Tag Archives: ATSHA204

The CryptoShield is a dedicated security peripheral for the Arduino


This shield adds specialized ICs that will allow you to implement a hardware security layer to your Arduino project.


With the insecurity of connected devices called into question time and time again, wouldn’t it be nice to take comfort in knowing that your latest IoT gadget was secure? A facet in which many Makers may overlook, Josh Datko has made it his mission to find a better way to safeguard those designs — all without hindering the contagious and uplifting DIY spirit. You may recall his recent collaboration with SparkFun, the CrytpoCapewhich debuted last year. This cape was a dedicated security daughterboard for the BeagleBone that easily added encryption and authentication options to a project.

13183-01

Well now, Datko has returned with his latest and greatest innovation — the CryptoShield. Just like its cousin, the shield is a dedicated security peripheral, but for the highly-popualar Arduino platform instead. It adds specialized ICs that perform various cryptographic operations that will allow users to implement a hardware security layer to their Arduino project.

“It also is a nice device for those performing embedded security research. Needless to say this is a great product for those of you who are interested in computer security,” SparkFun notes.

13183-04

Each CryptoShield is packed with a slew of hardware on-board, including a real-time clock (RTC) module to keep accurate time, a Trusted Platform Module (AT97SC3204) for RSA encryption/decryption and signing in the hardware, an AES-128 encrypted EEPROM (ATAES132), an ATSHA204 authentication chip that performs SHA-256 and HMAC-256, and an ATECC108 that handles the Elliptic Curve Digital Signature Algorithm (ECDSA). Unlike its older cousin, though, the prototyping portion of this unit has been reduced. However, for what it may have lost, it has surely gained in other areas. For one, the CryptoShield now features an RFID socket that works best with a ID-12LA module.

“Each shield will need to have headers soldered on once you receive it. We prefer to give you the choice of soldering on stackable or non-stackable headers, whatever fits best for you project. The only other items you will need to get the CryptoCape fully functional are a dev board that supports the Arduino R3 form-factor and a CR1225 coin cell battery,” SparkFun adds.

13183-03

We should also point out that, at the moment, the CryptoShield can only be shipped within the United States. And just like with the CryptoCape, a portion of every sale is given back to SparkFun’s hacker-in-residence Josh Datko for continued development of new and exciting cryptographic tools, such as this one.

Intrigued? Hurry over to SparkFun’s official page here. We’ll have more insight from Datko himself in the coming days!

Neobase is a cloud-free private social network device


Neobase is turning the concept of a social media upside down, shifting the balance of ownership, control and security back to users. 


It’s nearly impossible to envision a time when social media didn’t exist. From how we receive our news to how we engage with friends and family, sites like Facebook and Twitter have truly revolutionized the way in which we interact with the world around us. Given our modern-day state of interconnectivity, it seems like just about everything we see, do and feel is shared online. However, as recent breaches have made apparent, do we truly know who has access to all of that content? Fortunately, the Neone crew has designed a solution that hopes to rid this problem.

dff526cf715c202ab3363d9a5bfb010d_original

Billed as the world’s first private network device, Neobase is an encrypted, cylindrical gadget that allows owners to create an online community that only they control. Sharing with friends and family is seamless as users decide exactly what to share and who to share it with. And unlike many services before, the unit doesn’t rely on the cloud. Instead, all posts, comments, links, photos and files shared are stored on a user’s Neobase. This keeps information protected as it never has to pass through a website, a third party vendor or the cloud — and theoretically, cuts out the middlemen. What’s more, an Atmel ATSHA204 crypto engine plays an integral role in establishing its secure architecture.

“This means that no one — not even us here at Neone  — can know anything about you, your activities or what you share. Neone doesn’t host or operate your social network. You do,” the team writes.

Neobase’s plug-and-play functionality makes it easy to install and even easier to use. To get started, owners simply connect the device to their in-home network via Wi-Fi or Ethernet and begin assigning up to five family and friends as additional users. You can even connect with other Neobase users in the Neone Network if you choose.

neone2

As posts are created, users can pick and choose specific friends from their network that will be able to see the content and any links, photos and files associated with it. Neobase then syncs directly to the other Neobase units that information is being shared with, and only relays the specific content that has been selected.

Beyond that, the folks at Neone have developed the device so that, no matter where a user is located and how they are connected while on-the-go, the Neobase mobile app uses a fully-encrypted connection that links directly to their respective Neobase. Once again, no cloud required.

“The decentralized, peer-to-peer architecture of the Neone Network is a fundamental change in how your activities and information are stored and shared on the Internet, making it the heart of the Neobase’s security and privacy,” the team adds. “We’ve added additional security technology and encryption throughout the Neobase. Your computer or mobile device uses a secure SSH tunnel to connect to your Neobase and the Neone Network, which is much more secure than a browser with SSL.”

28944822a9c260068063d534672f4c09_original

Given its sleek, polished white design and compact size (6″ tall with a diameter of 3.5” and weighs only 15 ounces), Neobase will be a welcomed, aesthetically-pleasing addition to any living room, office or dorm room. The device itself offers one Terabyte of storage and a USB port for expanding storage. The drive runs a customized version of Linux to support its social networking functions.

Sound like something you and your family would like to have? Neobase is currently live on Kickstarter, where its team is seeking $100,000. If all goes to plan, shipment is expected to begin by August 2015.

Scout is a 3D-printable, Flutter-based RC car


This remote control car is screwless, wireless, and full of awesomeness. 


Certainly not new to the Maker Movement, Taylor Alexander has spent a life of hacking and transfiguring electronics. At the early age of five, he would break objects down and rebuild them as something entirely different. This included taking parts from old cameras and stereos, then transforming them into electric cars.

banner_sm

Born out of his own frustration as to how difficult it was to wirelessly connect two Arduino boards, the Maker went on to invent Flutter, which not only gained enormous popularity among the DIY crowd but garnered just over $150,000 on Kickstarter back in 2013. The $36 wireless Arduino with a half-mile range lets users develop mesh networking protocols and connected devices in an efficient yet inexpensive manner.

As you can imagine, the processor is perfect for an assortment of applications, like robotics, consumer electronics, wireless sensor networks and educational platforms. Flutter is packed with a powerful Atmel | SMART SAM3S Cortex-M3 MCU, while an ATSHA204 crypto engine keeps it protected from digital intruders. This enables Makers to easily (and securely) build projects that communicate across a house, a neighborhood and beyond, as in the case of the 3D-printable remote control car named Scout.

flutter-1-1024x683

Scout is an experimental vehicle that can be constructed by anyone using a 3D printer with at least 165mm of travel in one axis. The original prototypes were printed using an ATmega2560 based Ultimaker, a Maker-friendly machine which he highly recommends. Impressively, Scout doesn’t use any screws, and instead, simply snaps together using interlocking parts and clips. This allows the whole vehicle to be disassembled and reassembled in just a few minutes.

The current vehicle was crafted pretty quickly over the course of a few weekends as a mere proof-of-concept. What this means is that it admittedly comes with a few flaws, for the moment at least. However, the Maker does encourage his fellow Github community to share their input to help improve its design. Despite the flaws, which Alexander reveals below, the car is quite capable. So much so that it can even pull off 10-foot wheelies. How ‘bout that?!

scout-main-1024x683

“A short list [of flaws include]: The right angle mounting of the motor creates a week point with the bevel gears. The wheels are supposed to slip on, but using my printer they need to be hammered into place with a mallet. The steering requires a piece of bent piano wire, and should be replaced with a printed linkage. The body shell easily comes off, and so tape should be wrapped around the body of the system. There is no hole in the body shell for a power switch, so without modification the tape needs to be cut to toggle power. After agressive driving the motor gets hot and eventually wiggles in its mount,” he writes.

Aside from the Flutter wireless board, the project consists of eight 608 Skate bearings, a metal gear servo, a brushless quadcopter motor, a quadrotor propeller adapter, four toy car tires, and of course, some batteries and other electronic components. To see how Alexander put these pieces together, well you’ll have to head over to his Github page here. In the meantime, watch it in action below!

Connect and control your IoT devices with the SmartEverything dev board


Arrow’s latest development board is optimized for Internet of Things connections.


Arrow Electronics has launched an Atmel | SMART based development board packed with sensor options, communication interfaces and connection to the cloud for Internet of Things (IoT) designs.

Chip1

The board, which is aptly named SmartEverything, utilizes the SIGFOX global network cellular connectivity solution to enable access to the IoT.

SmartEverything is equipped with an Atmel | SMART ARM Cortex-M0+ based CPU USB host orchestrator chip to manage traffic between peripherals, while an Atmel CryptoAuthentication device (ATSHA204) enables the implementation of a full security SHA-256 hash algorithm with message authentication code.

Additional features of the dev board include STMicroelectronics proximity, humidity, temperature and acceleration sensors, a TDK Bluetooth Low Energy interface for short-range connectivity, and an NXP NFC tag with I2C serial interface for authentication. A Dynaflex 868MHz antenna and Linear Technology power management devices are also incorporated.  

Diagram

 

What is Ambient Security?

New technology and business buzzwords pop up constantly. Hardly a day goes by that you don’t see or hear words such as “cloud”, “IoT,” or “big data.” Let’s add one more to the list: “Ambient security.”

Ambient 1

You’ll notice that big data, the cloud, and the IoT are all connected, literally and figuratively, and that is the point. Billions of things will communicate with each other without human intervention, mainly through the cloud, and will be used to collect phenomenal and unprecedented amounts of data that will ultimately change the universe.

As everything gets connected, each and every thing will also need to be secure. Without security, there is no way to trust that the things are who they say they are (i.e. authentic), and that the data has not been altered (i.e. data integrity). Due to the drive for bigger data, the cloud and smart communicating things are becoming ambient; and, because those things all require security, security itself is becoming ambient as well.  Fortunately, there is a method to easily spread strong security to all the nodes. (Hint: Atmel CryptoAuthentication.)

Big Data

At the moment, big data can be described as the use of inductive statistics and nonlinear system analysis on large amounts of low density (or quickly changing) data to determine correlations, regressions, and causal effects that were not previously possible. Increases in network size, bandwidth, and computing power are among the things enabling this data to get bigger — and this is happening at an exponential rate.

Big data became possible when the PC browser-based Internet first appeared, which paved the way for data being transferred around the globe. The sharp rise in data traffic was driven to a large extent by social media and companies’ desire to track purchasing and browsing habits to find ways to micro-target purchasers. This is the digitally-profiled world that Google, Amazon, Facebook, and other super-disruptors foisted upon us.  Like it or not, we are all being profiled, all the time, and are each complicit in that process. The march to bigger data continues despite the loss of privacy and is, in fact, driving a downfall in privacy. (Yet that’s a topic for another article.)

Biggering

The smart mobile revolution created the next stage of “biggering” (in the parlance of Dr. Seuss). Cell phones metamorphosed from a hybrid of old-fashioned wired telephones and walkie-talkies into full blown hand-held computers, thus releasing herds of new data into the wild. Big data hunters can thank Apple and the Android army for fueling that, with help from the artists formerly known as Nokia, Blackberry, and Motorola. Mobile data has been exploding due to its incredible convenience, utility, and of course, enjoyment factors. Now, the drive for bigger data is continuing beyond humans and into the autonomous realm with the advent of the Internet of Things (IoT).

biggering 1

Bigger Data, Little Things

IoT is clearly looking like the next big thing, which means the next big thing will be literally little things. Those things will be billions of communicating sensors spread across the world like smart dust — dust that talks to the “cloud.”

big data

More Data

The availability of endless data and the capability to effectively process it is creating a snowball effect where big data companies want to collect more data about more things, ad infinitum. You can almost hear chanting in the background: “More data… more data… more data…”

More data means many more potential correlations, and thus more insight to help make profits and propel the missions of non-profit organizations, governments, and other institutions. Big data creates its own appetite, and the data to satisfy that growing appetite will derive from literally everywhere via sensors tied to the Internet. This has already started.

Sensors manufacture data. That is their sole purpose. But, they need a life support system including smarts (i.e. controllers) and communications (such as Wi-Fi, Bluetooth and others). There is one more critical part of that: Security.

No Trust? No IoT! 

There’s no way to create a useful communicating sensor network without node security. To put it a different way, the value of the IoT depends directly on whether those nodes can be trusted. No trust. No IoT.  Without security, the Internet of Things is just a toy.

What exactly is security? It can best be defined by using the three-pillar model, which (ironically) can be referred to as “C.I.A:” Confidentiality, Integrity and Authenticity.

pillars

CIA

Confidentiality is ensuring that no one can read the message except its intended receiver. This is typically accomplished through encryption and decryption, which hides the message from all parties but the sender and receiver.

Integrity, which is also known as data integrity, is assuring that the received message was not altered. This is done using cryptographic functions. For symmetric, this is typically done by hashing the data with a secret key and sending the resulting MAC with the data to the other side which does the same functions to create the MAC and compare. Sign-verify is the way that asymmetric mechanisms ensure integrity.

Authenticity refers to verification that the sender of a message is who they say they are — in other words, ensuring that the sender is real. Symmetric authentication mechanisms are usually done with a challenge (often a random number) that are sent to the other side, which is hashed with a secret key to create a MAC response, before getting sent back to run the same calculations. These are then compared to the response MACs from both sides.

(Sometimes people add non-repudiation to the list of pillars, which is preventing the sender from later denying that they sent the message in the first place.)

The pillars of security can be  implemented with devices such as Atmel CryptoAuthentication crypto engines with secure key storage. These tiny devices are designed to make it easy to add robust security to lots of little things – -and big things, too.

So, don’t ever lose sight of the fact that big data, little things and cloud-based IoT are not even possible without ambient security. Creating ambient security is what CryptoAuthentication is all about.

Secure your hardware, software and IoT devices

Evident by a recent infographic published by Forbes, it appears people are finally cognizant of the urgent need for security. It’s clearer than ever that hacking has become a real problem over the web and into electronic devices. With the emergence of the Internet of Things (IoT), we consistently find ourselves connecting these gadgets and gizmos to the web. As a result, security becomes a key issue throughout the entire chain.

Analog Aficionado Paul Rako recently had the chance to catch up with Bill Boldt, Atmel’s resident security expert, to explore the latest threats and trends in security as well as how Atmel can help secure products across the spectrum. Not in the reading mood? There’s a pretty sweet playlist of all the footage from the 1:1 interview here.

In the first segment of the interview, Boldt discusses how an engineer or designer can use Atmel’s CryptoAuthentication chips to ensure that the accessories to a particular product are genuine. Here, the security expert talks about using symmetrical authentication to certify that only a drill manufacturer’s batteries will work on its own drill.

If you recall, Boldt provided an in-depth exploration into this same demo, which can be found here. Though securing hardware is great, if you wanted, you could make this symmetrical authentication protect any kind of plug-in or device, even if it is not electronic. In fact, this safeguard is used on things ranging from ink cartridges to e-cigarettes; moreover, medical device manufactures love this technology since it protects them from liability from knockoff products.

This can help secure products with add-ons or attachments, but an even greater value for hardware security comes when you use these chips to make sure that your device has not had its code or operating system hijacked. Since the interface between the microcontroller and the crypto chip is only sending a random number from the micro, and the one-time result from the crypto chip in response, snooping on the SPI port will not help you crack the code. Now, your microcontroller firmware can query the chip and ensure that it indeed gets the proper result — if someone attacks the firmware and puts their own code, it won’t execute since it cannot get past the protected part of the chip code that has to get a valid response from the crypto chip.

You can extend this to secure downloads as well. As long as your code requires the downloaded segment to query and respond to the tiny crypto chip, only your code will work since only you know the secret key programmed into the chip.

“As a hardware engineer, I am just as fascinated by the cool packages we use as well as all the math and firmware algorithms,” says Rako.

In the subsequent video of the interview, Boldt describes the packaging for the crypto chips, in addition to a unique three-pad package manufactured by Atmel that does not need to be mounted on a circuit board at all.

During the segment, Boldt also delves deeper into some security scenarios for the IoT, incuding some great analogies. Furthermore, the security guru reminds viewers that these Atmel CryptoAuthentication chips will work with any company’s microcontroller, not just Atmel’s.

One thing you hear bandies about in security are the dissimilarities between both symmetric and asymmetric. The aforementioned drill demo was symmetric, since both the drill and the battery had the secret key programmed into the MCU and the crypto chip, respectively. Here, Boldt expands on the topic and how Atmel does all the hard math so you don’t have to worry about it.

Concluding his interview with Rako, Boldt addresses the fact that you can use the crypto chip not only in a drill, but in the charger as well to guarantee that only your OEM charge will charge your OEM batteries. The resident security expert wraps up by noticing that people can counterfeit those holograms on a product’s box, but they can’t hack hardware security chips.

Interested in learning more? Explore hardware-based security solutions for every system design here. Look to secure the full stack? You can receive a FREE Atmel CryptoAuthentication™ development tool. For more in-depth analysis from Bill Boldt, you can browse through his archive on Bits & Pieces

The password insecurity complex

Cartoon 2

The thing about passwords is that their whole purpose is to provide security. But passwords are hardly secure themselves, as we all know now due to the recent string of breaches… Once passwords get out into the clear, it’s like Christmas for cyber-criminals. So what we need are secure passwords… obviously.

Passwords are big fat target for hackers. The fact that Target stores were the “target” of hackers it is almost poetic. Heartbleed is another dangerous example of private information being bleeding out into the open. An unsecured password  is sort of like leaving your keys in the car on the street in a really bad neighborhood. In cyber-city, where all of us now live, every neighborhood is really bad. So, what can you do? Why not try to embed some hardware security to protect passwords? In fact, it’s rather easy to do with hardware key storage devices like Atmel CryptoAuthentication. Hardware key storage devices lock up the password and keep it from getting out of the system where it is entered, such as from a computer or ATM keyboard. In such an example, the only things that get transmitted between the keyboard and the authorizing system are cryptographic information; Specifically, what is transmitted is a random number from the crypto device to the keyboard system and cryptotographically processed response in the opposite direction. Let’s take a closer look at the details via the video below.

The platform here is a keyboard entry device on one side and the secure key storage device (in this case the ATSHA204A) on the other. The input could be from a smartphone or other things as well. The password is securely stored in the protected hardware memory which protects against hackers reading it. The secure memory is in the ATSHA204A device. When the password is entered into the keyboard, it automatically tells the remote device with the secure memory chip to send a random number challenge to the keyboard machine. The keyboard machine hashes the random number with the password that was just entered to create a digest using a cryptographic algorithm (e.g. SHA256). That digest is called the “response” (meaning the response to the challenge that was sent over). That response is then sent to the ATSHA204A for comparison to a calculation using the same random number and the stored password on the ATSHA204A. If the response and the hash on the ATSHA204A are the same, the password was correct (real) and the operation of the device connected to the keyboard is therefore allowed.

Secure password protection r0

As you can see, the value of this operation is that a the only places the password go are into the system connected to the keyboard (the local system) and the secure, protected.

Benefits of secure password protection:

  • Easy to implement
  • Secret storage is completely secure
  • Password is never in the clear
  • Several Passwords can be stored in the ATSHA204A (up to 16 slots)

atmel_crypto_496x163

Atmel CryptoAuthentication™ products, such as ATSHA204AATECC108A  and ATAES132, implement hardware-based storage, which is much stronger then software-based due to the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software, and hardware products from cloning, counterfeiting, hacking, and other malicious threats.

Interested in learning more about Atmel CryptoAuthentication™ products? Read some of our latest articles in the Bits & Pieces archive here.