SmartEverything is like the Swiss Army knife of IoT boards

---

The SmartEverything dev board is an Arduino form-factor prototyping platform that combines SIGFOX, BLE, NFC, GPS and a suite of sensors.

---

Announced earlier this year, SmartEverything is an IoT development platform from Arrow Electronics. Living up to its name, the latest iteration of the SoC, dubbed the SmartEverything Fox, boasts a familiar Arduino form-factor with an array of factory-bundled I/O ports, sensors and wireless connectivity.

Impressively, the kit combines SIGFOX, Bluetooth and NFC technologies with GPS and a suite of embedded sensors. An Atmel | SMART D21 at its heart is used to integrate the featured devices, while a SIGFOX module provides IoT enablement.

The SIGFOX standard is energy efficient and wide-transmission-range technology that employs UNB (Ultra Narrow Band) based radio and offers low data-transfer speeds of 10 to 1000 bits per second. However, it is highly energy-efficient and typically consumes only 50μW compared to 5000μW for cellular communication, meaning significantly enhanced battery life for mobile or portable smart devices.

A Telit LE51-868 S wireless module gives design engineers access to the rapidly expanding SIGFOX cellular wireless network and covers the 863-870MHz unlicensed ISM band. It is preloaded with the SIGFOX network stack and the Telit proprietary Star Network protocol. What’s more, the Telit cloud management software provides easy connection up to the cloud.

Truly like the Swiss Army knife of the IoT, the SmartEverything board is equipped with: an Atmel Crypto Authentication chipset; an 868MHz antenna; a GPS module with embedded antenna for localizations applications, which supports the GPS, QZSS and GLONASS standards, and is Galileo ready; a proximity and ambient light sensor; a capacitive digital sensor for humidity and temperature measurement; a nine-axis 3D accelerometer, a 3D gyroscope and 3D magnetometer combination sensor; a MEMS-based pressure sensor; an NTAG I2C NFC module; and a Bluetooth Low Energy transceiver.

The SmartEverything measures only 68.8mm x 53.3mm in size, and includes USB connectors, a power jack and an antenna extending that extend the board. The unit can be powered in one of three ways, either through two AA 1.5V batteries (1.4V to 3.2V), a 5 to 45V external supply or a 5V mini-USB connector.

For quick and easy software development, the SmartEverything Fox board is fully supported by the Arduino IDE and Atmel Studio. Can it get any better than that? If you’re looking for an IoT board that does just about everything, you may want to check this SoC out.

Getting up close and personal with symmetric session key exchange

In today’s world, the three pillars of security are confidentiality, integrity (of the data), and authentication (i.e. “C.I.A.”). Fortunately, Atmel CryptoAuthentication crypto engines with secure key storage can be used in systems to provide all three of these.

Focusing on the confidentiality pillar, in a symmetric system it is advantageous to have the encryption and decryption key shared on each side go through a change for every encryption/decryption session. This process, which is called symmetric session key exchange, helps to provide a higher level of security. Makes sense, right?
 

So, let’s look at how to use the capabilities of the ATSHA204A CryptoAuthentication device to create exactly such a changing cryptographic key. The way a key can be changed with each session is by the use of a new (and unique) random number for each session that gets hashed with a stored secret key (number 1 in the diagram below). While the stored key in the ATSHA204A devices never changes, the key used in each session (the session key) does. Meaning, no two sessions are alike by definition.

The video below will walk you through the steps, or you can simply look at the diagram which breaks down the process.

The session key created by the hashing of the stored key and random number gets sent to the MCU (number 2) and used as the AES encryption key by the MCU to encrypt the data (number 3) using the AES algorithm. The encrypted data and the random number are then sent (number 4) to the other side.

Let’s explore a few more details before going on. The session key is a 32 byte Message Authentication Code or “MAC.” (A MAC is defined as a hash of a key and message.) 16 bytes of that 32 byte (256 bit) MAC becomes the AES session key that gets sent to the MCU to run the AES encryption algorithm over the data that is to be encrypted.

It is obvious why the encrypted code is sent, but why is the random number as well? That is the magic of this process. The random number is used to recreate the session key by running the random number through the same SHA-256 hashing algorithm together with the key stored on the decryption side’s ATSHA204A (number 5). Because this is a symmetric operation, the secret keys stored on both of the ATSHA204A devices are identical, so when the same random number is hashed with the same secret key using the same algorithm, the 32 byte digest that results will be exactly the same on the decrypting side and on the encrypting side. Just like on the encrypting side, only 16 bytes of that hash value (i.e. the MAC) are needed to represent the AES encryption/decryption key (number 6). At this point these 16 bytes can be used on the receiving side’s MCU to decrypt the message(number 7).

And, that’s it!

Note how easy the ATSHA204A makes this process because it stores the key, generates the random number, and creates the digest. There’s a reason why we call it a crypto engine! It does the heavy cryptographic work, yet is simple to configure the SHA204A using Atmel’s wide range of tools.

Not to mention, the devices are tiny, low-power, cost-effective, work with any micro, and most of all, store the keys in ultra-secure hardware for robust security. By offering easy-to-use, highly-secure hardware key storage crypto engines, it’s simple to see how Atmel has you covered.

Check your crypto chip with a Saleae logic analyzer

I have already noted the tiny full-function logic analyzer from Saleae. You can imagine my delight when I found this app note written by our security chip group on how to use the Saleae logic analyzer to debug the serial interface with one of our CryptoAuthentication chips, the ATSHA204.

The ATSHA204A includes a 4.5Kb EEPROM divided into 16 slots. This array can be used for storage of keys, miscellaneous read/write, read-only, password or secret data, and consumption tracking. Access to the various sections of memory can be restricted in a variety of ways and then the configuration locked to prevent changes. Access to the chip is through a standard I²C interface at speeds up to 1Mb/sec.

The Saleae logic analyzer has no problem keeping up with these fast speeds. ATSHA204 device supports either a single-wire interface (SWI) or two-wire interface (TWI) depending on the part number.

When you drop the right dll into the Saleae program directory, you will get a menu callout for the Atmel SWI (single-wire-interface).

You use a dll to add the single-wire debug analysis to the Saleae, while the two-wire interface debugging can be handled by the I²C menu pick. So check out the Saleae logic analyser. My buddies tell me it is worth every penny compared to the cheapo stuff on Seeed Studio since the mechanical engineering is so much better on the Saleae, and the quality of the test leads and the capability of the software, which is a huge part of what a logic analyzer does for you these days. It’s one thing to see highs and lows on the screen, but it’s really nice when the logic analyzer tells you what characters are being sent on the wire or wires.

The Saleae logic analyzer comes with high-quality cables and clips.

So check out the Saleae logic analyzers and be sure to secure your systems with a hardware-based security chip. When it comes to securing our intelligent, connected world, there’s no need to fear… Atmel CryptoAuthentication devices are here!

Preview: Atmel to enhance the IoT experience at ESC Brazil 2014

The World Cup and RoboCup have both come to an end. The Summer Olympics are still another two years away. So why are we heading to Brazil next week? The Embedded Systems Conference, of course! Held August 26-27th in São Paulo, Atmel is excited to be an exhibiting sponsor of this year’s ESC, which will bring together over 5,000 engineers from the vibrant Latin American embedded community.

Whether you live nearby or plan on swinging over to the Transamerica Expo Center, be sure to mark “stopping at Booth E 20” on your daily planner. There, you’ll have a chance to ask Atmel’s Tech Experts your toughest design questions, learn about industry trends, and see live demos of the newly-unveiled Atmel® | SMART™ product line. Experience firsthand how our latest solutions can help achieve high-performance standards, while meeting your power consumption expectations. With our configuration options, you’ll be able to implement our chips in all sorts of applications, ranging from smart metering to wearables. Atmel products are driving a vast majority of IoT and Maker devices in the market today, all of which will be on display during the two-day show.

We’ll be showcasing our complete offering of microcontrollers and microprocessors together with the all-important adjacent technologies like connectivity, sensor solutions, capacitive touch sensing and Atmel CryptoAuthentication devices. Here are several of the smart and secure ‘things’ you can expect to see this week:

Atmel AVR for IoT

Atmel AVR® MCUs are superior in terms of power consumption and are a better suited battery-powered application than any 32-bit MCU. The demo shows the AVR with a wireless connection running of battery. A graphical display also shows power consumption data.

Atmel | SMART SAM D20 QTouch Robustness

The Atmel | SMART SAM D20 QTouch® Robustness showcases not only the high touch performance of this device but also best-in-class conducted immunity and moisture tolerance required in home appliance and industrial applications.

Atmel SmartConnect

The Atmel SAM W23 includes the industry’s lowest-power Wi-Fi tailored for IoT use cases. It is positioned as an add-on turnkey solution for retrofit or new development with a highly scalable MCU approach that leverages the Atmel portfolio.

Thingsquare Open Source 6LoWPAN using Atmel | SMART SAM R21

The Atmel | SMART SAM R21 shows the latest generation of ultra-low-power ARM Cortex® M0+ based wireless MCU combined with an open source IPv6/6LoWPAN embedded communication stack provided by Thingsquare. The application targets ultra-low power-applications in home and building automation. The solution is also ideal for gas and water meters, which demand years of maintenance-free operation on a single battery cell.

Atmel | SMART SAM D20 GPS Tracker

The GPS asset tracker reference design with GSM connectivity is controlled through SMS messages and can support features like geo fencing, automated alarms, panic button and position tracking to SD card. It uses an accelerometer to determine if the GPS should be enabled or not, allowing lower power consumption. The high number of serial communication interfaces on a small, low power device makes the Atmel | SMART SAM D20 a perfect fit for asset tracking applications.

Atmel | SMART SAMA5D3 Qt-based Applications

The Atmel | SMART SAMA5D3 is a versatile, high-performance, low-power embedded MPU shown here in home automation and smart fridge applications. The demo also shows the SAMA5D3’s UI capability and system performance on a WVGA screen resolution.

Atmel QTouch

Atmel | SMART SAM D21+ QT1 Xplained Pro demonstrates high-performance Atmel QTouch button, slider and wheel use for easy integration in any application requiring human control. The SAM D20 + QT2 Xplained Pro demonstrates QTouch Surface ideal for any consumer or wearable application.

Atmel CryptoAuthentication Devices

The Atmel CryptoAuthentication ATSHA204A is an easy to use, low-power hardware key storage device. The demo shows symmetric authentication between the drill (host) and client (battery). Each contains an ATSHA204A with identical stored secret keys. The drill sends a random number“challenge”to the battery, which processes that with its secret key to send a coded response back to the host to verify if the stored secret keys indeed match.

Also, don’t miss Sander Arts, Atmel VP of Corporate Marketing, present on how Atmel is fueling the Maker Movement. Arts will share insights into Atmel-based Arduino boards, the growth of the worldwide Maker community, as well as how Atmel microcontrollers were there from the outset, providing simple but powerful MCUs as the hardware side of the equation. Discover why a countless number of artists, designers, inventors, engineers, musicians and even students are turning to Arduino boards designed around Atmel AVR® or Atmel | SMART MCUs to transform their ideas into fully-functional “things.” Details on the session can be found below!

Title: Atmel and the Maker Movement
Presenter: Sander Arts, VP of Corporate Marketing, Atmel Corporation
Date / Time: Tuesday, August 26th @ 5:00 pm
Location: Makers Club

So there you have it, folks! Don’t forget to visit Booth E 20, pick up your Atmel Xplained Mini Kit, chat with a tech expert and of course, partake in a number of hands-on demos!

The password insecurity complex

The thing about passwords is that their whole purpose is to provide security. But passwords are hardly secure themselves, as we all know now due to the recent string of breaches… Once passwords get out into the clear, it’s like Christmas for cyber-criminals. So what we need are secure passwords… obviously.

Passwords are big fat target for hackers. The fact that Target stores were the “target” of hackers it is almost poetic. Heartbleed is another dangerous example of private information being bleeding out into the open. An unsecured password  is sort of like leaving your keys in the car on the street in a really bad neighborhood. In cyber-city, where all of us now live, every neighborhood is really bad. So, what can you do? Why not try to embed some hardware security to protect passwords? In fact, it’s rather easy to do with hardware key storage devices like Atmel CryptoAuthentication. Hardware key storage devices lock up the password and keep it from getting out of the system where it is entered, such as from a computer or ATM keyboard. In such an example, the only things that get transmitted between the keyboard and the authorizing system are cryptographic information; Specifically, what is transmitted is a random number from the crypto device to the keyboard system and cryptotographically processed response in the opposite direction. Let’s take a closer look at the details via the video below.

The platform here is a keyboard entry device on one side and the secure key storage device (in this case the ATSHA204A) on the other. The input could be from a smartphone or other things as well. The password is securely stored in the protected hardware memory which protects against hackers reading it. The secure memory is in the ATSHA204A device. When the password is entered into the keyboard, it automatically tells the remote device with the secure memory chip to send a random number challenge to the keyboard machine. The keyboard machine hashes the random number with the password that was just entered to create a digest using a cryptographic algorithm (e.g. SHA256). That digest is called the “response” (meaning the response to the challenge that was sent over). That response is then sent to the ATSHA204A for comparison to a calculation using the same random number and the stored password on the ATSHA204A. If the response and the hash on the ATSHA204A are the same, the password was correct (real) and the operation of the device connected to the keyboard is therefore allowed.

As you can see, the value of this operation is that a the only places the password go are into the system connected to the keyboard (the local system) and the secure, protected.

Benefits of secure password protection:

• Easy to implement
• Secret storage is completely secure
• Password is never in the clear
• Several Passwords can be stored in the ATSHA204A (up to 16 slots)

Atmel CryptoAuthentication™ products, such as ATSHA204A, ATECC108A  and ATAES132, implement hardware-based storage, which is much stronger then software-based due to the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software, and hardware products from cloning, counterfeiting, hacking, and other malicious threats.

Interested in learning more about Atmel CryptoAuthentication™ products? Read some of our latest articles in the Bits & Pieces archive here.

 

The “Key” to Reality

If we wanted to reduce the definition of authentication to its most Zen-like simplicity, we could say authentication is “keeping things real.” To keep something real you need to have some sort of confirmation of its identity, as confirmation is the key (so to speak).

The equation could be as follows:

Identification + Confirmation = Authentication

Confirming or validating the identity of a document, item, data, etc. is what keeping things real is all about. Some of the “things” that can be authenticated with cryptographic methods are mobile, medical, and consumer accessories; embedded firmware; industrial network nodes; and sensors, among others. Soon IoT and vehicle-to-vehicle communication will join in.

Authentication is far more important than many people realize, especially in our growing hyper-connected world that now links billions of people (and things). In cyber-land, authentication is accomplished by deploying cryptographic keys and algorithms. Keys are fundamental to keeping things real—so that is what we mean by “the key to reality.”

There are two primary types of Authentication: Symmetric and Asymmetric. Atmel offers secure key storage devices for both types. These two important techniques take their names directly from whether the keys on each side (i.e. the host and client sides) are the same or different.

Symmetric Authentication

If the same secret key is used on the client and on the host, then the application is symmetric, just like the name suggests. Both of the symmetric keys must be protected because if either one gets out then the security will be lost. This is perhaps analogous to having two sets of car keys. Meaning, losing either one makes it easy for a thief to drive away with your car. So, the secret keys must stay secret.

Symmetric Keys are the Same

The identical keys on the host and client are used in mathematical calculations to test the reality of client devices. A very common mathematical calculation that is used is a hash function based upon a cryptographic algorithm (such as SHA). A hash operation produces a hash value (also called “digest”), which is a number of a specified length that is usually smaller than the numbers used as the inputs. A hash is a one-way operation, which means that the inputs cannot be recreated from the hash value.

With symmetric authentication a typical process is to challenge the client device to be authenticated by sending it a random number. The client then puts the random number challenge and a secret key into the hash algorithm to create a hash value, which is known as the “response.” Each challenge will generate a unique response.

It should be noted that cryptographers call a hash of a random number with a secret key a “Message Authentication Code” or “MAC.” The diagram below illustrates this process. Because the host key is the same on the host and client sides, the exact same calculation can run on the host. Once that happens, the hash values (“MACs”) from each can be compared. If the hash values match, the client is considered to be real. You can see that symmetric authentication is really a simple process, but it is loaded with mathematical elegance. Now let’s look at asymmetric authentication.

Hashing a Random Number with a Secret Key

 

Asymmetric Authentication.

Asymmetric keys are presented in public-private pairs. More specifically, the public and private keys are related to each other via a mathematical algorithm. An example would be the Elliptic Curve Cryptography (or “ECC”) algorithm. Only the private key has to be securely stored. Because the keys are different, asymmetric authentication cannot use the same calculate-and-compare process as symmetric.

Asymmetric requires more complicated techniques such as making digital signatures that are verified for authenticity (this is called “Sign-Verify”). An example of asymmetric authentication using ECC algorithms is Elliptic Curve Digital Signature Algorithm (or “ECDSA”).  A major benefit of the Atmel ATECC108A device is that it can be used to easily implement ECDSA sign-verify. (The steps of ECDSA are very interesting, but they will be covered in a separate article). Note that an important trade-off between symmetric and asymmetric authentication is the speed of operation. For example, authentication time for the Atmel ATSHA204A is 12ms (typical) for symmetric versus more than a second for many microcontrollers to execute an asymmetric ECDSA operation.

Getting back to the keys:   The secret keys must stay secret. If keys are the keys to authentication (i.e. reality),  then secure storage of the secret keys is the key to SECURE authentication. And that is the real point here.

So the, how is secure storage implemented? The best way is to use hardware key storage devices that can withstand attacks that try to read the key(s). Atmel CryptoAuthentication products such as the ATSHA204A, ATECC108A  and ATAES132 implement hardware-based storage, which is much stronger than software based storage because of the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software and hardware products from cloning, counterfeiting, hacking, as well as other malicious threats.

For more details on Atmel CryptoAuthentication products, please view the links above  or the introduction page CryptoAuthentication. Future Bits & Pieces articles will take in an in-depth look at how symmetric and asymmetric authentication is accomplished.         

You can’t spell “cryptography” without a “why”

When considering adding cryptography to an embedded system (or any other information system) manufacturers always ask: “Why do I need cryptography?” That is, unless they have already been burned by a security breach. The answer is quite simple: “Because you have a lot to lose and the dangers are multiplying every day.”

Perhaps some of the closest analogies are driving without auto insurance, owning a house without fire and casualty insurance, living without health insurance…well, you get the picture. The point is, intentionally leaving an embedded system exposed to hacking, malware and cloning to save cost is simply not prudent from a financial perspective. Of course, safety, liability and brand equity also matter – a lot.

Cutting to the chase, dangerous exposure is directly linked to how exposed the cryptography key is to being accessed by unintended parties such as hackers and cyber-criminals. This has to do with how the key is stored. However, before we explore this topic, let’s look at the bigger picture.

The answer to “why” for product manufacturers? They need to protect their development investment, brand image and revenue in an increasingly hostile cyber-world replete with bad actors. As we noted in a previous article, the number of active Internet threat groups being tracked has risen to over 300, which is more than 400% higher than in 2011.  Nation-states have become hyper-active in cyber-espionage and cyber-attacks. This is because it is now possible to literally upload damage to a target, which is kind of a science fiction scenario come true.

In the same vein, secret information is easily downloaded. More than 95% of networks have become compromised in some way, and directed attacks will only get worse as mobile platforms continue to expand worldwide.

Vulnerable systems placed on the Internet are currently being compromised in less than 15 minutes. Frankly, these statistics aren’t really a surprise given the wildly disproportionate cost / ”benefit” of cyber meddling, which is devilishly tempting to malicious operators.

It is clear from the above statistics that hostilities have already broken out and cryptography is the best available shield—perhaps the only one.

Now that we have looked at the “why” in cryptography, what about the “what?” What is cryptography? Let’s focus on the two pillars of cryptography, which are described below:

      1. Authentication  

•   Making sure the data source is what it is supposed to be.

      2.  Encryption/decryption

•   Scrambling and descrambling data so only an intended receiver can see it.

Both encryption and authentication are contingent upon keeping secret keys secret. This is the key point.

However, there are many different encryption algorithms, types of authentication schemes, architectures and applications. There is also the choice of how to store the encryption keys. The last point – key storage – is probably the most significant consideration manufacturers can make regarding security.

In essence, cryptographic security is a function of three critical factors:

1. The length of the key used by the cryptographic algorithms,
2. The mathematical operations of the cryptographic algorithms, and
3. How securely the keys are stored (i.e. how vulnerable the keys are to attack).

Since the strength of security depends upon the key size and the specific mathematical properties of the algorithms, various combinations of key sizes and algorithms can potentially be stronger or weaker than any other combination. Meaning, manufacturers have to select one and the other according to their requirements. However, if the keys are not securely stored, well, then none of it matters all that much.

If the keys are not kept secret, then the information can be obtained by unintended outside parties, which defeats the entire purpose. Right? As such, the memory where the key is stored must be able to withstand attacks that try to read the key(s). Such attacks are always underway somewhere, which is a sad but true fact. Fortunately, hardware security devices, like Atmel CryptoAuthentication products, offer a proven method of protecting secret keys that not only restricts access, but also provides key generation and management.

Similarly, storing keys in general purpose (i.e. unsecured) memory in any system leaves the keys open to theft or authorized use via multiple paths. By definition, any system’s software must have access to memory, so any type of bug in the software can inadvertently reveal the key. Just look at the Heartbleed bug as an example. Specialty hardware devices, like CryptoAutentication products are designed for the express purpose of securely storing hardware keys. They do this by utilizing special defense mechanisms that only hardware can provide to repel attacks of various types.

As we’ve previously discussed on Bits & Pieces, secure storage in hardware beats general purpose storage every time. So, the “why” and “what” of cryptography boils down to this: Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software and hardware products from cloning, counterfeiting, hacking and other malicious threats.

The key to security is protecting the key. Plus, hard protection beats soft protection. It is that simple. This is precisely why Atmel’s ATSHA204A, ATECC108A and ATAES132 are all designed for secure authentication by providing a hardware-based storage location with a range of proven physical defense mechanisms, as well as secure cryptographic algorithms and processes. They represent over three generation of hardware security know-how, and experience matters when dealing with real world attacks.

Future Bits & Pieces posts will examine authentication schemes such as asymmetric and symmetric, and how Atmel key storage devices operate in the real world.