Tag Archives: ATECC108A

Introducing the SmartConnect SAM W25 module for edge nodes IoT applications

6 Replies

Now on display at Electronica 2014, the SmartConnect SAM W25 module is the industry’s first fully-integrated FCC-certified Wi-Fi module with a standalone MCU and hardware security from a single source. The module includes Atmel’s recently-announced 2.4GHz IEEE 802.11 b/g/n Wi-Fi WINC1500, along with an Atmel | SMART SAM D21 ARM Cortex M0+-based MCU and Atmel’s ATECC108A optimized CryptoAuthentication engine with ultra-secure hardware-based key storage for secure connectivity.

IMG_5275

With nearly 5 billion connected devices expected next year with another 25 billion predicted by 2020, designers are now demanding more flexible, cost-optimized modules that provide a complete end-point solution from a single vendor. The fully-integrated SAM W25 delivers a secure ‘plug and play’ solution integrating wireless technologies with the design flexibility required for these IoT developers.

The billions of devices in edge nodes IoT applications will be powered by an embedded processing unit such as an MCU, and connected through a secure wireless signal. As more embedded developers start designing IoT apps for smart, secure connected devices, the need for solutions that integrate an MCU, hardware security and pre-certified wireless connectivity solution into one box will become a critical piece of the IoT puzzle; thereby, designers will no longer need wireless or encryption expertise to create an IoT gadget or gizmo.

Atmel’s FCC-, Telec-, IC- and CE-certified SAM W25 is a standalone solution that gives designers an all-in-one platform with a low-power MCU, hardware security and FCC-certified wireless connectivity from a single source. The small packaged module is cost optimized to lower the overall bill of materials for battery-operated applications ranging from remotes to home automation devices and beyond.

“IoT will impact nearly everyone’s lives ranging from their garage to their lighting systems, door locks, thermostats, fitness monitors, medical devices and more,” said Kaivan Karimi, Atmel Vice President and GM of Wireless MCUs. “Every one of these IoT devices will require an integrated edge node solution that delivers an MCU and secure wireless connectivity. Atmel’s SAM W25 delivers just that—a fully integrated secure wireless MCU module with over-the-air upgrade functionality that simplifies the complexities of wireless and security, and gives our customers time-to-market advantage. Atmel is committed to making it easier for IoT designers to bring their latest products to market with fully integrated modules that are ‘out-of-the-box’ ready to use, so developers can focus on developing features that will enhance the consumer experience.”

atmel_winc1500_fb_tc_1200x1200_091714

Key features of the Atmel SmartConnect SAM W25 include

• Turnkey system with integrated software that includes TLS 1.0 and a TCP/IP stack WPA2 personal and enterprise security
• FCC-certified 2.4GHz IEEE 802.11 b/g/n Wi-Fi WINC1500
• Atmel | SMART ARM Cortex M0+-based SAM D21; 256KB Flash; 32KB SRAM
• Serial Peripheral Interface (SPI)
• Over-the-air updates
• ATECC108A CryptoAuthentication engine with ultra-secure hardware-based key storage for secure connectivity

Though the Atmel SAM W25 module won’t be available until December 2014, Electronica attendees can now get a firsthand sneak peek at the ‘plug and play’ solution. To help accelerate design development, Atmel offers a SAM W25 integrated module on an Xplained starter kit platform which will be available next month as well.

The “Key” to Reality

4 Replies

If we wanted to reduce the definition of authentication to its most Zen-like simplicity, we could say authentication is “keeping things real.” To keep something real you need to have some sort of confirmation of its identity, as confirmation is the key (so to speak).

The equation could be as follows:

Identification + Confirmation = Authentication

Confirming or validating the identity of a document, item, data, etc. is what keeping things real is all about. Some of the “things” that can be authenticated with cryptographic methods are mobile, medical, and consumer accessories; embedded firmware; industrial network nodes; and sensors, among others. Soon IoT and vehicle-to-vehicle communication will join in.

Authentication is far more important than many people realize, especially in our growing hyper-connected world that now links billions of people (and things). In cyber-land, authentication is accomplished by deploying cryptographic keys and algorithms. Keys are fundamental to keeping things real—so that is what we mean by “the key to reality.”

Key real 1

There are two primary types of Authentication: Symmetric and Asymmetric. Atmel offers secure key storage devices for both types. These two important techniques take their names directly from whether the keys on each side (i.e. the host and client sides) are the same or different.

Symmetric Authentication

If the same secret key is used on the client and on the host, then the application is symmetric, just like the name suggests. Both of the symmetric keys must be protected because if either one gets out then the security will be lost. This is perhaps analogous to having two sets of car keys. Meaning, losing either one makes it easy for a thief to drive away with your car. So, the secret keys must stay secret.

Key sym

Symmetric Keys are the Same

The identical keys on the host and client are used in mathematical calculations to test the reality of client devices. A very common mathematical calculation that is used is a hash function based upon a cryptographic algorithm (such as SHA). A hash operation produces a hash value (also called “digest”), which is a number of a specified length that is usually smaller than the numbers used as the inputs. A hash is a one-way operation, which means that the inputs cannot be recreated from the hash value.

With symmetric authentication a typical process is to challenge the client device to be authenticated by sending it a random number. The client then puts the random number challenge and a secret key into the hash algorithm to create a hash value, which is known as the “response.” Each challenge will generate a unique response.

It should be noted that cryptographers call a hash of a random number with a secret key a “Message Authentication Code” or “MAC.” The diagram below illustrates this process. Because the host key is the same on the host and client sides, the exact same calculation can run on the host. Once that happens, the hash values (“MACs”) from each can be compared. If the hash values match, the client is considered to be real. You can see that symmetric authentication is really a simple process, but it is loaded with mathematical elegance. Now let’s look at asymmetric authentication.

Hash Value 1

Hashing a Random Number with a Secret Key

 

Asymmetric Authentication.

Asymmetric keys are presented in public-private pairs. More specifically, the public and private keys are related to each other via a mathematical algorithm. An example would be the Elliptic Curve Cryptography (or “ECC”) algorithm. Only the private key has to be securely stored. Because the keys are different, asymmetric authentication cannot use the same calculate-and-compare process as symmetric.

Asymmetric requires more complicated techniques such as making digital signatures that are verified for authenticity (this is called “Sign-Verify”). An example of asymmetric authentication using ECC algorithms is Elliptic Curve Digital Signature Algorithm (or “ECDSA”).  A major benefit of the Atmel ATECC108A device is that it can be used to easily implement ECDSA sign-verify. (The steps of ECDSA are very interesting, but they will be covered in a separate article). Note that an important trade-off between symmetric and asymmetric authentication is the speed of operation. For example, authentication time for the Atmel ATSHA204A is 12ms (typical) for symmetric versus more than a second for many microcontrollers to execute an asymmetric ECDSA operation.

Getting back to the keys:   The secret keys must stay secret. If keys are the keys to authentication (i.e. reality),  then secure storage of the secret keys is the key to SECURE authentication. And that is the real point here.

So the, how is secure storage implemented? The best way is to use hardware key storage devices that can withstand attacks that try to read the key(s). Atmel CryptoAuthentication products such as the ATSHA204AATECC108A  and ATAES132 implement hardware-based storage, which is much stronger than software based storage because of the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software and hardware products from cloning, counterfeiting, hacking, as well as other malicious threats.

For more details on Atmel CryptoAuthentication products, please view the links above  or the introduction page CryptoAuthentication. Future Bits & Pieces articles will take in an in-depth look at how symmetric and asymmetric authentication is accomplished.