fi network controller, like the WINC1500 module. However, at the time of airing back in March of 2008, open access for Internet users looking to control “things” around the house was seemingly something only engineers and super geeks thought possible.

In an effort to generate awareness around the upcoming IoT Secure Hello World training series, a team of Atmel Norway engineers decided to make their own rendition of the Big Bang Theory lamp scene using the ATWINC1500 IEEE 802.11b/g/n network controller and an Atmel | SMART SAM D21 Xplained Pro board, all secured by Atmel CryptoAuthentication devices.

After watching the Trondheim-based crew’s Cooper-Hofstadter IoT experiment above, be sure to check out a detailed description of the technology behind the project and learn more about the IoT Secure Hello World Tech on Tour seminar below.

Air traffic control system vulnerable to hackers, report finds

1 Reply

The United States’ system for guiding planes and other forms of aircraft is at an increased and unnecessary risk of being hacked.

A new Government Accountability Office report reveals that cybersecurity is “threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system.” The 42-page document entitled “Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems” credits the FAA with taking steps to deter malicious hackers but concluded that significant security control weaknesses still remain.

Verkeerstoren_Brussels_Airport-1

One area of supcetibility, in particular, is the ability to prevent and detect unauthorized access to the vast network of computer and communication systems. These include controls for protecting system boundaries, identifying and authenticating users, authorizing users to access systems, encrypting sensitive data, and monitoring activity on the FAA’s systems, the report states.

The FAA relies on more than 100 of these air traffic systems to direct planes, with air traffic controllers responsible for an average of 2,850 flights at any given moment. As the Washington Post points out, 14,000 controllers work in three different types of facilities: 500 airport control towers that oversee landings and takeoffs; 160 facilities that direct planes to and from cruising altitudes; and 22 centers that supervise aircraft at cruising altitude.

According to the GAO’s latest findings, there are also a number of inadequate safeguards to prevent entry into the air traffic network from other, less-secure computer systems not directly involved in traffic operations. The report goes on to note that threats to the ATC system are on the rise, especially from terrorists, criminals and other foreign governments.

11943716-Air-traffic-controller-point-to-plane-on-radar-sonar-Air-Traffic-Control-Tower-Stock-Photo

Among the other notable vulnerabilities listed in the report include security weaknesses identified by the FAA weren’t always addressed in timely fashion, control assessments weren’t always comprehensive enough to find weaknesses, and shortcomings in monitoring for hacking incidents or unauthorized entries mean the FAA may not be able to contain, eradicate or recover from incidents.

“These shortcomings put (national airspace) systems at increased and unnecessary risk of unauthorized access, use, or modification that could disrupt air traffic control operations,” the report concludes.

Interested in reading more? Access the entire report here. With the number of cyber attacks on the rise and no apparent end in sight, how can you ensure that your network is indeed protected?

ChipWhisperer-Lite is an educational board for embedded security

1 Reply

ChipWhisperer is the first open-source toolchain for embedded hardware security research including side-channel power analysis and glitching.

Side-channel power analysis refers to a method of breaking implementations of completely secure algorithms such as AES-256. Such capabilities have been known for a long time – the attack was first published in 1998. But even today many consider side-channel attacks exotic, and don’t take them seriously when designing secure systems. That is why Canadian startup NewAE Technology has launched a new project to help inform designers that they need to take these threats seriously, by teaching them how the attacks work!

photo-1024x768

Recently debuted on Kickstarter, the aptly named ChipWhisperer-Lite is essentially an educational tool, designed to introduce embedded enthusiasts to the area of side-channel power analysis. You may also recall the project from last year’s Hackaday Prize, where it garnered second place accolades.

Side-channel attacks aren’t magic; in fact, it is possible to design systems which are resistant to them. For instance, Atmel has a line of secure processors which would have encryption peripherals which cannot easily be attacked. Another example is the ATAES132 device – again this has resistance against side-channel attacks, so you could be more confident in the security of that device, compared to a generic microcontroller with an AES hardware peripheral (such as the AVR XMEGA). It’s all about managing the risk!

8a98245ccbc082ea5c6f1c36fe33147c_large

Additionally, the ChipWhisperer-Lite required a high-speed USB interface, and so, the NewAE Technology team turned to the Atmel | SMART SAM3U2C to accomplish this feat.

“While a number of systems are designed around generic interface chips, using a high-speed USB microcontroller gave me a lot more flexibility. In addition the cost of the microcontroller chip was cheaper than the stand-alone interface chip I would have used, so all these benefits came at no penalty to the BOM cost,” writes company co-founder Colin O’Flynn.

This shows the basic connections between the SAM3U2C and the FPGA. The external memory interface on the SAM3U2C is used to simplify data and control transfer to and from the FPGA.

This shows the basic connections between the SAM3U2C and the FPGA. The external memory interface on the SAM3U2C is used to simplify data and control transfer to and from the FPGA.

According to O’Flynn, the SAM3U family was selected based on set of criteria:

  • High-speed USB 2.0 interface
  • External memory interface with programmable timing parameters
  • TQFP Package (as he wanted people to be able to build this project themselves)
  • Lower cost than standalone interface chip (he had been looking for roughly $3-$4 in a quantity of 1,000)
  • ROM-resident USB bootloader (so that people building their own don’t need a programmer, and makes the board unbrickable)

“The external memory interface is actually critical to achieving a simple FPGA interface. This allows me to memory-map sections of the FPGA right into the SAM3U processor memory. If transferring data over USB to the FPGA, I can point the USB code from the Atmel Software Framework (ASF) to the location in the FPGA I want the data to go,” O’Flynn adds. “This means no need to copy the data multiple times between buffers, or use some specialized protocol to transfer data from the microcontroller to the FPGA.”

Beyond that, the SAM3U2C simplifies system management. Meeting USB sleep mode current limits (2.5 mA) means shutting off the FPGA and analog portions of the board. Standalone interface chips provide a ‘SUSPEND’ output which you can use, but having the microcontroller offered much more control, which ChipWhisperer-Lite’s creators were able to use for meeting inrush current limits.

The USB standard has limits on the inrush current; this current occurs when the USB device is plugged in and all the capacitors start charging. To avoid exceeding these currents most boards need a ‘soft-start,’ where power supplies are turned on after some delay (or after the USB device finishes enumerating).

“Putting this in the microcontroller gives me control over that delay if fine-tuning is needed, or even having the option of adding multiple switches or slower ramps using a PWM output,” says O’Flynn.

This shows the switch for the FPGA and analog power supplies. Depending on the total load, an RC filter can be added to slow the turn-on speed of the FETs.

This shows the switch for the FPGA and analog power supplies. Depending on the total load, an RC filter can be added to slow the turn-on speed of the FETs.

Using the SAM3U2C also provided a nice set of peripherals to use, too. The ChipWhisperer-Lite required a ‘target’ device that the user (i.e. student) programs with their algorithm of interest. For this case, the team selected an XMEGA MCU to serve as a programmable target for the student.

The XMEGA device can easily be programmed with only two wires (PDI), and this is generated by one of the SPI modules in the SAM3U. O’Flynn also used a USART module to communicate with the XMEGA, and finally another SPI module to download configuration data to the FPGA.

“While generic interface chips often have support for serial protocols (such as SPI or USARTs), the problem is they are normally limited in the number of channels offered, or I couldn’t use the serial-interface mode at the same time as high-speed parallel interface mode.”

In addition the details of the protocol (such as the low-level PDI programming protocol for the XMEGA) go into the firmware on the SAM3U2C, simplifying the higher-layer USB interface.

c0213e143d5dc2cf1c1fb4dde421ea6b_large

“I find it easier to develop those low-level protocols on an embedded system from within Atmel Studio 6.2, compared to trying to send timing-specific information across the USB bus to be processed by the interface chip! Anytime you can avoid USB debugging is time well spent in my books,” O’Flynn emphasizes. “Using an ASF application example as a starting point for the whole application let me rocket through development, with satisfyingly few moments of pounding my head against the desk figuring out why things weren’t working!”

A final nicety of the design was the ability to use the unique ID programmed into the SAM3U2C as part of the USB device serial number. In other words, the NewAE Technology crew could generate unique serial numbers for each device without requiring any special manufacturing step – every device is loaded with the same binary firmware yet still has a unique serial number. As an end-user, having unique USB serial numbers improves the experience since otherwise Windows will reload the driver when you change the USB port the device is plugged into.

“We’re eliminating the problem for good by making the tools open-source. Because this whole area is an active research area, the tools need to be open-source. This isn’t a case of attempting to seem sexy by adding the word ‘open-source’, but placing something of commercial value into the open-source domain, in the hope it spurs a larger community. This includes hours of tutorials on this area, more than just a few board files and some source code.”

Indeed, this project was devised as a fairly advanced piece of test equipment for well-seasoned Makers, embedded developers and computer engineers. That being said, it is important to note that it is not Arduino-compatible, nor does it work with Raspberry Pi or BeagleBone. However, O’Flynn does reveal that an Arduino-compatible, ATmega328P based target board is in the works. Impressively, ChipWhisperer-Lite also enables users to snap off the ‘target board,’ giving them both a main measurement tool and a target device.

e1dd963d975ca506d1570c18a6023fae_large-1

Interested in learning more? You can head over to its official Kickstarter page, where the team is well on its way to achieving its $50,000 goal. Pending all goes to plan, shipment is slated for August 2015.

Atmel and Sequitur Labs bring robust adaptive security to the IoT

1 Reply

The recent partnership highlights a new approach to IoT security and management along with ultra-secure hardware at Embedded World 2015.

Sequitur Labs, a developer of advanced security solutions and policy management for the mobile computing and connected devices markets, and Atmel will be demonstrating a joint platform for enhanced security and manageability of Internet of Things (IoT) devices and applications at Embedded World 2015 in Nuremberg, Germany.

The Seattle-based company has integrated their programmable, context aware security and manageability platform for embedded and smart gadgets with Atmel’s SAMA5D4 and SAM D21 MCUs, ATWINC1500 Wi-Fi modules, as well as ATECC508A crypto element devices employing ultra-secure hardware-based key storage. The joint solution significantly raises the bar on countering threats aimed at the IoT by implementing a system-wide, dynamic approach to security policy enforcement.

As recent reports suggest, the IoT market is projected to grow significantly with 69% of U.S. consumers planning to buy network-connected technology for their homes by 2019. And, with the number of intelligent devices entering the market on the rise, enhanced security and manageability of data becomes critical for IoT adoption. Threat vectors are expected to multiply quickly as connected nodes increase in volume with immense potential repercussions for business, critical infrastructure, medical systems, transport systems and personal data.

“Security and manageability of IoT nodes are the primary needs in this market. ‘Thing’ makers must stay ahead of the game by creating devices that are ‘secure by design’ and that employ a systems-driven approach. This means robust security and management need to be designed right from the outset and not added as an afterthought,” explained Phil Attfield, CEO of Sequitur Labs.

It should be noted that Sequitur’s security framework includes secure, policy driven command and control, enhanced data protection and hardware encryption, secure firmware updates, and programmable policy for greater customization.

“As a leader in security, Atmel is committed to delivering comprehensive, ultra-secure solutions to the billions of forthcoming connected devices,” said Bill Boldt, Atmel Senior Marketing Manager for Crypto Products. “Atmel’s innovative ecosystem partner, Sequitur Labs, is accelerating and simplifying IoT and embedded system development to provide the full complement of security capabilities, specifically confidentiality, data integrity and authentication. We are excited to work with Sequitur Labs to continue bringing ultra-secure, hardware-based key storage solutions to a wide range of applications including IoT, wireless, consumer, medical, and industrial, among others.”

The Sequitur Labs and Atmel product demonstration platform can be seen in the Atmel booth (4A-230) all week long at Embedded World. Additionally, Sequitur Labs CEO Phil Attfield will present “Reducing Risk and Liability of IoT with a Systems-based Approach to the 20 Critical Security Controls,” while Atmel’s very own Kerry Maletsky will explore “Making IoT a Reality—Leveraging Hardware Security Devices.”

Interested in learning more? Head over to Sequitur Labs’ official page here.

Forward secrecy made real easy

3 Replies

Taking a closer look at how ATECC508A CryptoAuthentication devices can help in providing robust authentication.  

Forward secrecy, which is often referred to as Perfect Forward Secrecy (PFS), is essentially the protection of ciphertext with respect to time and changes in security of your cryptographic session keys and/or primary keying material over time.

A cryptographic session key is used to authenticate messages and encrypt text into ciphertext before it is transmitted. This thwarts a “man in the middle” from understanding the message and/or altering that message. These keys are derived from primary keying material. In the case of Public Key Cryptography, this would be the private key.

Unless you are implementing your own security in the application layer, you probably rely on the TLS/SSL in the transport layer.

The Problem

One can envision a scenario in which ciphertext was recorded by an eavesdropper over time. For a variety of reasons out of your control, your session keys and/or primary keying material are eventually discovered and this eavesdropper could decipher all of those recorded transmissions.

Release of your secret keys could be the result of a deliberate act, as with a bribe, a disgruntled employee, or even someone thinking they are “doing the right thing” by exposing your secrets. Or, it could be the result of an unwitting transgression from protocol. Equipment could be decommissioned and disposed of improperly. The hard drives could be recovered using the infamous dumpster dive attack methodology, thus exposing your secrets.

If you rely solely on transport layer security, your security could be challenged knowingly or unknowingly by third parties controlling the servers you communicate with. Recently leaked NSA documents shows powerful government agencies can (and do) record ciphertext. Depending on how clever or influential your snoopers are, they could manipulate the server system against you.

There are many ways your forward security could be compromised at the server level, including server managers unwittingly compromise it due to bad practices, inadequate cipher suites, leaving session keys on the server too long, the use of resumption mechanisms, among countless others.

Let’s just say there are many, many ways the security of your session keys and/or primary keying material could eventually be compromised. It only takes one of them. Nevertheless, the damage is irreversible and the result is the same: Those recorded ciphertext transmissions are now open to unintended parties.

The Solution

You can wipe out much of your liability by simply changing where encryption takes place. If encryption and forward secrecy are addressed in the application layer, session keys will have no relationship with the server, thereby sidestepping server based liabilities.This, of course, does not imply transport layer security should be discarded.

A public/private key system demonstrates the property of forward secrecy if it creates new key pairs for communication sessions. These key pairs are generated on an as-needed basis and are destroyed after a single use. Their generation must be truly random. In fact, they cannot be the result of a deterministic algorithm. Once a session key is derived from the public/private key pair, that key pair must not be reused.

Atmel’s newly-revealed ATECC508A CryptoAuthentication device meets this set of criteria. It has the ability to generate new key pairs using a high quality truly random number generator. Furthermore, the ATECC508A supports ECDH, a method to spawn a cryptographic session key by knowing the public key of the recipient. When these spawned session keys are purposely short-lived, or ephemeral, the process is known as ECDHE.

Using this method, each communication session has its own unique keying material. Any compromise of this material only compromises that one transmission. The secrecy of all other transmissions remains secure.

The Need for Robust Authentication

Before any of the aforementioned instances can occur, the identity of the correspondents needs to be robustly authenticated. Their identities need to be assured without doubt (non-repudiation), because accepting an unknown public key without robust authentication of origin could authorize an attacker as a valid user. Atmel’s ATECC508A provides this required level of authentication and non-repudiation.

Not only is the ATECC508A a cost-effective asymmetric authentication engine available in a tiny package, it is super easy to design in and ultra-secure. Moreover, it offers protective hardware key storage on-board as well a built-in ECC cryptographic block for ECDSA and ECDH(E), a high quality random number generator, a monotonic counter, and unique serial number.

With security at its core, the Atmel CryptoAuthentication lineup is equipped with active defenses, such as an active shield protecting the entire device, tamper monitors and an active power supply circuit which disallows the ability to “listen” for bits changing. The ECC-based solutions offer an external tamper pin, so unauthorized opening of your product can be detected.

Atmel launches next-generation CryptoAuthentication device

2 Replies

Atmel becomes first to ship ultra-secure crypto element enabling smart, connected and secure systems.

Just announced, the Atmel ATECC508A is the first device to integrate ECDH (Elliptic Curve Diffie–Hellman) security protocol — an ultra-secure method to provide key agreement for encryption/decryption, along with ECDSA (Elliptic Curve Digital Signature Algorithm) sign-verify authentication — for the Internet of Things (IoT) market including home automation, industrial networking, accessory and consumable authentication, medical and mobile, among many others.

Atmel_September2014_pg2

Atmel’s ATECC508A is the second integrated circuit (IC) in the CryptoAuthentication portfolio with advanced Elliptic Curve Cryptography (ECC) capabilities. With built-in ECDH and ECDSA, this device is ideal for the rapidly growing IoT market by easily providing confidentiality, data integrity and authentication in systems with MCU or MPUs running encryption/decryption algorithms (such as AES) in software. Similar to all Atmel CryptoAuthentication products, the new ATECC508A employs ultra-secure hardware-based cryptographic key storage and cryptographic countermeasures which are more secure than software-based key storage.

This next-generation CryptoAuthentication device is compatible with any microcontroller or microprocessor on the market today including Atmel | SMART and Atmel AVR MCUs and MPUs. As with all CryptoAuthentication devices, the ATECC508A delivers extremely low-power consumption, requires only a single general purpose I/O over a wide voltage range, and available in a tiny form factor, making it ideal for a variety of applications that require longer battery life and flexible form factors.

“As a leader in security, Atmel is committed to delivering innovative secure solutions to the billions of devices to be connected in the IoT market,” explained Rob Valiton, SVP and GM of Atmel’s Automotive, Aerospace and Memory Business Units. “Atmel’s newest CryptoAuthentication IC is the first of its kind to apply hardware-based key storage to provide the full complement of security capabilities, specifically confidentiality, data integrity and authentication. We are excited to continue bringing ultra-secure crypto element solutions to a wide range of applications including IoT, wireless, consumer, medical, industrial, and automotive, among others.”

CryptoSecurityALT_HPBanner_980x352_Final_v_2

Key security features of the ATECC508A include:

  • Optimized key storage and authentication
  • ECDH operation using stored private key
  • ECDSA (elliptic-curve digital signature algorithm) sign-verify
  • Support for X.509 certificate formats
  • 256-bit SHA/HMAC hardware engine
  • Multilevel RNG using FIPS SP 800-90A DRBG
  • Guaranteed 72-bit unique ID
  • I2C and single-wire interfaces
  • 2 to 5.5V operation, 150-nA standby current
  • 10.5-kbit EEPROM for secret and private keys
  • High-Endurance Monotonic Counters
  • UDFN, SOIC, and 3-lead contact packages

In the wake of recent incidents, it is becoming increasingly clear that embedded system insecurity impacts everyone and every company. The effects of insecurity may not only be personal, such as theft of sensitive financial and medical data, but a bit more profound on the corporate level. Products can be cloned, software copied, systems tampered with and spied on, and many other things that can lead to revenue loss, increased liability, and diminished brand equity.

Data security is directly linked to how exposed the cryptographic key is to being accessed by unintended parties including hackers and cyber-criminals. The best solution to keeping the “secret key secret” is to lock it in protected hardware devices. That is exactly what this latest iteration of security devices have, are and will continue to do. They are an inexpensive, easy, and ultra-secure way to protect firmware, software, and hardware products from cloning, counterfeiting, hacking, and other malicious threats.

Interested in learning more? Discover the latest in hardware-based security here. Meanwhile, you may also want to browse through recent articles on the topic, including “Is the Internet of Things just a toy?,” “Greetings from Digitopia,” “What’s ahead this year for digital insecurity?,” and “Don’t be an ID-IoT.

Hackers make off with at least $300 million in bank heists

Leave a reply

According to researchers, hackers have hit more than 100 financial institutions in 30 countries.

In what would appear to be a heist right out of a Hollywood script, a group of digital thieves have carried out malware attacks that have stolen at least $300 million from banks and other financial institutions in 30 countries. The breach could prove to be one of, if not, the largest bank thefts ever, according to The New York Times

fbi-malware

Kaspersky Lab, a Russia-based cybersecurity firm that investigated the string of thefts, has published a report on its findings. Based on The Times article, researchers discovered that the hackers — which have been dubbed the “Carbanak cybergang” — hit more than 100 establishments dating back to 2013. While the band of cyber criminals focused primarily on banks in Russia, millions of dollars were also taken from those in Japan, the Netherlands, Switzerland and the United States as well. The money was transferred to bank accounts around the world in small-value amounts to avoid detection.

The amount that Kaspersky has evidence of could potentially be three times more than initial projections. What’s worse, the firm says that the attacks may still be taking place. “That projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.”

To carry out the crimes, the report cited that the hackers sent emails containing a malware program called Carbanak to hundreds of bank employees, hoping to infect a bank’s administrative computer. Programs installed by the malware recorded keystrokes and took screenshots of the bank’s computers, so that hackers could learn bank procedures. They also enabled the criminals to control the banks’ computers remotely. By mimicking the bank procedures they had learned, the group directed the banks’ computers to steal money in a variety of ways.

atm-640

Hackers managed to steal the money in all sorts of creative ways, Kaspersky Managing Director Christopher Doggett revealed. For instance, the group managed to take $7.3 million by reprogramming a single bank’s ATMs, while another bank lost $10 million from its hacked online platform alone. The hackers were deep enough in the computer systems at banks to obtain sensitive customer information, as well managed to acquire the secret keys that ATMs use to make sure your PIN is valid, Kaspersky added.

“In some cases, transfers were run through the system operated by the Society for Worldwide Interbank Financial Telecommunication, or Swift, which banks use to transfer funds across borders. It has long been a target for hackers — and long been monitored by intelligence agencies.”

At the moment, both the White House and FBI have been briefed on the researcher’s findings, and Interpol is coordinating an investigation. This incident follows last year’s news of a cyber group implementing a piece of Backdoor.MSIL.Tyupkin malware to steal millions in cash from ATMs around the world — without having to use a credit or debit card. Kaspersky Lab had discovered this security breach as well.

Kaspersky researchers have traced the crime back to groups in Russia, China and Eastern Europe, and noted that they mainly targeted Russian-speaking banks with malware-laced emails in Russian.

“These attacks again underline the fact that criminals will exploit any vulnerability in any system,” said Sanjay Virmani, Director of Interpol’s Digital Crime Centre. “It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.”

Could this have been mitigated? Had tiny, inexpensive and ultra-secure hardware CryptoAuthentication devices been implemented, each time the software booted, it would have been checked for authenticity. Every time. No exceptions. Even the slightest deviance from the original code would be detected by the CryptoAuthentication protected system and the bad code would be unable to load. If the bad code doesn’t load, the account information cannot get into the hands of thieves, and the robberies could not happen. Period.

”The protection provided by CryptoAuthentication is built directly into the device, and it is secured in hardened, tested hardware. Hardware protection beats software protection every time. That is because software is always subject to bugs, tampering and malware, just as these attacks are proving. Again and again and again,” explained Atmel resident security expert Bill Boldt.

cryptosecurity_google_1080x608_final

The defense mechanism proposed here is extremely straightforward, and goes by the unimaginative yet highly descriptive name of “Secure Boot.” Though simple, given that it is hardware-based, it is incredibly strong.

“And, that is the lesson,” Boldt adds. “One would think that financial institutions should know by now that they need to harden the targets with hardware, and not leave themselves and their customers exposed.”

Interested in learning more about the attack? You can read the entire New York Times writeup here. Meanwhile, with security at our core, Atmel’s hardware-based solutions can protect every system and embedded design. Start safeguarding today.