The CryptoShield is a dedicated security peripheral for the Arduino

---

This shield adds specialized ICs that will allow you to implement a hardware security layer to your Arduino project.

---

With the insecurity of connected devices called into question time and time again, wouldn’t it be nice to take comfort in knowing that your latest IoT gadget was secure? A facet in which many Makers may overlook, Josh Datko has made it his mission to find a better way to safeguard those designs — all without hindering the contagious and uplifting DIY spirit. You may recall his recent collaboration with SparkFun, the CrytpoCape, which debuted last year. This cape was a dedicated security daughterboard for the BeagleBone that easily added encryption and authentication options to a project.

Well now, Datko has returned with his latest and greatest innovation — the CryptoShield. Just like its cousin, the shield is a dedicated security peripheral, but for the highly-popualar Arduino platform instead. It adds specialized ICs that perform various cryptographic operations that will allow users to implement a hardware security layer to their Arduino project.

“It also is a nice device for those performing embedded security research. Needless to say this is a great product for those of you who are interested in computer security,” SparkFun notes.

Each CryptoShield is packed with a slew of hardware on-board, including a real-time clock (RTC) module to keep accurate time, a Trusted Platform Module (AT97SC3204) for RSA encryption/decryption and signing in the hardware, an AES-128 encrypted EEPROM (ATAES132), an ATSHA204 authentication chip that performs SHA-256 and HMAC-256, and an ATECC108 that handles the Elliptic Curve Digital Signature Algorithm (ECDSA). Unlike its older cousin, though, the prototyping portion of this unit has been reduced. However, for what it may have lost, it has surely gained in other areas. For one, the CryptoShield now features an RFID socket that works best with a ID-12LA module.

“Each shield will need to have headers soldered on once you receive it. We prefer to give you the choice of soldering on stackable or non-stackable headers, whatever fits best for you project. The only other items you will need to get the CryptoCape fully functional are a dev board that supports the Arduino R3 form-factor and a CR1225 coin cell battery,” SparkFun adds.

We should also point out that, at the moment, the CryptoShield can only be shipped within the United States. And just like with the CryptoCape, a portion of every sale is given back to SparkFun’s hacker-in-residence Josh Datko for continued development of new and exciting cryptographic tools, such as this one.

Intrigued? Hurry over to SparkFun’s official page here. We’ll have more insight from Datko himself in the coming days!

Bringing Bitcoin-based micropayments to the Internet of Things

Cryptotronix recently announced a partnership with TilePay, a decentralized payment system based on the Bitcoin blockchain, to bring cryptocurrency payments to Internet of Things (IoT) devices. The collaboration is hoping to make secure payments for real-time access to IoT sensors using micropayments a reality.

Cryptotronix is building open-source authentication hardware and firmware to allow Pinocc.io devices to securely participate in TilePay. The solution is built around Atmel’s ATECC108 crypto engine which allows each TilePay-enabled sensor to have a unique ECDSA private key. (The same chip can be found on the CryptoCape, a dedicated security daughterboard for the BeagleBone created by SparkFun Electronics and Cryptotronix.) This lets users purchasing sensor data to verify the authenticity and origination of the data.

“Let’s consider an example. A company, organization, or a private citizen spends their own money to setup a temperature sensor network. The administrators can offer the temperature service for free (maybe they’re generous), they can charge a subscription fee to the service, or maybe they provide a free service that is subsidized with ads. With TilePay, there is a better option. TilePay will allow real-time access to the sensor and the users only pay for what they use using Bitcoin-based micropayments,” the team writes.

While the CryptoBackPack is currently only a prototype, Cryptotronix shares that it will be releasing the hardware design files and firmware soon.

Interview: The NSA can’t crack this Arduino mixtape

As previously reported on Bits & Pieces, Maker David Huerta recently devised a DIY encrypted mixtape using an Atmel-based Arduino and a transparent acrylic case. The co-organizer of Art Hack Day and Cryptoparty had published his provocative piece of work to encourage the public to think a little bit more about privacy and what governments should or should not be allowed to do. As Huerta described, the device was created as a “soundtrack for the modern surveillance state” and is designed to be enjoyed only by those to whom he has given listening privileges.

Our friends at Arduino had the opportunity to catch up with the New York-based artist, where he went 1:1 with Zoe Romano. See their entire interview below:

Z: What makes you more uncomfortable about NSA actions which made you react and build this device?

D: The NSA’s mass surveillance encompasses a lot of programs which run counter to what I feel is a fundamental right to privacy. In the US Constitution there’s an expression of that in its fourth amendment. What the NSA is doing goes against the spirit of that much like petting a cat backwards; It’s the wrong direction to go towards and a cat/society will swipe its paw at the offender.

Z: Arduino community is always interested in understanding how things are made. Where we can find source code and technical specs to build one? It would be great if we all could share more practical knowledge on these topics.

D: The mixtape device is basically just an Arduino and Adafruit wave shield. The code to play each wave file on the SD card on a loop (when unencrypted) is right off their list of examples. I made one slight modification, which is to turn on a purple LED to indicate when it’s working. Purple is not an easy LED color to source, but it’s the global Pirate Party color and I wanted to give them subtle props for working towards a free and secure internet on the policy side of things.

I will at some point publish a way to do the encryption part of this using a Beaglebone Black and CryptoCape to make it a fully open hardware proof-of-concept, but in this case the SD card encryption was done off-device. I also plan on going through a full tutorial based on that at this year’s Open Hardware Summit in Rome.

Z: You said: “The NSA can read my stupid Facebook updates but without my consent it will never be able to listen to my… mix tape, even if it’s sitting right in front of them.” – What makes you believe that your encryption is strong enough?

D: The truth is that everyone sucks at information security, including myself, so no one can really make the claim something they’ve built is “NSA-proof.” Generally though, the less hardware and software you have, the less complexity and thus, opportunity for attack vectors or human errors there are. The playlist was kept offline, is not on the Arduino sketch, or anywhere in the hardware except encrypted in the SD card. The only place the audio existed aside from in the various sources I collected it from was on the hard drive of the PC I used to compose the mix tape, which has since been removed and stored offsite and offline. The encryption was also ran by a different machine, and one that I generally keep on my person. This goes beyond mass surveillance capabilities and into TAO/FBI “partyvan” surveillance; I can’t imagine an intelligence analyst is going to go to their very serious boss to explain that they need to expense a vehicle to go after some guy’s mix tape in a city where they won’t even be able to find a parking spot close enough to run a tempest attack from.

Z: Do you have the pictures of the inside showing the components and the circuits?

D: They’re not too exciting since its just the Arduino + Wave Shield, but I attached a photo of the unencrypted version (clear acrylic instead of red clear acrylic), which I’ll also be bringing with me to the Open Hardware Summit.

Interested in learning more? You can read all about the uncrackable mixtape on David Huerta’s original blog post here.