Tag Archives: ATECC108

Why connect to the cloud with the Atmel | SMART SAM W25?


The “thing” of IoT does not have to necessarily be tiny. 


The Atmel | SMART SAM W25 is, in fact, a module — a “SmartConnect Module.” As far as I am concerned, I like SmartConnect designation and I think it could be used to describe any IoT edge device. The device is “smart” as it includes a processing unit, which in this case is an ARM Cortex-M0-based SAMD21G, and “connect” reminds the Internet part of the IoT definition. Meanwhile, the ATWINC1500 SoC supports Wi-Fi 802.11 b/g/n allowing seamless connection to the cloud.

What should we expect from an IoT edge device? It should be characterized by both low cost and power! This IoT system is probably implemented multiple times, either in a factory (industrial) or in a house (home automation), and the cost should be as low as possible to enable large dissemination. I don’t know the SAMD21G ASP, but I notice that it’s based on the smallest MCU core of the ARM Cortex-M family, so the cost should be minimal (my guess). Atmel claims the W25 module to be “fully-integrated single-source MCU + IEEE 802.11 b/g/n Wi-Fi solution providing battery powered endpoints lasting years”… sounds like ultra low-power, doesn’t it?

Atmel claims the W25 module to be “Fully-integrated single-source MCU + IEEE 802.11 b/g/n Wi-Fi solution providing battery powered endpoints lasting years”…sounds like being ultra low-power, isn’t it

The “thing” of IoT does not necessarily have to be tiny. We can see in the above example that interconnected things within the industrial world can be as large as these wind turbines (courtesy of GE). To maximize efficiency in power generation and distribution, the company has connected these edge devices to the cloud where the software analytics allow wind farm operators to optimize the performance of the turbines, based on environmental conditions. According with GE, “Raising the turbines’ efficiency can increase the wind farm’s annual energy output by up to 5%, which translates in a 20% increase in profitability.” Wind turbines are good for the planet as they allow avoiding burning fossil energy. IoT devices implementation allows wind farm operators to increase their profitability and to build sustainable business. In the end, thanks to Industrial Internet of Thing (IIoT), we all benefit from less air pollution and more affordable power!

ATSAMW25 Block-DiagramThe ATWINC1500 is a low-power Systems-on-Chip (SoC) that brings Wi-Fi connectivity to any embedded design. In the example above, this SoC is part of a certified module, the ATSAMW25, for embedded designers seeking to integrate Wi-Fi into their system. If we look at the key features list:

  • IEEE 802.11 b/g/n (1×1) for up to 72 Mbps
  • Integrated PA and T/R switch
  • Superior sensitivity and range via advanced PHY signal processing
  • Wi-Fi Direct, station mode and Soft-AP support
  • Supports IEEE 802.11 WEP, WPA
  • On-chip memory management engine to reduce host load
  • 4MB internal Flash memory with OTA firmware upgrade
  • SPI, UART and I2C as host interfaces
  • TCP/IP protocol stack (client/server) sockets applications
  • Network protocols (DHCP/DNS), including secure TLS stack
  • WSC (wireless simple configuration WPS)
  • Can operate completely host-less in most applications

We can notice that host interfaces allow direct connection to device I/Os and sensors through SPI, UART, I2C and ADC interfaces and can also operate completely host-less. A costly device is then removed from the BOM which can enable economic feasibility for an IoT, or IIoT edge device.

The low-power Wi-Fi certified module is currently employed in industrial systems supporting applications, such as transportation, aviation, healthcare, energy or lighting, as well as in IoT areas like home appliances and consumer electronics. For all these use cases, certification is a must-have feature, but low-cost and ultra-low power are the economic and technical enablers.


This post has been republished with permission from SemiWiki.com, where Eric Esteve is a principle blogger and one of the four founding members of the site. This blog first appeared on SemiWiki on November 15, 2015.

Zymbit wants to accelerate IoT development


Get your real-world Internet of Things ideas to market in days, not months. 


As the next frontier of the Internet approaches, the IoT represents a compelling opportunity across a staggering array of applications. That’s why the team behind Zymbit has developed an end-to-end platform of hardware and software devices that will enable Makers, engineers and developers alike to transform their ideas into real-world products in blistering speed.

Zymbit

In an effort to deliver secure, open and interactive gadgets for our constantly-connected era, Zymbit is hoping that latest set of solutions will help accelerate adoption and interface with our physical world in a more secure, authenticated manner. The company — who we had the chance to meet at CES 2015 and will be on display in our Maker Faire booth — recently unveiled its Zymbit 1 (Z1), which is being billed as the first fully-integrated piece of IoT hardware that provide users with local and remote live data interaction, along with a low-power MCU, battery-backed operation.

“Z1’s motherboards incorporate some of the latest secure silicon from Atmel, providing accelerated processing of standard open security algorithms. A separate supervisor MPU takes care of security, while you take care of your application,” explained Zymbit CTO Alex Kaay.

v2_pcb_spacemodel_x37k_torender_x00.26_Web

Based on the Atmel | SMART SAM D21, the Z1 motherboard is electronically robust with enhanced security provided via an ATECC108 crypto engine and an ATWINC1500 Wi-Fi controller — meaning, no additional parts are necessary. Ideal for those developing next-gen IoT projects, the modular board is super customizable and compatible with Atmel Xplained Pro wingboards, Arduino shields, Raspberry Pi B+, as well as ZigBee, cellular and POE options. The Zymbit team has even implemented discretely controlled blocks to simplify coding and to secure remote device management, while advanced power management supports battery, solar and POE operations.

The Z1 integrates all of the key components required to support a generation of global IoT applications. This includes easily transitioning between Arduino, Atmel and Raspberry Pi designs, integrated open software tools for seamless innovation, as well as a choice of wireless communication. For instance, Makers can design and implement their programs using the Zymbit’s Arduino Zero app processor and take advantage of a vast number of Arduino shields. Or, developers can connect their Raspberry Pi to utilize the various Zymbit services via SPI bus, allowing their B+ module to interact with a wide-range of “things.”

Y1-Block-Detail-Perspective

The unique Zymbit architecture delivers three key pillars of security: authenticated data source with 72-bit ID serial number, protected data transmission with SHA 256 and private data transmission via a Wi-Fi embedded AES engine. This is accomplished through a dedicated hardware crypto engine that ensures only trusted data is exchanged between devices.

At the heart of Z1’s operation lies a network/Linux CPU, the Atmel | SMART SAMA5D4 MPU, tasked with its secure communication. Meanwhile, its security processes run within a supervisory, ultra low-power Atmel | SMART SAM L21 MCU, separately from its SAM D21 Cortex-M0+ I/O application MCU. This hardware is all housed inside a dynamically-constructed case, which features standard expansions and mounts perfect for any consumer, commercial or industrial applicable IoT product.

PubSub-Graphic-2

Adding to its already impressive list of capabilities, Zymbit comes with a remote manager that makes it easy to connect and manage gizmos both securely and with transparency. This service enables users to SSH to their devices, whether they are on your desk or across the country. Publishing through Zymbit’s Pub/Sub Engine lets developers collect and share data one-to-one or one-to-many, with or without subscriber authentication. As you can imagine, this opens up an assortment of project possibilities, which range from changing Philips Hue color lighting with data streams to monitoring key parameters of a refrigeration system.

“We are providing some standard dashboard widgets that allow you to quickly view your device performance metrics and data-channels. Initially we are supporting time series charting, together with plugin metrics for Raspberry Pi, and Arduino Yún,” the team writes.

Interested in learning more? You can stay up-to-date with the Zymbit team’s progress here, watch our latest interview with one of the company’s co-founders below, and swing by our booth at Maker Faire Bay Area!

10 (+1) invaluable steps to launching your next IoT product


Let’s transition your products from a ‘dumb’ to ‘smart’ thing.


Many enterprises, startups and organizations have already been exposed to the innovation land grab stemming from the rapidly evolving Internet of Things (IoT). What’s available in the product/market fit arena? This is the hunt to cease some segment of the multi-trillion dollar growth reported to gain from the IoT, enabling embedded system connectivity coupled with the ecosystem value-add of a product or service. Even for that matter, transforming a mere idea that centers around connectivity solutions can present an array of challenges, particularly when one seeks to bring to market disruptive ways for the end-user to adopt from the more traditional way of doing things (e.g. GoPro, PebbleWatch, FitBit, and even to as far as e-health monitors, tire subscriptions, self-driving vehicles, smart bracelets, connected medical apparatus or Industrial Internet devices, home automation systems and more).

All together, there’s one overlaying theme to these Internet-enabled products. They are all pervasively SMART technologies that help monetize the IoT. Now, let’s get your products to transition from a once ordinary, mundane object to a much smarter, more secure “thing.” When doing so, this too can often present a few obstacles for designers, especially as it requires a unique set of skills needed to interface systems with connectivity to the cloud or Internet.

To top it all off, there may already be various product lines in existence that have a mandate to leverage a connected ecosystem/design. In fact, even new ones require connectivity to the cloud, having designs set forth to enhance via customer usage then combining this user data with other associated data points. Already, the development to enable such devices require an assortment of skills. It’s an undertaking, one in which requires knowledge and expertise to command stable connectivity in the infrastructure and design a product with security, scalability, and low power.

Moving ahead, here are some recommendations developers and Makers should know:

  1. Identify a need and market: The value of the smart device lies in in the service that it brings to the customer. Identify the need to develop a strong offer that brings value or enhances efficiency rather than creating a simple gadget. (See Marc Andreesen’s infamous blog on product/market fit for more tips).
  1. Validate your ideation: Carry out market research. Do your due diligence. Determine whether the device you think of creating already exists. Can improvements be ascertained with testimonial as an enhanced or unique experience? Indeed, benchmarking will allow you to discover any competitors, find sources of inspiration, develop a network of ideas to pool and find other areas for improvement as well.
  1. Prototype toward MVP: New device fabrication techniques, such as 3D printing, are the ideal creative validation for producing prototypes much faster and for less money. They also promote iteration, which is an integral process when designing the device towards MVP.
  1. Connect the ‘thing’ then concert it into a smart ‘thing:’ Right now, there is no mandatory standard for interconnecting different devices. Selecting the right technology is essential, particularly if the device requires low-power (speaking of low-power….) and event and state controls, which highly optimize extended power and the services to enrich the information system and eventally enhance user experience with a roadmap toward an ecosystem.
  1. Develop the application: Today, the primary smart devices are linked to an dedicated mobile app. Since the app transforms the smartphone into a remote control, it must be be easy to use for your end-users, and more importantly, simply upgraded via the cloud.
  1. Manage the data: Fitted with a multitude of sensors, connected gadgets generate an enormous amount of data that need to be processed and stored with the utmost security across all layers even to as far as using cryptography in memory. (After all, you don’t want your design become a ‘Tales from the Crypt-O” horror story.) 
  1. Analyze and exploit the data: By processing and analyzing the data, a company can extract the necessary information to deploy the right service in the right place at the right time.
  1. Measure the impact of the smart device: Set up probes to monitor your devices and data traffic quality. Answer questions objectively as to how it would securely scale and evolve should there be an instant high volume success and usage. This will help you measure the impact of the smart device in real time and adapt its actions accordingly, and model into the product roadmap and MVP spec.
  1. Iterate to fine-tune the device’s use: After launching the project, the process has only begun. Feedback needs to be taken into account in order to adjust and fine-tune the project. Due to its very nature, digital technology requires continuous adaptation and iteration. “Try and learn” and present riskier ideas to products are the fundamental principles behind transformation when imposing a new use.
  1. Prototype again: Continuous adaptation and iteration means that your company needs to produce a new prototype.
Here’s 10 + 1 invaluable Step to Launching Your IoT Project or Products

Here’s 10 + 1 invaluable steps to launching your IoT project or product.

11. Take advantage of the hands-on training in your region.

As an application space, IoT sensor nodes are enabled by a number of fundamental technologies, namely a low-power MCU, some form of wireless communication and strong security. With this in mind, the newly revealed Atmel IoT Secure Hello World series will offer attendees hands-on training, introducing them to some of the core technologies making the Internet of Things possible, including Wi-Fi and CryptoAuthentication.

What’s more, these sessions will showcase Atmel’s diverse Wi-Fi capabilities and CryptoAuthentication hardware key storage in the context of the simplest possible use cases. This includes learning how to send temperature information to any mobile device via a wireless network and how to enable the remote control of LEDs on a SAM D21 Xplained Pro board over a Wi-Fi network using a WINC1500. In addition, attendees will explore authentication of IoT nodes, as well as how to implement a secure communications link — something that will surely come in handy when preparing to launch your next smart product.

As you can see, so far, everyone is LOVING the Hello World sessions — from hardcore embedded engineers to hobbyists. Here some recent social activity following the recent Tech on Tour events in both Manchester and Heathrow, UK. Need we say more? These tweets say a thousand words!

Atmel-Tech-On-Tour-Europe-UK

Connected and ready to go… all before lunch! (Yes, there’s food as well!)

 

Atmel-Tech-On-Tour-Europe-BYOD

Atmel’s Tech on Tour and proud partner EBV Elektronik proudly thankful for the successful event in Manchester, UK.

 

Atmel-Tech-On-Tour-Europe

Atmel’s Tech on Tour just successfully completed a full house attendance training in Manchester, UK

 

Find out how you too can receive in-depth IoT training. As the Atmel | Tech on Tour makes it way throughout Europe, Asia, and North America, make sure you know when the team arrives in your town!  Don’t miss it. Upon registering, you will even receive a WINC1500 Xplained Pro Starter Kit to take home.

The CryptoShield is a dedicated security peripheral for the Arduino


This shield adds specialized ICs that will allow you to implement a hardware security layer to your Arduino project.


With the insecurity of connected devices called into question time and time again, wouldn’t it be nice to take comfort in knowing that your latest IoT gadget was secure? A facet in which many Makers may overlook, Josh Datko has made it his mission to find a better way to safeguard those designs — all without hindering the contagious and uplifting DIY spirit. You may recall his recent collaboration with SparkFun, the CrytpoCapewhich debuted last year. This cape was a dedicated security daughterboard for the BeagleBone that easily added encryption and authentication options to a project.

13183-01

Well now, Datko has returned with his latest and greatest innovation — the CryptoShield. Just like its cousin, the shield is a dedicated security peripheral, but for the highly-popualar Arduino platform instead. It adds specialized ICs that perform various cryptographic operations that will allow users to implement a hardware security layer to their Arduino project.

“It also is a nice device for those performing embedded security research. Needless to say this is a great product for those of you who are interested in computer security,” SparkFun notes.

13183-04

Each CryptoShield is packed with a slew of hardware on-board, including a real-time clock (RTC) module to keep accurate time, a Trusted Platform Module (AT97SC3204) for RSA encryption/decryption and signing in the hardware, an AES-128 encrypted EEPROM (ATAES132), an ATSHA204 authentication chip that performs SHA-256 and HMAC-256, and an ATECC108 that handles the Elliptic Curve Digital Signature Algorithm (ECDSA). Unlike its older cousin, though, the prototyping portion of this unit has been reduced. However, for what it may have lost, it has surely gained in other areas. For one, the CryptoShield now features an RFID socket that works best with a ID-12LA module.

“Each shield will need to have headers soldered on once you receive it. We prefer to give you the choice of soldering on stackable or non-stackable headers, whatever fits best for you project. The only other items you will need to get the CryptoCape fully functional are a dev board that supports the Arduino R3 form-factor and a CR1225 coin cell battery,” SparkFun adds.

13183-03

We should also point out that, at the moment, the CryptoShield can only be shipped within the United States. And just like with the CryptoCape, a portion of every sale is given back to SparkFun’s hacker-in-residence Josh Datko for continued development of new and exciting cryptographic tools, such as this one.

Intrigued? Hurry over to SparkFun’s official page here. We’ll have more insight from Datko himself in the coming days!

How Big Bang Theory and IoT relate to Tech on Tour


Hands-on ‘IoT Secure Hello World’ training introduces Atmel Wi-Fi and CrytoAuthentication technologies.


How The Big Bang Theory Relates to the Internet of Things

How many of you out there are fans of the CBS hit sitcom series Big Bang Theory? If you recall an episode from the show’s first season, entitled “The Cooper-Hofstadter Polarization,” the team of Sheldon Cooper, Leonard Hofstadter, Howard Wolowitz and Raj Koothrappali successfully triggered a lamp over the Internet using an X-10 system.

In order to accomplish this feat, the gang sent signals across the web and around the world from their apartment to connect not only their lights, but other electronics like their stereo and remote control cars as well.

“Gentlemen, I am now about to send a signal from this laptop through our local ISP racing down fiber optic cable at the of light to San Francisco bouncing off a satellite in geosynchronous orbit to Lisbon, Portugal, where the data packets will be handed off to submerged transatlantic cables terminating in Halifax, Nova Scotia and transferred across the continent via microwave relays back to our ISP and the external receiver attached to this…lamp,”  Wolowitz excitedly prefaced.

800px-X10_1

The funny thing is, the technology that the group of sitcom scientists was simulating could have just as easily been done using a Wi-Fi network controller like the WINC1500. However, at the time of airing back in March of 2008, open access for Internet users looking to control “things” around the house was seemingly something only engineers and super geeks thought possible.

We can imagine this is probably how it would’ve gone down…

Bringing Next-Generation Technology to You

In order to make the scene above possible, an Atmel | SMART SAM D21 was hooked up to the WINC1500 and connected to a solid-state relay, thereby enabling the team to control the lamp.

If this captivated your attention, then you’re in for a treat. That’s because Atmel is taking its “IoT Secure Hello World” Tech on Tour seminar on the road — starting with Europe!

As an application space, IoT sensor nodes are enabled by a number of fundamental technologies, namely a low-power MCU, some form of wireless communication and strong security. With this in mind, the Atmel IoT Secure Hello World series will offer attendees hands-on training, introducing them to some of the core technologies making the Internet of Things possible, including Wi-Fi and CryptoAuthentication.

These training sessions will showcase Atmel’s Wi-Fi capability and CryptoAuthentication hardware key storage in the context of the simplest possible use-case in order to focus attention on the practical aspects of combining the associated supporting devices and software. This includes learning how to send temperature information to any mobile device via a wireless network and how to enable the remote control of LEDs on a SAM D21 Xplained Pro board over a Wi-Fi network using a WINC1500. In addition, attendees will explore authentication of IoT nodes, as well as how to implement a secure communications link.

Take the very fundamental use-case of switching on an LED, for instance, which will represent our ‘Hello World!’ For this IoT application, the LED will be controlled using a smartphone app via the Internet, while a sensor node will be enabled to read an analog temperature sensor. The first part of the training will introduce Atmel Wi-Fi technology, which connects our embedded development kit of choice, an Atmel | SMART SAMD21 Xplained Pro, via the Atmel SmartConnect WINC1500 Wi-Fi module to a local access point. The result will be the ability to easily and securely send temperature information to any mobile device on the network, while also having remote control of the LED.

From the moment a ‘thing’ is connected, it becomes susceptible to a slew of potential security risks from hackers. That’s why the second part of the training will delve deeper into how CryptoAuthentication can be used to authenticate the temperature sensor node and host application before it can read the temperature information to avoid fake nodes. A secure communications link will be implemented using a session key to and from the remote node.

When all is said and done, building for the IoT demands innovative and secure solutions while architecting a balance between performance, scalability, compatibility, security, flexibility and energy efficiency — all of which Atmel covers extremely well.


Atmel | Tech on Tour Agenda At-a-Glance

The Atmel team will be coming through a number of major cities, from Manchester and Milan to Munich and Moscow. Ready to join us? Be sure to register for one of the Atmel | Tech on Tour European, Asia, or North America locations today! Upon registering, you will even receive a WINC1500 Xplained Pro Starter Kit to take home.

8:30 – 9:00     Check-In and Preparation

  • Assistance with installing software will be provided

9:00 – 10:15     Introduction to Atmel Wi-Fi Solution

  • WINC1500/WILC1000 Hardware and Performance Overview
  • Software and IoT Solution Overview
  • Wi-Fi Network Controller IoT Sensor Application

10:15 – 10:30    Hands-on Introduction

10:30 – 10:45    BREAK

10:45 – 12:30    Hands-on: WINC1500 Wi-Fi Network Controller IoT Sensor Application

  • Sending temperature information to any phone or tablet on the network
  • Enabling remote control of LED0 on the SAM D21 Xplained Pro board

12:30 – 1:30    LUNCH

1:30 – 2:15      Introduction to Atmel CryptoAuthentication IoT Security and Technology

2:15 – 3:00      Hands-on Introduction: Authenticating IoT Nodes

  • Authenticate the temp sensor node and host application before being able to read the temperature information to avoid fake nodes
  • How to implement a secure communications link using a session key to and from the remote node to any phone or tablet on the network

3:00 – 3:15    BREAK

3:45 – 4:30    Hands-on: Authenticating IoT Nodes (continued…)

4:30 – 5:00    Wrap-up, Questions and Answers


Prerequisites

Software Requirements

  • Download Atmel Studio 6.2 software.
  • Wireshark Packet Sniffer will be provided.

Hardware Requirements

  • Attendees are required to bring a laptop. Atmel will NOT supply computers at the training.
  • Please make sure to have administrator rights on your laptop.
  • Laptop must have at least one Internet port and one free USB host connector.

Evaluation Kit Requirements

  • Atmel | SMART SAMD21 – XPRO host MCU board
  • Atmel WINC1500 module mounted ATWINC 1500 Xplained Pro Extension (Product Code: ATWINC1500-XSTK)
  • Atmel Digital I/O WING extension board for sensor and SD-card input target USB

Secure your hardware, software and IoT devices

Evident by a recent infographic published by Forbes, it appears people are finally cognizant of the urgent need for security. It’s clearer than ever that hacking has become a real problem over the web and into electronic devices. With the emergence of the Internet of Things (IoT), we consistently find ourselves connecting these gadgets and gizmos to the web. As a result, security becomes a key issue throughout the entire chain.

Analog Aficionado Paul Rako recently had the chance to catch up with Bill Boldt, Atmel’s resident security expert, to explore the latest threats and trends in security as well as how Atmel can help secure products across the spectrum. Not in the reading mood? There’s a pretty sweet playlist of all the footage from the 1:1 interview here.

In the first segment of the interview, Boldt discusses how an engineer or designer can use Atmel’s CryptoAuthentication chips to ensure that the accessories to a particular product are genuine. Here, the security expert talks about using symmetrical authentication to certify that only a drill manufacturer’s batteries will work on its own drill.

If you recall, Boldt provided an in-depth exploration into this same demo, which can be found here. Though securing hardware is great, if you wanted, you could make this symmetrical authentication protect any kind of plug-in or device, even if it is not electronic. In fact, this safeguard is used on things ranging from ink cartridges to e-cigarettes; moreover, medical device manufactures love this technology since it protects them from liability from knockoff products.

This can help secure products with add-ons or attachments, but an even greater value for hardware security comes when you use these chips to make sure that your device has not had its code or operating system hijacked. Since the interface between the microcontroller and the crypto chip is only sending a random number from the micro, and the one-time result from the crypto chip in response, snooping on the SPI port will not help you crack the code. Now, your microcontroller firmware can query the chip and ensure that it indeed gets the proper result — if someone attacks the firmware and puts their own code, it won’t execute since it cannot get past the protected part of the chip code that has to get a valid response from the crypto chip.

You can extend this to secure downloads as well. As long as your code requires the downloaded segment to query and respond to the tiny crypto chip, only your code will work since only you know the secret key programmed into the chip.

“As a hardware engineer, I am just as fascinated by the cool packages we use as well as all the math and firmware algorithms,” says Rako.

In the subsequent video of the interview, Boldt describes the packaging for the crypto chips, in addition to a unique three-pad package manufactured by Atmel that does not need to be mounted on a circuit board at all.

During the segment, Boldt also delves deeper into some security scenarios for the IoT, incuding some great analogies. Furthermore, the security guru reminds viewers that these Atmel CryptoAuthentication chips will work with any company’s microcontroller, not just Atmel’s.

One thing you hear bandies about in security are the dissimilarities between both symmetric and asymmetric. The aforementioned drill demo was symmetric, since both the drill and the battery had the secret key programmed into the MCU and the crypto chip, respectively. Here, Boldt expands on the topic and how Atmel does all the hard math so you don’t have to worry about it.

Concluding his interview with Rako, Boldt addresses the fact that you can use the crypto chip not only in a drill, but in the charger as well to guarantee that only your OEM charge will charge your OEM batteries. The resident security expert wraps up by noticing that people can counterfeit those holograms on a product’s box, but they can’t hack hardware security chips.

Interested in learning more? Explore hardware-based security solutions for every system design here. Look to secure the full stack? You can receive a FREE Atmel CryptoAuthentication™ development tool. For more in-depth analysis from Bill Boldt, you can browse through his archive on Bits & Pieces

The password insecurity complex

Cartoon 2

The thing about passwords is that their whole purpose is to provide security. But passwords are hardly secure themselves, as we all know now due to the recent string of breaches… Once passwords get out into the clear, it’s like Christmas for cyber-criminals. So what we need are secure passwords… obviously.

Passwords are big fat target for hackers. The fact that Target stores were the “target” of hackers it is almost poetic. Heartbleed is another dangerous example of private information being bleeding out into the open. An unsecured password  is sort of like leaving your keys in the car on the street in a really bad neighborhood. In cyber-city, where all of us now live, every neighborhood is really bad. So, what can you do? Why not try to embed some hardware security to protect passwords? In fact, it’s rather easy to do with hardware key storage devices like Atmel CryptoAuthentication. Hardware key storage devices lock up the password and keep it from getting out of the system where it is entered, such as from a computer or ATM keyboard. In such an example, the only things that get transmitted between the keyboard and the authorizing system are cryptographic information; Specifically, what is transmitted is a random number from the crypto device to the keyboard system and cryptotographically processed response in the opposite direction. Let’s take a closer look at the details via the video below.

The platform here is a keyboard entry device on one side and the secure key storage device (in this case the ATSHA204A) on the other. The input could be from a smartphone or other things as well. The password is securely stored in the protected hardware memory which protects against hackers reading it. The secure memory is in the ATSHA204A device. When the password is entered into the keyboard, it automatically tells the remote device with the secure memory chip to send a random number challenge to the keyboard machine. The keyboard machine hashes the random number with the password that was just entered to create a digest using a cryptographic algorithm (e.g. SHA256). That digest is called the “response” (meaning the response to the challenge that was sent over). That response is then sent to the ATSHA204A for comparison to a calculation using the same random number and the stored password on the ATSHA204A. If the response and the hash on the ATSHA204A are the same, the password was correct (real) and the operation of the device connected to the keyboard is therefore allowed.

Secure password protection r0

As you can see, the value of this operation is that a the only places the password go are into the system connected to the keyboard (the local system) and the secure, protected.

Benefits of secure password protection:

  • Easy to implement
  • Secret storage is completely secure
  • Password is never in the clear
  • Several Passwords can be stored in the ATSHA204A (up to 16 slots)

atmel_crypto_496x163

Atmel CryptoAuthentication™ products, such as ATSHA204AATECC108A  and ATAES132, implement hardware-based storage, which is much stronger then software-based due to the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software, and hardware products from cloning, counterfeiting, hacking, and other malicious threats.

Interested in learning more about Atmel CryptoAuthentication™ products? Read some of our latest articles in the Bits & Pieces archive here.