Secured SAMA5D4 for industrial, fitness or IoT display

---

To target applications like home automation, surveillance camera, control panels for security, or industrial and residential gateways, high DMIPS computing is not enough.

---

The new SAMA5D4 expands the Atmel | SMART Cortex-A5-based family, adding a 720p resolution hardware video decoder to target Human Machine Interface (HMI), control panel and IoT applications when high performance display capability is required. Cortex-A5 offers raw performance of 945 DMIPS (@ 600 MHz) completed by ARM NEON 128-bit SIMD (single instruction, multiple data) DSP architecture extension. To target applications like home automation, surveillance camera, control panels for security, or industrial and residential gateways, high DMIPS computing is not enough. In order to really make a difference, on top of the hardware’s dedicated video decoder (H264, VP8, MPEG4), you need the most complete set of security features.

Whether for home automation purpose or industrial HMI, you want your system to be safeguarded from hackers, and protect your investment against counterfeiting. You have the option to select 16-b DDR2 interface, or 32-b if you need better performance, but security is no longer just an option. Designing with Atmel | SMART SAMA5D4 will guarantee secure boot, including ARM Trust Zone, encrypted DDR bus, tamper detection pins and secure data storage. This MPU also integrates hardware encryption engines supporting AES (Advanced Encryption Standard)/3DES (Triple Data Encryption Standard), RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curves Cryptography), as well as SHA (Secure Hash Algorithm) and TRNG (True Random Number Generator).

If you design fitness equipment, such as treadmills and exercise machines, you may be more sensitive to connectivity and user interface functions than to security elements — even if it’s important to feel safe in respect with counterfeiting. Connectivity includes gigabit and 10/100 Ethernet and up to two High-Speed USB ports (configurable as two hosts or one host and one device port) and one High Speed Inter-Chip Interface (HSIC) port, several SDIO/SD/MMC, dual CAN, etc. Because the SAMA5D4 is intended to support industrial, consumer or IoT applications requiring efficient display capabilities, it integrates LCD controllers with a graphics accelerator, resistive touchscreen controller, camera interface and the aforementioned 720p 30fps video decoder.

The MCU market is highly competitive, especially when you consider that most of the products are developed around the same ARM-based family of cores (from the Cortex-M to Cortex-A5 series). Performance is an important differentiation factor, and the SAMA5D4 is the highest performing MPUs in the Atmel ARM Cortex-A5 based MPU family, offering up to 945 DMIPS (@ 600 MHz) completed by DSP extension ARM NEON 128-bit SIMD (single instruction, multiple data). Using safety and security on top of performance to augment differentiation is certainly an efficient architecture choice. As you can see in the block diagram below, the part features the ARM TrustZone system-wide approach to security, completed by advanced security features to protect the application software from counterfeiting, like encrypted DDR bus, tamper detection pins and secure data storage. But that’s not enough. Fortunately, this microprocessor integrates hardware encryption engines supporting AES/3DES, RSA, ECC, as well as SHA and TRNG.

The SAMA5 series targets industrial or fitness applications where safety is a key differentiating factor. If security helps protecting the software asset and makes the system robust against hacking, safety directly protects the user. The user can be the woman on the treadmill, or the various machines connected to the display that SAMA5 MCU pilots. This series is equipped with functions that ease the implementation of safety standards like IEC61508, including a main crystal oscillator clock with failure detector, POR (power-on reset), independent watchdog timers, write protection register, etc.

The SAMA5D4 is a medium-heavier processor and well suited for IoT, control panels, HMI, and the like, differentiating from other Atmel MCUs by the means of performance and security (not to mention, safety). The ARM Cortex-A5 based device delivers up to 945 DMIPS when running at 600 MHz, completed by DSP architecture extension ARM NEON 128-bit SIMD. The most important factor that sets the SAMA5D4 apart from the rest is probably its implemented security capabilities. These will protect OEM software investments from counterfeiting, user privacy against hacking, and its safety features make the SAMA5D4 ideal for industrial, fitness or IoT applications.

---

This post has been republished with permission from SemiWiki.com, where Eric Esteve is a principle blogger as well as one of the four founding members of the site. This blog first appeared on SemiWiki on October 6, 2015.

ATECC108 deep dive: Part 1

Earlier this summer, Atmel expanded its already formidable CryptoAuthentication portfolio with the ATECC108 solution, an elliptical curve cryptography (ECC) product. Today, we at Bits & Pieces will be taking you through our first ATECC108 deep dive.

As discussed in previous blog posts, the ATECC108 is the latest addition to Atmel’s CryptoAuthentication lineup of high-security hardware authentication devices. The ATECC108 boasts a flexible and versatile command set, allowing it to be used for numerous applications including:

• Protection for firmware or media – Validates code stored in flash memory at boot to prevent unauthorized modifications, encrypts downloaded program files as a common broadcast and uniquely encrypts code images to be usable on a single system.
• Anti-counterfeiting – Validates the authenticity of a removable, replaceable, or consumable client, such as system accessories and electronic daughter cards. This capability can also be used to validate a software/firmware module and memory storage element.
• Secure data storage – Stores secret keys for use by crypto accelerators in standard microprocessors.

As noted above, the ATECC108 can be used to house small quantities of data necessary for configuration, calibration and ePurse values – with programmable protection available using encrypted/authenticated reads and writes. Meanwhile, password checking validates user entered passwords without revealing the expected value, maps memorable passwords to random numbers and securely exchanges password values with remote systems.

“Atmel’s ATECC108 includes an EEPROM array that can be used for storage of up to 16 keys, miscellaneous read/write, read-only or secret data, consumption logging and security configuration. Plus, access to the various sections of memory can be restricted in a variety of ways and then the configuration locked to prevent changes,” an Atmel engineering rep told Bits & Pieces.

“The ATECC108 also features a wide array of defensive mechanisms specifically designed to prevent physical attacks on the device itself or logical attacks on the data transmitted between the device and the system. Hardware restrictions on the ways in which keys are used or generated provide further defense against certain styles of attack.”

According to the engineering rep, access to the device is facilitated through a standard I2C Interface at speeds up to 1Mb/sec. It is also compatible with standard Serial EEPROM I2C interface specifications, with the ATECC108 supporting a Single-Wire Interface to minimize the number of GPIOs required on the system processor and/or reduce the number of pins on connectors. Additionally, the ATECC108 supports an alternative single-wire interface compatible with other Single-Wire Devices. So if either SingleWire Interface is enabled, the remaining pin is available for use as a GPIO.

“Using either the I2 C or Single-Wire Interface, multiple ATECC108 devices can share the same bus which saves processor GPIO usage in system with multiple clients such as different color ink tanks or multiple spare parts. Each ATECC108 ships with a guaranteed unique 72-bit serial number,”  the engineering rep continued.

“Using the cryptographic protocols supported by the device, a host system or remote server can verify a signature to prove that the serial number is both authentic and not a copy. Remember, serial numbers are often stored in a standard serial EEPROM, but these can be easily copied, and there is no way for the host to know if the serial number is authentic or if it’s a clone.”

Plus, the ATECC108 can generate high-quality FIPS random numbers and employ them for any purpose, including usage as part of the device’s crypto protocols. Because each random number is guaranteed to be essentially unique from all numbers ever generated on this or any other device, their inclusion in the protocol calculation ensures that replay attacks (re-transmitting a previously successful transaction) always fails. And lastly, system integration is significantly eased with a wide supply voltage range (2.0V – 5.5V) and an ultra-low sleep current of <150nA.

Interested in learning more about Atmel’s versatile ATECC108? Stay tuned for part two of our deep dive in which Bits & Pieces details the device’s cryptographic operation.

Protecting your revenue stream

From MP3 players to smartphones to tablets, our mobile devices are becoming smarter and more connected by the day. Because these devices can do more for us, we are using them more and, as a result, need to charge them more frequently. In keeping with our on-the-go lifestyles, we’re charging our mobile devices wherever we are, often with any charging cable available. Indeed, accessories are usually a big source of revenue for equipment companies—often, a charging cable can be developed at a cost of just a few bucks but is sold for as much as $20. Some unsavory companies exploit the lack of protection on this equipment by coming out with knockoffs that sell for a fraction of the price that the equipment companies charge.  Sounds great for consumers, but often, not only do the OEMs suffer from revenue loss, the consumers end up spending money on subpar products. Knockoff charging cables could result in longer charge times, have a much shorter lifespan or even damage the devices they are connected to.  OEMs are also exposed to much greater liabilities by allowing knockoffs of their products to be available in the marketplace.

There’s an easy enough way for companies to protect their investment and limit their liability exposures—implementing a security chip into their designs. By choosing a turnkey security chip that is robust and easy to integrate, OEMs can protect against cloning, counterfeiting and other piracy attacks.