Licensed as LGPL, RIOT was initially developed by FU Berlin, INRIA and the HAW Hamburg. Indeed, the origins of RIOT can actually be traced back to FeuerWare, an operating system for fire crews and their wireless sensor networks.
The operating system — which is based on a microkernel architecture — supports both C and C++, as well as full multi-threading and real-time capabilities. RIOT provides utilities like cryptographic libraries, data structures, or a shell, different network stacks, and support for various microcontrollers, radio drivers, sensors, and configurations for entire platforms.
The RIOT runs on both 16-bit and 32-bit hardware, with a native port allowing RIOT to run as a Linux or MacOS process. This helps facilitate the use of standard development and debugging tools such as the GNU Compiler Collection (GCC), GNU Debugger, Valgrind and Wireshark. RIOT runs on several platforms including embedded devices as well as common PCs, and supports multiple drivers, which offers out-of-the-box usage. The hardware dependent code is reduced to a minimum and abstracted from the kernel itself.
Among the architectures RIOT supports are ARM Cortex-M0, -M3 and -M4, as well as the ARM7. Subsequently, the IoT operating system is compatible with a number of boards like the Arduino Due (SAM3X8E), the Atmel ATmega2560 and the Nordic nRF51822 (ATSAM3U2C). RIOT also provides multiple network stacks, including IPv6, 6LoWPAN and standard protocols such as RPL, UDP, TCP and CoAP.
Simply put, RIOT is free software, meaning Makers and engineers can redistribute and modify the OS. Software developed by the RIOT community is available under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, version 2 (LGPLv2).
According to Atmel Product Marketing Director Magnus Pedersen, the SAM R21 allows Atmel’s customers to easily develop connected lighting, smart metering and wireless sensor network systems based on true Internet-connectivity and open standards such as IPv6 and 6lowpan.
“Our customers are demanding complete, easy-to-use IoT solutions that can quickly bring a full system to market,” said Pedersen. “Our cooperation with Thingsquare is an example of that, with a web-based toolchain and open source firmware to offer our customers a fully integrated hardware and software solution for various IoT applications.”
Recently, a Thingsquare rep told Bits & Pieces that a number of engineers and Makers are choosing the SAM R21 and the Thingsquare system to build secure and future-proof Internet of Things (IoT) applications and connected devices.
“The Thingsquare system and the SAM R21 SoCs follow you throughout the entire process from idea to market,” the rep explained. ”The system supports IPv6 / 6lowpan, wireless mesh networking, firmware updates and end-to-end encryption. You can also easily build smartphone applications to interact with your SAM R21-powered devices.”
Interested in learning more? To quickly set up a prototype, you can use the Thingsquare system with SAM R21 Xplained Pro boards, as described here. Of course, Thingsquare can also help with your entire software project as well.
According to CNX-Software, Acme Systems, the company that manufactures the board, is now considering designing an open source hardware baseboard for the module.
If produced, the baseboard would likely feature:
Arietta G25 SoM connector (Vertical mount)
1x USB Host port
I2C Sensors – temperature, humidity sensor and light
Mosfet output for RGB led strip
2x relay output
1x filtered dry input
2x servo RC motors output
Audio interface with embedded microphone and jack for PC speakers using Wolfson WM8731 codec
If we wanted to reduce the definition of authentication to its most Zen-like simplicity, we could say authentication is “keeping things real.” To keep something real you need to have some sort of confirmation of its identity, as confirmation is the key (so to speak).
The equation could be as follows:
Identification + Confirmation = Authentication
Confirming or validating the identity of a document, item, data, etc. is what keeping things real is all about. Some of the “things” that can be authenticated with cryptographic methods are mobile, medical, and consumer accessories; embedded firmware; industrial network nodes; and sensors, among others. Soon IoT and vehicle-to-vehicle communication will join in.
Authentication is far more important than many people realize, especially in our growing hyper-connected world that now links billions of people (and things). In cyber-land, authentication is accomplished by deploying cryptographic keys and algorithms. Keys are fundamental to keeping things real—so that is what we mean by “the key to reality.”
There are two primary types of Authentication: Symmetric and Asymmetric. Atmel offers secure key storage devices for both types. These two important techniques take their names directly from whether the keys on each side (i.e. the host and client sides) are the same or different.
Symmetric Authentication
If the same secret key is used on the client and on the host, then the application is symmetric, just like the name suggests. Both of the symmetric keys must be protected because if either one gets out then the security will be lost. This is perhaps analogous to having two sets of car keys. Meaning, losing either one makes it easy for a thief to drive away with your car. So, the secret keys must stay secret.
Symmetric Keys are the Same
The identical keys on the host and client are used in mathematical calculations to test the reality of client devices. A very common mathematical calculation that is used is a hash function based upon a cryptographic algorithm (such as SHA). A hash operation produces a hash value (also called “digest”), which is a number of a specified length that is usually smaller than the numbers used as the inputs. A hash is a one-way operation, which means that the inputs cannot be recreated from the hash value.
With symmetric authentication a typical process is to challenge the client device to be authenticated by sending it a random number. The client then puts the random number challenge and a secret key into the hash algorithm to create a hash value, which is known as the “response.” Each challenge will generate a unique response.
It should be noted that cryptographers call a hash of a random number with a secret key a “Message Authentication Code” or “MAC.” The diagram below illustrates this process. Because the host key is the same on the host and client sides, the exact same calculation can run on the host. Once that happens, the hash values (“MACs”) from each can be compared. If the hash values match, the client is considered to be real. You can see that symmetric authentication is really a simple process, but it is loaded with mathematical elegance. Now let’s look at asymmetric authentication.
Hashing a Random Number with a Secret Key
Asymmetric Authentication.
Asymmetric keys are presented in public-private pairs. More specifically, the public and private keys are related to each other via a mathematical algorithm. An example would be the Elliptic Curve Cryptography (or “ECC”) algorithm. Only the private key has to be securely stored. Because the keys are different, asymmetric authentication cannot use the same calculate-and-compare process as symmetric.
Asymmetric requires more complicated techniques such as making digital signatures that are verified for authenticity (this is called “Sign-Verify”). An example of asymmetric authentication using ECC algorithms is Elliptic Curve Digital Signature Algorithm (or “ECDSA”). A major benefit of the Atmel ATECC108A device is that it can be used to easily implement ECDSA sign-verify. (The steps of ECDSA are very interesting, but they will be covered in a separate article). Note that an important trade-off between symmetric and asymmetric authentication is the speed of operation. For example, authentication time for the Atmel ATSHA204A is 12ms (typical) for symmetric versus more than a second for many microcontrollers to execute an asymmetric ECDSA operation.
Getting back to the keys: The secret keys must stay secret.If keys are the keys to authentication (i.e. reality), then secure storage of the secret keys is the key to SECURE authentication. And that is the real point here.
So the, how is secure storage implemented? The best way is to use hardware key storage devices that can withstand attacks that try to read the key(s). Atmel CryptoAuthentication products such as the ATSHA204A, ATECC108A and ATAES132 implement hardware-based storage, which is much stronger than software based storage because of the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software and hardware products from cloning, counterfeiting, hacking, as well as other malicious threats.
For more details on Atmel CryptoAuthentication products, please view the links above or the introduction page CryptoAuthentication. Future Bits & Pieces articles will take in an in-depth look at how symmetric and asymmetric authentication is accomplished.
Today, we’re going to get up close and personal with an ATtiny pocket sequencer created by bergerab that uses the very same tinyAVR microcontroller (MCU). Built around the popular ATtiny85, the pocket-sized sequencer is fully programmable and usable in a studio setting.
“Besides making a pocket-sized sequencer, my goal of this project was to stretch the uses of the ATtiny chips to show how powerful they really are,” bergerab explained a recent Instructables post.
“This project is great for those interested in music and/or electronics, and by the end you will have one of the smallest, unique sequencers ever made.”
Aside from the ATtiny85 MCU, key project components include:
Perfboard (5 cm by 7 cm)
Two 10k potentiometers
Two tactile switch-buttons
Two two-way switches
A 7805 voltage regulator
Two 10uF caps
One 100uF cap
One 2k resistor
8 LEDs
74HC595 shift register
1/4 inch audio female jack
Speaker/buzzer
9v Battery (with connector)
(optional) 5cm by 7cm acrylic sheet
On the software side, bergerab uses a relatively simple sketch to regulate the device.
“In my design of this sequencer, I wanted the user to program the steps right when the device is turned on. To do this I used the ‘setup()’ function, [which] is executed when the ATtiny is initially given power, or if its reset pin is set to LOW,” he continued.
“I added a startup tone (which is a little arpeggio of a c major chord) to notify the user that they are in the frequency programming mode. In the main loop (‘loop()), the ATtiny is told to go through each step, and for each step, light the appropriate LED. Then play the note assigned to that step, at the specified note length. During this, the MCU is checking if the button (analogRead(pot)<30) is pressed. If it is, the program enters a function called ‘setSustain()’. In this function, the user can select the notes length, (via the button and potentiometer).”
Sylvia Todd – aka Super Awesome Sylvia – has been creating and making things since she was five. Sylvia, who learned how to solder when she was 7, also hosts her very own MAKE YouTube show.
Today, Bits & Pieces had the opportunity to interview the young Maker about DIY culture and Making at the very first White House Maker Faire – which Atmel is proudly attending.
Atmel: Who, or what inspired you to become a Maker?
Sylvia: I was inspired to be a Maker/make things when I went to the very first San Mateo Maker Faire in 2006 when I was 5. That event and the ones after it showed me that making is fun, interesting, and [helps] you learn lots of new skills. After that weekend, I wanted to solder and build and take apart things even more!
Atmel: How do you feel about being chosen to attend the very first Maker Faire at the White House?
Sylvia: I am so happy and honored that I was invited to attend the White House Maker Faire. It is pretty amazing that after being inspired by the Maker Movement to create my show back in 2009, I eventually became one of the people that helped others get into Making!
Atmel: How do you think the Maker Movement democratizes the tools and skills necessary to design and create just about anything?
Sylvia: I think the Maker Movement helps give us the knowledge resources to create lots of stuff, through sharing! The internet allows us to find and share projects, sell projects, and even show others how to make things. Sharing how to’s and project details really can inspire people to get out there and make something, even if it’s not exactly what they’re trying to make, it helps them learn by doing.
Sylvia: I have a book coming out next moth that shows three super simple Arduino projects for beginners, all using the Arduino Uno as the base. I am also going to use the Arduino in many other projects and might soon design a custom circuit board around the ATmega328 MCU for a kit. One of my older projects was an Arduino and GPS powered RC car that could navigate around my house, and one of my latest ideas is a sensor that senses when the mail truck comes and tells me by switching on a servo to ring a bell.
Atmel: How do you think the Maker Movement and DIY culture make the world a better place?
Sylvia: I think the Maker Movement will change the world because when you have lots of people thinking of new ideas or inventions and sharing their work and results, we could solve really big issues faster! Also when kids grow up in an environment of making, they’ll be more willing to fix or reuse things instead of just throwing them away, and they’ll be making themselves smarter about the world at the same time. Making stuff rocks!
The Heartbleed security bug is a really big deal, especially given today’s hyper-connected, information obsessed society. This nasty bug, which has been characterized as “catastrophic” by industry gurus, permits anyone on the Internet to access the memory of systems using various versions of OpenSSL software. This is ironic since that very software was specifically designed to protect data.
Nevertheless, Heartbleed exposes secret keys used for authentication and encryption, which are the two primary foundations of how security is generally ensured. By exposing keys Heartbleed thus exposes actual data, user names, and user passwords to anyone. This is virtually everything. Ouch! Attackers (i.e. hackers, cybercriminals, spies, state-sponsored electronic armies, and others with malevolent intent) can observe and steal data without a trace, which is virtually the literal industry definition of the term “man-in-the-middle” attack.
The threat that Heartbleed represents has rightly gained widespread attention. Fortunately, such attention has stimulated a major market reaction and lead to whole scale changing of user passwords, proliferation of patches, and other fixes. It has also brought the need for more extensive code testing into the open. Heartbleed and other major security revelations are making people look at security much more seriously, which also extends to embedded systems.
Frankly, it is about time. Embedded system insecurity gained major notoriety recently with the revelation that commercial WiFi routers have old and buggy firmware that can be used as a back door into home and commercial networks. Such loopholes were in fact used by a criminal organization in Eastern Europe to steal cash. The risk was amplified by the revelation that mischievous “agencies” tasked with collecting and processing information without permission can exploit the vulnerabilities at will.
Embedded system firmware insecurity affects individuals, institutions, governments, and corporations—which is pretty much everyone. Highly respected market researchers have noted that bad behavior and bad actors are running rampant. For example, the number of active threat groups being tracked has risen to over 300, which is more than 400% higher than in 2011. Nation-states have become hyper-active in cyber-espionage and hacking. This is because it is now possible to literally upload damage to a target, which is kind of a science fiction scenario come true.
In the same vein, secret information is easily downloaded, especially with security vulnerabilities from Heartbleed, router back-doors, and others. More than 95% of networks have become compromised in some way, and directed attacks will only get worse as mobile platforms continue to expand worldwide. An unnerving figure is that vulnerable systems placed on the Internet are being compromised now in less than 15 minutes. That is not really a surprise given the wildly disproportionate cost / ”benefit” of cyber meddling, which is devilishly tempting to malicious operators.
The security situation is extremely complicated for embedded systems because embedded firmware is highly fragmented, difficult to update, hard to track, often obsolete, hard to access, and employs a wide range of processors and code languages. The router loopholes mentioned above are in fact a direct expression of the vulnerabilities endemic to embedded systems and the severe damage those vulnerabilities can cause downstream. It is now clear that embedded system vulnerabilities affect everyone. So, the question becomes, “What can be done to increase security in embedded systems?”
As Heartbleed and cyber attacks have illustrated, encryption and authentication keys must be protected. There is no other option. Cryptography may be mathematically and systematically ultra-detailed and uber-complicated, but the most important and fundamental security concept is beyond simple: namely, “Keep the secret keys secret.” The best way to do that is to lock the secret keys in protected hardware devices.
Hardware key storage beats software key storage every time, which is one of the “key” lessons of the recent vulnerability revelations. But how does an embedded system manufacturer ensure their products are secure and protected from attack? Fortunately, the solution is simple, available, and cost effective, and that is to use hardware key storage devices such as Atmel’s ATSHA204A, ATECC108A and ATAES132.
These products are all designed to secure authentication by providing a hardware-based storage location with an impressive range of proven physical defense mechanisms, as well as secure cryptographic algorithms and processes. Go to the links above for more details or the introduction page CryptoAuthentication.
Future Bits & Pieces posts will describe the different types of authentication and the various steps that the devices and associated processors implement.
Writing for Business Insider, Marcelo Ballve notes that the Internet of Things (IoT) will make many of the familiar objects in our lives connected, as well as accessible via smartphones and tablets.
“This shift to connectivity in once-inert things — the logical next step in the growing ubiquity of the Internet — will force companies large and small to transform dramatically,” said Ballve. ”But how are the ‘things’ in the Internet of Things actually put together? What elevates an object or device from normal status to a sensor-laden node in the soon-to-be-massive Internet Of Things?”
As Ballve notes, a recent BI Intelligence report lists the following 6 primary attributes that will help make “things” a part of the rapidly evolving IoT:
Sensors – IoT devices and systems include sensors that track and measure activity.
Connectivity – Internet connectivity is either contained in the item itself, or a connected hub, smartphone, or base station.
Processors – IoT devices will obviously pack some form of computing power.
Energy-efficiency – Many devices may need to be able to operate for a year or more using a minimal amount of energy, waking only periodically to relay data.
Cost-effectiveness – Objects that contain sensors will need to be relatively inexpensive to purchase and deploy.
Quality and reliability – Some IoT devices will need to operate in harsh environments (outdoors) and for extended periods of time.
Security – IoT devices may need to relay sensitive or regulated information such as health-related data, making data security critical.
As we’ve previously discussed on Bits & Pieces, the Internet of Things (IoT) refers to a future world where all types of electronic devices link to each other via the Internet. In 2009, there were 2.5 billion connected devices; most of these were mobile phones, PCs and tablets. By 2020, there will be over 30 billion connected devices of far greater variety.
According to Reza Kazerounian, Senior VP and GM of the Microcontroller Business Unit at Atmel, the IoT is a combination of multiple market segments, tens of thousands of OEMs and hundreds of thousands of products.
“It is seen by many as the next wave of dramatic market growth for semiconductors. If you look at the different estimates made by market analysts, the IoT market will be worth trillions of dollars to a variety of industries from the consumer to financial, industrial, white goods and other market segments,” he told EEWeb in February.
“Companies that provide cloud-based services, service providers and semiconductor companies will also benefit from this market. The number of small or new companies that are showcasing connective devices has increased – there will be 50 billion connected devices by 2020. These nodes will have characteristics such as low-power embedded processing, a human-machine interface and connectivity.”
Reza also pointed out that Atmel views microcontrollers (MCUs) as an essential building block for every PC, consumer device, industrial machine, home connectivity device and automobile. To be sure, MCUs are playing an increasingly critical role in the lucrative space.
“As the semiconductor industry has transitioned from PCs to mobile, IoT will now rise to become the predominant market,” he added. ”This transition will favor ultra-low power and integration of microcontrollers, wireless connectivity, security, touch technologies and sensor management products.”
Although the Maker and open source hardware movements are a global phenomenon, the DIY culture in China can actually be traced back to the ancient concept of Shanzhai. As Gabrielle Levine, the newly appointed president of the Open Source Hardware Association (OSHWA) notes, China is going to be a huge driving force in the open source hardware landscape.
“There are many similarities between [the local concept of] Shanzhai and the open source hardware community,” Gabriella Levine told OpenElectronics in February. “Both Shanzhai and open source hardware projects borrow information, tools, source code, CAD files and techniques; both improve upon other’s work to accelerate development.”
SeeedStudio founder Eric Pan expressed similar sentiments during a recent interview with Atmel’s official blog, Bits & Pieces.
“MakerSpaces will likely enable a new wave of tech startups in China as in the US,” he confirmed.
“Clearly, hardware development is becoming a more agile process with the aid of [open source] prototyping tools like RepRap and Arduino boards – both of which are helping to facilitate innovation across the world and particularly in China.”
Similarly, David Li, co-founder of Shanghai’s first Maker Space, told The Economistthat the DIY movement has inspired the creation of legitimate and innovative products, with socially progressive Makers teaming up with more traditional manufacturers in China.
We at Atmel are at the strategic heart of the international Maker Movement, with a comprehensive portfolio of versatile microcontrollers (MCUs) that power a wide range of Maker platforms and devices, including 3D printers (MakerBot Replicator 2 and RepRap), the vast majority of Arduino boards, as well as Adafruit’s Gemma, Trinket and Flora platforms.
Indeed, Arduino boards are currently used by millions of Makers, engineers, schools and corporations all over the world. At least 1.2 million Atmel-powered Arduino boards have been sold to date, with the ATmega328-basedUno being a particular Maker and prototyping favorite. Of course, stand-alone AVR microcontrollers like the tinyAVR lineup are also popular amongst the DIY crowd.
As we’ve previously discussed on Bits & Pieces, an increasing number of Makers are kicking off project prototyping with Atmel-based Arduino boards. Concurrently, we are also seeing a jump in professional engineers relying on Atmel-powered Arduino boards to create initial models for their devices, platforms and solutions.
According to Gartner, 50% of companies expected to help build the rapidly evolving Internet of Things have yet to coalesce. This is precisely why Atmel views China’s Maker Movement as one of the primary tech incubators for future IoT companies and devices, many of which will undoubtedly use Atmel microcontrollers (MCUs) to power their respective platforms.
Atmel will proudly be attending Maker Faire Shenzhen this year on April 6-7. Our booth – #4 – is located right next to Center Stage. We’ll be showcasing a number of Atmel-powered products including a Zigebee-based lighting demo, robotic model car, various Seeeduino boards, the Rainbow Cube (LED light controlled by Atmel MCUs) and an e-ink badge.
I’ll also be giving a presentation about Atmel microcontrollers, the IoT and Makers at 2PM on April 7th at the Center Stage. Hope to see you there!
Analysts at Gartner have identified four fundamental usage models to help unlock value from the Internet of Things (IoT).
“As the Internet of Things grows rapidly, it is linking millions of assets, including devices, people and places, to deliver and share information, enhancing business value and competitive advantage, and creating new business opportunities,” explained Hung LeHong, VP and Gartner Fellow.
“In this early and emergent phase of development, entrepreneurs are experimenting across such a diverse range of sectors, applications, business models and technologies in their efforts to uncover value. This creates confusion and makes it difficult for others to easily identify the potential in their own geographies, industries and business sectors.”
Although the Internet of Things offers wide applicability across multiple spaces, some enterprises may be too quick to dismiss the value of the IoT in their companies because the examples of what others are doing don’t precisely match their own environments.
“A recycling company or vending machine operator, for example, may not find any applicability for the Internet of Things when reviewing how a hospital is connecting its patient-monitoring equipment to the Internet of Things. However, on closer inspection, these companies will discover that the reason the hospital has connected its equipment is to cut costs on nurses’ rounds to monitor patients,” said LeHong.
“Any company operating remote devices has opportunities to use this same model. Remote assets that require manual rounds for the purposes of emptying or replenishment, such as recycling bins or vending machines, can benefit from the same approach the hospital took. The underlying commonality is the business case to reduce the costs from doing the rounds by connecting assets to monitor status.”
Despite their diversity, Gartner analysts believe all current examples can be categorized into four basic usage scenarios: manage (e.g. multiple sensors reporting real-time streams of data), monetize (“pay as you drive” vehicle insurance), operate (regulating complex water supplies or irrigation systems) and extend (provision of advisory information such as imminent vehicular part failure).
“Although much of the spotlight today is on the Internet of Things, the true power and benefit of the Internet comes from combining things with people, places and information systems,” LeHong added. “This expanded and comprehensive view of the internet is what Gartner calls the Internet of Everything.”
Atmel | Bits & Pieces 