TPM: The heavy artillery of cryptography

Data security is becoming a virtual battleground — evident by the number of major data breaches that have broken out at retailers such as Target, Staples, Dairy Queen, Home Depot and EBay, at major banks such as JP Morgan, and at many other institutions worldwide. The recent spate of security viruses such as Heartbleed, Shellshock, Poodle, and BadUSB (and who knows what’s next) have been creating serious angst and concern. And, rightfully so. The question is what exactly should you bring to the cyber battleground to protect your assets? This question matters because everyone who is using software to store cryptographic keys is vulnerable to losing sensitive personal data, and today that is just about everybody. So, choose your weapons carefully.

Fortunately, there are weapons now available that are very powerful while still being cost-effective. The strongest data protection available comes from hardware key storage, which beats software key storage every time. Keys are what make cryptography possible, and keeping secret keys secret is the secret to cryptography. Atmel’s portfolio contains a range of innovative and robust hardware-based security products, with the heavy artillery being the Trusted Platform Module (TPM).

TPM

The TPM is a cryptographic device with heavy cryptographic firepower, such as Platform Configuration Registers, protected user configurable non-volatile storage, an enforced key hierarchy, and the ability to both seal and bind data to a TPM. It doesn’t stop there. Atmel’s TPM has a variety of Federal Information Processing Standards (FIPS) 140-2 certified cryptographic algorithms (such as RSA, SHA1, AES, RNG, and HMAC) and various sophisticated physical security counter-measures. The TPM can be used right out-of-the-box with standards-based commands defined by the Trusted Computing Group, along with a set of Atmel-specific commands, which are tested and ready to counter real world attacks.

The Arsenal

Platform Configuration Registers and Secure Boot

One of the important weapons contained in the TPM is a bank of Platform Configuration Registers (PCRs), which use cryptographic hashing functions. These registers can be used to ensure that only trusted code gets loaded at boot time of the system. This is done by using the existing data in a PCR as one input to a hashing function with the other input being new data. The result of that hashing function becomes the new PCR value that will be used as the input to the next hashing function with the next round of new data. This process provides security by continuously changing the value of the PCR.

As the PCR value gets updated, the updated values can then be compared with known hash values stored in the system. If the reference values previously stored in the TPM compare correctly with the newly generated PCR values, then the inputs to the hashing function (new data in the diagram) are proven to have been exactly the same as the reference inputs whose hash is stored on the TPM. Such matching of the hash values verifies the inputs as being authentic.

The PCR flow just described is very useful when enforcing secure boot of the system. Unless the hashes match showing that the code is, indeed, what it is supposed to be, the code will not be loaded. Even if a byte is added, deleted, changed, or if a bit is modified, the system will not boot. For secure boot, the data input to the hashing function is a piece of the BIOS (or operating system).

User Configurable Non-Volatile Storage

Another weapon is user-configurable, non-volatile storage with multiple configuration options. What this means is that the user is presented with several ways to restrict the access and use of the memory space, such as by password, physical presence of the user, and PCR states. Additionally, the memory space can be set up so that it can be written only once, not read until the next write or startup of the TPM, not written to until the next startup of the TPM, and others.

Enforced Key Hierarchy

The TPM also incorporates an enforced key hierarchy, meaning that the keys must have another key acting as a parent key (i.e. a key higher in a hierarchy) for that key to get loaded into the TPM. The authorization information for the parent key needs to be known before the child key can be used, thereby adding another layer of security.

Binding and Sealing Data

Another part of the TPM’s arsenal is the ability to bind and/or seal data to the TPM. A seal operation keeps the data contained (i.e. “sealed”) so that it can only be accessed if a particular pre-defined configuration of the system has been reached. This pre-defined configuration is held within the PCRs on the TPM. The TPM will not unseal the data until the platform configuration matches the configuration stored within the PCRs.

A bind operation creates encrypted data blobs (i.e. binary large objects) that are bound to a private key that is held within the TPM. The data within the blob can only be decrypted with the private key in the TPM. Thus, the data is said to be “bound” to that key — such keys can be reused for different sets of data.

The Armor 

So the Atmel TPM has some pretty cool weapons in its arsenal, but does it have any armor? The answer is yes it does!

FIPS 140-2 Certified 

Atmel has dozens of FIPS 140-2 full module-level certified devices with various I/O’s including LPC, SPI, and I²C. The TPM uses a number of FIPS certified algorithms to perform its operations. These standards were developed, tested, and certified by the United States federal government for use in computer systems. The TPM’s FIPS certified algorithms include RSA, SHA1, HMAC, AES, RNG and CVL (find out more details on Atmel’s TPM FIPS certifications here).

Active Metal Shield

The TPM has built-in physical armor of its own. A serpentine active metal shield with tamper detection covers the entire device. If someone attempts to penetrate this shield to see the structures beneath it, the TPM can detect this and go into a fault condition that prevents further actions on the TPM.

Why TPM?

You might be asking, “Why can’t all those functions just be done in software?” While some of the protections can be provided in software, software alone is not nearly as robust as a hardware-based system. That is because software has bugs, despite how hard the developers try to eliminate them, and hackers can exploit those bugs to gain access to supposedly secure systems. TPM, on the other hand,stores secret keys in protected hardware that hackers cannot get access to, and they cannot attack what they cannot see.

The TPM embeds intelligence via an on-board microcontroller to manage and process cryptographic functions. The commands used by the Atmel TPM have been defined and vetted by the Trusted Computing Group (TCG), which is a global consortium of companies established to define robust standards for hardware security. Furthermore, the Atmel TPM has been successfully tested against TCG’s Compliance Test Suite to ensure conformance. Security is also enhanced because secrets never leave the TPM unless they have been encrypted.

With the battle for your data being an on-going reality, it simply makes sense to fight back with the heaviest artillery available. Combining all the weaponry and armor in one small, strong, cost effective, standards-based and certified package makes the Atmel TPM cryptographic the ideal choice for your arsenal.

This blog was contributed by Tom Moulton, Atmel Firmware Validation Engineer.

Exploring Atmel’s new microcontrollers, IoT and wearables

More and more companies, regardless of their vertical, are trying to get closer to their customers and see various aspects of the internet of things (IoT) as the way to do so. For a good example, here is Salesforce Wear Developer Pack which, as they say:

..is a collection of open-source starter apps that let you quickly design and build wearable apps that connect to the Salesforce1 Platform. Millions of wearable devices connected to the cloud will create amazing new application opportunities.

Since Salesforce.com cuts across all industries this has potential impact in many different market segments.

And, the wearable devices that they list are Google Glass, Android Wear, Samsung Gear Watch, Myo Armband, Nymi Bionym, Pebble Watch, Jawbone UP, Epson Moverio, Vuzix Smart Glasses, Oculus Rift, Meta Glasses.

This combination brings home that the internet of things isn’t just about the things, it is about connecting the things back to the cloud so that the data generated can be aggregated where it has much greater value.

I am sure that people will design SoCs for various aspects of IoT, but even if they do I think it will be in old processes, not even 28nm, so they can integrate sensors and analog and wireless on the same chip. But more likely a lot of these will be small boards with microcontrollers, wireless and sensors on different chips. For example, take a look at the iFixit teardown of the Fitbit, which in its current incarnation is about one inch by quarter of an inch.

An important aspect of doing this sort of design is having enough microcontrollers with the right combination of features. You can’t afford to have twice as much flash as you need or too many unused functions. The Atmel microcontroller product finder shows that at present they have 506 different ones to choose from.

The most recent two are SAMA5D4, and SAMD21 which are specifically targeted towards wearables and IoT projects. These are the latest two products in the Atmel SAM D family.

One area of especial concern in this market is security since it is too dangerous to simply try and do everything in software on the microcontroller. Keys can be stolen. Software can be compromised if it is in external RAM. An area of particular security concern is to make sure that any JTAG debug port is secure or it can be used to compromise almost anything on the chip.

So what are these chips?

The SAMA5D4 is an ARM Cortex-A5 device with a 720p hardware video decoder. It has high security with on-the-fly capability to run encrypted code straight out of external memory, tamper detection, secret key storage in hardware, hardware private and public key cryptography and ARM TrustZone. It supports both 16 and 32 bit memory interfaces for maximum flexibility. It is targeted at applications that require displays, such as home and industrial automation, vending machines, elevator displays with ads, or surveillance camera playback.

The SAMD21 is the latest Atmel microcontroller based on the ARM Cortex-M0+ but in addition to the features on earlier cores it also has:

• Full speed USB device and embedded host
• DMA
• Enhanced timer/counters for high end PWM in Lighting and motor control – I2S
• Increased I2C speed to 3.4Mbit/S
• Fractional PLL for audio streaming

As you can deduce from the feature set it is target at medium end industrial and consumer applications, possibly involving audio and high power management.

And, to show that this sort of market is starting to become real, at the salesforce Dreamforce event earlier in the week a keynote was given by will.i.am of the Black Eyed Peas (and a founder of Beats that Apple recently acquired). In a chat with Marc Benoiff, CEO of Salesforce.com, he has already leaked that he will introduced a wearable wrist computer that doesn’t require a phone to piggy-back on (unlike the Apple Watch).

Watch the chat:

Looking for more information on the SAMA5D4? It can be found here.

This post has been republished with permission from SemiWiki.com, where Paul McLellan is a featured blogger. It first appeared there on October 17, 2014.

Video: Vegard Wollan addresses Internet of Things security

In this video segment from my interview with Vegard Wollan, the co-inventor of the AVR microcontroller, we explore in detail the security problems you need to address as an embedded designer.

Let’s face it, it is obvious that security is a way of thinking. You have to assume bad people are going to try and hack your products. With the oncoming revolution in the Internet of Things, it is important you design the security within, rather than try to tack something on after an exploit.

The co-inventor of the AVR architecture notes that security is essential in embedded systems.

The key thing you have to know is that nothing beats hardware security. This is where the security system is implemented in silicon, storing a secret key, hash algorithms and random-number generator (RNG). Atmel makes both standalone security chips and incorporates the security circuits into some of our microcontrollers including Atmel | SMART ARM-based chips used for smart energy meters. The chips are more sophisticated than a simple IP block. In fact, there are extra layers of metal in the die so that hackers cannot probe the chip without ruining it. Many of the chips also dither the supply current, so a hacker cannot infer the code it is running by observing the tiny variations in supply current as it runs.

Atmel makes symmetrical security chips, where both the chip and the microcontroller code know the secret key, and also asymmetrical security chips, which work like that public and private keys systems you might be familiar with such as PGP and RSA security. And, note that you can uses Atmel’s tiny inexpensive security chips with any microcontroller, 8-bit, 16-bit or 32-bit, including all the micros made by Atmel’s honored competitors.

Interested in more? You can watch the entire 1:1 interview with Vegard here.

Video: Vegard Wollan talks AVR and ARM low-power operation

In this segment of the series, the co-inventor of the AVR microcontroller chip talks about the famously low power that the chips consume.

I had heard that one of the clever things Atmel does to save memory power is that we turn on the memory, fetch four instruction op-codes then turn the memory off again. Now, if there is a branch in these four op-codes that change the program flow, well, we have to turn on the memory and grab another four instructions. But, you can imagine just how often that the chips are executing all for instructions, so that we get those four op codes for the power cost of one fetch.

Vegard Wollan jokes will fellow Norwegian Andreas Eieland [off camera] about divulging the secrets to Atmel’s ultra-low power.

Vegard confirmed that Atmel does this on both the latest AVR and on our Atmel | SMART ARM-based chips. I love this clip since this is where we break the 4th wall as Vegard jokes to the crew that I am giving away too many secrets. I also confirmed that some of our ARM chips have a switching regulator controller built in. For instance, the SAM4L has one switching and one linear regulator built in. Now we don’t put any giant inductors inside the chip, you supply the external inductor, but all the control circuitry is available so you can really minimize the BOM (bill-of-materials).

To allow single-supply operation the ARM-based SAM4L microcontroller has a switching regulator on board, you only need to supply an external inductor.

This is yet another thing that differentiates our ARM-core parts from the competition. Most engineers know how cool and revolutionary the AVR was, but we have applied all the “cool” and more to our ARM-based chips. As Vegard noted, we have many tricks and innovations to sip the lowest amount of power, and that includes having our own processes at our Colorado Springs fabrication facility.

Hack the world: How the Maker Movement is impacting innovation

In March 2011, an earthquake and following tsunami rocked Japan, culminating in the worst nuclear disaster since Chernobyl. While the government focused on stabilizing the situation, the people of Japan were terrified of radiation, unaware whether it was safe for their families to stay in their homes.

(Source: Sean Bonner)

A group of Makers out of Tokyo Hackerspace found a quick solution to lack of information by building a cheap and easy-to-use pocket radiation detector using an Arduino (a pint-size computer that’s relatively easy for anyone to program). They began making them, and most importantly, sharing the instructions online for anyone to reproduce. Through a partnership with Safecast, they were able to get the radiation data off of people’s phones and onto an online platform. Within a month, thousands of data points had been picked up, and people could determine whether they should evacuate. Even today, people all over the world are building these radiation detectors, iterating on the original design for new purposes. Fikra Space, a hacker group in Baghdad, has amended the design to track Depleted Uranium pollution in their region.

I use this anecdote as an example frequently as a glimpse into the power of the Maker Movement. A term that’s been widely popularized by technologists as of late, Makers are not necessarily persons with huge engineering prowess. Neither are they hackers with malicious intent. Instead, the term Maker defines a movement combining simple technology with the right culture of innovation and collaboration, to have impact at a scale that most startup founders, corporate innovators, and city legislatures only dream of.

What is a Maker?

Makers represent a subculture of tinkerers, artists, and engineers. It’s a culture that is akin to punks and Goths – it represents not just a style, but a lifestyle. It has crossed decades and countries effortlessly. It is an ethos: a fundamental belief that the world is made better by building, and taking things apart.

(Source: Kyle Cothern)

Makers thrive on several things:

1. Finding novel applications of existing technology

They are interested in breaking or hacking things to make them better, more efficient, or just more fun. ArcAttack is a band of musicians using massive Tesla Coils, alongside live and robotic musicians to create a spectacular show of musical prowess and technological innovation. Anouk Wipprecht, fashion designer and former Autodesk Artists in Residence created a Faraday Cage dress for this past Maker Faire in San Mateo, and people watched in awe as she performed alongside ArcAttack as bolts of lightning struck her on all sides without doing any harm.

2. Exploring the intersections between seemingly separate domains

Because the barrier-to-entry to be a Maker is so low (read: nonexistent), new domains of expertise and collaborations are the process on which they thrive. 3D printers, once an expensive technology allowed for the elite few companies that required them and those who knew how to operate them, is now at a price point and skill level that many can afford. Similarly, this technology is being used for everything from printing clothing to live organs and skin. The opportunities are endless.

3. Curiosity and voracious appetite for continued education and Do-It-Yourself

Why buy something when you can build it? Why not learn how to solder? (Think of the possibilities!) These are the fundamental questions that drive Makers. From craftsmanship to electronics, Makers build things that are inherently valuable to them at that moment, whether it’s building a smart coffee maker to building a table. The pride that you feel from learning a musical instrument or a new language is the high that drives Makers to learn more, and do more.

Community (Makerspaces, Hackerspaces, FabLabs, Oh My!)

(Source: Mitch Altman)

Makers rarely work alone. Instead, they interact with an ever growing global community of hackerspaces, makerspaces, fablabs, and other collaborative spaces to share ideas and resources. Makerspaces have cropped up all over the world to give people access to tools, education and collaboration normally reserved for universities and corporate environments. These membership-based organizations range in size and structure, but share common tools such as 3D printers, CNC machines, electronics components, and more. These gyms for your brain have grown from several hundred to over 2,000 globally in a few short years.

(Source: MakerBot)

Makers in collaboration can lead to some advantageous financial results. In 2008, Bre Pettis, Adam Mayer and Zach Smith schemed up a small, inexpensive and easy-to-use 3D printer within New York’s hackerspace, NYC Resistor. Later that year, they released their first version for consumers. 6 years later, MakerBot has sold over 44,000 printers, built a leading brand, and was recently acquired by Stratasys for $403M. A company born out of the Maker Movement, MakerBot has ushered in a new industrial revolution, characterized by collaboration and open-source culture. They’re not alone in this endeavor, companies like Adafruit Industries, Arduino, and countless others are blurring the line between play and profit.

The Art of Playfulness (or, How to Fail Often)

When communities are built on resource-sharing and experimentation, there is considerably less stigma around failing. You simply try again, plus some well-earned knowledge and battle (soldering) scars, along with the thousands of others within the community.

The Power Racing Series understands all too well the educational benefits of failure and have embraced it with a friendly competition. Power Racing Series was schemed up at Chicago Hackerspace Pumping Station: One by Maker and designer Jim Burke. The challenge: build a working electric vehicle, starting with a kids Power Wheels and $500. Race it against a dozen others at Maker Faires all over the country, and compete for both technical prowess and “moxie” points awarded by the crowd for the most creative and ridiculous teams. Chassis’ fly off, cars catch on fire, and general, hilarious mayhem ensues.

(Source: Anne Peterson)

This race has gained tremendous traction as a friendly competition between makerspaces all over the globe , as a learning tool for engineering and imagination. Makers have competed from i3 Detroit, NIMBY, and even MIT. While the teams are competing against one another, they also share knowledge, tools and tech between one another during the race. Currently the races are held at 7 Maker Faires in the US, and they are opening up a high school league to encourage use of the races as a STEM education platform for students.

Companies like Power Racing Series have grown organically from embracing the inherent silliness that is a result of constant, quick-fire iteration. They also understand that it offers a unique hands-on way to learn engineering sans classroom or textbooks. Similarly, littleBits has found a way to teach the basics of electrical engineering with magnetic Lego-like blocks that can produce anything from musical instruments to internet of things devices with a few snaps. Sugru has made an entire business out of fixing broken things with a fun new material with the texture of Play-Dough that fixes everything from soldering irons to motorcycle windshields.

Impact (Produce Locally, Share Globally)

Makers think big. They don’t think in terms of revenue or projected growth, they think in terms of impact. Unburdened by fear of failure or lack of resources, they make things because they are useful, or present a unique challenge. Because of this, and ingrained roots stemming from the open-source software movement, the technology created has the ability to be adapted and used all over the world, outside the bounds of traditional gatekeepers.

(Source: Eric Hersman)

Makerspaces have permeated every corner of the globe, from Nairobi to Nicaragua, allowing access to shared resources not just within their individual spaces, but across borders. Just as Bre Pettis and team sought to solve the problem of expensive 3D printers, Makers are building things that are equally useful to them, and their communities.

BioCurious, a community of biohackers (yes, that’s a thing) in the Bay Area has found a way to make real vegan cheese by engineering yeast, raising over $37k on Indiegogo to fund the project. Two years prior, 4 girls in Lagos debuted a urine-powered generator at Maker Faire Africa, which provides 6 hours of electricity for every Liter of urine. While both projects are prototypes, both are reactions to clear, yet strikingly different needs of the individuals and communities involved.

Arduino, the pint-sized computer from Italy, is a tool for making an open-source micro-controller board and development environment that was inexpensive, cross-platform, and easy-to-use. Founder Massimo Banzi has succeeded in this endeavor, as Arduino boards have become the micro-controller of choice for Makers, and are used to power a variety of devices, from the previously mentioned bGeigie Nano to a variety of internet-of-things devices. The fact that Arduino is open-source allows anyone to iterate on the boards, whether creating smaller versions for wearables, or printing your own on paper.

DIY Drones, a website started by former Wired Editor-in-Chief Chris Anderson, sought a way to bring UAVS (Unmanned Arial Vehicles) from military to hobbyists. In a few years he’s been able to bring together an impressive community of Makers building drones and drone parts for a variety of purposes. Matternet has taken this movement and applied it to a very specific problem: the 1 billion people in the world that do not have access to all-season roads. This means, even though many of them have advanced telecommunications infrastructure, they cannot get food of medicine during an emergency. Founder Andreas Ratopolous saw the potential in UAVs far beyond what was being explored by hobbyist and has turned it into a viable business with massive impact.

What’s Next for the Maker Movement?

The Maker Movement has garnered a lot of attention over the last 5 years, but it’s not without it’s flaws. Hackerspaces and makerspaces, though great places to learn and innovate are difficult to scale, and can come with a host of organizational and cultural problems. Though there are a whole host of success stories of profitable business by Makers, most of the innovation is still culturally insulated and doesn’t ever make it to a business. Large brands have been attempting to leverage the Maker community to encourage internal innovation, but with little success. Why? By being exactly what the Maker moment loathes: large, secretive, and profit-driven.

The Maker Movement needs bridges, people who are passionate about everything that is at the core of the culture who are able to connect Makers to each other, and to the resources to translate ideas into tangible products.

As humans, we’re made to make stuff. It’s a fundamental part of our survival. The Maker Movement has built a culture on that core belief, and the creativity that it has unleashed has massive potential for the future of innovation across all domains, turning anyone from an engineer to a large organization into an entity capable of astronomical innovative potential.

Written by Madelynn Martiniere, this article was previously published on October 27, 2014 on Medium. 

Secure your hardware, software and IoT devices

Evident by a recent infographic published by Forbes, it appears people are finally cognizant of the urgent need for security. It’s clearer than ever that hacking has become a real problem over the web and into electronic devices. With the emergence of the Internet of Things (IoT), we consistently find ourselves connecting these gadgets and gizmos to the web. As a result, security becomes a key issue throughout the entire chain.

Analog Aficionado Paul Rako recently had the chance to catch up with Bill Boldt, Atmel’s resident security expert, to explore the latest threats and trends in security as well as how Atmel can help secure products across the spectrum. Not in the reading mood? There’s a pretty sweet playlist of all the footage from the 1:1 interview here.

In the first segment of the interview, Boldt discusses how an engineer or designer can use Atmel’s CryptoAuthentication chips to ensure that the accessories to a particular product are genuine. Here, the security expert talks about using symmetrical authentication to certify that only a drill manufacturer’s batteries will work on its own drill.

If you recall, Boldt provided an in-depth exploration into this same demo, which can be found here. Though securing hardware is great, if you wanted, you could make this symmetrical authentication protect any kind of plug-in or device, even if it is not electronic. In fact, this safeguard is used on things ranging from ink cartridges to e-cigarettes; moreover, medical device manufactures love this technology since it protects them from liability from knockoff products.

This can help secure products with add-ons or attachments, but an even greater value for hardware security comes when you use these chips to make sure that your device has not had its code or operating system hijacked. Since the interface between the microcontroller and the crypto chip is only sending a random number from the micro, and the one-time result from the crypto chip in response, snooping on the SPI port will not help you crack the code. Now, your microcontroller firmware can query the chip and ensure that it indeed gets the proper result — if someone attacks the firmware and puts their own code, it won’t execute since it cannot get past the protected part of the chip code that has to get a valid response from the crypto chip.

You can extend this to secure downloads as well. As long as your code requires the downloaded segment to query and respond to the tiny crypto chip, only your code will work since only you know the secret key programmed into the chip.

“As a hardware engineer, I am just as fascinated by the cool packages we use as well as all the math and firmware algorithms,” says Rako.

In the subsequent video of the interview, Boldt describes the packaging for the crypto chips, in addition to a unique three-pad package manufactured by Atmel that does not need to be mounted on a circuit board at all.

During the segment, Boldt also delves deeper into some security scenarios for the IoT, incuding some great analogies. Furthermore, the security guru reminds viewers that these Atmel CryptoAuthentication chips will work with any company’s microcontroller, not just Atmel’s.

One thing you hear bandies about in security are the dissimilarities between both symmetric and asymmetric. The aforementioned drill demo was symmetric, since both the drill and the battery had the secret key programmed into the MCU and the crypto chip, respectively. Here, Boldt expands on the topic and how Atmel does all the hard math so you don’t have to worry about it.

Concluding his interview with Rako, Boldt addresses the fact that you can use the crypto chip not only in a drill, but in the charger as well to guarantee that only your OEM charge will charge your OEM batteries. The resident security expert wraps up by noticing that people can counterfeit those holograms on a product’s box, but they can’t hack hardware security chips.

Interested in learning more? Explore hardware-based security solutions for every system design here. Look to secure the full stack? You can receive a FREE Atmel CryptoAuthentication™ development tool. For more in-depth analysis from Bill Boldt, you can browse through his archive on Bits & Pieces. 

When it comes to firmware, when in doubt don’t leave it out!

Product design teams endeavor to plan the safe launch of electronics products to prevent re-discovering issues that should have been learned from the previous project. Many Serial Electrically Erasable Programmable Read-Only Memory (SEEPROM) users have never utilized such components and therefore may not have knowledge of potential issues. Here is a personal story from several years ago when I was asked to support a customer working on an issue on a weekend. (You may have already guessed that the call came to me that weekend was from my boss’s boss’s boss.)

Here’s the issue that was described to me over the phone by the customer engineers (hardware and firmware) while they were in their laboratory troubleshooting:

We exchanged emails with DSO (digital storage oscilloscope) captures of the serial protocol after which I would request another DSO capture or two. Once we were drilling down to the issue, a customer firmware engineer held the phone line while the customer hardware engineers made more measurements. The customer firmware engineer asked me, “Why would someone drive the SEEPROM /CS signal low (true) and then back high (false) with no clocks or data in?”  I quickly whipped out, “That is a chip select toggle that is utilized to recover from power interruption of the host microcontroller or from a protocol violation, and we have a Juraasic period FAQ about that buried deep in our website.”  The customer firmware engineer said, “Uh oh, I didn’t know why anyone would do that, so I took it out.” Soon, the hardware engineers emailed me a DSO capture showing a protocol violation and then no communication from the SEEPROM. I announced that the firmware engineer has the solution to this issue and should be able to produce a new firmware build to mitigate this situation in the future.

Several product lines were brought to a standstill because the task to reduce firmware lines of code took precedence over why the code was there to begin with. Numerous engineers (including myself) have worked weekends unnecessarily. The moral to the story is that if you have product firmware that communicates properly with an Atmel SEEPROM and you do not know why a few lines of code exist, then you may want to ask yourself about the expected benefit of modifying that code before you throw the baby out with the bath water. Sometimes things are there for a reason that may not be all that obvious.

Stick to the adage: “When in doubt, don’t leave it out.”

Oh, and one more thing… Please comment your firmware source files adequately to help the next firmware developer. Remember that person may just end up being a future version of you!

This blog was written by Clay Tomlinson, Atmel Staff Applications Engineer 

Hackerspaces: A prelude to the Maker Movement and today’s Maker culture

So, what exactly is the Maker Movement? Do you remember that ever so distant yet memorable quote by Michelangelo? “Every block of stone has a statue inside it and it is the task of the sculptor to discover it.” 

Now, to further set this, [white fuzz] the channel just switched, we are tuned. Things will change right? They have changed. We have the Internet; we will have one layer more, eventually the arrow of technology will continue. There is one congruent dataset, which manifests all things to a new exponent. It’s the pulses and signals resulting from the exterior world meshed with the existing datasets of infrastructure, enterprise, and the consumer. Let’s speak of this layer. It will be filled with sensors, microcontrollers, and code. Already, we learned this from the app revolution and we are not going to remain in just this stage right? The code will be leaner and smarter. Coupled by the signal readings from millions of device upon device, node to nodes, nodes to node, the true power of distribution and networks will again marry now with other application recorded data in a mosaic of diversified integrations resulting from the intersection of data easily bridged from the cloud apps. Yes, the ones we are already familiar today touching from screen to screen to anticipate the next arriving notification.

The arrival of this integration of data will help filter and augment the world before us. Let’s reset to the modern era, thread modern computing to this notion, [for technology’s sake] we have also seen the Gartner quote by Jim Tully stating, “By 2018, 50% of the Internet of Things solutions will be provided by startups which are less than 3 years old”.

The Digital Renaissance and the Maker Movement

Together with the accessibility and progress of open source and availability of community and embedded development boards [specifically wider use of Arduino Maker class boards], the times have certainly changed. A great deal of the complexities of these development boards are relaxed with onboard abstraction layers to loosen the programmatic rigidness of “hardware,” combined with the collective tuning of the community toward its development software.

Arduino IDE is now quite anchored into well-received feedback/contribution loops supported by the open source model — crowdsource progress and joint development roadmaps. Let’s not forget all the risky and obviously passionate Makers out there doing and bringing ideas to the forefront. The timing is right — found in the appetite to feed the market, the maturing cloud, the developed community, parity in prototyping, and the global production.

Globalization of Hackerspaces and the Maker Movement | Photo Credit: Mitch Altman

As a whole, and to its sum of its parts, all community members are participants in the evolution of the ecosystem and community effort of “Making” with ease. At all aspects of the innovation engine cycle, the open source community couples quite well with hackerspaces, where one can congregate to surface ideas and mature them to fruition.

Open Source Community and Hackerspaces | Photo Credit: Mitch Altman

This is especially true where it applies to the mere process of creating a product. In fact, it’s now true to building things that 10 years ago you needed to be in a big company to make innovating things, but now it truly possible from an individual. Made possible to said horizon, there are the hackerspaces. It’s a place that shows signs of innovation and development, infusing wider spread of technology and community across all economic classes or cultures. In these facilities, these are technical and creative social clubs facilitating activities that include tinkering, machine tooling, 3-D printing, coding, open source, collaboration, and sharing. Some hackerspaces market themselves under the more benign-sounding label of “maker space”. More bluntly, this is really drawing attention as private incubators such as hardware accelerators fueling entrepreneurship and startups [an emulation of an innovation success formula taken from the original hackerspaces.

There is something about hackerspaces that brings people together that are made of some pretty awesome stuff. Call it “Voltron” if you will, why not? With drones rising and Maker Faires (or similar) blooming all around us, it all seems like the perfect unison of having people interlock together. As the notion of building robots continued to unwind, one fellow by the name of Chris Anderson saw that it would be much easier to have robots fly first than walk bipedal. More simply, it just felt and saw it to be much easier. Perhaps, something even more achievable and widespread adopted as the next step to bring about the age of drones.

But still, wait, there’s even more to how this started. We also owe the spawning of drones to a unique origin where a group of people, hive together pursuing one ultimate quest.

Call it social science and synergy if you will. Something happens when a group gets “too large” and suddenly it all transforms from a conversation into a cacophony and a team into a mob then something incorporated too soon begins may wield the ugly cues of politics. Yet, going it alone is usually impossible if the task at hand is at all sometimes complicated [maybe the next best thing for technology]. Assembling IKEA furniture is probably best done as an individual, but things like raising a family, having a stand-up meeting, or shipping a meaningful product is definitely a team sport…

For hackerspaces, one of these unique values is in having opportunities to meet different people from all sorts of backgrounds. Combined in a common pursuit of sharing and making, there is a common thread of being willing to be giving their time and talents to others. Note, it was in what’s said as “giving” as the common notion in hackerspaces are the more you give, the more you get back, helping to change the course of things to come [individual pairing of ideas to the intellectual hackerspace benefit of networking ingenuity]. It’s all about the community. This is the hallmark of the Internet. The Internet started as a community in its deeper past with ARPANET. We are all reaping those originally rooted benefits today [first operational packet switching networks implementing TCP/IP] creating layer upon layer new industries, service models, and ecosystems (ie Apps, Cloud, M2M, IoT, etc). Now what we are seeing today sprout from city to city are hackerspaces. In fact, we may begin to see every community in a city drawing upon good reason to incubate and nest new hackerspaces. Perhaps, it’s a progenitor to something more in the next trend of innovation.

The digital life now is a result of the collision of software and hardware. Technology is fashion. Fashion is Technology. Both are now intertwined together in the speed and making of culture. Have you ever tried leaving your home without the mobile touch screen device or everyone has out grown to wearing the old flip analog/cdma phones of the past. Digital influence upon culture and self move along prevalently—the desire for hackerspaces are becoming more acquainted in many metropolitans.

There’s a secret sauce to the structure of the hackerspaces. Unravel this structure. From within, it reveals a true community based packed with peer-to-peer involvements. People with skills converge in distinct trades upon others with other skills. Combined, they make this union, transforming their once ideate policy of making, broadening their abilities coupled by a giving and sharing of others to expand the design envelope of possibilities.

Surely, one may see it as a digital and hardware renaissance, comparatively from the distant spark of the past. The foundries of artistry in Florence and Rome once prevailed, urging communities of artist to congregate and make creative expression toward emulating realism via sculpture, oil and canvas. Well, now it’s about achieving a more meaningful product. The canvas has changed, coalescing digital and hardware. Giving rise to an idea where the ideas mature into a minimal valuable product that is mapped to some form of developed connectivity. This some form of developed connectivity is what we call the Internet of Things or many of the products sprouting from emergent crowdfunding rooted by makerspaces or hackerspaces.

A common construct. Make Ideas, Make Genuis, and Make Things | Photo Credit: Mitch Altman

Now, let us imagine a place where people get together without a common construct or preconceived established code, they then converse, and collaborate. It is filled to the brim with entrepreneurs and inventors of all types working on projects that they hope will change the world or at least convinced to usher an adoption to things making what we usually do more easier or enhanced.

Many of them are on laptops or standalone computers frantically typing business plans or hacking out code; others are making phone calls while trying to set up connections wherever they can.

Hackerspaces have an environmental core that keep ideas flowing | Photo Credit: Mitch Altman

As all the chaos goes about, one can see that in this space is an environmental core that keeps the magic flowing around innovation. It is the center foundation of what the area will turn into. While the outer linings are being fine-tuned and polished, the inner workings remain relatively unchanged. The concrete has been laid; the electrical wires have been strung throughout the wooden frames and the insulation and drywall is mostly there, all while a wireless network is hangs throughout the air. Projects can begin even if the air conditioning isn’t hooked up yet.

As long as there is a good foundation, people can get stuff done. The rest of the work on the outer edges will always be changing. Paint will cover the walls in different shades and dust will always need to be cleaned up. However as time goes on and unless a major change happens, all the people running the space will need to do is adjust the dials of the environment (when needed) and continue progressing the community. Once the foundation is done first, the rest will fall into place.

Next up, read the 1:1 interview with Mitch Altman, co-founder of Noisebridge San Francisco as we dive deeper into hackerspaces, the Maker Movement and more…

 

 

ECDH key exchange is practical magic

What if you and I want to exchange encrypted messages? It seems like something that will increasingly be desired given all the NSA/Snowden revelations and all the other snooping shenanigans. The joke going around is that the motto of the NSA is really “Yes We Scan,” which sort of sums it up.

Encryption is essentially scrambling a message so only the intended reader can see it after they unscramble it. By definition, scrambling and unscrambling are inverse (i.e. reversible) processes. Doing and undoing mathematical operations in a secret way that outside parties cannot understand or see is the basis of encryption/decryption.

Julius Caesar used encryption to communicate privately. The act of shifting the alphabet by a specific number of places is still called the Caesar cipher. Note that the number of places is kept secret and acts as the key. Before Caesar, the Spartans used a rod of a certain thickness that was wrapped with leather and written upon with the spaces not part of the message being filled with decoy letters so only someone with the right diameter rod could read the message. This was called a skytale. The rod thickness acts as the key.

A modern-day encryption key is a number that is used by an encryption algorithm, such as AES (Advanced Encryption Standard) and others, to encode a message so no one other than the intended reader can see it. Only the intended parties are supposed to have the secret key. The interaction between a key and the algorithm is of fundamental importance in cryptography of all types. That interaction is where the magic happens. An algorithm is simply the formula that tells the processor the exact, step-by-step mathematical functions to perform and the order of those functions. The algorithm is where the magical mathematical spells are kept, but those are not kept secret in modern practice. The key is used with the algorithm to create secrecy.

For example, the magic formula of the AES algorithm is a substitution-permutation network process, meaning that AES uses a series of mathematical operations done upon the message to be encrypted and the cryptographic key (crypto people call the unencrypted message “plaintext“). How that works is that the output of one round of calculations done on the plaintext is substituted by another block of bits and then the output of that is changed (i.e. permutated) by another block of bits and then it happens over and over, again and again. This round-after-round of operations changes the coded text in a very confused manor, which is the whole idea. Decryption is exactly as it sounds, simply reversing the entire process.

That description, although in actual fact very cursory, is probably TMI here, but the point is that highly sophisticated mathematical cryptographic algorithms that have been tested and proven to be difficult to attack are available to everyone. If a secret key is kept secret, the message processed with that algorithm will be secret from unintended parties. This is called Kerckhoffs’ principle and is worth remembering since it is the heart of modern cryptography. What it says is that you need both the mathematical magic and secret keys for strong cryptography.

Another way to look at is that the enemy can know the formula, but it does him or her no good unless they know the secret key. That is, by the way, why it is so darn important to keep the secret key secret. Getting the key is what many attackers try to do by using a wide variety of innovative attacks that typically take advantage of software bugs. So, the best way to keep the secret is to store the key in secure hardware that can protect if from attacks. Software storage of keys is just not as strong as hardware storage. Bugs are endemic, no matter how hard the coders try to eliminate them. Hardware key storage trumping software is another fundamental point worth remembering.

Alright, so now that we have a good algorithm (e.g. AES) and a secret key we can start encrypting and feel confident that we will obtain confidentiality.

Key Agreement

In order for encryption on the sender’s side and decryption on the receiver’s side, both sides must agree to have the same key. That agreement can happen in advance, but that is not practical in many situations. As a result, there needs to be a way to exchange the key during the session where the encrypted message is to be sent. Another powerful cryptographic algorithm will be used to do just that.

There is a process called ECDH key agreement, which is a way to send the secret key without either of the sides actually having to meet each other. ECDH uses a different type of algorithm from AES that is called “EC” to send the secret key from one side to the other. EC stands for elliptic curve, which literally refers to a curve described by an elliptic equation.   A certain set of elliptic curves (defined by the constants in the equation) have the property that given two points on the curve (P and Q) there is a third point, P+Q, on the curve that displays the properties of commutivity, associativity, identity, and inverses when applying elliptic curve point multiplication. Point-multiplication is the operation of successively adding a point along an elliptic curve to itself repeatedly. Just for fun the shape of such an elliptic curve is shown in the diagram.

The thing that makes this all work is that EC point-multiplication is doable, but the inverse operation is not doable. Cryptographers call this a one-way or trap door function. (Trap doors go only one way, see?)  In regular math, with simple algebra if you know the values of A and A times B you can find the value of B very easily.  With Elliptic curve point-multiply if you know A and A point-multiplied by B you cannot figure out what B is. That is the magic. That irreversibility and the fact that A point-multiplied by B is equal to B point-multiplied by A (i.e. commutative) are what makes this a superb encryption algorithm, especially for use in key exchange.

To best explain key agreement with ECDH, let’s say that everyone agrees in advance on a number called G. Now we will do some point-multiply math. Let’s call the sender’s private key PrivKeySend.  (Note that each party can be a sender or receiver, but for this purpose we will name one the sender and the other the receiver just to be different from using the typical Alice and Bob nomenclature used by most crpyto books.) Each private key has a mathematically related and unique public key that is calculated using the elliptic curve equation.  Uniqueness is another reason why elliptic curves are used. If we point-multiply the number G by PrivKeySend we get PubKeySend. Let’s do the same thing for the receiver who has a different private key called PrivKeyReceive and point-multiply that private key by the same number G to get the receiver’s public key called PubKeyReceive.   The sender and receiver can then exchange their public keys with each other on any network since the public keys do not need to be kept secret. Even an unsecured email is fine.

Now, the sender and receiver can make computations using their respective private keys (which they are securely hiding and will never share) and the public key from the other side. Here is where the commutative law of point-multiply will work its magic. The sender point-multiplies the public key from the other side by his or her stored private key.  This is equates to:

PubKeyReceive point-multiplied by PrivKeySend which = G point-multiplied by PrivKeyReceive point-multiplied by PrivKeySend

The receiver does the same thing using his or her private key and the public key just received. This equates to:

PubKeySend point-multiplied by PrivKeyReceive  = G point-multiplied by PrivKeySend point-multiplied by PrivKeyReceive.

Because point-multiply is commutative these equations have the same value!

And, the rabbit comes out of the hat: The sender and receiver now have the exact same value, which can now be used as the new encryption key for AES, in their possession. No one besides them can get it because they would need to have one of the private keys and they cannot get them. This calculated value can now be used by the AES algorithm to encrypt and decrypt messages. Pretty cool, isn’t it?

Below is a wonderful video explaining the modular mathematics and discrete logarithm problem that creates the one-way, trapdoor function used in Diffie-Hellman key exhange. (Oh yeah, the “DH” in ECDH stands for Diffie-Hellman who were two of the inventors of this process.)

Are you building out for secure devices?  Protect your design investments and prevent compromise of your products? Receive a FREE Atmel CryptoAuthentication™ development tool.

5 IoT challenges for connected car dev

Growth in adoption of connected cars has exploded as of late, and is showing no signs of slowing down, especially the vehicle-to-infrastructure and vehicle-to-retail segments. As adoption grows exponentially, the challenges in how we develop these apps emerge as well.

One of the biggest challenges to consider will be connectivity, and how we connect and network the millions of connected cars on the road. How can we ensure that data gets from Point A to Point B reliably? How can we ensure that data transfer is secure? And how do we deal with power, battery, and bandwidth constraints?

1. Signaling

At the core of a connected car solution is bidirectional data streaming between connected cars, servers, and client applications. Connected car revolves around keeping low-powered, low-cost sockets open to send and receive data. This data can include navigation, traffic, tracking, vehicle health and state (Presence); pretty much anything you want to do with connected car.

Signaling is easy in the lab, but challenging in the wild. There are an infinite amount of speed bumps (pun intended) for connected cars, from tunnels to bad network connectivity, so reliable connectivity is paramount. Data needs to be cached, replicated, and most importantly sent in realtime between connected cars, servers, and clients.

2. Security

Then there’s security, and we all know the importance of that when it comes to connected car (and the Internet of Things in general). Data encryption (AES and SSL), authentication, and data channel access control are the major IoT data security components.

In looking at data channel access control, having fine-grain publish and subscribe permissions down to individual channel or user is a powerful tool for IoT security. It enables developers to create, restrict, and close open channels between client apps, connected car, and servers. With connected car, IoT developers can build point-to-point applications, where data streams bidirectionally between devices. Having the ability to grant and revoke access to user connection is just another security layer on top of AES and SSL encryption.

3. Power and Battery Consumption

How will we balance the maintaining of open sockets and ensuring high performance while minimizing power and battery consumption? As with other mobile applications, for the connected car, power and battery consumption considerations are essential.

M2M publish/subscribe messaging protocols like MQTT are built for just this, to ensure delivery in bandwidth, high latency, and unreliable environments. MQTT specializes in messaging for always-on, low-powered devices, a perfect fit for connected car developers.

4. Presence

Connected devices are expensive, so we need a way to keep tabs on our connected cars, whether it be for fleet and freight management, taxi dispatch, or geolocation. ‘Presence’ functionality is a way to monitor individual or groups of IoT devices in realtime, and has found adoption across the connected car space. Developers can build custom vehicle states, and monitor those in realtime as they go online/offline, change state, etc.

Take fleet management for example. When delivery trucks are out on route, their capacity status is reflected in realtime with a presence system. For taxi and dispatch, the dispatch system knows when a taxi is available or when its currently full. And with geolocation, location data is updated by the millisecond, which can also be applied to taxi dispatch and freight management.

5. Bandwidth Consumption

Just like power and battery, bandwidth consumption is the fifth connected car challenge we face today. For bidirectional communication, we need open socket connections, but we can’t have them using massive loads of bandwidth. Leveraging M2M messaging protocols like the aforementioned MQTT lets us do just that.

Building the connected car on a data messaging system with low overhead, we can keep socket connections open with limited bandwidth consumption. Rather than hitting the servers once multiple times per second, keeping an open socket allows data to stream bidirectionally without requiring requests to the server.

Solution Kit for Connected Cars

The PubNub Connected Car Solution Kit makes it easy to reliably send and receive data streams from your connected car, facilitating dispatch, fleet management applications and personalized auto management apps. PubNub provides the realtime data stream infrastructure that can bring connected car projects from prototype to production without scalability issues.