4 reasons why Atmel is ready to ride the IoT wave

---

The IoT recipe comprises of three key technology components: Sensing, computing and communications.

---

In 2014, a Goldman Sachs’ report took many people by surprise when it picked Atmel Corporation as the company best positioned to take advantage of the rising Internet of Things (IoT) tsunami. At the same time, the report omitted tech industry giants like Apple and Google from the list of companies that could make a significant impact on the rapidly expanding IoT business. So what makes Atmel so special in the IoT arena?

The San Jose, California–based chipmaker has been proactively building its ‘SMART’ brand of 32-bit ARM-based microcontrollers that boasts an end-to-end design platform for connected devices in the IoT realm. The company with two decades of experience in the MCU business was among the first to license ARM’s low-power processors for IoT chips that target smart home, industrial automation, wearable electronics and more.

Goldman Sachs named Atmel a leader in the Internet of Things (IoT) market.

Goldman Sachs named Atmel a leader in the Internet of Things (IoT) market

A closer look at the IoT ingredients and Atmel’s product portfolio shows why Goldman Sachs called Atmel a leader in the IoT space. For starters, Atmel is among the handful of chipmakers that cover all the bases in IoT hardware value chain: MCUs, sensors and wireless connectivity.

1. A Complete IoT Recipe

The IoT recipe comprises of three key technology components: Sensing, computing and communications. Atmel offers sensor products and is a market leader in MCU-centric sensor fusion solutions than encompass context awareness, embedded vision, biometric recognition, etc.

For computation—handling tasks related to signal processing, bit manipulation, encryption, etc.—the chipmaker from Silicon Valley has been offering a diverse array of ARM-based microcontrollers for connected devices in the IoT space.

Atmel has reaffirmed its IoT commitment through a number of acquisitions.

Finally, for wireless connectivity, Atmel has cobbled a broad portfolio made up of low-power Wi-Fi, Bluetooth and Zigbee radio technologies. Atmel’s $140 million acquisition of Newport Media in 2014 was a bid to accelerate the development of low-power Wi-Fi and Bluetooth chips for IoT applications. Moreover, Atmel could use Newport’s product expertise in Wi-Fi communications for TV tuners to make TV an integral part of the smart home solutions.

Furthermore, communications across the Internet depends on the TCP/IP stack, which is a 32-bit protocol for transmitting packets on the Internet. Atmel’s microcontrollers are based on 32-bit ARM cores and are well suited for TCP/IP-centric Internet communications fabric.

2. Low Power Leadership

In February 2014, Atmel announced the entry-level ARM Cortex M0+-based microcontrollers for the IoT market. The SAM D series of low-power MCUs—comprising of D21, D10 and D11 versions—featured Atmel’s signature high-end features like peripheral touch controller, USB interface and SERCOM module. The connected peripherals work flawlessly with Cortex M0+ CPU through the Event System that allows system developers to chain events in software and use an event to trigger a peripheral without CPU involvement.

According to Andreas Eieland, Director of Product Marketing for Atmel’s MCU Business Unit, the IoT design is largely about three things: Battery life, cost and ease-of-use. The SAM D microcontrollers aim to bring the ease-of-use and price-to-performance ratio to the IoT products like smartwatches where energy efficiency is crucial. Atmel’s SAM D family of microcontrollers was steadily building a case for IoT market when the company’s SAM L21 microcontroller rocked the semiconductor industry in March 2015 by claiming the leadership in low-power Cortex-M IoT design.

Atmel’s SAM L21 became the lowest power ARM Cortex-M microcontroller when it topped the EEMBC benchmark measurements. It’s plausible that another MCU maker takes over the EEMBC benchmarks in the coming months. However, according to Atmel’s Eieland, what’s important is the range of power-saving options that an MCU can bring to product developers.

“There are many avenues to go down on the low path, but they are getting complex,” Eieland added. He quoted features like multiple clock domains, event management system and sleepwalking that provide additional levels of configurability for IoT product developers. Such a set of low-power technologies that evolves in successive MCU families can provide product developers with a common platform and a control on their initiatives to lower power consumption.

3. Coping with Digital Insecurity

In the IoT environment, multiple device types communicate with each other over a multitude of wireless interfaces like Wi-Fi and Bluetooth Low Energy. And IoT product developers are largely on their own when it comes to securing the system. The IoT security is a new domain with few standards and IoT product developers heavily rely on the security expertise of chip suppliers.

Atmel offers embedded security solutions for IoT designs.

Atmel, with many years of experience in crypto hardware and Trusted Platform Modules, is among the first to offer specialized security hardware for the IoT market. It has recently shipped a crypto authentication device that has integrated the Elliptic Curve Diffie-Hellman (ECDH) security protocol. Atmel’s ATECC508A chip provides confidentiality, data integrity and authentication in systems with MCUs or MPUs running encryption/decryption algorithms like AES in software.

4. Power of the Platform

The popularity of 8-bit AVR microcontrollers is a testament to the power of the platform; once you learn to work on one MCU, you can work on any of the AVR family microcontrollers. And same goes for Atmel’s Smart family of microcontrollers aimed for the IoT market. While ARM shows a similarity among its processors, Atmel exhibits the same trait in the use of its peripherals.

Low-power SAM L21 builds on features of SAM D MCUs.

A design engineer can conveniently work on Cortex-M3 and Cortex -M0+ processor after having learned the instruction set for Cortex-M4. Likewise, Atmel’s set of peripherals for low-power IoT applications complements the ARM core benefits. Atmel’s standard features like sleep modes, sleepwalking and event system are optimized for ultra-low-power use, and they can extend IoT battery lifetime from years to decades.

Atmel, a semiconductor outfit once focused on memory and standard products, began its transformation toward becoming an MCU company about eight years ago. That’s when it also started to build a broad portfolio of wireless connectivity solutions. In retrospect, those were all the right moves. Fast forward to 2015, Atmel seems ready to ride on the market wave created by the IoT technology juggernaut.

Interested? You may also want to read:

Atmel’s L21 MCU for IoT Tops Low Power Benchmark

Atmel’s New Car MCU Tips Imminent SoC Journey

Atmel’s Sensor Hub Ready to Wear

---

Majeed Ahmad is author of books Smartphone: Mobile Revolution at the Crossroads of Communications, Computing and Consumer Electronics and The Next Web of 50 Billion Devices: Mobile Internet’s Past, Present and Future.

Take a drive on the IoT with V2V

What platform has become the most sophisticated and intimate personal electronic environment ever? The car. To paraphrase a famous automotive company’s top executive, car companies are transforming the car into a powerful smartphone that allows drivers to carry around, customize, and interact with their digital world. Automotive electronics are currently centered around people (infotainment and communications) and the machine itself (to run the car and provide safety and convenience). Now a third element is emerging; namely, Vehicle-to-Vehicle (V2V) communications. 

Just like that sounds, cars will soon “talk and listen” to one another — automatically. They will share information like proximity, speed, direction, road conditions, as well as other things that have yet to been imagined. The chief driver of V2V is signaling impending collisions so that the cars can automatically take countermeasures. That, of course, means the V2V network will become a critical technology for self- and assisted-driving cars.

While it may seem revolutionary, V2V is really an evolutionary branch of Internet of Things (IoT) technologies, which are creating a world where smart, secure, and communicating, sensors will become ubiquitous in planes, trains, and automobiles; inside homes; inside commercial buildings; on highways; in cities and towns; in agriculture; in factories; in retail spaces; and worn by and implanted in humans and animals. The Internet of Things could eventually connect everything from cars to cats.

A term that is being used to describe the technologies making such a smart, sensor saturated world is “sensor dust,” which captures the Zeitgeist that super tiny, smart, communicating sensors will be everywhere — like dust.  Sensors, of course, are never just sensors. They are always connected to other things–mainly microcontrollers (MCUs). With the advent of ultra-low power and energy harvesting technology, the sensor-MCU combination has become an ideal, clear, and present foundation for widespread sensor roll out. Sensing often implies by its very nature detection and communication from a distance, and that is where wireless communication comes into play.

The dark side is that remote sensing and communication open the door very wide for bad actors who want to intercept, spoof, and misuse the data streaming freely through the air. So, security (encryption and/or authentication) becomes the final piece of the picture, and arguably the element that makes IoT even possible to be widely adopted. Huge amounts of information are already being collected every day about traffic flow from phone users worldwide (without their knowing it). Such storehouses of data can be mined real time and used to provide personal traffic reports to subscribers while driving. At least that is the story. As the car moves from one place to the other, social networking can be effectuated in real time to locate friends or certain activities and happenings (automotive flash-mob, anyone?). But, what consumers really want their whereabouts and other information out in the open in a completely uncontrolled way? No one. People are becoming extremely sensitive to data insecurity and there is a growing need to trust how the information that is being collected will be used. Without some type of trust, the IoT could be doomed. Maybe the term “Internet of Trust” should be coined to make that point obvious.

V2V & IoT

The evolution of V2V and IoT are intimately related because they both will be composed of the very same technological blocks. The overlap is easy to see.  The foundational components of each are miniaturized MCUs, sensors, wireless technology, and security devices that operate using ultra low power. Describing IoT and V2V as equations, they could be expressed in the following way:              

 IoT = (MCU + Sensor + Security + Wireless) ^{Low Power}              

V2V = IoT + Car

Equation one might imply that companies that can integrate the factors will lead in the build-out of the IoT market. Equation two effectively states that V2V is the IoT on wheels. In any case, there are certain basic blocks that must be integrated, and they must be integrated in the right way for the particular use-case. IoT and V2V design flexibility and time to market will matter, a lot.  (But that is a topic for another time.) The growth of the connected car platform is expected to be remarkable. That makes sense since the car is the one place that GPS/NAV systems, smart phones, tablets, DVDs, CDs, MP3s, Bluetooth, satellite radio, high power stereo amps, speakers, voice control, and the Internet can all come together and interact with each other.

Such convergence is making the car into an advanced personal hub. Market researchers have estimated that revenue for the connected car market will grow from $17 billion in 2012 to $54.5 billion in 2018 for hardware and services (telematics, telecom, and in-vehicle). Unit sales of embedded, tethered, and smartphone equipped cars are expected to grow from around 10 million units in 2012 to 67 million by 2018, with over 50% of that volume being embedded systems that are controlled by media and sensor control systems.

Media control systems are not only becoming a standard feature in new cars, but according to consumer electronics and auto industry researchers, a chief reason that people are selecting certain cars over others. Electronics are becoming a main forethought rather than a minor afterthought for car buyers. Sophisticated electronic systems are becoming mandatory, and this powerful dynamic will only accelerate as more electronics products, features, and services are sped to the market by the car makers, consumer electronics companies, smartphone makers, and software providers.

However, all this electronic stuff has presented a huge challenge, which is safety. Using products such as the cell phone in the car actually interferes badly with driving. Anyone who has placed a call, or even worse tried to text while driving (and who hasn’t), can testify to the fact that dial-driving is a bad idea. So, what can be done to get cars electronics, phones, and humans to play well together in a safe way? The solution has been summed up succinctly by the CEO of a major auto maker who refers to in-car control systems as being able to free the user from the tyrannies and dangers of messing with that little phone while you drive. Rather than a car and phone (and other electronics) being at odds with each other, the car is transforming into the newest electronic platform: one that is highly integrated, easy to use, and distinct from anything else to date. It is easy to see that the emerging alloyed car-plus-consumer platform is primed for cars to talk to one another without the need of human intervention.

The list of electronics functions in cars is evolving fast and will likely include multi-person gaming; GPS with location-based services such as real time traffic and road condition updates; vehicle monitoring for maintenance status, performance, and eco-friendliness; vehicle and personal security; connection to home control/security systems; social networking opportunities related to location, and especially safety. In fact, the US Deportment and Transportation (DoT) and National Highway Traffic Safety Administration (NHTSA) are partnering with research institutions and auto companies to collaborate on technology development and interoperability of V2V to promote traffic safety. V2V can transform the automotive experience more than anything since Henry Ford’s assembly line made cars available to the working class. The notion of a car driving itself still sounds like pure science fiction, but prototypes are already driving themselves. So, it is just a question of time before we have auto-automobiles. (auto²mobiles) where you simply have to tell your personal digital assistant where you want to go, then take a seat in your personal infotainment pod until you get there.

But, well before that happens we will see significant improvements in safety due to V2V. It is clear that the lucrative auto electronics platform is already right in the sights of all car makers, and they clearly plan to take it to the next level and the next level after that, with no end in sight.  As noted, electronic things sell cars, and more advanced electronics will show up in the more advanced cars. Then, last year’s advanced systems will naturally move down-market, so even more advanced systems will be needed for next year’s up-market cars. This endless cycle of innovation will drive automotive companies to create V2V and self-driving ecosystems sooner rather than later. As we move towards the self-driving omega-point we will see V2V and IoT showing up very early in the journey.

V2V (the IoT on wheels) will make it hard to tell where the car ends and the phone, tablet, computer, and sensors begin.

Interested in learning more about Atmel’s automotive portfolio? Check out our automotive-qualified category breakdown below:

• Microcontrollers (MCUs)
• 
Serial EEPROMs

• Touch (maXTouch)
• Broadcast radio
• 
CAN/VAN networking
• Car access
• Drivers/high temperature ICs
• 
Battery management
• LIN networking

You can’t spell “cryptography” without a “why”

When considering adding cryptography to an embedded system (or any other information system) manufacturers always ask: “Why do I need cryptography?” That is, unless they have already been burned by a security breach. The answer is quite simple: “Because you have a lot to lose and the dangers are multiplying every day.”

Perhaps some of the closest analogies are driving without auto insurance, owning a house without fire and casualty insurance, living without health insurance…well, you get the picture. The point is, intentionally leaving an embedded system exposed to hacking, malware and cloning to save cost is simply not prudent from a financial perspective. Of course, safety, liability and brand equity also matter – a lot.

Cutting to the chase, dangerous exposure is directly linked to how exposed the cryptography key is to being accessed by unintended parties such as hackers and cyber-criminals. This has to do with how the key is stored. However, before we explore this topic, let’s look at the bigger picture.

The answer to “why” for product manufacturers? They need to protect their development investment, brand image and revenue in an increasingly hostile cyber-world replete with bad actors. As we noted in a previous article, the number of active Internet threat groups being tracked has risen to over 300, which is more than 400% higher than in 2011.  Nation-states have become hyper-active in cyber-espionage and cyber-attacks. This is because it is now possible to literally upload damage to a target, which is kind of a science fiction scenario come true.

In the same vein, secret information is easily downloaded. More than 95% of networks have become compromised in some way, and directed attacks will only get worse as mobile platforms continue to expand worldwide.

Vulnerable systems placed on the Internet are currently being compromised in less than 15 minutes. Frankly, these statistics aren’t really a surprise given the wildly disproportionate cost / ”benefit” of cyber meddling, which is devilishly tempting to malicious operators.

It is clear from the above statistics that hostilities have already broken out and cryptography is the best available shield—perhaps the only one.

Now that we have looked at the “why” in cryptography, what about the “what?” What is cryptography? Let’s focus on the two pillars of cryptography, which are described below:

      1. Authentication  

•   Making sure the data source is what it is supposed to be.

      2.  Encryption/decryption

•   Scrambling and descrambling data so only an intended receiver can see it.

Both encryption and authentication are contingent upon keeping secret keys secret. This is the key point.

However, there are many different encryption algorithms, types of authentication schemes, architectures and applications. There is also the choice of how to store the encryption keys. The last point – key storage – is probably the most significant consideration manufacturers can make regarding security.

In essence, cryptographic security is a function of three critical factors:

1. The length of the key used by the cryptographic algorithms,
2. The mathematical operations of the cryptographic algorithms, and
3. How securely the keys are stored (i.e. how vulnerable the keys are to attack).

Since the strength of security depends upon the key size and the specific mathematical properties of the algorithms, various combinations of key sizes and algorithms can potentially be stronger or weaker than any other combination. Meaning, manufacturers have to select one and the other according to their requirements. However, if the keys are not securely stored, well, then none of it matters all that much.

If the keys are not kept secret, then the information can be obtained by unintended outside parties, which defeats the entire purpose. Right? As such, the memory where the key is stored must be able to withstand attacks that try to read the key(s). Such attacks are always underway somewhere, which is a sad but true fact. Fortunately, hardware security devices, like Atmel CryptoAuthentication products, offer a proven method of protecting secret keys that not only restricts access, but also provides key generation and management.

Similarly, storing keys in general purpose (i.e. unsecured) memory in any system leaves the keys open to theft or authorized use via multiple paths. By definition, any system’s software must have access to memory, so any type of bug in the software can inadvertently reveal the key. Just look at the Heartbleed bug as an example. Specialty hardware devices, like CryptoAutentication products are designed for the express purpose of securely storing hardware keys. They do this by utilizing special defense mechanisms that only hardware can provide to repel attacks of various types.

As we’ve previously discussed on Bits & Pieces, secure storage in hardware beats general purpose storage every time. So, the “why” and “what” of cryptography boils down to this: Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software and hardware products from cloning, counterfeiting, hacking and other malicious threats.

The key to security is protecting the key. Plus, hard protection beats soft protection. It is that simple. This is precisely why Atmel’s ATSHA204A, ATECC108A and ATAES132 are all designed for secure authentication by providing a hardware-based storage location with a range of proven physical defense mechanisms, as well as secure cryptographic algorithms and processes. They represent over three generation of hardware security know-how, and experience matters when dealing with real world attacks.

Future Bits & Pieces posts will examine authentication schemes such as asymmetric and symmetric, and how Atmel key storage devices operate in the real world.

Hardware key storage stops the bleeding

The Heartbleed security bug is a really big deal, especially given today’s hyper-connected, information obsessed society. This nasty bug, which has been characterized as “catastrophic” by industry gurus, permits anyone on the Internet to access the memory of systems using various versions of OpenSSL software. This is ironic since that very software was specifically designed to protect data.

Nevertheless, Heartbleed exposes secret keys used for authentication and encryption, which are the two primary foundations of how security is generally ensured. By exposing keys Heartbleed thus exposes actual data, user names, and user passwords to anyone. This is virtually everything. Ouch!   Attackers (i.e. hackers, cybercriminals, spies, state-sponsored electronic armies, and others with malevolent intent) can observe and steal data without a trace, which is virtually the literal industry definition of the term “man-in-the-middle” attack.

The threat that Heartbleed represents has rightly gained widespread attention. Fortunately, such attention has stimulated a major market reaction and lead to whole scale changing of user passwords, proliferation of patches, and other fixes. It has also brought the need for more extensive code testing into the open. Heartbleed and other major security revelations are making people look at security much more seriously, which also extends to embedded systems.

Frankly, it is about time. Embedded system insecurity gained major notoriety recently with the revelation that commercial WiFi routers have old and buggy firmware that can be used as a back door into home and commercial networks. Such loopholes were in fact used by a criminal organization in Eastern Europe to steal cash. The risk was amplified by the revelation that mischievous “agencies” tasked with collecting and processing information without permission can exploit the vulnerabilities at will.

Embedded system firmware insecurity affects individuals, institutions, governments, and corporations—which is pretty much everyone. Highly respected market researchers have noted that bad behavior and bad actors are running rampant. For example, the number of active threat groups being tracked has risen to over 300, which is more than 400% higher than in 2011. Nation-states have become hyper-active in cyber-espionage and hacking. This is because it is now possible to literally upload damage to a target, which is kind of a science fiction scenario come true.

In the same vein, secret information is easily downloaded, especially with security vulnerabilities from Heartbleed, router back-doors, and others. More than 95% of networks have become compromised in some way, and directed attacks will only get worse as mobile platforms continue to expand worldwide. An unnerving figure is that vulnerable systems placed on the Internet are being compromised now in less than 15 minutes. That is not really a surprise given the wildly disproportionate cost / ”benefit” of cyber meddling, which is devilishly tempting to malicious operators.

The security situation is extremely complicated for embedded systems because embedded firmware is highly fragmented, difficult to update, hard to track, often obsolete, hard to access, and employs a wide range of processors and code languages. The router loopholes mentioned above are in fact a direct expression of the vulnerabilities endemic to embedded systems and the severe damage those vulnerabilities can cause downstream. It is now clear that embedded system vulnerabilities affect everyone. So, the question becomes, “What can be done to increase security in embedded systems?”

As Heartbleed and cyber attacks have illustrated, encryption and authentication keys must be protected. There is no other option. Cryptography may be mathematically and systematically ultra-detailed and uber-complicated, but the most important and fundamental security concept is beyond simple: namely, “Keep the secret keys secret.”  The best way to do that is to lock the secret keys in protected hardware devices.

Hardware key storage beats software key storage every time, which is one of the “key” lessons of the recent vulnerability revelations. But how does an embedded system manufacturer ensure their products are secure and protected from attack? Fortunately, the solution is simple, available, and cost effective, and that is to use hardware key storage devices such as Atmel’s ATSHA204A, ATECC108A  and ATAES132.

These products are all designed to secure authentication by providing a hardware-based storage location with an impressive range of proven physical defense mechanisms, as well as secure cryptographic algorithms and processes. Go to the links above for more details or the introduction page CryptoAuthentication.

Future Bits & Pieces posts will describe the different types of authentication and the various steps that the devices and associated processors implement.