The CryptoCape extends the hardware cryptographic abilities of the BeagleBone Black.
With the insecurity of connected devices called into question time and time again, wouldn’t it be nice to take comfort in knowing that your latest IoT gadget was secure? A facet in which many Makers may overlook, Josh Datko recently sought out to find a better way to safeguard those designs, all without hindering the DIY spirit. The result? The CrytpoCape — which initially debuted on SparkFun last year — is a dedicated security daughterboard for the BeagleBone that easily adds encryption and authentication options to a project.
Generally speaking, cryptography offers a solution to a wide-range of problems such as authentication, confidentiality, integrity and non-repudiation, according to Datko. SparkFun notes that the $60 Atmel powered cape adds specialized ICs that perform various cryptographic operations, amplifying a critical hardware security layer to various BeagleBone projects.
The CyrptoCape is packed with hardware, including 256k EEPROM with a defaulted I2C address (plus write protection), a real-time clock (RTC) module, a Trusted Platform Module (TPM) for RSA encryption/decryption, an AES-128 encrypted EEPROM, an ATSHA204 CrypoAuthentication chip that performs SHA-256 and HMAC-25 and an Atmel ATECC108 tasked with the Elliptic Curve Digital Signature Algorithm (ECDSA).
Beyond that, each easy-to-use CryptoCape comes with pre-soldered headers making this board ready to be attached to your BeagleBone right out of the box. The only additional item a Maker will need to get the CryptoCape fully-functional is a CR1225 coin-cell battery.
New technology and business buzzwords pop up constantly. Hardly a day goes by that you don’t see or hear words such as “cloud”, “IoT,” or “big data.” Let’s add one more to the list: “Ambient security.”
You’ll notice that big data, the cloud, and the IoT are all connected, literally and figuratively, and that is the point. Billions of things will communicate with each other without human intervention, mainly through the cloud, and will be used to collect phenomenal and unprecedented amounts of data that will ultimately change the universe.
As everything gets connected, each and every thing will also need to be secure. Without security, there is no way to trust that the things are who they say they are (i.e. authentic), and that the data has not been altered (i.e. data integrity). Due to the drive for bigger data, the cloud and smart communicating things are becoming ambient; and, because those things all require security, security itself is becoming ambient as well. Fortunately, there is a method to easily spread strong security to all the nodes. (Hint: Atmel CryptoAuthentication.)
At the moment, big data can be described as the use of inductive statistics and nonlinear system analysis on large amounts of low density (or quickly changing) data to determine correlations, regressions, and causal effects that were not previously possible. Increases in network size, bandwidth, and computing power are among the things enabling this data to get bigger — and this is happening at an exponential rate.
Big data became possible when the PC browser-based Internet first appeared, which paved the way for data being transferred around the globe. The sharp rise in data traffic was driven to a large extent by social media and companies’ desire to track purchasing and browsing habits to find ways to micro-target purchasers. This is the digitally-profiled world that Google, Amazon, Facebook, and other super-disruptors foisted upon us. Like it or not, we are all being profiled, all the time, and are each complicit in that process. The march to bigger data continues despite the loss of privacy and is, in fact, driving a downfall in privacy. (Yet that’s a topic for another article.)
The smart mobile revolution created the next stage of “biggering” (in the parlance of Dr. Seuss). Cell phones metamorphosed from a hybrid of old-fashioned wired telephones and walkie-talkies into full blown hand-held computers, thus releasing herds of new data into the wild. Big data hunters can thank Apple and the Android army for fueling that, with help from the artists formerly known as Nokia, Blackberry, and Motorola. Mobile data has been exploding due to its incredible convenience, utility, and of course, enjoyment factors. Now, the drive for bigger data is continuing beyond humans and into the autonomous realm with the advent of the Internet of Things (IoT).
Bigger Data, Little Things
IoT is clearly looking like the next big thing, which means the next big thing will be literally little things. Those things will be billions of communicating sensors spread across the world like smart dust — dust that talks to the “cloud.”
The availability of endless data and the capability to effectively process it is creating a snowball effect where big data companies want to collect more data about more things, ad infinitum. You can almost hear chanting in the background: “More data… more data… more data…”
More data means many more potential correlations, and thus more insight to help make profits and propel the missions of non-profit organizations, governments, and other institutions. Big data creates its own appetite, and the data to satisfy that growing appetite will derive from literally everywhere via sensors tied to the Internet. This has already started.
Sensors manufacture data. That is their sole purpose. But, they need a life support system including smarts (i.e. controllers) and communications (such as Wi-Fi, Bluetooth and others). There is one more critical part of that: Security.
No Trust? No IoT!
There’s no way to create a useful communicating sensor network without node security. To put it a different way, the value of the IoT depends directly on whether those nodes can be trusted. No trust. No IoT. Without security, the Internet of Things is just a toy.
What exactly is security? It can best be defined by using the three-pillar model, which (ironically) can be referred to as “C.I.A:” Confidentiality, Integrity and Authenticity.
Confidentiality is ensuring that no one can read the message except its intended receiver. This is typically accomplished through encryption and decryption, which hides the message from all parties but the sender and receiver.
Integrity, which is also known as data integrity, is assuring that the received message was not altered. This is done using cryptographic functions. For symmetric, this is typically done by hashing the data with a secret key and sending the resulting MAC with the data to the other side which does the same functions to create the MAC and compare. Sign-verify is the way that asymmetric mechanisms ensure integrity.
Authenticity refers toverification that the sender of a message is who they say they are — in other words, ensuring that the sender is real. Symmetric authentication mechanisms are usually done with a challenge (often a random number) that are sent to the other side, which is hashed with a secret key to create a MAC response, before getting sent back to run the same calculations. These are then compared to the response MACs from both sides.
(Sometimes people add non-repudiation to the list of pillars, which is preventing the sender from later denying that they sent the message in the first place.)
The pillars of security can be implemented with devices such as Atmel CryptoAuthentication crypto engines with secure key storage. These tiny devices are designed to make it easy to add robust security to lots of little things – -and big things, too.
So, don’t ever lose sight of the fact that big data, little things and cloud-based IoT are not even possible without ambient security. Creating ambient security is what CryptoAuthentication is all about.
“If you need to add security to your project or you want to learn more about embedded security the CryptoCape adds encryption and authentication options,” the Maker added.
As its webpage notes, the CryptoCape functions as the BeagleBone’s first dedicated security daughterboard. Known as a BeagleBone Cape, the device attaches to the expansion headers of the BeagleBone and “adds specialized ICs that perform various cryptographic operations which will allow you to add a hardware security layer to your BeagleBone project.”
Previously discussed on Bits & Pieces, the CyrptoCape is packed with hardware, including 256k EEPROM with a defaulted I2C address (plus write protection), a real-time clock (RTC) module, a trusted platform module (TPM) for RSA encryption/decryption, an AES-128 encrypted EEPROM, an Atmel ATSHA204 authentication chip that performs SHA-256 and HMAC-25 and an Atmel ATECC108 that performs the Elliptic Curve Digital Signature Algorithm (ECDSA).
The reasoning behind the developer’s choice to use the SHA-256 Authenticator? “It creates 256-bit keys that can be used in keyed Message Authentication Codes (MACs), or HMAC, to prove the authenticity of the device.” In addition, the authenticator allows the device to “implement an anti-counterfeiting system with the exchange of nonces and MACs between other embedded devices.”