Tag Archives: CryptoAuthentication

SmartEverything is like the Swiss Army knife of IoT boards

The SmartEverything dev board is an Arduino form-factor prototyping platform that combines SIGFOX, BLE, NFC, GPS and a suite of sensors.

Announced earlier this year, SmartEverything is an IoT development platform from Arrow Electronics. Living up to its name, the latest iteration of the SoC, dubbed the SmartEverything Fox, boasts a familiar Arduino form-factor with an array of factory-bundled I/O ports, sensors and wireless connectivity.

Impressively, the kit combines SIGFOX, Bluetooth and NFC technologies with GPS and a suite of embedded sensors. An Atmel | SMART D21 at its heart is used to integrate the featured devices, while a SIGFOX module provides IoT enablement.

The SIGFOX standard is energy efficient and wide-transmission-range technology that employs UNB (Ultra Narrow Band) based radio and offers low data-transfer speeds of 10 to 1000 bits per second. However, it is highly energy-efficient and typically consumes only 50μW compared to 5000μW for cellular communication, meaning significantly enhanced battery life for mobile or portable smart devices.

A Telit LE51-868 S wireless module gives design engineers access to the rapidly expanding SIGFOX cellular wireless network and covers the 863-870MHz unlicensed ISM band. It is preloaded with the SIGFOX network stack and the Telit proprietary Star Network protocol. What’s more, the Telit cloud management software provides easy connection up to the cloud.

Truly like the Swiss Army knife of the IoT, the SmartEverything board is equipped with: an Atmel Crypto Authentication chipset; an 868MHz antenna; a GPS module with embedded antenna for localizations applications, which supports the GPS, QZSS and GLONASS standards, and is Galileo ready; a proximity and ambient light sensor; a capacitive digital sensor for humidity and temperature measurement; a nine-axis 3D accelerometer, a 3D gyroscope and 3D magnetometer combination sensor; a MEMS-based pressure sensor; an NTAG I2C NFC module; and a Bluetooth Low Energy transceiver.

The SmartEverything measures only 68.8mm x 53.3mm in size, and includes USB connectors, a power jack and an antenna extending that extend the board. The unit can be powered in one of three ways, either through two AA 1.5V batteries (1.4V to 3.2V), a 5 to 45V external supply or a 5V mini-USB connector.

For quick and easy software development, the SmartEverything Fox board is fully supported by the Arduino IDE and Atmel Studio. Can it get any better than that? If you’re looking for an IoT board that does just about everything, you may want to check this SoC out.

Atmel brings Wi-Fi connectivity to the WeChat IoT Platform

Develop secure IoT apps with the Atmel Certified-ID platform

1 Reply

The Atmel Certified-ID security platform prevents unauthorized reconfiguration of an edge node to access protected resources on the network.

Atmel has announced a comprehensive security platform that enables businesses of all sizes to assign certified and trusted identities to devices joining the secure Internet of Things. The Atmel Certified-ID security platform prevents unauthorized reconfiguration of an edge node to access protected resources on the network. This new platform is available on the Atmel SmartConnect Wi-Fi, Bluetooth, Bluetooth Smart and ZigBee solutions that connect directly to Atmel Cloud Partners, providing a secure turnkey solution for IoT edge node-to-cloud connection.

The Atmel Certified-ID platform delivers a distributed key provisioning solution, leveraging internal key generation capabilities of the ATECC508A CryptoAuthentication device, without invoking large scale infrastructure and logistics costs. This platform even allows developers to create certified and trusted identities to any device before joining an IoT network.

With billions of devices anticipated by 2020 in the rapidly growing IoT market, security is a critical element to ensuring devices can safely and conveniently access protected assets through the Internet. Today, secure identities are commonly created through a centralized approach where IoT device keys and certificates are generated offline and managed in secure databases in Hardware Security Modules (HSM) to protect the keys. These keys are then programmed into the IoT devices by connecting the HSM to automation equipment during device manufacturing. This approach is indispensable in large deployments consisting of millions of devices. It can also entail significant upfront costs in infrastructure and logistics which must be amortized over a large number of devices for cost effectiveness.

By utilizing the unique internal key generation capabilities of ATECC508A device, the recently-unveiled platform enables decentralized secure key generation, making way for distributed IoT device provisioning regardless of scale. This method eliminates the upfront costs of the provisioning infrastructure which can pose a significant barrier in deploying devices in smaller scales. On top of that, developers will be able to create secure IoT devices compatible with partner cloud services and to securely join ecosystems.

Atmel is currently working with several cloud service companies, including Proximetry and Exosite, on the Certified-ID platform. These collaborations will give developers a wide range of ecosystem partners to choose from for a secure connection between the edge nodes and the IoT. Other partners will be announced as they are integrated in the Certified-ID platform.

“As a leader in the security space with a track record of over two decades, enabling secure networks of all sizes is our mission,” said Nuri Dagdeviren, Atmel Vice President and General Manager of Secure Products Group. “Streamlining secure processes and simplifying deployment of real world secure networks will be key to unlocking the potential and enabling rapid growth of IoT. We will continue delivering industry-leading solutions in security, a critical element in enabling billions of ‘things’ to be connected to the cloud.”

Atmel now offers security provisioning tool kits to enable independent provisioning for pilot programs or production runs when used in conjunction with the ATECC508A ICs. These devices are pre-provisioned with internally generated unique keys, associated certificates, and certification-ready authentication once it is connected to an IoT ecosystem.

Developers will need two kits to securely provision their gadgets: the AT88CKECCROOT tool kit, a ‘master template’ that creates and manages certificate root of trust in any ecosystem, and the AT88CKECCSIGNER tool kit, a production kit that enables partners to provision IoT devices.

The AT88CKECCSIGNER kit lets designers and manufacturers generate tamper-resistant keys and security certifications requiring hardware security in their IoT applications. These keys provide the level of trust demanded by network operators and allows system design houses to provision prototypes in-house—saving designers overall investment costs.

The tool kits also include an easy-to-use graphical user interface that allow everyone to seamlessly provision their IoT devices with secure keys and certificates without special expertise. With distributed provisioning, developers are not required to use expensive HSM for key management and certificate acquisition fees.

In addition to secure IoT provisioning, the new Certified-ID platform provides high-quality random number generation to guarantee a diverse set of public and private keys. It delivers solutions to a variety of IoT security needs including node anti-cloning protection, data confidentiality, secure boot, and secure firmware upgrades over-the-air. The tamper resistance built into the ATECC508A device continues to provide the desired protection even when the device is under physical attack.

Ready for the Internet of Trusted Things? Both the Atmel AT88CKECCROOT and AT88CKECCSIGNER are available today.

Secure your Raspberry Pi and Linux applications with ZymKey

1 Reply

ZymKey makes it easy to secure your IoT applications and manage them in the real world.

More times than not, developers are faced with two bad options: either deliver a substandard product quickly, or reinvent the wheel and miss the market altogether. Luckily, one Santa Barbara-based startup has come up with a solution, not just a band-aid but a true fix to the all too common conundrum. Introducing ZymKey, a tiny, low-cost piece of hardware for authenticating and encrypting data between Internet of Things devices.

The key integrates silicon and software into a simple, ready-to-go package that will automatically work with Raspberry Pi and other Linux gadgets. What’s nice is that the ZymKey integrates seamlessly with Zymbit’s existing IoT platform, which includes Zymbit.Connect software, the Zymbit.City community and the Zymbit.Orange secure IoT motherboard that was on display back at Maker Faire Bay Area. Together, Zymbit enables IoT professional developers and Makers innovate faster with the confidence of data security and integrity.

“The Internet of Things will reach its full potential when real people like you and I begin to connect our devices and share data streams,” explained Zymbit CEO Phil Strong. “Then we can work together to solve real problems that impact our everyday lives. Funding our Kickstarter campaign is not just about building the ZymKey, it’s about enabling an entire community of people to collaborate around secure data streams and ideas.”

Ideally, Zymbit will make it easy to not only collect but to share data in a trusted manner. The platform embraces open technologies and gives people the freedom to innovate quickly without having to compromise security or performance. Aside from that, the so-called Zymbit.City will serve as a forum for those with common interests to collaborate on ideas powered by such verified and authenticated information.

ZymKey works by attaching to IoT Linux platforms like the Raspberry Pi. When combined with Zymbit’s Linux APIs, it offers true authentication and cryptographic services of remote devices, as well as a real-time clock and accelerometer to timestamp security events and detect physical tampering, respectively. For its Kickstarter launch, ZymKey is available in two versions: a header-mounted crypto key for the RPi and a USB stick that plugs into the port of a Linux board, including BeagleBone, UDOO and Dragon.

For the RPi model, the low-profile hardware attaches directly to the Pi’s expansion header while still allowing Pi-Plates to be added on top. Lightweight firmware drivers run on the RPi core interface with software services through Zymbit.Connect. Meanwhile, the USB version adds more functionality and is usable on any Linux unit with a USB host.

“Great security has to be designed end to end. From silicon to software, from point of manufacture through end-of-life. ZymKey brings all this together and makes it easy to manage your applications and devices out in the real world, without compromising security,” the team explains. “ZymKey integrates speciality silicon with firmware drivers on the host device and the corresponding software services in the cloud. The result is a robust and secure communication workflow that meets some of the highest standards in the industry.”

Both ZymKeys are embedded with an ATECC508A CryptoAuthentication IC for bolstered security, while the USB version also features an Atmel | SAM D21 Cortex-M0+ core. Once connected to the Zymbit platform, you will have the unprecedented ability to transparently manage all of your remote devices from a single console — upgrade over the air, configure admin rights, and so much more. Additionally, you will be able to publish, subscribe and visualize secure data. Each ZymKey comes pre-packed with dashboard widget that make it simple to customize and share with others.

So whether you’re connecting one Linux gizmo in your garage to a public forum or have tens of thousands of Raspberry Pis deployed throughout the world, ZymKey seems to be an excellent option for everyone. Interested? Head over to its Kickstarter page, where the Zymbit team is seeking $15,000. Delivery is slated for December 2015.

Enhance Raspberry Pi security with ZymKey

1 Reply

In this blog, Zymbit’s Scott Miller addresses some of the missing parts in the Raspberry Pi security equation.

Raspberry Pi is an awesome platform that offers people access to a full-fledged portable computing and Linux development environment. The board was originally designed for education, but has since been embedded into countless ‘real world’ applications that require remote access and a higher standard of security. One of, if not, the most notable omissions is the lack of a robust hardware-based security solution.

At this point, a number of people would stop here and say, “Scott, you can do security on RPi in software just fine with OpenSSL/SSH and libgcrypt. And especially with the Model 2, there are tons of CPU cycles left over.” Performance is not the primary concern when we think about security; the highest priority is to address the issue of “hackability,” particularly through remote access.

What do you mean by “hackability?”

Hackability is a term that refers to the ease by which an attacker can:

take over a system;
insert misleading or false data in a data stream;
decrypt and view confidential data.

Perhaps the easiest way to accomplish any or all of the aforementioned goals is for the attacker to locate material relating to security keys. In other words, if an attacker can gain access to your secret keys, they can do all of the above.

Which security features are lacking from Raspberry Pi?

Aside from not having hardware-based security engines to do the heavy lifting, there’s no way to secure shared keys for symmetric cryptography or private keys for asymmetric cryptography.

Because all of your code and data live on a single SD card, you are exposed. Meaning, someone can simply remove the SD card, pop it into a PC and have possession of the keys and other sensitive material. This is particularly true when the device is remote and outside of your physical control. Even if you somehow try to obfuscate the keys, you are still not completely safe. Someone with enough motivation could reverse engineer or work around your scheme.

The best solution for protecting crypto keys is to ensure the secret key material can only be read by standalone crypto engines that run independently from the core application CPU. This basic feature is lacking in the Raspberry Pi.

Securing Raspberry Pi with silicon and software

With this in mind, Zymbit has decided to extract some of the core security features from the Zymbit.Orange and combine them into a tiny device that embeds onto the Raspberry Pi, providing seamless integration with Zymbit’s remote device management console. Meet the ZymKey!

ZymKey for secure remote device management

ZymKey brings together silicon, firmware drivers and software services into a coherent package that’s compatible with Zymbit’s secure IoT platform. This enables a Raspberry Pi to be accessed and managed remotely, firmware to be upgraded and access rights to be administered.

Secure software services

Zymbit’s Connect libraries enhance the security and utility of Raspberry Pi in the following ways:

Add message authentication to egress messages to the Zymbit cloud by attaching a digital signature, which proves that the data originated to a specific Raspberry Pi/Key combination. (Meaning that it was not forged or substituted along the way).
Assist in providing security certificates to the Zymbit cloud.
Authenticate security certificates from the Zymbit cloud.
Optionally help to encrypt/decrypt the content of messages to/from the Zymbit cloud.

Data that is encrypted/authenticated through ZymKey will be stored in this encrypted/authenticated form, thereby preserving the privacy and integrity of the data.

In addition to its standard attributes, developers can access lower level features through secure software services, including general cryptography (SHA-256 MAC and HMAC with secure keys, public key encryption/decryption), password validation, and ‘fingerprint’ services that bind together specific hardware configurations.

Stealth hardware

ZymKey’s low-profile hardware plugs directly into the Pi’s expansion header while still allowing Pi-Plates to be added on top. Lightweight firmware drivers run on the RPi core and interface with software services through zymbit.connect. It should also be noted that a USB device is in the works for other Linux boards.

At the heart of the ZymKey is the newly released ATECC508A CryptoAuthentication IC. Among some of its notable specs are:

ECC asymmetric encryption engine
SHA digest engine
Random number generator
Unique 72-bit ID
Tamper prevention
Secure memory for storing:
- Sensitive key material – an important thing to point out is that private keys are unreadable by the outside world and, as stated above, are only readable by the crypto engine.
- X.509 security certificates.
- Temporary items: nonces, random numbers, ephemeral keys
Optional encryption of transmitted data across the I2C bus for times when sensitive material must be exchanged between the Raspberry Pi and the ATECC508A

Life without ZymKey

Raspberry Pi can be used with the Zymbit Connect service without the ZymKey; however, the addition of ZymKey ensures that communications with Zymbit services are secured to a higher standard. Private keys are unreadable by the outside world and usable only by the ATECC508A, thus making it difficult (if not practically impossible) to compromise.

Each ZymKey has a unique set of keys. So, if, on the off chance that a key is compromised, only that key is affected. Simply stated, if you have several Raspberry Pi/ZymKey pairs deployed and one is compromised, the others will still be secure.

Once again, it is certainly possible to achieve the above goals purely through software (OpenSSL/libgcrypt/libcrypto). However, especially regarding encryption paths, without ZymKey’s secure storage, key material must be stored on the Raspberry Pi’s SD card, exposing private keys for anyone to exploit.

Stay tuned! The ZymKey will be making its debut on Kickstarter in the coming days.

Why the IoT needs multi-layer security

2 Replies

When it comes to the Internet of Things, you’re only as a strong as your weakest link.

The notion of security being only as strong as its weakest link is especially true for the Internet of Things. When it comes to connected devices, security must be strong at all layers, closing any possible open doors and windows that an attacker can crawl through. Otherwise, if they can’t get in on ther first floor, they will try another.

Internet security has been built mainly upon Transport Layer Security, or TLS. TLS provides confidentiality, data integrity and authentication of the communication channel between an Internet user and a secure website. Once a secure communications channel is set up using a TLS method, for example, the other half of the true security equation is needed, namely applications layer security.

To understand this notion, think of logging into your bank account on the web. First, you go to the bank’s website, which will set up a secure channel using TLS. You know TLS is successful when you see the lock symbol and https (“S” for secure) in the browser. Then, you will be brought to a log-in page and prompted to enter your credentials, which is how the bank authenticates your identity, ensuring that you’re not some hacker trying to gain access into an unauthorized account. In this scenario, your password is literally a secret key and the bank has a stored copy of the password which it compares to what you entered. (You may recognize that this is literally symmetric authentication with a secret key, though the key length is very small.) Upon logging in, you are, in fact, operating at the application. This application, of course, being electronic banking.

So, as autonomous IoT nodes spread around the world like smart dust, how do those nodes ensure security? This can essentially be achieved using the same two steps:

Set up Transport Layer Security to secure the communications channel using TLS or another methodology to get confidentiality, data integrity and confidentiality in the channel. This channel can be either wired or wireless.

Set up Applications Layer Security to safeguard the information that will be sent through the communications channel by using cryptographic procedures. Among proven cryptographic procedures to do so are ECDSA for authentication, ECDH key agreement to create session keys, and encryption/decryption engines (such as AES that use the session keys) for encrypting and decrypting messages. These methods make sure that the data source in the node (e.g. a sensor) is authentic, the data is confidential and has not been tampered with in any degree (integrity).

The reason that multi-layer security, particularly application layer security, is required is that attackers can get into systems at the edge nodes despite a secure channel. Long story short, TLS is not enough.

IoT nodes collect data, typically through some kind of sensor or acting on data via an actuator. A microcontroller controls the operation of the node and a chosen technology like Wi-Fi, Bluetooth and Zigbee provides the communications channel. The reason that application layer security needs to be added to the TLS is that, if an attacker can hack into the communications channel via any range of attacks (Heartbleed, BEAST, CRIME, TIME, BREACH, Lucky 13, RC4 biases, etc.), they can then intercept, read, replace and/or corrupt the sensor/actuator or other node information.

Unfortunately in the real world, TLS gets breached, making it not sufficient. As a result, true security requires both Transport Layer and Applications Layer Security. Think of it as a secure pipeline with secure data flowing inside. The crypto element — which are an excellent way to establish the Applications Layer Security for the IoT — gets in between the sensor and the MCU to ensure that the data from the sensor has all three pillars of security applied to it: confidentiality, integrity, and authentication (also referred to as “CIA”). CIA at both the transport and application layers is what will make an IoT node entirely secure.

Fortunately, Atmel has an industry-leading portfolio of crypto, connectivity and controller devices that are architected to easily come together to form the foundation of a secure Internet of Things. The company’s wireless devices support a wide spectrum of standards including Wi-Fi, Bluetooth, Bluetooth Low Energy and Personal Area Networks (802.15.4), not to mention feature hardware accelerated Transport Layer Security (TLS) and the strongest link security software available (WPA2 Enterprise).

Crypto elements, including CryptoAuthentication and Trusted Platform Modules (TPM) with protected hardware-based key storage, make it easy to provide extremely robust security for IoT edge nodes, hubs, and other “things” without having to be a crypto expert. Built-in crypto engines perform ECDSA for asymmetric authentication and ECDH key agreement to provide session keys to MCUs, including ARM and AVR products that run encryption algorithms.

The “three-legged stool” of cryptography

1 Reply

Implementing true IoT requires a three-pronged approach, like a three-legged stool.

Implementing true security in Internet of Things (IoT) devices requires a three-pronged approach. Like a three-legged stool, each of these legs are required to properly achieve security with at least two of these so-called legs demanding a hardware-based approach.

These legs consist of:

A strong cryptographic cipher for the job
High entropy, cryptographically secure, random number generator (Crypto RNG)
Persistent secure key storage with active tamper detection

Now, let’s go over these one by one.

A Strong Cryptographic Cipher for the Job

A cipher is a cryptographic algorithm for performing encryption and decryption, which needs to be strong enough for the application at hand. A one-time pad is considered the only unbreakable cipher, so theoretically all other ciphers can be eventually broken. Time and cost are the two usual measures of breaking any cipher.

Time

The cover time of a secret refers to the amount of time that the message needs to be kept secret. A tactical secret, such as a command to fire a particular missile at a particular target has a cover time from the moment the commander sends the message to the moment the missile strikes the target. After that, there isn’t much value in the secret. If an algorithm is known to be breakable within a few hours, even that algorithm provides enough cover time for the missile firing scenario.

On the other hand, if the communication is the long term strategy of the entire war, this has a cover time significantly longer and a much stronger cipher would be required.

Cost

Generally, the time it takes to break any cipher is directly relates to the computation power of the system and the mathematical skills of your adversary. This usually directly coincides with the cost, so the value of your secret will, in a large part, determine how much effort is put into breaking your cryptography.

Therefore, you want to select a cipher which is well known to be strong, has been open to both academia and the public, and survived their scrutiny. Vigorously avoid proprietary algorithms claiming to be strong. The only thing which can speak to a cipher’s strength is for it to be fully open to scrutiny.

These types of proven ciphers are available within Atmel’s line of microcontrollers and microprocessors.

High Entropy, Cryptographically Secure, Random Number Generator

The importance of a Crypto RNG cannot be overstated. Some of the things which rely on the randomness of the random number include:

Key stream in one-time pads
Primes p, q in the RSA algorithm
Private key in digital signature algorithms
Initialization vectors for cipher modes

… The list of critically important requirements for high randomness is long.

Any modern cipher, regardless of intrinsic strength, is only as strong as the random number generator used. Lack of adequate entropy in the random number significantly reduces the computational energy needed for attacks. Cryptographically secure random number generators are important in every phase of public key cryptography.

To realize a cryptographically secure random number generator, a high quality deterministic random number generator and a high entropy source, or sources, are employed. The resulting generator needs to produce numbers statistically independent of each other. The output needs to survive the next bit test, which tests the possibility to predict the next bit of any sequence generated, while knowing all prior numbers generated, with a probability of success significantly greater than 0.5. This is no trivial task for randomly generating numbers as long as 2²⁵⁶.

It is incredibly hard to create a Crypto RNG. Even if you had the code right, there is not enough entropy sources in an embedded system to devise a cryptographically secure random number generator. Most embedded systems, especially IoT nodes are, well, pretty boring. At least when considered in the context of entropy. 2²⁵⁶ bits is a larger number than the number of all the stars in the entire universe. How much entropy do you really think exists in your battery powered sensor?

Companies serious about security put a lot of effort into their Crypto RNGs and have their generators validated by the National Institute of Standards and Technology (NIST), the government body overseeing cryptographic standards in the U.S. and jointly with Canada.

Any assurance or statements that a RNG is “compliant” or “meets standards” and is not validated by NIST is unacceptable within the cryptographic community. A Random Number Generator is either on NIST’s RNG Validation List or it isn’t. It’s as simple as that.

Atmel is just such a serious company. The Crypto RNG that Atmel has used in all if its CryptoAuthentication devices is validated by NIST and can be publicly found on the list here.

Persistent Secure Key Storage with Active Tamper Detection

Strong ciphers supported with high entropy random numbers are used to keep adversaries away from our secrets, but their value is zero if an adversary can easily obtain the keys used to authenticate and encrypt.

System security completely relies on the security of the keys. Protection and safeguarding of these keys and primary keying material is critically important to any cryptographic system. Your secret/private keys are, by far, the most rewarding prize to any adversary.

If your keys are compromised, an adversary will have access to every secret message you’ve ever sent, like a flower offering its nectar to a honeybee. To add insult to injury, nobody will inform you the keys have been compromised. You will go on sending “secret” messages, blissfully unaware your adversaries can read them at their leisure… completely unhindered.

A very well respected manager in our crypto business unit puts it this way; Keys need to be protected behind “guns, guards, and dogs.”

Holding cryptographic keys in software or firmware is akin to placing your house key under the front mat, or above the door, or in that one flowerpot nobody will ever think of looking in.

Adversaries will unleash a myriad of attacks on your system in an effort to obtain your keys. If they can get their hands on your equipment, as is often the case with IoT devices, they will rip them apart. They will employ environmental attacks. They will decapsulate and probe the die of your microcontrollers. There is no limit to what they can and will do.

Atmel’s line of CryptoAuthentication devices offers a long list of active defenses to these attacks as well as providing an external tamper detect capability you can use to secure your devices from physical intrusion and warranty violation.

Summary

As stated in this brief of the three elements which enable truly secure systems, the security of the keys and the quality of the random numbers used will complete or compromise any cipher, no matter the mode used.

Inadequate entropy in a random number generator compromises every aspect of cryptography, because it is relied upon from the generation of keys to supplying initialization vectors for cipher modes. Atmel’s hardware crypto-authentication devices ensure you have a NIST validated cryptographically secure random number generator.

Keys, signatures, and certificates require a persistent secure vault to protect them. The very elements which ensure the authority, security and integrity of your system cannot be left in the attackable open.

Keys held in software or firmware are easily recovered. Typical microcontrollers and microprocessors do not contain the protections needed to keep out adversaries. Even newer processors with secure zones have very limited key storage and no generation functionality. From software protocol attacks to environmental and hardware probing, the ways and means of an adversary to recover keys from your software/firmware are nearly unlimited. This is akin to hanging your house key in a flimsy silk pouch on your front door knob.

Hardware security offers a number of benefits:

Secure storage of digital signatures and certificates
Secure storage of key hierarchy
Stopping adversaries from hacking your code
Secure boot and program image checking
Stopping unscrupulous contract manufacturers from over building your product
Creating new revenue streams by allowing premium services to be purchased post deployment
Limiting the life of products, e.g. the number of squirts an ink cartridge has, thereby thwarting refill/reuse
Streamlining deployed product tracking and warranty services

With regards to creating a truly secure system, active hardware protection for keys and cryptographically secure random numbers are not an option — they are a necessity.

Atmel’s CryptoAuthentication devices offer a high security, tamper resistant, physical environment within which to store and use keys for digital signatures, key generation/exchange/management, and perform authentication. Atmel is very serious about security. In addition to testing, validations and approvals by certifying entities, we employ third party labs to apply the very latest attacks and intrusion methodologies to our extremely resilient devices. The methodologies and results of these tests are available to our customers under non-disclosure agreement.

Zymbit wants to accelerate IoT development

1 Reply

Get your real-world Internet of Things ideas to market in days, not months.

As the next frontier of the Internet approaches, the IoT represents a compelling opportunity across a staggering array of applications. That’s why the team behind Zymbit has developed an end-to-end platform of hardware and software devices that will enable Makers, engineers and developers alike to transform their ideas into real-world products in blistering speed.

In an effort to deliver secure, open and interactive gadgets for our constantly-connected era, Zymbit is hoping that latest set of solutions will help accelerate adoption and interface with our physical world in a more secure, authenticated manner. The company — who we had the chance to meet at CES 2015 and will be on display in our Maker Faire booth — recently unveiled its Zymbit 1 (Z1), which is being billed as the first fully-integrated piece of IoT hardware that provide users with local and remote live data interaction, along with a low-power MCU, battery-backed operation.

“Z1’s motherboards incorporate some of the latest secure silicon from Atmel, providing accelerated processing of standard open security algorithms. A separate supervisor MPU takes care of security, while you take care of your application,” explained Zymbit CTO Alex Kaay.

Based on the Atmel | SMART SAM D21, the Z1 motherboard is electronically robust with enhanced security provided via an ATECC108 crypto engine and an ATWINC1500 Wi-Fi controller — meaning, no additional parts are necessary. Ideal for those developing next-gen IoT projects, the modular board is super customizable and compatible with Atmel Xplained Pro wingboards, Arduino shields, Raspberry Pi B+, as well as ZigBee, cellular and POE options. The Zymbit team has even implemented discretely controlled blocks to simplify coding and to secure remote device management, while advanced power management supports battery, solar and POE operations.

The Z1 integrates all of the key components required to support a generation of global IoT applications. This includes easily transitioning between Arduino, Atmel and Raspberry Pi designs, integrated open software tools for seamless innovation, as well as a choice of wireless communication. For instance, Makers can design and implement their programs using the Zymbit’s Arduino Zero app processor and take advantage of a vast number of Arduino shields. Or, developers can connect their Raspberry Pi to utilize the various Zymbit services via SPI bus, allowing their B+ module to interact with a wide-range of “things.”

The unique Zymbit architecture delivers three key pillars of security: authenticated data source with 72-bit ID serial number, protected data transmission with SHA 256 and private data transmission via a Wi-Fi embedded AES engine. This is accomplished through a dedicated hardware crypto engine that ensures only trusted data is exchanged between devices.

At the heart of Z1’s operation lies a network/Linux CPU, the Atmel | SMART SAMA5D4 MPU, tasked with its secure communication. Meanwhile, its security processes run within a supervisory, ultra low-power Atmel | SMART SAM L21 MCU, separately from its SAM D21 Cortex-M0+ I/O application MCU. This hardware is all housed inside a dynamically-constructed case, which features standard expansions and mounts perfect for any consumer, commercial or industrial applicable IoT product.

Adding to its already impressive list of capabilities, Zymbit comes with a remote manager that makes it easy to connect and manage gizmos both securely and with transparency. This service enables users to SSH to their devices, whether they are on your desk or across the country. Publishing through Zymbit’s Pub/Sub Engine lets developers collect and share data one-to-one or one-to-many, with or without subscriber authentication. As you can imagine, this opens up an assortment of project possibilities, which range from changing Philips Hue color lighting with data streams to monitoring key parameters of a refrigeration system.

“We are providing some standard dashboard widgets that allow you to quickly view your device performance metrics and data-channels. Initially we are supporting time series charting, together with plugin metrics for Raspberry Pi, and Arduino Yún,” the team writes.

Interested in learning more? You can stay up-to-date with the Zymbit team’s progress here, watch our latest interview with one of the company’s co-founders below, and swing by our booth at Maker Faire Bay Area!

10 (+1) invaluable steps to launching your next IoT product

2 Replies

Let’s transition your products from a ‘dumb’ to ‘smart’ thing.

Many enterprises, startups and organizations have already been exposed to the innovation land grab stemming from the rapidly evolving Internet of Things (IoT). What’s available in the product/market fit arena? This is the hunt to cease some segment of the multi-trillion dollar growth reported to gain from the IoT, enabling embedded system connectivity coupled with the ecosystem value-add of a product or service. Even for that matter, transforming a mere idea that centers around connectivity solutions can present an array of challenges, particularly when one seeks to bring to market disruptive ways for the end-user to adopt from the more traditional way of doing things (e.g. GoPro, PebbleWatch, FitBit, and even to as far as e-health monitors, tire subscriptions, self-driving vehicles, smart bracelets, connected medical apparatus or Industrial Internet devices, home automation systems and more).

All together, there’s one overlaying theme to these Internet-enabled products. They are all pervasively SMART technologies that help monetize the IoT. Now, let’s get your products to transition from a once ordinary, mundane object to a much smarter, more secure “thing.” When doing so, this too can often present a few obstacles for designers, especially as it requires a unique set of skills needed to interface systems with connectivity to the cloud or Internet.

To top it all off, there may already be various product lines in existence that have a mandate to leverage a connected ecosystem/design. In fact, even new ones require connectivity to the cloud, having designs set forth to enhance via customer usage then combining this user data with other associated data points. Already, the development to enable such devices require an assortment of skills. It’s an undertaking, one in which requires knowledge and expertise to command stable connectivity in the infrastructure and design a product with security, scalability, and low power.

Moving ahead, here are some recommendations developers and Makers should know:

Identify a need and market: The value of the smart device lies in in the service that it brings to the customer. Identify the need to develop a strong offer that brings value or enhances efficiency rather than creating a simple gadget. (See Marc Andreesen’s infamous blog on product/market fit for more tips).

Validate your ideation: Carry out market research. Do your due diligence. Determine whether the device you think of creating already exists. Can improvements be ascertained with testimonial as an enhanced or unique experience? Indeed, benchmarking will allow you to discover any competitors, find sources of inspiration, develop a network of ideas to pool and find other areas for improvement as well.

Prototype toward MVP: New device fabrication techniques, such as 3D printing, are the ideal creative validation for producing prototypes much faster and for less money. They also promote iteration, which is an integral process when designing the device towards MVP.

Connect the ‘thing’ then concert it into a smart ‘thing:’ Right now, there is no mandatory standard for interconnecting different devices. Selecting the right technology is essential, particularly if the device requires low-power (speaking of low-power….) and event and state controls, which highly optimize extended power and the services to enrich the information system and eventally enhance user experience with a roadmap toward an ecosystem.

Develop the application: Today, the primary smart devices are linked to an dedicated mobile app. Since the app transforms the smartphone into a remote control, it must be be easy to use for your end-users, and more importantly, simply upgraded via the cloud.

Manage the data: Fitted with a multitude of sensors, connected gadgets generate an enormous amount of data that need to be processed and stored with the utmost security across all layers even to as far as using cryptography in memory. (After all, you don’t want your design become a ‘Tales from the Crypt-O” horror story.)

Analyze and exploit the data: By processing and analyzing the data, a company can extract the necessary information to deploy the right service in the right place at the right time.

Measure the impact of the smart device: Set up probes to monitor your devices and data traffic quality. Answer questions objectively as to how it would securely scale and evolve should there be an instant high volume success and usage. This will help you measure the impact of the smart device in real time and adapt its actions accordingly, and model into the product roadmap and MVP spec.

Iterate to fine-tune the device’s use: After launching the project, the process has only begun. Feedback needs to be taken into account in order to adjust and fine-tune the project. Due to its very nature, digital technology requires continuous adaptation and iteration. “Try and learn” and present riskier ideas to products are the fundamental principles behind transformation when imposing a new use.

Prototype again: Continuous adaptation and iteration means that your company needs to produce a new prototype.

Here’s 10 + 1 invaluable Step to Launching Your IoT Project or Products

Here’s 10 + 1 invaluable steps to launching your IoT project or product.

11. Take advantage of the hands-on training in your region.

As an application space, IoT sensor nodes are enabled by a number of fundamental technologies, namely a low-power MCU, some form of wireless communication and strong security. With this in mind, the newly revealed Atmel IoT Secure Hello World series will offer attendees hands-on training, introducing them to some of the core technologies making the Internet of Things possible, including Wi-Fi and CryptoAuthentication.

What’s more, these sessions will showcase Atmel’s diverse Wi-Fi capabilities and CryptoAuthentication hardware key storage in the context of the simplest possible use cases. This includes learning how to send temperature information to any mobile device via a wireless network and how to enable the remote control of LEDs on a SAM D21 Xplained Pro board over a Wi-Fi network using a WINC1500. In addition, attendees will explore authentication of IoT nodes, as well as how to implement a secure communications link — something that will surely come in handy when preparing to launch your next smart product.

As you can see, so far, everyone is LOVING the Hello World sessions — from hardcore embedded engineers to hobbyists. Here some recent social activity following the recent Tech on Tour events in both Manchester and Heathrow, UK. Need we say more? These tweets say a thousand words!

Connected and ready to go… all before lunch! (Yes, there’s food as well!)

Atmel’s Tech on Tour and proud partner EBV Elektronik proudly thankful for the successful event in Manchester, UK.

Atmel’s Tech on Tour just successfully completed a full house attendance training in Manchester, UK

Atmel-Tech-On-Tour-Europe-Big-Bang-Theory-Relates-to-IoT

BLE, WIFI, IoT, IOE, ToT, OMG! How does Big Bang Theory and IoT relate to Tech on Tour?

Find out how you too can receive in-depth IoT training. As the Atmel | Tech on Tour makes it way throughout Europe, Asia, and North America, make sure you know when the team arrives in your town! Don’t miss it. Upon registering, you will even receive a WINC1500 Xplained Pro Starter Kit to take home.

Hackers can take over robotic arms performing your surgery

2 Replies

Researchers are table to hijack a medical telerobot, raising questions around the security of remote surgery.

In a scenario that sounds straight out of a Hollywood thriller, researchers at the University of Washington have discovered a flaw in surgical robotic arms that allows them to be easily hacked. The experts were able to take control of a Raven II telerobot through a series of cyber attacks, thereby enabling them to change the speed of the arms of the robot and their orientation, making it impossible for the machines to carry out a procedure as directed.

The first successful telesurgery took place back in 2001 when a doctor in New York completed a gall bladder surgery of a patient 3,700 miles away in France, and since then, long-distance robotic surgery has taken off. Though robotic surgery has yet to become the industry standard, sales of medical robots are increasing by 20% each year. Meaning, vulnerabilities can certainly wreak havoc on operations should the proper security measures not be implemented.

In the case of Raven II, a remote operator uses two winglike arms to perform complex procedures where otherwise their hands might not be capable. While this experiment was performed in a controlled environment and not on the operating table, it’s apparent that more stringent security measures be taken. Raven II runs on a single PC, and communicates with a control console using a standard communications protocol known as Interoperable Telesurgery Protocol. But rather than take place over a secure private channel, commands are sent over public networks instead — and therein lies the potential risk.

For their study, the team performed various types of cyberattacks to see just how easily the arm could be disrupted. This included changing the commands sent by an operator, modifying signals and even completely taking over the robot. The researchers note that while their test applies only to Raven II, other surgical mechanisms that use similar teleoperation were likely also at risk.

“In hijacking attacks, a malicious entity causes the robot to completely ignore the intentions of a surgeon, and to instead perform some other, potentially harmful actions. Some possible attacks includes both temporary and permanent takeovers of the robot, and depending on the actions executed by the robot after being hijacked, these attacks can be either very discreet or very noticeable,” the team writes.

Since surgery requires the upmost precision, any minor glitch at a critical moment could prove to be deadly for a patient. Subsequently, researchers suggest a number of ways that telesurgery can be more secure, including encrypting data as it’s transferred from surgeon to robot, making the software more sensitive to errors and attempted data changes, and better monitoring of the network status before and during surgery.

“Some of these attacks could have easily been prevented by using well-established and readily-available security mechanisms, including encryption and authentication,” the researchers note.

It’s becoming increasingly clear that embedded system insecurity affects everyone, and not only can these effects of insecurity lead to sensitive financial and medical data theft, but in some cases, could even lead to greater harm or fatality. This is why CryptoAuthentication protection is so paramount. As Atmel resident security expert Bill Boldt explains, “Hardware protection beats software protection every time. That is because software is always subject to bugs, tampering and malware, just as these attacks are proving. Again and again and again.”

Want to learn more? Download the entire paper here.

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

What do you mean by “hackability?”

Which security features are lacking from Raspberry Pi?

Securing Raspberry Pi with silicon and software

ZymKey for secure remote device management

Secure software services

Stealth hardware

Life without ZymKey

Share this:

Like this:

Share this:

Like this:

A Strong Cryptographic Cipher for the Job

High Entropy, Cryptographically Secure, Random Number Generator

Persistent Secure Key Storage with Active Tamper Detection

Summary

Share this:

Like this:

Share this:

Like this:

11. Take advantage of the hands-on training in your region.

Share this:

Like this:

Share this:

Like this: