Secure your hardware, software and IoT devices

Evident by a recent infographic published by Forbes, it appears people are finally cognizant of the urgent need for security. It’s clearer than ever that hacking has become a real problem over the web and into electronic devices. With the emergence of the Internet of Things (IoT), we consistently find ourselves connecting these gadgets and gizmos to the web. As a result, security becomes a key issue throughout the entire chain.

Analog Aficionado Paul Rako recently had the chance to catch up with Bill Boldt, Atmel’s resident security expert, to explore the latest threats and trends in security as well as how Atmel can help secure products across the spectrum. Not in the reading mood? There’s a pretty sweet playlist of all the footage from the 1:1 interview here.

In the first segment of the interview, Boldt discusses how an engineer or designer can use Atmel’s CryptoAuthentication chips to ensure that the accessories to a particular product are genuine. Here, the security expert talks about using symmetrical authentication to certify that only a drill manufacturer’s batteries will work on its own drill.

If you recall, Boldt provided an in-depth exploration into this same demo, which can be found here. Though securing hardware is great, if you wanted, you could make this symmetrical authentication protect any kind of plug-in or device, even if it is not electronic. In fact, this safeguard is used on things ranging from ink cartridges to e-cigarettes; moreover, medical device manufactures love this technology since it protects them from liability from knockoff products.

This can help secure products with add-ons or attachments, but an even greater value for hardware security comes when you use these chips to make sure that your device has not had its code or operating system hijacked. Since the interface between the microcontroller and the crypto chip is only sending a random number from the micro, and the one-time result from the crypto chip in response, snooping on the SPI port will not help you crack the code. Now, your microcontroller firmware can query the chip and ensure that it indeed gets the proper result — if someone attacks the firmware and puts their own code, it won’t execute since it cannot get past the protected part of the chip code that has to get a valid response from the crypto chip.

You can extend this to secure downloads as well. As long as your code requires the downloaded segment to query and respond to the tiny crypto chip, only your code will work since only you know the secret key programmed into the chip.

“As a hardware engineer, I am just as fascinated by the cool packages we use as well as all the math and firmware algorithms,” says Rako.

In the subsequent video of the interview, Boldt describes the packaging for the crypto chips, in addition to a unique three-pad package manufactured by Atmel that does not need to be mounted on a circuit board at all.

During the segment, Boldt also delves deeper into some security scenarios for the IoT, incuding some great analogies. Furthermore, the security guru reminds viewers that these Atmel CryptoAuthentication chips will work with any company’s microcontroller, not just Atmel’s.

One thing you hear bandies about in security are the dissimilarities between both symmetric and asymmetric. The aforementioned drill demo was symmetric, since both the drill and the battery had the secret key programmed into the MCU and the crypto chip, respectively. Here, Boldt expands on the topic and how Atmel does all the hard math so you don’t have to worry about it.

Concluding his interview with Rako, Boldt addresses the fact that you can use the crypto chip not only in a drill, but in the charger as well to guarantee that only your OEM charge will charge your OEM batteries. The resident security expert wraps up by noticing that people can counterfeit those holograms on a product’s box, but they can’t hack hardware security chips.

Interested in learning more? Explore hardware-based security solutions for every system design here. Look to secure the full stack? You can receive a FREE Atmel CryptoAuthentication™ development tool. For more in-depth analysis from Bill Boldt, you can browse through his archive on Bits & Pieces. 

U.S. agencies investigate medical devices for cyber flaws

According to a recent report from Reuters, the U.S. Department of Homeland Security is currently investigating nearly two dozen cases of suspected cybersecurity vulnerabilities in medical devices and hospital equipment that officials fear could be exploited by hackers.

(Source: Getty Images)

The vulnerable products include implantable heart implants and drug infusion pumps, thus leaving members of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) concerned these flaws could be used to induce heart attacks and drug overdoses, among other things.

Without naming companies, the ISC-CERT team announced last year that a vast assortment of these medical devices contain backdoors making them quite susceptible to potential life-threatening hacks. These hard-coded password flaws affected roughly 300 medical devices — ranging from ventilators and patient monitors to surgical and anesthesia devices — across approximately 40 vendors.

(Source: Shutterstock)

“The senior DHS official said the agency is working with manufacturers to identify and repair software coding bugs and other vulnerabilities that hackers can potentially use to expose confidential data or attack hospital equipment,” Reuters stated.

While there are still no known deaths as a result of such malicious behavior, officials claim that it certainly isn’t “out of the realm of possibilities,” comparing similar incidents to those seen on TV like the show Homeland. In this Showtime Network spy drama, a fictional U.S. vice president is killed via cyber attack on his pacemaker. Coincidentally enough, former Vice President Dick Cheney has revealed that he once feared a similar attack and to prevent such thing from happening, disabled the wireless connectivity of his pacemaker.

Reuters points out that security officers are increasing their vigilance around cyber threats and that medical facilities throughout the country have beefed up their networks to protect from intruders. Furthermore, the report notes that security vulnerabilities in medical devices are exposed so manufacturers can fix them, and that there was no need for patients to panic. Nevertheless, as one can imagine, this still leaves many uneasy.

As scenarios such as these continue to emerge, it is becoming increasingly clear that embedded system insecurity affects everyone and every company, not just those in the healthcare world. Products can be cloned, software copied, systems tampered with and spied on, and many other things that can lead to revenue loss, increased liability, and diminished brand equity… or in this case, injury or death. Worry no more! Thanks to ultra-secure defense mechanisms and security at its core, Atmel devices can protect firmware, software, and hardware products from future threats. Register for a chance to receive a free CryptoAuthentication tool kit here!

ECDH key exchange is practical magic

What if you and I want to exchange encrypted messages? It seems like something that will increasingly be desired given all the NSA/Snowden revelations and all the other snooping shenanigans. The joke going around is that the motto of the NSA is really “Yes We Scan,” which sort of sums it up.

Encryption is essentially scrambling a message so only the intended reader can see it after they unscramble it. By definition, scrambling and unscrambling are inverse (i.e. reversible) processes. Doing and undoing mathematical operations in a secret way that outside parties cannot understand or see is the basis of encryption/decryption.

Julius Caesar used encryption to communicate privately. The act of shifting the alphabet by a specific number of places is still called the Caesar cipher. Note that the number of places is kept secret and acts as the key. Before Caesar, the Spartans used a rod of a certain thickness that was wrapped with leather and written upon with the spaces not part of the message being filled with decoy letters so only someone with the right diameter rod could read the message. This was called a skytale. The rod thickness acts as the key.

A modern-day encryption key is a number that is used by an encryption algorithm, such as AES (Advanced Encryption Standard) and others, to encode a message so no one other than the intended reader can see it. Only the intended parties are supposed to have the secret key. The interaction between a key and the algorithm is of fundamental importance in cryptography of all types. That interaction is where the magic happens. An algorithm is simply the formula that tells the processor the exact, step-by-step mathematical functions to perform and the order of those functions. The algorithm is where the magical mathematical spells are kept, but those are not kept secret in modern practice. The key is used with the algorithm to create secrecy.

For example, the magic formula of the AES algorithm is a substitution-permutation network process, meaning that AES uses a series of mathematical operations done upon the message to be encrypted and the cryptographic key (crypto people call the unencrypted message “plaintext“). How that works is that the output of one round of calculations done on the plaintext is substituted by another block of bits and then the output of that is changed (i.e. permutated) by another block of bits and then it happens over and over, again and again. This round-after-round of operations changes the coded text in a very confused manor, which is the whole idea. Decryption is exactly as it sounds, simply reversing the entire process.

That description, although in actual fact very cursory, is probably TMI here, but the point is that highly sophisticated mathematical cryptographic algorithms that have been tested and proven to be difficult to attack are available to everyone. If a secret key is kept secret, the message processed with that algorithm will be secret from unintended parties. This is called Kerckhoffs’ principle and is worth remembering since it is the heart of modern cryptography. What it says is that you need both the mathematical magic and secret keys for strong cryptography.

Another way to look at is that the enemy can know the formula, but it does him or her no good unless they know the secret key. That is, by the way, why it is so darn important to keep the secret key secret. Getting the key is what many attackers try to do by using a wide variety of innovative attacks that typically take advantage of software bugs. So, the best way to keep the secret is to store the key in secure hardware that can protect if from attacks. Software storage of keys is just not as strong as hardware storage. Bugs are endemic, no matter how hard the coders try to eliminate them. Hardware key storage trumping software is another fundamental point worth remembering.

Alright, so now that we have a good algorithm (e.g. AES) and a secret key we can start encrypting and feel confident that we will obtain confidentiality.

Key Agreement

In order for encryption on the sender’s side and decryption on the receiver’s side, both sides must agree to have the same key. That agreement can happen in advance, but that is not practical in many situations. As a result, there needs to be a way to exchange the key during the session where the encrypted message is to be sent. Another powerful cryptographic algorithm will be used to do just that.

There is a process called ECDH key agreement, which is a way to send the secret key without either of the sides actually having to meet each other. ECDH uses a different type of algorithm from AES that is called “EC” to send the secret key from one side to the other. EC stands for elliptic curve, which literally refers to a curve described by an elliptic equation.   A certain set of elliptic curves (defined by the constants in the equation) have the property that given two points on the curve (P and Q) there is a third point, P+Q, on the curve that displays the properties of commutivity, associativity, identity, and inverses when applying elliptic curve point multiplication. Point-multiplication is the operation of successively adding a point along an elliptic curve to itself repeatedly. Just for fun the shape of such an elliptic curve is shown in the diagram.

The thing that makes this all work is that EC point-multiplication is doable, but the inverse operation is not doable. Cryptographers call this a one-way or trap door function. (Trap doors go only one way, see?)  In regular math, with simple algebra if you know the values of A and A times B you can find the value of B very easily.  With Elliptic curve point-multiply if you know A and A point-multiplied by B you cannot figure out what B is. That is the magic. That irreversibility and the fact that A point-multiplied by B is equal to B point-multiplied by A (i.e. commutative) are what makes this a superb encryption algorithm, especially for use in key exchange.

To best explain key agreement with ECDH, let’s say that everyone agrees in advance on a number called G. Now we will do some point-multiply math. Let’s call the sender’s private key PrivKeySend.  (Note that each party can be a sender or receiver, but for this purpose we will name one the sender and the other the receiver just to be different from using the typical Alice and Bob nomenclature used by most crpyto books.) Each private key has a mathematically related and unique public key that is calculated using the elliptic curve equation.  Uniqueness is another reason why elliptic curves are used. If we point-multiply the number G by PrivKeySend we get PubKeySend. Let’s do the same thing for the receiver who has a different private key called PrivKeyReceive and point-multiply that private key by the same number G to get the receiver’s public key called PubKeyReceive.   The sender and receiver can then exchange their public keys with each other on any network since the public keys do not need to be kept secret. Even an unsecured email is fine.

Now, the sender and receiver can make computations using their respective private keys (which they are securely hiding and will never share) and the public key from the other side. Here is where the commutative law of point-multiply will work its magic. The sender point-multiplies the public key from the other side by his or her stored private key.  This is equates to:

PubKeyReceive point-multiplied by PrivKeySend which = G point-multiplied by PrivKeyReceive point-multiplied by PrivKeySend

The receiver does the same thing using his or her private key and the public key just received. This equates to:

PubKeySend point-multiplied by PrivKeyReceive  = G point-multiplied by PrivKeySend point-multiplied by PrivKeyReceive.

Because point-multiply is commutative these equations have the same value!

And, the rabbit comes out of the hat: The sender and receiver now have the exact same value, which can now be used as the new encryption key for AES, in their possession. No one besides them can get it because they would need to have one of the private keys and they cannot get them. This calculated value can now be used by the AES algorithm to encrypt and decrypt messages. Pretty cool, isn’t it?

Below is a wonderful video explaining the modular mathematics and discrete logarithm problem that creates the one-way, trapdoor function used in Diffie-Hellman key exhange. (Oh yeah, the “DH” in ECDH stands for Diffie-Hellman who were two of the inventors of this process.)

Are you building out for secure devices?  Protect your design investments and prevent compromise of your products? Receive a FREE Atmel CryptoAuthentication™ development tool.

There’s good news about BadUSB

The good news about the recently-revealed BadUSB is that there actually is a cure: Atmel CryptoAuthentication. Hardware crypto engines were invented to protect software, firmware and hardware from exactly these types of attacks, among many others. These uber-tiny, ultra secure hardware devices can be easily and cost-effectively added to USB sticks (and other peripherals) by manufacturers, who are seeking to protect their customers by ensuring that only the proper and intended code is downloaded and used. Once installed into the peripherals, CryptoAuthentication devices will block the bad code. Period.

Let’s look at what Bad USB has uncovered: It is that everything with a processor is vulnerable to attack. Most people don’t really think of a USB stick, modern thermostat, home router, fax machine, PC mouse or trackpad, a camera, iPod, microwave, and other “things” as being computers; however, they are. In fact, they all have at least one processor, memory, ways to get stuff in and out, and code (firmware) that tells the processor what to do. That last piece is where the danger lies.

As any PC or smartphone user knows, code gets updated all the time to get rid of bugs and add features. Updating code opens up a processor that was previously running good code, to code altered by people with mal-intent, i.e. malware. This is how good embedded systems go bad. We recently saw malware that allowed an ATM to spit out 40 bank notes at a time if a certain code was entered. Real nice for those who know the code!

BadUSB is Bad for More Than Just USB

All systems with processors are vulnerable to bad code, which can do bad things to good systems. All it takes is a way to transfer bad code from one processor to another… and, that happens all the time. USB sticks, USB accessories, the Internet, wireless links like Wi-Fi or Bluetooth — you name it — can be vectors for diseased code. What BadUSB has revealed to us is that all embedded systems, unless equipped with robust protection mechanisms, are now vulnerable to catching diseased code. (Embola?)

Embola

One contracted, a machine infected with Embola can send private and sensitive information to bad guys, or let them take over your system for ransom or other mal-purposes. They can turn on cameras and microphones to spy, grab your photos and bank account information, or even mess with your car. Whatever they want they can have, and you most likely will never know it.

By now you should see the point, which is that every embedded system and PC needs protection. Everything that runs software is vulnerable such as wearables, phones, USB accessories, USB sticks, cameras, cars, printers, thermostats, ATMs, meters, microwaves, appliances, and whatever the IoT will become. Simply put: If it has a processor and connects to something else, it is hackable.

So, what can you do to protect against Embola? The answer is twofold:

1. Don’t let the bad code in, and
2. If it does get in, don’t let it run.

While this sounds pedantically simplistic, these steps are NOT being taken. These two functions have the self-explanatory names of secure download and secure boot.

Secure Download

Secure download uses encryption to ensure that the code that is received by the embedded system is kept away from hackers. The code is encrypted using an algorithm such as Advanced Encryption Standard (AES) by using an encryption key. That encryption key is created using a secret that is only shared with the target system. The encrypted code is sent to the target embedded system to be decrypted and loaded for its use. Along with the encrypted code, a seed is also sent to the target system.

The seed is a number (typically unique with each session) that is hashed during the encryption session with a secure secret key. The result of that hashing is called the digest or Message Authentication Code (MAC) and it is used to encrypt the code (i.e. the MAC is the actual encryption key). The seed is sent to the target system to enable decryption, and not useful to anyone unless it is hashed with the secret key, which is what the target system will do. The target system runs the same hashing algorithm with the identical shared secret key stored there and the seed, which results in the same digest (MAC) that was used to encrypt the code. That MAC can now be used as the decryption key to decrypt the code. At this point, the decrypted code can be ran in the target embedded system.

However, there is another step that can be taken that adds even more security, which is authentication using a digital signature. To use authentication, the unencrypted original code is hashed and signed by the code originator at the same time as the original encryption process. The originator uses a signing key on that hash of the code to make a signature. That signature is sent with the encrypted code and seed to the target system. Once the encrypted code is decrypted using the process noted above, the newly decrypted code will be hashed by the target system, just like was done by the originator, and then signed with the signing key stored in the target system. That signing key is the same as on the originator’s signing module, so if the decrypted code has not been altered, the signature made on the digest of that decrypted code and the signing key will be exactly the same as the signature that was sent over. These two signatures are compared and if they match then the code has been authenticated and can be safely run on the target system. What does this mean? No risk of Embola!

The two levels or security provided by secure down load with authentication is obviously very robust. It will ensure that code that was received has been kept secret during transmission and has not been tampered.

Secure Boot

Secure boot also uses digital signatures to ensure that the code to be booted when the target system starts up matches the code that the manufacturer intended and has not been tampered with. It sort of works in a similar way as secure download. If the code to be booted has been altered, then the signature made by hashing the digest of that code with a secret signing key will not match the signature from the manufacturer. If they don’t match, the code will not load.

These methods are easy and inexpensive to implement and already exist. You should be able to see by now how Atmel has you covered. Ready, set, get secure!

 

Security researchers release BadUSB attack code

Back in August during this year’s Black Hat Conference, Security Research Labs researchers Karsten Nohl and Jakob Lell warned of a serious flaw in USB devices that they dubbed “BadUSB.” As the duo revealed, the flaw can be abused by hackers to reprogram essentially any USB to wreak havoc as it impersonates other devices.

Now a few months later, a pair of other researchers, Adam Caudill and Brandon Wilson have published the attack code on Github in an attempt to put pressure on USB manufacturers to fix the problem or else leave countless users vulnerable.

During the Derbycon security conference in Louisville, Kentucky, Caudill took the stage to explain to attendees, “The belief we have is that all of this should be public. It shouldn’t be held back. So we’re releasing everything we’ve got. This was largely inspired by the fact that [SR Labs] didn’t release their material. If you’re going to prove that there’s a flaw, you need to release the material so people can defend against it.”

The researchers believe that publicly releasing the USB attack code will enable penetration testers to use the technique, thereby proving to clients that USBs are nearly impossible to secure in their current form.

“Writing code for these devices is far from easy, especially when trying to patch the existing firmware. It’s not something that just anyone can jump into — while we have made it easier for people to apply simple patches and provided some insight to the process, these aren’t the patches that will lead to a firmware based worm or something of that nature — these are the type of patches that will make small changes to existing features, or add simple new features,” Caudill wrote in a recent blog post. “So, to do anything still requires a lot of knowledge and skill — in general, as I said earlier, the kind of people that have what it takes to do this, could do it regardless of our release.”

So, why release the code? According to the duo, this is meant to push manufacturers to treat this issue with the kind of seriousness it deserves and to raise user awareness around the fact that as long as users trust devices, attacks will be possible and successful.

“Device manufactures were quick to dismiss the ‘BadUSB’ threat — on one hand, what was presented at Black Hat was possible via other means, so wasn’t really a new threat — but they showed no indication of trying to address the issues under their control,” Caudill explains.

While it will take years for any changes made by device manufactures to have an impact because of the number of devices in circulation now, Caudill urges that if they keep ignoring the issue, then it will never be improved.

“People look at these things and see them as nothing more than storage devices,” Caudill told Wired. “They don’t realize there’s a reprogrammable computer in their hands.”

Now that the bug Karsten Nohl calls “unpatchable” has been released to the public, USB security is undoubtedly compromised. Hackers using BadUSB will gain a new tool that can dish out serious attacks. What this means is that the only means of addressing the problem is to add an additional layer of security over the USB firmware.

USB drives that users plug into their computer could already result in an attack that can’t be avoided unless the user knows exactly where a USB has been, from the time of its production in a factory to the time it reaches the current user.

The good news about BadUSB is that there is a cure: Atmel CryptoAuthentication. Hardware crypto engines were invented to protect software, firmware and hardware from exactly these types of attacks, among many others. These uber-tiny, ultra secure hardware devices can be easily and cost effectively added to USB sticks (and other peripherals) by manufacturers, who are seeking to protect their customers by ensuring that only the proper and intended code is used. Once installed into the peripherals, CryptoAuthentication devices will block the bad code. Period.

Atmel’s experience matters when finding a solution to fight real-world attacks. Isn’t it time you plug with trust?

In conclusion Caudill asks, “Has this been blown out of proportion?” His answer: “Yes.”

Digital anonymity: The ultimate luxury item

Data is quickly becoming the currency of the digital society, of which we are all now citizens. Let’s call that “Digitopia.”

In Digitopia, companies and governments just can’t get enough data. There is real data obsession, which is directly leading to an unprecedented loss of privacy. And, that has been going on for a long time — certainly since 9/11. Now a backlash is underway with increasing signs of a groundswell of people wanting their privacy back. This privacy movement is about digital anonymity. It is real, and particularly acute in Europe. However, the extremely powerful forces of governments and corporations will fight the desire for personal privacy revanchism at every turn. What seems likely is that those with financial means (i.e. 1%-ers) will be at the forefront of demanding and retrieving privacy and anonymity; subsequently, anonymity could easily become the new luxury item. Ironically, digital invisibility could be the highest form of status.

Let’s explore what is creating the growing demand for a return to some anonymity. The main driver is the collective realization of just how vulnerable we all are to data breaches and snooping — thanks to Edward Snowden’s NSA revelations, Russian Cyber-Vor hacker gangs stealing passwords, Unit 61318 of the People’s Liberation Army creating all kinds of infrastructure, commercial and military mischief, the Syrian Electronic Army conducting cyber attacks, Anonymous, Heatbleed, Shellshock, Target and Home Depot credit card number breaches among countless other instances of real digital danger.

What all this means is that everyone is a potential victim, and that is the big collective “ah-ha” moment for digital security. (Maybe it’s more of an “oh-no!” moment?) As illustrated by the chart below, the magnitude, types and sheer number of recent attacks should make anyone feel a sense of unease about their own digital exposure. Why is this dangerous to everyone? Well, because data now literally translates into money. And I literally mean literally. Here’s why…

Bitcoin Exposes the Dirty Little Secret About Money 

Bitcoin is a great starting point because it’s the poster child of the data = money equation. Bitcoin currency is nothing more than authenticated data, and completely disposes any pretense of money being physical. It is this ephemeral-by-design nature of Bitcoin that, in fact, exposes the dirty little secret about all money, which is that without gold, silver or other tangible backing, dollars, the Euro, Renmimbi, Yen, Won, Franc, Pound, Kroner, Ruble and everything else is nothing but data. Money is a manmade concept — really just an idea.

How this works can best be described by putting it into cryptographic engineering terms. Governments are the “issuing certification authority” of money. Each country or monetary union (e.g. EU) with a currency of their own is literally an “issuer.” All roads lead back to the issuer’s central bank via a type of authentication process to prove that the transaction is based upon the faith and credit of the issuer.

Banks are the links on that authentication/certification chain back that leads back to the issuer. Each link on the chain (or each bank) is subject to strict rules (i.e. laws) and audits established by the issuer about exactly how to deal with the issuer, with other banks in the system, with the currencies created by other issues (i.e. other countries), with customers, and how to account for transactions. Audits, laws, and rules are therefore an authentication process. Consumers’ bank accounts and credit cards are the end-client systems. Those end-client systems are linked back through the chain of banks via the authentication process (rules, etc.) to the issuer of the money. That linkage is what creates the monetary system.

Bitcoin was built precisely and purposefully upon cryptographic authentication and certification. It is cryptography and nothing more. There is no central issuing authority and it remains peer-to-peer on purpose. Bitcoin bypasses banks precisely so that no overseer can control the value (i.e. create inflation and deflation at their political whim). This also preserves anonymity.

The bottom line is that the modern banking system has been based upon “fiat money” since the Nixon Administration abandoned the gold standard. The Latin word “fiat” means “arbitrary agreement” and that is what money is: an arbitrary agreement that numbers in a ledger have some type of value and can act as a medium of exchange. Note that physical money (paper and coins) is only an extremely small fraction of the world’s money supply. The bulk of the world’s money is comprised of nothing more than accounting entries in the ledgers of the world’s banking system.

See?  Money = Data. Everything else is window dressing to make it appear more than that (e.g. marble columned bank buildings, Fort Knox, Treasury agents with sunglasses and guns, engraved bonds, armored cars, multi-colored paper currency, coins, etc.).

So, if money equals data, then thieves will not rob banks as often; however, those who can will raid data bases instead, despite what Willie Sutton said. Data bases are where the money is now.

By now, the problem should be obvious to anyone who is paying attention — data of any kind is vulnerable to attack by a wide variety of antagonists from hacker groups and cyber-criminals to electronic armies, techno-vandals and other unscrupulous organizations and people. The reason is simple. Yes, you guessed it: It is because data = money. To make it worse, because of the web of interconnections between people, companies, things, institutions and everything else, everyone and everything digital is exposed.

Big Data. Little Freedom.

The 800-pound gorillas of Digitopia are without a doubt governments. Governments mandate that all kinds of data be presented to them at their whim. Tax returns, national health insurance applications, VA and student loan applications, and other things loaded with very sensitive personal data are routinely demanded and handed over. Individuals and corporations cannot refuse to provide data to the government if they want the monopolized “services” governments provide (or to stay out of jail). And, that is just the open side of the governmental data collection machine.

The surreptitious, snooping side is even larger and involves clandestine scanning of personal conversations, emails, and many other things. However, there is another, non-governmental component to data gathering (I will not use the term “private sector” because it is way too ironic). Companies are now becoming very sophisticated at mining data and tracking people, and getting more so every day. This is the notion of “big data,” and it is getting bigger and bigger all the time.

The Economist recently articulated how advertisers are tracking people to a degree once reserved for fiction. (Think George Orwell’s 1984.) Thousands of firms are now invisibly gathering intelligence. Consumers are being profiled with skills far exceeding that of FBI profilers. When consumers view a website, advertisers compete via a hidden bidding process to show them targeted ads based on the individual’s profile. These ads are extremely well focused due to intensive analytics and extensive data collection. These auctions take milliseconds and the ads are displayed when the website loads. We have all seen these ads targeted at us by now. This brave new advertising world is a sort of a cross between Mad Men and Minority Report with an Orwellian script.

The Personalization Conundrum

There is a certain seductiveness associated with consumer targeting. It is the notion of personalization. People tend to like having a certain level of personalized targeting. It makes sense to have things that you like presented to you without any effort on your part. It is sort of an electronic personal shopping experience. Most people don’t seem to mind the risk of having their preferences and habits collected and used by those they don’t even know. Consumers are complicit and habituated to revealing a great deal about themselves.  Millennials have grown up in a world where the notion of privacy is more of a quaint anachronism from days gone by. But, that is all likely to change as more people get hurt.

Volunteering information is one thing, but much of the content around our digital selves is being collected automatically and used for things we don’t have any idea about. People are increasingly buying products that track their activities, location, physical condition, purchases and other things. Cars are already storing data about our driving habits and downloading that to other parties without the need for consent. So, the question is becoming at point does the risk of sharing too much information outweigh the convenience? It is likely that point has already been reached, if you ask me at least.

The Need for a Digital Switzerland

With the unholy trinity of governmental data gathering, corporate targeting, and cyber-criminality, the need for personal data security should be more than obvious. Yet, the ability to become secure is not something that individuals will be able to make happen on their own. Data collection systems are not accessible, and they are not modifiable by people without PhDs in computer science.

With privacy being compromised every time one views a webpage, uses a credit card, pays taxes, applies for a loan, goes to the doctor, drives on a toll way, buys insurance, gets into a car, or does a collection of other things, it becomes nearly impossible to preserve privacy. The central point here is that privacy is becoming scarce, and scarcity creates value. So, we could be on the verge of privacy and anonymity becoming a valuable commodity that people will pay for. A privacy industry will arise. Think of a digital Pinkerton’s.

It is likely that those who can afford digital anonymity will be the first to take measures to regain it. To paraphrase a concept from a famous American financial radio show host, privacy could replace the BMW as the modern status symbol. The top income earners who want to protect themselves and their companies will be looking for a type of digital Switzerland.

Until now a modicum of privacy had been attainable from careful titling and sequestering of assets (i.e. numbered bank accounts, trusts, shell corporations, etc.). That is not enough anymore. The U.S. Patriot Act, European Cy­bercrime Convention, and EU rules on data retention are the first stirrings concerning a return to the right to anonymity. These acts will apply pressure to the very governmental agencies that are driving privacy away. Dripping irony…

Legal, investigational, and engineering assets will need to be brought to bear to provide privacy services. It will take a team of experts to find where the bits are buried and secure them. Privacy needs do not stop at people either. Engineers will have to get busy to secure things as well.

The Internet of Things

Everything said until this point about the loss of personal privacy also applies to the mini-machines that are proliferating in the environment and communicating with each other about all kinds of things. The notion of the Internet of Things (IoT) is fundamentally about autonomous data collection and communication and it is expected that tens of billions of dispersed objects will be involved in only a few years form now. These numerous and ubiquitous so-called things will typically sense data about their surroundings, and that includes sensing people and what those people are doing. Therefore, these things have to add security to keep personal information out of the hands of interlopers and to keep the data from being tampered with. This is called data integrity in cryptographic parlance.

What Can be Done?

To ensure that things are what they say they are, it is necessary to use authentication. Authentication, in a cryptographic sense, requires that a secret or private key be securely stored somewhere for use by a system. If that secret key is not secret then there is no such thing as security. That is a simple point but of paramount importance.

The most secure way to store a cryptographic key is in secure hardware that is designed to be untamperable and impervious to a range of attacks to get at it. Atmel has created a line of products called CryptoAuthentication precisely for this purpose.  Atmel CryptoAuthentication products — such as ATSHA204A, ATECC108A and ATAES132 — implement hardware-based key storage, which is much stronger then software based storage because of the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time.

It is most likely that as we citizens of Digitopia continue to realize how dependent we are on data and how dependent those pieces of data are on real security, there will be a powerful move towards the strongest type of security that can be achieved. (Yes, I mean hardware.)

In the future, the most important question may even become, “Does your system have hardware key storage?” We should all be asking that already and avoiding those systems that do not. Cryptography is, as Edward Snowden has said, the “defense against the dark arts for the digital realm.”  We should all start to take cover.

Arduino and Atmel launch the Arduino Wi-Fi Shield 101

Following an exciting two days of MakerCon and on the eve of Maker Faire, the team of Atmel and Arduino have announced the launch of the Arduino Wi-Fi Shield 101, a shield that enables rapid prototyping of Internet of Things (IoT) applications on the highly-popular open-source platform.

The cost-effective, secure Arduino Wi-Fi Shield 101 is an easy-to-use extension that can seamlessly be connected to any Arduino board enabling high-performance Wi-Fi connectivity. This new shield gives the design community more opportunities to securely connect IoT applications, ranging from consumer goods to wearables, robotics, high-tech devices and more.

The Arduino Wi-Fi Shield 101 is powered by Atmel’s wireless network controller, part of the Atmel SmartConnect family, and also includes the CryptoAuthentication device which allows users to easily incorporate hardware authentication capability in their design.

“In this increasingly connected world, the Arduino Wi-Fi Shield 101 will help drive more inventions in the IoT market,” explained Arduino Co-Founder Massimo Banzi. “Expanding our portfolio of Arduino extensions, this new shield can flawlessly connect to any modern Arduino board giving our community more options for connectivity, along with added security elements to their creative projects.”

Makers can connect the Arduino Wi-Fi Shield 101 to any modern Arduino R3 board, enabling connectivity to the Internet using any traditional Wi-Fi access points. It is based on the WINC1500 802.11b/g/n network controller which features an integrated TCP/IP stack, TLS security and SoftAP for seamless provisioning. It also features an Atmel authentication security device that can be used for keys, passwords or secret data.

In true Arduino fashion, every element of the platform – hardware, software and documentation – is freely available and open-source. This offers the Maker community to discover exactly how it’s made and then to utilize its design as the starting point for their own circuits. An open-source Wi-Fi library will also be available to enable users to write sketches that connect to the Internet using the shield. The newly-unveiled shield connects to an Arduino board using long wire-wrap headers which extend through the shield, thus keeping the pin layout intact and allows other shields to be stacked on top.

“Through our long standing partnership with Arduino, Atmel is committed to the Maker Movement and excited to enable more connected devices in the Internet of Things,” said Reza Kazerounian, Senior Vice President and General Manager at Atmel. “We’ve partnered with Arduino to develop a true turn-key IoT solution that will allow the community to create unlimited possibilities. We are eager to see the breadth of next-generation IoT products that this new shield will help designers achieve.”

For those heading to World Maker Faire New York, swing by booth #EP24 to get a firsthand look at the Wi-Fi Shield 101. Additionally, Arduino and Atmel will be hosting a Meet & Greet to discuss this jointly-developed shield on Friday, September 19 from 6:30 – 8:30pm ET at NY Hall of Science. Arduino’s Massimo Banzi and Atmel’s Reza Kazerounian will be speaking at this event and a number of innovative Maker demos will also be showcased. To attend, please RSVP to pr@atmel.com.

Since 2005, a worldwide community of Makers has gathered around this open source platform. And, Atmel microcontrollers were there from the outset, providing simple but powerful microcontrollers (MCUs) as the hardware side of the equation. Artists, designers, inventors, engineers, musicians and students alike have turned to Arduino boards — designed around Atmel AVR or Atmel ARM-based MCUs — to bring their ideas to life.

By delivering a unique combination of performance, power efficiency and design flexibility, Atmel MCUs perfectly complement Arduino and the needs of makers. More importantly, they come virtually pre-integrated the peripherals needed to sense and control the physical world. Atmel MCUs and Arduino—the original duo at the heart of the global maker movement. The just-announced shield will provide secure Wi-Fi connectivity for all Arduino platforms, thereby enabling unlimited possibilities for smart, connected IoT devices.

Hacker plays Doom on a Canon printer

In 1993, Doom was a revolutionary, incredibly popular game. Today, it’s being used by hackers like Context Information Security’s Michael Jordon to demonstrate security flaws in connected devices.

Recently, a team of researchers successfully completed a four-monthlong hack that enabled them to access the web interface of a Canon PIXMA printer before modifying its firmware to run the classic ’90s computer game. During his presentation at the 44Con Conference in London, Jordon conveyed to the audience just how easily he could compromise the Canon machine – a popular fixture in many homes and businesses.

Jordon undertook the endeavor of getting the game to run the printer’s hardware in order to demonstrate the inherent security flaws present in today’s Internet of Things (IoT) devices. From the exploitation standpoint, hacking the machine was trivial, as the researcher discovered that the device had a web interface with no username or password protecting it, thus allowing anyone to check the printer’s status.

Upon initial glance, this interface was of little interest, only showing ink levels and printing status. However, it soon became apparent that a hacker like Jordon could use this interface to trigger an update to the machine’s firmware. The printer’s underlying code was encrypted to prevent outsiders from tampering, yet not secure enough to prevent knowledgeable hackers from reverse engineering the encryption system and authenticating their own firmware.

Subsequently, an outsider could have potentially modified the printer’s settings to have it ask for updates from a malicious server opposed to Canon’s official channel. What this means is that malicious hackers could access personal documents the printer was currently printing or even start issuing commands to take up resources. In a business setting, hackers could also have gained privileges into the network, on which to carry out further exploitation.

“If you can run Doom on a printer, you can do a lot more nasty things. In a corporate environment, it would be a good place to be. Who suspects printers?” Jordon explained to the Guardian. “All PIXMA products launching from now onwards will have a username/password added to the PIXMA web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue uncovered by Context.”

Over the course of recent months, context has been exposing various flaws found in unexpected places, such as a connected toy bunny, a smart light bulb and an IP camera. Believe it or not, a Canon printer isn’t the only system Doom has run on. Earlier this summer, a team of Australians was able to get it running on an ATM, and last year, a crew of modders managed to convert a piano into a Doom machine.

“The maturity isn’t there.” According to the Guardian, Jordon doesn’t believe manufacturers of such smart technologies are giving enough attention to security.

“What this shows is that IoT means virtually anything with a processor and internet connection can be hacked and taken over to do just about anything,” says William Boldt, Atmel Senior Marketing Manager Crypto Products. “With cameras and mics on PCs, home alarms, phones, video game controllers like Kinect, and other things, just imagine how intrusive the IoT really can be.”

Trust is what security is really all about, especially in today’s constantly-connected, intelligent world. And, Atmel security products are making it easy to design in trust easier. By providing highly advanced cryptographic technologies including industry leading, protected hardware based key storage that is ultra-secure, especially when compared to software based solutions, Atmel crypto technologies offer designers the strongest protection mechanisms available so their designs can be trusted to be real, reliable, and safe. After all, a smart world calls for smarter security.

The Atmel® CryptoAuthentication™ family offers product designers an extremely cost-effective hardware authentication capability in a wide variety of space-conscious packages. CryptoAuthentication ICs securely validate a wide variety of physical or logical elements in virtually any microprocessor-based system. Atmel offers both symmetric- and asymmetric-key algorithm-based devices. By implementing a CryptoAuthentication IC into your design, you can take advantage of world-class protection that is built with hardware security fortifications like full active metal shields, multiple tamper detection schemes, internal encryption, and many other features designed to thwart the most determined attacks.

Jordon’s wider point is that the world is filling up with smart objects and devices. Though they often may not appear to be computers, they often have minimal security features guarding them against hacks. This is where Atmel can help.

Home is where the hack is!

Home smart home! While we already know that the smart home market is prepared to take the world by storm in the near future, the underlying concern is whether or not they will be secure. Industry experts are predicting that more than one in 10 of homes will be ‘smart’ by the end of this year — this compared to 17% of households in the U.S. and a global average of 5% — while the smart home trend is expected to double across 7.7 million UK homes by 2019.

Last month, NextMarket Insights forecasted that the U.S. smart home market would grow from the current $1.3 billion to $7.8 billion by 2019. With the market expanding so quickly, just how secure will these connected homes be? Furthermore, Acquity Group predicts that 69% of consumers will own in home IoT connected devices within the next five years. With that many smart devices entering our homes, how can we be so sure the personal data they possess will be kept safe?

According to a new Lowe’s Consumer Study on Smart Homes, half of Americans believe their homes will be more secure with the implementation of smart devices, while 46% of the same individuals polled also feel that the ability to monitor their home while away will improve their own peace of mind. In addition, another 29% think that smart technology in the home will provide them with better protection from fires, floods, and other emergencies.

While these statistics do provide hope for the future and the secure smart home, only 11% of these respondents see security as the deciding factor as to whether or not they would install smart devices in their home. Price, convenience, and the presence of a monthly fee all rank higher when it comes to buying consideration for these individuals.

Yet backdoors and other insecure channels have been found in a number of devices, leaving them susceptible to potential hacks and other cyber attacks. “Although the highly-touted hack of smart refrigerators earlier this year has since been debunked, there’s still no shortage of vulnerabilities in the emerging, so-called Internet of Things,” IEEE Spectrum reminds us.

While the idea of security seems to be on the minds of potential smart home consumers, the actual practicality of the technology seems to be a lesser concern. As evident by HP’s recently conducted study, a shocking 70% of IoT home devices contain security vulnerabilities. This not only impacts home consumers, but they found corporations also widely practiced insecure communications on the Internet and local networks.

With an increase backdoors and other insecure channels have been found in many such devices, opening them to possible hacks, botnets, and other cyber mischief. Although the widely touted hack of smart refrigerators earlier this year has since been debunked, there’s still no shortage of vulnerabilities in the emerging, so-called Internet of Things.

CIO of Prescient Solutions Jerry Irvine tells SecurityInfoWatch that, “Mobile devices have data that are stored on them, so all data is at risk if it is on those devices, whether it is the individual’s personal data or the company’s intellectual property. Additionally, there are user IDs, passwords and server names or addresses that are stored on there within applications.”

These simple security vulnerabilities could prove to be disastrous either in the home, or in the workplace, if exploited. To mitigate some of this risk, Irvine stresses that all connected devices in the home should be connected to a network separate from the user’s PC. “Every single wireless router, wireless access point or cable modem has the ability to do VLANs (virtual local area networks) today. Put all of those home automation systems on a VLAN that does not have direct access to or from the Internet.”

While the public may be ready to welcome IoT home devices into their lives, they may not be readily equipped with the know-how to secure them. With smart homes becoming the norm across the globe, users should educate themselves about potential security risks and ensure their personal data is safe.

“Our premise is that it’s not that easy to do embedded security right, and that essentially has been confirmed,” researcher Christoph Paar reveals. “There are very few systems we looked at that we couldn’t break. The shocking thing is the technology is there to get the security right. If you use state of the art technology, you can build systems that are very secure for practical applications.”

And while there will always be hackers out, Paar says smart engineering and present-day technology can stop most of them in their tracks. That’s why when it comes to securing our constantly-connected and smarter world, look no further than Atmel’s CryptoAuthentication family. These solutions not only provide home and building automation designers an extremely cost-effective hardware authentication capability, but will help offer you a peace of mind in your next-gen home.

Hardware key storage beats software key storage every time, which is one of the “key” lessons of the recent vulnerability revelations. But how does an embedded system manufacturer ensure their products are secure and protected from attack? Fortunately, the solution is simple, available, and cost effective, and that is to use hardware key storage devices such as Atmel’s ATSHA204A, ATECC108A and ATAES132.

Smart homes can provide unprecedented convenience and entertainment, but as our culture moves forward with this new technology, we should make sure we know how to utilize it best.

Security, the essential pillar in the Internet of Things

The three hardware pillars of the Internet of Things (IoT) are microcontrollers, wireless chips, and security chips. What is cool about Atmel is that we make all three types of hardware. Atmel is on the ground floor of the Internet of Things (IoT).

I was a pretty natural evolution, since the “Things” are really embedded systems. Atmel has made the chips driving embedded systems ever since the AVR series came out in 1995. So having a really strong position in microcontrollers is essential to any IoT company.

Another pillar of IoT is wireless. Sure, some embedded systems plug in with an RJ45 connector. Indeed, the SAM4E chip has an “E” in the name that stands for its on-board Ethernet controller. But many of these clever new “Things” will connect wirelessly. For that Atmel has Wi-Fi chips, Bluetooth chips, Zigbee chips, and even the chips used in car access key fobs you can use to communicate wirelessly to a hub or base station.

What is not obvious to a lot of people is that security is an equally important pillar in the Internet of Things. Think of the medical privacy laws. Those laws may well apply to any data you are sending to the cloud. At the recent Internet of Things Privacy Summit held here in Silicon Valley, Michelle Dennedy, chief privacy officer at McAfee noted:

 “There has to be a layer of security from the (computer) chip outward. Sure, you want your health information going to your doctor. But you need to help people feel confident that it’s not going elsewhere.”

What is great about Atmel is that we also have a complete line of security chips. You can use these chips to make sure that your “Thing” is the actual and genuine thing it is supposed to be. You can use our chips to make sure that it’s the right thing to be plugged into some other system. You can use security chips to make sure the code you are executing is the genuine code and not some hijack attempt. What I love is that many of the security chips have several kilobytes of undedicated non-volatile memory. So along with security, you have a place to store setup or user information that will persist even when power is cycled to your device.

Back in 1994 my programmer buddy John Haggis showed me the World Wide Web on his computer. It was Mosaic browser looking at a few academic websites. John was really excited. I didn’t get it.”What’s the big deal about that?” I asked. It just seemed like a fancy version of the dial-up bulletin boards I was using to get datasheets and CAD models. I won’t make that clueless mistake with IoT. This is going to be huge. The Internet of Things has all the network effects of the Internet combined with the convenience and utility of the embedded systems that have been making our lives better for the past few decades. Our automotive group tells me that we can look at future cars as just another thing in the Internet of Things. I have written up how IoT will help farmers. You can bet IoT will be a big thing in industrial automation. And there will be a major impact in consumer electronics, from thermostats to toasters. We haven’t even dreamed up some of the “killer apps” for the Internet of Things. Fasten your seat belt, it’s going to be a wild ride.