Tag Archives: ATAES132

The CryptoShield is a dedicated security peripheral for the Arduino


This shield adds specialized ICs that will allow you to implement a hardware security layer to your Arduino project.


With the insecurity of connected devices called into question time and time again, wouldn’t it be nice to take comfort in knowing that your latest IoT gadget was secure? A facet in which many Makers may overlook, Josh Datko has made it his mission to find a better way to safeguard those designs — all without hindering the contagious and uplifting DIY spirit. You may recall his recent collaboration with SparkFun, the CrytpoCapewhich debuted last year. This cape was a dedicated security daughterboard for the BeagleBone that easily added encryption and authentication options to a project.

13183-01

Well now, Datko has returned with his latest and greatest innovation — the CryptoShield. Just like its cousin, the shield is a dedicated security peripheral, but for the highly-popualar Arduino platform instead. It adds specialized ICs that perform various cryptographic operations that will allow users to implement a hardware security layer to their Arduino project.

“It also is a nice device for those performing embedded security research. Needless to say this is a great product for those of you who are interested in computer security,” SparkFun notes.

13183-04

Each CryptoShield is packed with a slew of hardware on-board, including a real-time clock (RTC) module to keep accurate time, a Trusted Platform Module (AT97SC3204) for RSA encryption/decryption and signing in the hardware, an AES-128 encrypted EEPROM (ATAES132), an ATSHA204 authentication chip that performs SHA-256 and HMAC-256, and an ATECC108 that handles the Elliptic Curve Digital Signature Algorithm (ECDSA). Unlike its older cousin, though, the prototyping portion of this unit has been reduced. However, for what it may have lost, it has surely gained in other areas. For one, the CryptoShield now features an RFID socket that works best with a ID-12LA module.

“Each shield will need to have headers soldered on once you receive it. We prefer to give you the choice of soldering on stackable or non-stackable headers, whatever fits best for you project. The only other items you will need to get the CryptoCape fully functional are a dev board that supports the Arduino R3 form-factor and a CR1225 coin cell battery,” SparkFun adds.

13183-03

We should also point out that, at the moment, the CryptoShield can only be shipped within the United States. And just like with the CryptoCape, a portion of every sale is given back to SparkFun’s hacker-in-residence Josh Datko for continued development of new and exciting cryptographic tools, such as this one.

Intrigued? Hurry over to SparkFun’s official page here. We’ll have more insight from Datko himself in the coming days!

ChipWhisperer-Lite is an educational board for embedded security


ChipWhisperer is the first open-source toolchain for embedded hardware security research including side-channel power analysis and glitching.


Side-channel power analysis refers to a method of breaking implementations of completely secure algorithms such as AES-256. Such capabilities have been known for a long time – the attack was first published in 1998. But even today many consider side-channel attacks exotic, and don’t take them seriously when designing secure systems. That is why Canadian startup NewAE Technology has launched a new project to help inform designers that they need to take these threats seriously, by teaching them how the attacks work!

photo-1024x768

Recently debuted on Kickstarter, the aptly named ChipWhisperer-Lite is essentially an educational tool, designed to introduce embedded enthusiasts to the area of side-channel power analysis. You may also recall the project from last year’s Hackaday Prize, where it garnered second place accolades.

Side-channel attacks aren’t magic; in fact, it is possible to design systems which are resistant to them. For instance, Atmel has a line of secure processors which would have encryption peripherals which cannot easily be attacked. Another example is the ATAES132 device – again this has resistance against side-channel attacks, so you could be more confident in the security of that device, compared to a generic microcontroller with an AES hardware peripheral (such as the AVR XMEGA). It’s all about managing the risk!

8a98245ccbc082ea5c6f1c36fe33147c_large

Additionally, the ChipWhisperer-Lite required a high-speed USB interface, and so, the NewAE Technology team turned to the Atmel | SMART SAM3U2C to accomplish this feat.

“While a number of systems are designed around generic interface chips, using a high-speed USB microcontroller gave me a lot more flexibility. In addition the cost of the microcontroller chip was cheaper than the stand-alone interface chip I would have used, so all these benefits came at no penalty to the BOM cost,” writes company co-founder Colin O’Flynn.

This shows the basic connections between the SAM3U2C and the FPGA. The external memory interface on the SAM3U2C is used to simplify data and control transfer to and from the FPGA.

This shows the basic connections between the SAM3U2C and the FPGA. The external memory interface on the SAM3U2C is used to simplify data and control transfer to and from the FPGA.

According to O’Flynn, the SAM3U family was selected based on set of criteria:

  • High-speed USB 2.0 interface
  • External memory interface with programmable timing parameters
  • TQFP Package (as he wanted people to be able to build this project themselves)
  • Lower cost than standalone interface chip (he had been looking for roughly $3-$4 in a quantity of 1,000)
  • ROM-resident USB bootloader (so that people building their own don’t need a programmer, and makes the board unbrickable)

“The external memory interface is actually critical to achieving a simple FPGA interface. This allows me to memory-map sections of the FPGA right into the SAM3U processor memory. If transferring data over USB to the FPGA, I can point the USB code from the Atmel Software Framework (ASF) to the location in the FPGA I want the data to go,” O’Flynn adds. “This means no need to copy the data multiple times between buffers, or use some specialized protocol to transfer data from the microcontroller to the FPGA.”

Beyond that, the SAM3U2C simplifies system management. Meeting USB sleep mode current limits (2.5 mA) means shutting off the FPGA and analog portions of the board. Standalone interface chips provide a ‘SUSPEND’ output which you can use, but having the microcontroller offered much more control, which ChipWhisperer-Lite’s creators were able to use for meeting inrush current limits.

The USB standard has limits on the inrush current; this current occurs when the USB device is plugged in and all the capacitors start charging. To avoid exceeding these currents most boards need a ‘soft-start,’ where power supplies are turned on after some delay (or after the USB device finishes enumerating).

“Putting this in the microcontroller gives me control over that delay if fine-tuning is needed, or even having the option of adding multiple switches or slower ramps using a PWM output,” says O’Flynn.

This shows the switch for the FPGA and analog power supplies. Depending on the total load, an RC filter can be added to slow the turn-on speed of the FETs.

This shows the switch for the FPGA and analog power supplies. Depending on the total load, an RC filter can be added to slow the turn-on speed of the FETs.

Using the SAM3U2C also provided a nice set of peripherals to use, too. The ChipWhisperer-Lite required a ‘target’ device that the user (i.e. student) programs with their algorithm of interest. For this case, the team selected an XMEGA MCU to serve as a programmable target for the student.

The XMEGA device can easily be programmed with only two wires (PDI), and this is generated by one of the SPI modules in the SAM3U. O’Flynn also used a USART module to communicate with the XMEGA, and finally another SPI module to download configuration data to the FPGA.

“While generic interface chips often have support for serial protocols (such as SPI or USARTs), the problem is they are normally limited in the number of channels offered, or I couldn’t use the serial-interface mode at the same time as high-speed parallel interface mode.”

In addition the details of the protocol (such as the low-level PDI programming protocol for the XMEGA) go into the firmware on the SAM3U2C, simplifying the higher-layer USB interface.

c0213e143d5dc2cf1c1fb4dde421ea6b_large

“I find it easier to develop those low-level protocols on an embedded system from within Atmel Studio 6.2, compared to trying to send timing-specific information across the USB bus to be processed by the interface chip! Anytime you can avoid USB debugging is time well spent in my books,” O’Flynn emphasizes. “Using an ASF application example as a starting point for the whole application let me rocket through development, with satisfyingly few moments of pounding my head against the desk figuring out why things weren’t working!”

A final nicety of the design was the ability to use the unique ID programmed into the SAM3U2C as part of the USB device serial number. In other words, the NewAE Technology crew could generate unique serial numbers for each device without requiring any special manufacturing step – every device is loaded with the same binary firmware yet still has a unique serial number. As an end-user, having unique USB serial numbers improves the experience since otherwise Windows will reload the driver when you change the USB port the device is plugged into.

“We’re eliminating the problem for good by making the tools open-source. Because this whole area is an active research area, the tools need to be open-source. This isn’t a case of attempting to seem sexy by adding the word ‘open-source’, but placing something of commercial value into the open-source domain, in the hope it spurs a larger community. This includes hours of tutorials on this area, more than just a few board files and some source code.”

Indeed, this project was devised as a fairly advanced piece of test equipment for well-seasoned Makers, embedded developers and computer engineers. That being said, it is important to note that it is not Arduino-compatible, nor does it work with Raspberry Pi or BeagleBone. However, O’Flynn does reveal that an Arduino-compatible, ATmega328P based target board is in the works. Impressively, ChipWhisperer-Lite also enables users to snap off the ‘target board,’ giving them both a main measurement tool and a target device.

e1dd963d975ca506d1570c18a6023fae_large-1

Interested in learning more? You can head over to its official Kickstarter page, where the team is well on its way to achieving its $50,000 goal. Pending all goes to plan, shipment is slated for August 2015.

The “Key” to Reality

If we wanted to reduce the definition of authentication to its most Zen-like simplicity, we could say authentication is “keeping things real.” To keep something real you need to have some sort of confirmation of its identity, as confirmation is the key (so to speak).

The equation could be as follows:

Identification + Confirmation = Authentication

Confirming or validating the identity of a document, item, data, etc. is what keeping things real is all about. Some of the “things” that can be authenticated with cryptographic methods are mobile, medical, and consumer accessories; embedded firmware; industrial network nodes; and sensors, among others. Soon IoT and vehicle-to-vehicle communication will join in.

Authentication is far more important than many people realize, especially in our growing hyper-connected world that now links billions of people (and things). In cyber-land, authentication is accomplished by deploying cryptographic keys and algorithms. Keys are fundamental to keeping things real—so that is what we mean by “the key to reality.”

Key real 1

There are two primary types of Authentication: Symmetric and Asymmetric. Atmel offers secure key storage devices for both types. These two important techniques take their names directly from whether the keys on each side (i.e. the host and client sides) are the same or different.

Symmetric Authentication

If the same secret key is used on the client and on the host, then the application is symmetric, just like the name suggests. Both of the symmetric keys must be protected because if either one gets out then the security will be lost. This is perhaps analogous to having two sets of car keys. Meaning, losing either one makes it easy for a thief to drive away with your car. So, the secret keys must stay secret.

Key sym

Symmetric Keys are the Same

The identical keys on the host and client are used in mathematical calculations to test the reality of client devices. A very common mathematical calculation that is used is a hash function based upon a cryptographic algorithm (such as SHA). A hash operation produces a hash value (also called “digest”), which is a number of a specified length that is usually smaller than the numbers used as the inputs. A hash is a one-way operation, which means that the inputs cannot be recreated from the hash value.

With symmetric authentication a typical process is to challenge the client device to be authenticated by sending it a random number. The client then puts the random number challenge and a secret key into the hash algorithm to create a hash value, which is known as the “response.” Each challenge will generate a unique response.

It should be noted that cryptographers call a hash of a random number with a secret key a “Message Authentication Code” or “MAC.” The diagram below illustrates this process. Because the host key is the same on the host and client sides, the exact same calculation can run on the host. Once that happens, the hash values (“MACs”) from each can be compared. If the hash values match, the client is considered to be real. You can see that symmetric authentication is really a simple process, but it is loaded with mathematical elegance. Now let’s look at asymmetric authentication.

Hash Value 1

Hashing a Random Number with a Secret Key

 

Asymmetric Authentication.

Asymmetric keys are presented in public-private pairs. More specifically, the public and private keys are related to each other via a mathematical algorithm. An example would be the Elliptic Curve Cryptography (or “ECC”) algorithm. Only the private key has to be securely stored. Because the keys are different, asymmetric authentication cannot use the same calculate-and-compare process as symmetric.

Asymmetric requires more complicated techniques such as making digital signatures that are verified for authenticity (this is called “Sign-Verify”). An example of asymmetric authentication using ECC algorithms is Elliptic Curve Digital Signature Algorithm (or “ECDSA”).  A major benefit of the Atmel ATECC108A device is that it can be used to easily implement ECDSA sign-verify. (The steps of ECDSA are very interesting, but they will be covered in a separate article). Note that an important trade-off between symmetric and asymmetric authentication is the speed of operation. For example, authentication time for the Atmel ATSHA204A is 12ms (typical) for symmetric versus more than a second for many microcontrollers to execute an asymmetric ECDSA operation.

Getting back to the keys:   The secret keys must stay secret. If keys are the keys to authentication (i.e. reality),  then secure storage of the secret keys is the key to SECURE authentication. And that is the real point here.

So the, how is secure storage implemented? The best way is to use hardware key storage devices that can withstand attacks that try to read the key(s). Atmel CryptoAuthentication products such as the ATSHA204AATECC108A  and ATAES132 implement hardware-based storage, which is much stronger than software based storage because of the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software and hardware products from cloning, counterfeiting, hacking, as well as other malicious threats.

For more details on Atmel CryptoAuthentication products, please view the links above  or the introduction page CryptoAuthentication. Future Bits & Pieces articles will take in an in-depth look at how symmetric and asymmetric authentication is accomplished.