The “three-legged stool” of cryptography

---

Implementing true IoT requires a three-pronged approach, like a three-legged stool. 

---

Implementing true security in Internet of Things (IoT) devices requires a three-pronged approach. Like a three-legged stool, each of these legs are required to properly achieve security with at least two of these so-called legs demanding a hardware-based approach.

These legs consist of:

• A strong cryptographic cipher for the job
• High entropy, cryptographically secure, random number generator (Crypto RNG)
• Persistent secure key storage with active tamper detection

Now, let’s go over these one by one.

A Strong Cryptographic Cipher for the Job

A cipher is a cryptographic algorithm for performing encryption and decryption, which needs to be strong enough for the application at hand. A one-time pad is considered the only unbreakable cipher, so theoretically all other ciphers can be eventually broken. Time and cost are the two usual measures of breaking any cipher.

Time

The cover time of a secret refers to the amount of time that the message needs to be kept secret. A tactical secret, such as a command to fire a particular missile at a particular target has a cover time from the moment the commander sends the message to the moment the missile strikes the target. After that, there isn’t much value in the secret. If an algorithm is known to be breakable within a few hours, even that algorithm provides enough cover time for the missile firing scenario.

On the other hand, if the communication is the long term strategy of the entire war, this has a cover time significantly longer and a much stronger cipher would be required.

Cost

Generally, the time it takes to break any cipher is directly relates to the computation power of the system and the mathematical skills of your adversary. This usually directly coincides with the cost, so the value of your secret will, in a large part, determine how much effort is put into breaking your cryptography.

Therefore, you want to select a cipher which is well known to be strong, has been open to both academia and the public, and survived their scrutiny. Vigorously avoid proprietary algorithms claiming to be strong. The only thing which can speak to a cipher’s strength is for it to be fully open to scrutiny.

These types of proven ciphers are available within Atmel’s line of microcontrollers and microprocessors.

High Entropy, Cryptographically Secure, Random Number Generator

The importance of a Crypto RNG cannot be overstated. Some of the things which rely on the randomness of the random number include:

• Key stream in one-time pads
• Primes p, q in the RSA algorithm
• Private key in digital signature algorithms
• Initialization vectors for cipher modes

… The list of critically important requirements for high randomness is long.

Any modern cipher, regardless of intrinsic strength, is only as strong as the random number generator used. Lack of adequate entropy in the random number significantly reduces the computational energy needed for attacks. Cryptographically secure random number generators are important in every phase of public key cryptography.

To realize a cryptographically secure random number generator, a high quality deterministic random number generator and a high entropy source, or sources, are employed. The resulting generator needs to produce numbers statistically independent of each other. The output needs to survive the next bit test, which tests the possibility to predict the next bit of any sequence generated, while knowing all prior numbers generated, with a probability of success significantly greater than 0.5. This is no trivial task for randomly generating numbers as long as 2²⁵⁶.

It is incredibly hard to create a Crypto RNG. Even if you had the code right, there is not enough entropy sources in an embedded system to devise a cryptographically secure random number generator. Most embedded systems, especially IoT nodes are, well, pretty boring. At least when considered in the context of entropy. 2²⁵⁶ bits is a larger number than the number of all the stars in the entire universe. How much entropy do you really think exists in your battery powered sensor?

Companies serious about security put a lot of effort into their Crypto RNGs and have their generators validated by the National Institute of Standards and Technology (NIST), the government body overseeing cryptographic standards in the U.S. and jointly with Canada.

Any assurance or statements that a RNG is “compliant” or “meets standards” and is not validated by NIST is unacceptable within the cryptographic community. A Random Number Generator is either on NIST’s RNG Validation List or it isn’t. It’s as simple as that.

Atmel is just such a serious company. The Crypto RNG that Atmel has used in all if its CryptoAuthentication devices is validated by NIST and can be publicly found on the list here.

Persistent Secure Key Storage with Active Tamper Detection

Strong ciphers supported with high entropy random numbers are used to keep adversaries away from our secrets, but their value is zero if an adversary can easily obtain the keys used to authenticate and encrypt.

System security completely relies on the security of the keys. Protection and safeguarding of these keys and primary keying material is critically important to any cryptographic system. Your secret/private keys are, by far, the most rewarding prize to any adversary.

If your keys are compromised, an adversary will have access to every secret message you’ve ever sent, like a flower offering its nectar to a honeybee. To add insult to injury, nobody will inform you the keys have been compromised. You will go on sending “secret” messages, blissfully unaware your adversaries can read them at their leisure… completely unhindered.

A very well respected manager in our crypto business unit puts it this way; Keys need to be protected behind “guns, guards, and dogs.”

Holding cryptographic keys in software or firmware is akin to placing your house key under the front mat, or above the door, or in that one flowerpot nobody will ever think of looking in.

Adversaries will unleash a myriad of attacks on your system in an effort to obtain your keys.   If they can get their hands on your equipment, as is often the case with IoT devices, they will rip them apart. They will employ environmental attacks. They will decapsulate and probe the die of your microcontrollers. There is no limit to what they can and will do.

Atmel’s line of CryptoAuthentication devices offers a long list of active defenses to these attacks as well as providing an external tamper detect capability you can use to secure your devices from physical intrusion and warranty violation.

Summary

As stated in this brief of the three elements which enable truly secure systems, the security of the keys and the quality of the random numbers used will complete or compromise any cipher, no matter the mode used.

Inadequate entropy in a random number generator compromises every aspect of cryptography, because it is relied upon from the generation of keys to supplying initialization vectors for cipher modes. Atmel’s hardware crypto-authentication devices ensure you have a NIST validated cryptographically secure random number generator.

Keys, signatures, and certificates require a persistent secure vault to protect them. The very elements which ensure the authority, security and integrity of your system cannot be left in the attackable open.

Keys held in software or firmware are easily recovered. Typical microcontrollers and microprocessors do not contain the protections needed to keep out adversaries. Even newer processors with secure zones have very limited key storage and no generation functionality. From software protocol attacks to environmental and hardware probing, the ways and means of an adversary to recover keys from your software/firmware are nearly unlimited. This is akin to hanging your house key in a flimsy silk pouch on your front door knob.

Hardware security offers a number of benefits:

• Secure storage of digital signatures and certificates
• Secure storage of key hierarchy
• Stopping adversaries from hacking your code
• Secure boot and program image checking
• Stopping unscrupulous contract manufacturers from over building your product
• Creating new revenue streams by allowing premium services to be purchased post deployment
• Limiting the life of products, e.g. the number of squirts an ink cartridge has, thereby thwarting refill/reuse
• Streamlining deployed product tracking and warranty services

With regards to creating a truly secure system, active hardware protection for keys and cryptographically secure random numbers are not an option — they are a necessity.

Atmel’s CryptoAuthentication devices offer a high security, tamper resistant, physical environment within which to store and use keys for digital signatures, key generation/exchange/management, and perform authentication. Atmel is very serious about security. In addition to testing, validations and approvals by certifying entities, we employ third party labs to apply the very latest attacks and intrusion methodologies to our extremely resilient devices. The methodologies and results of these tests are available to our customers under non-disclosure agreement.

The CryptoShield is a dedicated security peripheral for the Arduino

---

This shield adds specialized ICs that will allow you to implement a hardware security layer to your Arduino project.

---

With the insecurity of connected devices called into question time and time again, wouldn’t it be nice to take comfort in knowing that your latest IoT gadget was secure? A facet in which many Makers may overlook, Josh Datko has made it his mission to find a better way to safeguard those designs — all without hindering the contagious and uplifting DIY spirit. You may recall his recent collaboration with SparkFun, the CrytpoCape, which debuted last year. This cape was a dedicated security daughterboard for the BeagleBone that easily added encryption and authentication options to a project.

Well now, Datko has returned with his latest and greatest innovation — the CryptoShield. Just like its cousin, the shield is a dedicated security peripheral, but for the highly-popualar Arduino platform instead. It adds specialized ICs that perform various cryptographic operations that will allow users to implement a hardware security layer to their Arduino project.

“It also is a nice device for those performing embedded security research. Needless to say this is a great product for those of you who are interested in computer security,” SparkFun notes.

Each CryptoShield is packed with a slew of hardware on-board, including a real-time clock (RTC) module to keep accurate time, a Trusted Platform Module (AT97SC3204) for RSA encryption/decryption and signing in the hardware, an AES-128 encrypted EEPROM (ATAES132), an ATSHA204 authentication chip that performs SHA-256 and HMAC-256, and an ATECC108 that handles the Elliptic Curve Digital Signature Algorithm (ECDSA). Unlike its older cousin, though, the prototyping portion of this unit has been reduced. However, for what it may have lost, it has surely gained in other areas. For one, the CryptoShield now features an RFID socket that works best with a ID-12LA module.

“Each shield will need to have headers soldered on once you receive it. We prefer to give you the choice of soldering on stackable or non-stackable headers, whatever fits best for you project. The only other items you will need to get the CryptoCape fully functional are a dev board that supports the Arduino R3 form-factor and a CR1225 coin cell battery,” SparkFun adds.

We should also point out that, at the moment, the CryptoShield can only be shipped within the United States. And just like with the CryptoCape, a portion of every sale is given back to SparkFun’s hacker-in-residence Josh Datko for continued development of new and exciting cryptographic tools, such as this one.

Intrigued? Hurry over to SparkFun’s official page here. We’ll have more insight from Datko himself in the coming days!

Atmel’s SAM L21 MCU for IoT tops low power benchmark

---

SAM L21 MCUs consume less than 940nA with full 40kB SRAM retention, real-time clock and calendar, and 200nA in the deepest sleep mode.

---

The Internet of Things (IoT) juggernaut has unleashed a flurry of low-power microcontrollers, and in that array of energy-efficient MCUs, one product has earned the crown jewel of being the lowest-power Cortex M-based solution with power consumption down to 35µA/MHz in active mode and 200nA in sleep mode.

How do we know if Atmel’s SAM L21 microcontroller can actually claim the leadership in ultra-low-power processing movement? The answer lies in the EEMBC ULPBench power benchmark that was introduced last year. It ensures a level playing field in executing the benchmark by having the MCU perform 20,000 clock cycles of active work once a second and sleep the remainder of the second.

 

ULPBench shows SAM L21 is lower power than any of its competitor’s M0+ class chips.

Atmel has released the ultra-low-power SAM L21 MCU it demonstrated at Electronica in Munich, Germany back in November 2014. Architectural innovations in the SAM L21 MCU family enable low-power peripherals — including timers, serial communications and capacitive touch sensing — to remain powered and running while the rest of the system is in a reduced power mode. That further reduces power consumption for always-on applications such as fire alarms, healthcare, medical and connected wearables.

Next, the 32-bit ARM-based MCU portfolio combines ultra-low-power with Flash and SRAM that are large enough to run both the application and wireless stacks. Collectively, these three features make up the basic recipe for battery-powered mobile and IoT devices for extending their battery life from years to decades. Moreover, they reduce the number of times batteries need to be changed in a plethora of IoT applications.

Low Power Leap of Faith

Atmel’s SAM L21 microcontrollers have achieved a staggering 185.8 ULPBench score, which is way ahead of runner-up TI’s SimpleLink C26xx microcontroller family that scored 143.6. The SAM L21 microcontrollers consume less than 940nA with full 40kB SRAM retention, real-time clock and calendar, and 200nA in the deepest sleep mode. According to Atmel spokesperson, it comes down to one-third the power of competing solutions.

Markus Levy, President and Founder of EEMBC, credits Atmel’s low-power feat to its proprietary picoPower technology and the company’s low-power expertise in utilizing DC-DC conversion for voltage monitoring. Atmel’s picoPower technology employs flexible clocking options and short wake-up time with multiple wake-up sources from even the deepest sleep modes.

ULPBench aims to provide developers with a reliable methodology to test MCUs.

In other words, Atmel has taken the low-power game beyond architectural improvements to the CPU while optimizing nearly every peripheral to operate in standalone mode and then use a minimum number of transistors to complete the given task. Most lower-power ARM chips simply disable the clock to various parts of the device. The SAM L21 microcontroller, on the other hand, turns off power to those chip parts; hence, there is no leakage current in thousands of transistors in that part.

Here is a brief highlight of Atmel’s low-power development efforts that now encompass almost every peripheral in an MCU device:

Sleep Modes

Sleep modes not only gate away the clock signal to stop switching consumption, but also remove the power from sub-domains to fully eliminate leakage. Atmel also employs SRAM back-biasing to reduce leakage in sleep modes.

Consider a simple application where the temperature in a room is monitored using a temperature sensor with the analog-to-digital converter (ADC). In order to reduce the power consumption, the CPU would be put to sleep and wake up periodically on interrupts from a real-time counter (RTC). The measured sensor data is checked against a predefined threshold to decide on further action. If the data does not exceed the threshold, the CPU will be put back to sleep waiting for the next RTC interrupt.

SleepWalking

SleepWalking is a technology that enables peripherals to request a clock when needed to wake-up from sleep modes and perform tasks without having to power up the CPU Flash and other support systems. For instance, Atmel’s ultra-low-power capacitive touch-sensing peripheral can run in all operating modes and supports wake-up on a touch.

For the temperature monitoring application, as mentioned above, this means that the ADC’s peripheral clock will only be running when the ADC is converting. When the ADC receives the overflow event from the RTC, it will request its generic clock from the generic clock controller and peripheral clock will stop as soon as the ADC conversion is completed.

Event System

The Event System allows peripherals to communicate directly without involving the CPU and thus enables peripherals to work together to solve complex tasks using minimal gates. It allows system developers to chain events in software and use an event to trigger a peripheral without CPU involvement.

Again, taking temperature monitor as a use case, the RTC must be set to generate an overflow event, which is routed to the ADC by configuring the Event System. The ADC must be configured to start a conversion when it receives an event. By using the Event System, an RTC overflow can trigger an ADC conversion without waking up the CPU. Moreover, the ADC can be configured to generate an interrupt if the threshold is exceeded, and the interrupt will wake up the CPU.

Low Power MCU Use Case

Paul Rako has mentioned a sensor monitor in his recent post in Atmel’s Bits & Pieces blog. Rako writes in his post titled “The SAM L21 pushes the boundaries of low power MCUs” about this sensor monitor being asleep 99.99 percent of the time, waking up once a day to take a measurement and send it wirelessly to a host. Such tasks can be conveniently handled by an 8-bit device.

However, moving to IoT applications, which constitute protocol stacks, there is number crunching involved and that requires a faster ARM-class 32-bit chip. So, for battery-powered IoT applications, Rako makes the case for 32-bit ARM-based chip that can wake up, do its thing, and go back to sleep. If a high-current chip wakes up 10 times faster but uses twice the power, it will still use less energy and less charge than the slower chip.

Next, Rako presents sensor fusion hub as a case study in which the device saves power by skipping the radio chip to send the data from each sensor and instead uses the ARM-based microcontroller that does the math and pre-processing to combine the raw data from all sensors and then assembles the result as a simple chunk of data.

Atmel has scored an important design victory in the ongoing low-power game that is now prevalent in the rapidly expanding IoT market. Atmel already boasts credentials in the connectivity and security domains — the other two key IoT building blocks. Its connectivity solutions cover multiple wireless arenas — Bluetooth, Wi-Fi, Zigbee and 6LoWPan — to enable IoT communications.

Likewise, Atmel’s CryptoAuthentication devices come with protected hardware key storage and are available with SHA256, AES128 or ECC256/283 cryptography. The IoT triumvirate of low power consumption, broad connectivity portfolio and crypto engineering puts Atmel in a strong position in the promising new market of IoT that is increasingly demanding low power portfolio of MCUs to be matched with high performance.

---

Majeed Ahmad is author of books Smartphone: Mobile Revolution at the Crossroads of Communications, Computing and Consumer Electronics and The Next Web of 50 Billion Devices: Mobile Internet’s Past, Present and Future.

Symmetric or asymmetric encryption, that is the question!

---

With the emergence of breaches and vulnerabilities, the need for hardware security has never been so paramount.

---

Confidentiality — one of the three foundational pillars of security, along with data integrity and authenticity — is created in a digital system via encryption and decryption. Encryption, of course, is scrambling a message in a certain way that only the intended party can descramble (i.e. decrypt) it and read it.

Throughout time, there have been a number of ways to encrypt and decrypt messages. Encryption was, in fact, used extensively by Julius Caesar, which led to the classic type of encryption aptly named, Caesar Cipher. The ancient Greeks beat Caesar to the punch, however. They used a device called a “Scytale,” which was a ribbon of leather or parchment that was wrapped around a rod of a diameter, of which only the sender and receiver were aware. The message was written on the wrapping and unfurled, then sent to the receiver who wrapped on on the rod of the same diameter in order to read it.

 

Modern Encryption

Modern encryption is based on published and vetted digital algorithms, such as Advanced Encryption System (AES), Secure Hashing Algorithms (SHA) and Elliptic Curve Cryptography (ECC), among many others. Given that these algorithms are public and known to everyone, the security must come from something else — that thing is a secret cryptographic “key.” This fundamental principal was articulated in the 19th century by  Auguste Kerckhoffs, a Dutch linguist, cryptographer and professor.

Kerckhoffs’ principle states that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. In other words: “The key to encryption is the key.” Note that Kirchoffs advocated what is now commonly referred to as “open-source” for the algorithm. Point being, this open-source method is more secure than trying to keep an algorithm itself obscured (sometimes called security by obscurity). Because the algorithms are known, managing the secret keys becomes the most important task of a cryptographer. Now, let’s look at that.

Symmetric and Asymmetric

Managing the key during the encryption-decryption process can be done in two basic ways: symmetric and asymmetric. Symmetric encryption uses the identical key to both encrypt and decrypt the data. Symmetric key algorithms are much faster computationally than asymmetric algorithms because the encryption process is less complicated. That’s because there is less processing involved.

The length of the key size directly determines the strength of the security. The longer the key, the more computation it will take to crack the code given a particular algorithm. The table below highlights the NIST guidelines for key length for different algorithms with equivalent security levels.  You can see that Elliptic Curve Cryptography (ECC) is a very compact algorithm. It has a small software footprint, low hardware implementation costs, low bandwidth requirements, and high device performance. That is one of the main reasons that ECC-based asymmetric cryptographic processes, such as ECDSA and  ECDH, are now being widely adopted. The strength of the sophisticated mathematics of ECC are a great ally of all three pillars of security, especially encryption.

Not only is symmetric faster and simpler; furthermore, a shorter key length can be used since the keys are never made public as is the case with asymmetric (i.e. Public Key Infrastructure) encryption. The challenge, of course, with symmetric is that the keys must be kept secret on both the sender and receiver sides. So, distributing a shared key to both sides is a major security risk. Mechanisms that maintain the secrecy of the shared key are paramount. One method for doing this is called Symmetric Session Key Exchange.

Asymmetric encryption is different in that it uses two mathematically related keys (a public and private key pair) for data encryption and decryption.  That takes away the security risk of key sharing. However, asymmetric requires much more processing power. Unlike the public key, the private key is never exposed. A message that is encrypted by using a public key can only be decrypted by applying the same algorithm and using the matching private key.

A message that is encrypted by using the private key can only be decrypted by using the matching public key. This is sort of like mathematical magic. Some of the  trade offs of symmetric and asymmetric are summarized below.

Symmetric

• Keys must be distributed in secret
• If a key is compromised the attacker can decrypt any message and/or impersonate one of the parties
• A network requires a large number of keys

Asymmetric

• Around 1000 times slower than symmetric
• Vulnerability to a “man-in-the-middle” attack, where the public key is intercepted and altered

Due to the time length associated with asymmetric, many real-world systems utilize combination of the two, where the secret key used in the symmetric encryption is itself encrypted with asymmetric encryption, and sent over an insecure channel.Then, the rest of the data is encrypted using symmetric encryption and sent over the insecure channel in the encrypted format. The receiver gets the asymmetrically encrypted key and decrypts it with his private key. Once the receiver has the symmetric key, it can be used to decrypt the symmetrically encrypted message. This is a type of key exchange.

Note that the man in the middle vulnerability can be easily addressed by employing the other pillar of security; namely authentication. Crypto engine devices with hardware key storage, most notably Atmel’s CrypotoAuthentication, have been designed specifically to address all three pillars of security in an easy to design and cost-effective manner. Ready to secure your next design? Get started here.

What is Ambient Security?

New technology and business buzzwords pop up constantly. Hardly a day goes by that you don’t see or hear words such as “cloud”, “IoT,” or “big data.” Let’s add one more to the list: “Ambient security.”

You’ll notice that big data, the cloud, and the IoT are all connected, literally and figuratively, and that is the point. Billions of things will communicate with each other without human intervention, mainly through the cloud, and will be used to collect phenomenal and unprecedented amounts of data that will ultimately change the universe.

As everything gets connected, each and every thing will also need to be secure. Without security, there is no way to trust that the things are who they say they are (i.e. authentic), and that the data has not been altered (i.e. data integrity). Due to the drive for bigger data, the cloud and smart communicating things are becoming ambient; and, because those things all require security, security itself is becoming ambient as well.  Fortunately, there is a method to easily spread strong security to all the nodes. (Hint: Atmel CryptoAuthentication.)

Big Data

At the moment, big data can be described as the use of inductive statistics and nonlinear system analysis on large amounts of low density (or quickly changing) data to determine correlations, regressions, and causal effects that were not previously possible. Increases in network size, bandwidth, and computing power are among the things enabling this data to get bigger — and this is happening at an exponential rate.

Big data became possible when the PC browser-based Internet first appeared, which paved the way for data being transferred around the globe. The sharp rise in data traffic was driven to a large extent by social media and companies’ desire to track purchasing and browsing habits to find ways to micro-target purchasers. This is the digitally-profiled world that Google, Amazon, Facebook, and other super-disruptors foisted upon us.  Like it or not, we are all being profiled, all the time, and are each complicit in that process. The march to bigger data continues despite the loss of privacy and is, in fact, driving a downfall in privacy. (Yet that’s a topic for another article.)

Biggering

The smart mobile revolution created the next stage of “biggering” (in the parlance of Dr. Seuss). Cell phones metamorphosed from a hybrid of old-fashioned wired telephones and walkie-talkies into full blown hand-held computers, thus releasing herds of new data into the wild. Big data hunters can thank Apple and the Android army for fueling that, with help from the artists formerly known as Nokia, Blackberry, and Motorola. Mobile data has been exploding due to its incredible convenience, utility, and of course, enjoyment factors. Now, the drive for bigger data is continuing beyond humans and into the autonomous realm with the advent of the Internet of Things (IoT).

Bigger Data, Little Things

IoT is clearly looking like the next big thing, which means the next big thing will be literally little things. Those things will be billions of communicating sensors spread across the world like smart dust — dust that talks to the “cloud.”

More Data

The availability of endless data and the capability to effectively process it is creating a snowball effect where big data companies want to collect more data about more things, ad infinitum. You can almost hear chanting in the background: “More data… more data… more data…”

More data means many more potential correlations, and thus more insight to help make profits and propel the missions of non-profit organizations, governments, and other institutions. Big data creates its own appetite, and the data to satisfy that growing appetite will derive from literally everywhere via sensors tied to the Internet. This has already started.

Sensors manufacture data. That is their sole purpose. But, they need a life support system including smarts (i.e. controllers) and communications (such as Wi-Fi, Bluetooth and others). There is one more critical part of that: Security.

No Trust? No IoT! 

There’s no way to create a useful communicating sensor network without node security. To put it a different way, the value of the IoT depends directly on whether those nodes can be trusted. No trust. No IoT.  Without security, the Internet of Things is just a toy.

What exactly is security? It can best be defined by using the three-pillar model, which (ironically) can be referred to as “C.I.A:” Confidentiality, Integrity and Authenticity.

CIA

Confidentiality is ensuring that no one can read the message except its intended receiver. This is typically accomplished through encryption and decryption, which hides the message from all parties but the sender and receiver.

Integrity, which is also known as data integrity, is assuring that the received message was not altered. This is done using cryptographic functions. For symmetric, this is typically done by hashing the data with a secret key and sending the resulting MAC with the data to the other side which does the same functions to create the MAC and compare. Sign-verify is the way that asymmetric mechanisms ensure integrity.

Authenticity refers to verification that the sender of a message is who they say they are — in other words, ensuring that the sender is real. Symmetric authentication mechanisms are usually done with a challenge (often a random number) that are sent to the other side, which is hashed with a secret key to create a MAC response, before getting sent back to run the same calculations. These are then compared to the response MACs from both sides.

(Sometimes people add non-repudiation to the list of pillars, which is preventing the sender from later denying that they sent the message in the first place.)

The pillars of security can be  implemented with devices such as Atmel CryptoAuthentication crypto engines with secure key storage. These tiny devices are designed to make it easy to add robust security to lots of little things – -and big things, too.

So, don’t ever lose sight of the fact that big data, little things and cloud-based IoT are not even possible without ambient security. Creating ambient security is what CryptoAuthentication is all about.

Getting up close and personal with symmetric session key exchange

In today’s world, the three pillars of security are confidentiality, integrity (of the data), and authentication (i.e. “C.I.A.”). Fortunately, Atmel CryptoAuthentication crypto engines with secure key storage can be used in systems to provide all three of these.

Focusing on the confidentiality pillar, in a symmetric system it is advantageous to have the encryption and decryption key shared on each side go through a change for every encryption/decryption session. This process, which is called symmetric session key exchange, helps to provide a higher level of security. Makes sense, right?
 

So, let’s look at how to use the capabilities of the ATSHA204A CryptoAuthentication device to create exactly such a changing cryptographic key. The way a key can be changed with each session is by the use of a new (and unique) random number for each session that gets hashed with a stored secret key (number 1 in the diagram below). While the stored key in the ATSHA204A devices never changes, the key used in each session (the session key) does. Meaning, no two sessions are alike by definition.

The video below will walk you through the steps, or you can simply look at the diagram which breaks down the process.

The session key created by the hashing of the stored key and random number gets sent to the MCU (number 2) and used as the AES encryption key by the MCU to encrypt the data (number 3) using the AES algorithm. The encrypted data and the random number are then sent (number 4) to the other side.

Let’s explore a few more details before going on. The session key is a 32 byte Message Authentication Code or “MAC.” (A MAC is defined as a hash of a key and message.) 16 bytes of that 32 byte (256 bit) MAC becomes the AES session key that gets sent to the MCU to run the AES encryption algorithm over the data that is to be encrypted.

It is obvious why the encrypted code is sent, but why is the random number as well? That is the magic of this process. The random number is used to recreate the session key by running the random number through the same SHA-256 hashing algorithm together with the key stored on the decryption side’s ATSHA204A (number 5). Because this is a symmetric operation, the secret keys stored on both of the ATSHA204A devices are identical, so when the same random number is hashed with the same secret key using the same algorithm, the 32 byte digest that results will be exactly the same on the decrypting side and on the encrypting side. Just like on the encrypting side, only 16 bytes of that hash value (i.e. the MAC) are needed to represent the AES encryption/decryption key (number 6). At this point these 16 bytes can be used on the receiving side’s MCU to decrypt the message(number 7).

And, that’s it!

Note how easy the ATSHA204A makes this process because it stores the key, generates the random number, and creates the digest. There’s a reason why we call it a crypto engine! It does the heavy cryptographic work, yet is simple to configure the SHA204A using Atmel’s wide range of tools.

Not to mention, the devices are tiny, low-power, cost-effective, work with any micro, and most of all, store the keys in ultra-secure hardware for robust security. By offering easy-to-use, highly-secure hardware key storage crypto engines, it’s simple to see how Atmel has you covered.

Don’t be an “ID-IoT”

---

Authentication may just be the “sine qua non” of the Internet of Things. 

---

Let’s just come out and say it: Not using the most robust security to protect your digital ID, passwords, secret keys and other important items is a really, really bad idea. That is particularly true with the coming explosion of the Internet of Things (IoT).

The identity (i.e. “ID”) of an IoT node must be authenticated and trusted if the IoT is ever to become widely adopted. Simply stated, the IoT without authenticated ID is just not smart. This is what we mean when we say don’t be an ID-IoT.

It seems that every day new and increasingly dangerous viruses are infecting digital systems. Viruses — such as Heartbleed, Shellshock, Poodle, and Bad USB — have put innocent people at risk in 2014 and beyond. A perfect case in point is that Russian Cyber gangs (a.k.a. “CyberVor”) have exposed over a billion user passwords and IDs — so far. What’s scary is that the attacks are targeted at the very security mechanisms that are meant to provide protection.

If you think about it, that is somewhat analogous to how the HIV/AIDS virus attacks the very immune system that is supposed to protect the host organism. Because the digital protection mechanisms themselves have become targets, they must be hardened. This has become increasingly important now that the digital universe is going through its own Big Bang with the explosion of the IoT. This trend of constant connectivity will result in billions of little sensing and communicating processors being distributed over the earth, like dust. According to Gartner, processing, communicating and sensing semiconductors (which comprise the IoT) will grow at a rate of over 36% in 2015, dwarfing the overall semiconductor market growth of 5.7%. Big Bang. Big growth. Big opportunity.

The IoT will multiply the number of points for infection that hackers can attack by many orders of magnitude. It is not hard to see that trust in the data communicated via an ubiquitous (and nosey) IoT will be necessary for it to be widely adopted. Without trust, the IoT will fail to launch. It’s as simple as that. In fact, the recognized inventor of the Internet, Vint Cerf, completely agrees saying that the Internet of Things requires strong authentication. In other words, no security? No IoT for you!

There is much more to the story behind why the IoT needs strong security. Because the world has become hyper-connected, financial and other sensitive transactions have become almost exclusively electronic. For example, physical checks don’t need to be collected and cancelled any more — just a scanned electronic picture does the job. Indeed, the September 11th terror attacks on the U.S. that froze air travel and the delivery of paper checks accelerated the move to using images to clear checks to keep the economy moving.

Money now is simply electronic data, so everyone and every company are at risk of financial losses stemming directly from data breaches. See?  Data banks are where the money is now kept, so data is what criminals attack. While breaches are, in fact, being publicized, there has not been much open talk about their leading to significant corporate financial liability. That liability, however, is real and growing. CEOs should not be the least bit surprised when they start to be challenged by significant shareholder and class action lawsuits stemming from security breaches.

Although inadvertent, companies are exposing identities and sensitive financial information of millions of customers, and unfortunately, may not be taking all the necessary measures to ensure the security and safety of their products, data, and systems. Both exposure of personal data and risk of product cloning can translate to financial damages. Damages translate to legal action.

The logic of tort and securities lawyers is that if proven methods to secure against hacking and cloning already exist, then it is the fiduciary duty of the leaders of corporations (i.e. the C-suite occupants) to embrace such protection mechanisms (like hardware-based key storage), and more importantly, not doing so could possibly be argued as being negligent. Agree or not, that line of argumentation is viable, logical, and likely.

A few CEOs have already started to equip their systems and products with strong hardware-based security devices… but they are doing it quietly and not telling their competitors. This also gives them a competitive edge, besides protecting against litigation.

Software, Hardware, and Hackers

Why is it that hackers are able to penetrate systems and steal passwords, digital IDs, intellectual property, financial data, and other secrets? It’s because until now, only software has been used to protect software from hackers. Hackers love software. It is where they live.

The problem is that rogue software can see into system memory, so it is not a great place to store important things such as passwords, digital IDs, security keys, and other valuable things. The bottom line is that all software is vulnerable because software has bugs despite the best efforts of developers to eliminate them. So, what about storing important things in hardware?

Hardware is better, but standard integrated circuits can be physically probed to read what is on the circuit. Also, power analysis can quickly extract secrets from hardware. Fortunately, there is something that can be done.

Several generations of hardware key storage devices have already been deployed to protect keys with physical barriers and cryptographic countermeasures that ward off even the most aggressive attacks. Once keys are securely locked away in protected hardware, attackers cannot see them and they cannot attack what they cannot see. Secure hardware key storage devices — most notably Atmel CryptoAuthentication — employ both cryptographic algorithms and a tamper-hardened hardware boundary to keep attackers from getting at the cryptographic keys and other sensitive data.

The basic idea behind such protection is that cryptographic security depends on how securely the cryptographic keys are stored. But, of course it is of no use if the keys are simply locked away. There needs to be a mechanism to use the keys without exposing them — that is the other part of the CryptoAuthentication equation, namely crypto engines that run cryptographic processes and algorithms. A simple way to access the secret key without exposing it is by using challenges (usually random numbers), secret keys, and cryptographic algorithms to create unique and irreversible signatures that provide security without anyone being able to see the protected secret key.

Crypto engines make running complex mathematical functions easy while at the same time keeping secret keys secret inside robust, protected hardware. The hardware key storage + crypto engine combination is the formula to keeping secrets, while being easy-to-use, available, ultra-secure, tiny, and inexpensive.

While the engineering that goes into hardware-based security is sophisticated, Atmel does all the crypto engineering so there is no need to become a crypto expert. Get started by entering for your chance to take home a free CryptoAuthentication development tool.

ECDH key exchange is practical magic

What if you and I want to exchange encrypted messages? It seems like something that will increasingly be desired given all the NSA/Snowden revelations and all the other snooping shenanigans. The joke going around is that the motto of the NSA is really “Yes We Scan,” which sort of sums it up.

Encryption is essentially scrambling a message so only the intended reader can see it after they unscramble it. By definition, scrambling and unscrambling are inverse (i.e. reversible) processes. Doing and undoing mathematical operations in a secret way that outside parties cannot understand or see is the basis of encryption/decryption.

Julius Caesar used encryption to communicate privately. The act of shifting the alphabet by a specific number of places is still called the Caesar cipher. Note that the number of places is kept secret and acts as the key. Before Caesar, the Spartans used a rod of a certain thickness that was wrapped with leather and written upon with the spaces not part of the message being filled with decoy letters so only someone with the right diameter rod could read the message. This was called a skytale. The rod thickness acts as the key.

A modern-day encryption key is a number that is used by an encryption algorithm, such as AES (Advanced Encryption Standard) and others, to encode a message so no one other than the intended reader can see it. Only the intended parties are supposed to have the secret key. The interaction between a key and the algorithm is of fundamental importance in cryptography of all types. That interaction is where the magic happens. An algorithm is simply the formula that tells the processor the exact, step-by-step mathematical functions to perform and the order of those functions. The algorithm is where the magical mathematical spells are kept, but those are not kept secret in modern practice. The key is used with the algorithm to create secrecy.

For example, the magic formula of the AES algorithm is a substitution-permutation network process, meaning that AES uses a series of mathematical operations done upon the message to be encrypted and the cryptographic key (crypto people call the unencrypted message “plaintext“). How that works is that the output of one round of calculations done on the plaintext is substituted by another block of bits and then the output of that is changed (i.e. permutated) by another block of bits and then it happens over and over, again and again. This round-after-round of operations changes the coded text in a very confused manor, which is the whole idea. Decryption is exactly as it sounds, simply reversing the entire process.

That description, although in actual fact very cursory, is probably TMI here, but the point is that highly sophisticated mathematical cryptographic algorithms that have been tested and proven to be difficult to attack are available to everyone. If a secret key is kept secret, the message processed with that algorithm will be secret from unintended parties. This is called Kerckhoffs’ principle and is worth remembering since it is the heart of modern cryptography. What it says is that you need both the mathematical magic and secret keys for strong cryptography.

Another way to look at is that the enemy can know the formula, but it does him or her no good unless they know the secret key. That is, by the way, why it is so darn important to keep the secret key secret. Getting the key is what many attackers try to do by using a wide variety of innovative attacks that typically take advantage of software bugs. So, the best way to keep the secret is to store the key in secure hardware that can protect if from attacks. Software storage of keys is just not as strong as hardware storage. Bugs are endemic, no matter how hard the coders try to eliminate them. Hardware key storage trumping software is another fundamental point worth remembering.

Alright, so now that we have a good algorithm (e.g. AES) and a secret key we can start encrypting and feel confident that we will obtain confidentiality.

Key Agreement

In order for encryption on the sender’s side and decryption on the receiver’s side, both sides must agree to have the same key. That agreement can happen in advance, but that is not practical in many situations. As a result, there needs to be a way to exchange the key during the session where the encrypted message is to be sent. Another powerful cryptographic algorithm will be used to do just that.

There is a process called ECDH key agreement, which is a way to send the secret key without either of the sides actually having to meet each other. ECDH uses a different type of algorithm from AES that is called “EC” to send the secret key from one side to the other. EC stands for elliptic curve, which literally refers to a curve described by an elliptic equation.   A certain set of elliptic curves (defined by the constants in the equation) have the property that given two points on the curve (P and Q) there is a third point, P+Q, on the curve that displays the properties of commutivity, associativity, identity, and inverses when applying elliptic curve point multiplication. Point-multiplication is the operation of successively adding a point along an elliptic curve to itself repeatedly. Just for fun the shape of such an elliptic curve is shown in the diagram.

The thing that makes this all work is that EC point-multiplication is doable, but the inverse operation is not doable. Cryptographers call this a one-way or trap door function. (Trap doors go only one way, see?)  In regular math, with simple algebra if you know the values of A and A times B you can find the value of B very easily.  With Elliptic curve point-multiply if you know A and A point-multiplied by B you cannot figure out what B is. That is the magic. That irreversibility and the fact that A point-multiplied by B is equal to B point-multiplied by A (i.e. commutative) are what makes this a superb encryption algorithm, especially for use in key exchange.

To best explain key agreement with ECDH, let’s say that everyone agrees in advance on a number called G. Now we will do some point-multiply math. Let’s call the sender’s private key PrivKeySend.  (Note that each party can be a sender or receiver, but for this purpose we will name one the sender and the other the receiver just to be different from using the typical Alice and Bob nomenclature used by most crpyto books.) Each private key has a mathematically related and unique public key that is calculated using the elliptic curve equation.  Uniqueness is another reason why elliptic curves are used. If we point-multiply the number G by PrivKeySend we get PubKeySend. Let’s do the same thing for the receiver who has a different private key called PrivKeyReceive and point-multiply that private key by the same number G to get the receiver’s public key called PubKeyReceive.   The sender and receiver can then exchange their public keys with each other on any network since the public keys do not need to be kept secret. Even an unsecured email is fine.

Now, the sender and receiver can make computations using their respective private keys (which they are securely hiding and will never share) and the public key from the other side. Here is where the commutative law of point-multiply will work its magic. The sender point-multiplies the public key from the other side by his or her stored private key.  This is equates to:

PubKeyReceive point-multiplied by PrivKeySend which = G point-multiplied by PrivKeyReceive point-multiplied by PrivKeySend

The receiver does the same thing using his or her private key and the public key just received. This equates to:

PubKeySend point-multiplied by PrivKeyReceive  = G point-multiplied by PrivKeySend point-multiplied by PrivKeyReceive.

Because point-multiply is commutative these equations have the same value!

And, the rabbit comes out of the hat: The sender and receiver now have the exact same value, which can now be used as the new encryption key for AES, in their possession. No one besides them can get it because they would need to have one of the private keys and they cannot get them. This calculated value can now be used by the AES algorithm to encrypt and decrypt messages. Pretty cool, isn’t it?

Below is a wonderful video explaining the modular mathematics and discrete logarithm problem that creates the one-way, trapdoor function used in Diffie-Hellman key exhange. (Oh yeah, the “DH” in ECDH stands for Diffie-Hellman who were two of the inventors of this process.)

Are you building out for secure devices?  Protect your design investments and prevent compromise of your products? Receive a FREE Atmel CryptoAuthentication™ development tool.

Shouldn’t security be a standard?

Security matters now more than ever, so why isn’t security a standard feature in all digital systems? Luckily, there is a standard for security and it is literally standards-based. It is called TPM. TPM, which stands for Trusted Platform Module, can be thought of as a microcontroller that can take a punch, and come back for more.

“You guys give up, or are you thirsty for more?”

The TPM is a small integrated circuit with an on-board microcontroller, secure hardware-based private key generation and storage, and other cryptographic functions (e.g. digital signatures, key exchange, etc.), and is a superb way to secure email, secure web access, and protect local data. It is becoming very clear just how damaging loss of personal data can be. Just ask Target stores, Home Depot, Brazilian banks, Healthcare.gov, JP Morgan, and the estimated billions of victims of the Russian “CyberVor” gang of hackers. (What the hack! You can also follow along with the latest breaches here.) The world has become a serious hackathon with real consequences; and, unfortunately, it will just get worse with the increase of mobile communications, cloud computing, and the growth of autonomous computing devices and the Internet of Things.

What can be done about growing threats against secure data?

The TPM is a perfect fit for overall security. So, just how does the TPM increase security? There are four main capabilities:

1. Furnish platform integrity
2. Perform authentication (asymmetric)
3. Implement secure communication
4. Ensure IP protection

These capabilities have been designed into TPM devices according to the guidance of an industry consortium called the Trusted Computing Group (TCG), whose members include many of the 800-pound gorillas of the computing, networking, software, semiconductor, security, automotive, and consumer industries. These companies include Intel, Dell, Microsoft, among many others. The heft of these entities is one of the vectors that is driving the strength of TPM’s protections, creation of TPM devices, and ultimately accelerating TPM’s adoption. The TPM provides security in hardware, which beats software based security every time. And that matters, a lot.

TPM Functions

Atmel TPM devices come complete with cryptographic algorithms for RSA (with 512, 1024, and 2048 bit keys), SHA-1, HMAC, AES, and Random Number Generator (RNG). We won’t go into the mathematical details here, but note that Atmel’s TPM has been Federal Information Processing Standards (FIPS) 140-2 certified, which attests to its high level of robustness. And, that is a big deal. These algorithms are built right into Atmel TPMs together with supporting software serve to accomplish multiple security functions in a single device.

Each TPM comes with a unique key called an endorsement key that can also be used as part of a certificate chain to prevent counterfeiting. With over 100 commands, the Atmel TPM can execute a variety of actions such as key generation and authorization checks. It also provides data encryption, storage, signing, and binding just to name a few.

An important way that TPMs protect against physical attacks is by a shielded area that securely stores private keys and data, and is not vulnerable to the types of attacks to which software key storage is subjected.

But the question really is, “What can the TPM do for you?”  The TPM is instrumental in systems that implement “Root of Trust” (i.e. data integrity and authentication) schemes.

Root of trust schemes use hashing functions as the BIOS boots to ensure that there have been no unwanted changes to the BIOS code since the previous boot. The hashing can continue up the chain into the OS. If the hash (i.e. digest) does not match the expected result, then the system can limit access, or even shut down to prevent malicious code from executing.  This is the method used in Microsoft’s Bitlocker approach on PCs, for example. The TPM can help to easily encrypt an entire hard drive and that can only be unlocked for decryption by the key that is present on the TPM or a backup key held in a secure location.

Additionally, the TPM is a great resource in the embedded world where home automation, access points, consumer, medical, and automotive systems are required. As technology continues to grow to a wide spectrum of powerful and varying platforms, the TPM’s role will also increase to provide the necessary security to protect these applications.

Interested in learning more about Atmel TPM? Head here. To read about this topic a bit further, feel free to browse through the Bits & Pieces archive.

This blog was contributed by Ronnie Thomas, Atmel Software Engineer. 

 

 

Digital anonymity: The ultimate luxury item

Data is quickly becoming the currency of the digital society, of which we are all now citizens. Let’s call that “Digitopia.”

In Digitopia, companies and governments just can’t get enough data. There is real data obsession, which is directly leading to an unprecedented loss of privacy. And, that has been going on for a long time — certainly since 9/11. Now a backlash is underway with increasing signs of a groundswell of people wanting their privacy back. This privacy movement is about digital anonymity. It is real, and particularly acute in Europe. However, the extremely powerful forces of governments and corporations will fight the desire for personal privacy revanchism at every turn. What seems likely is that those with financial means (i.e. 1%-ers) will be at the forefront of demanding and retrieving privacy and anonymity; subsequently, anonymity could easily become the new luxury item. Ironically, digital invisibility could be the highest form of status.

Let’s explore what is creating the growing demand for a return to some anonymity. The main driver is the collective realization of just how vulnerable we all are to data breaches and snooping — thanks to Edward Snowden’s NSA revelations, Russian Cyber-Vor hacker gangs stealing passwords, Unit 61318 of the People’s Liberation Army creating all kinds of infrastructure, commercial and military mischief, the Syrian Electronic Army conducting cyber attacks, Anonymous, Heatbleed, Shellshock, Target and Home Depot credit card number breaches among countless other instances of real digital danger.

What all this means is that everyone is a potential victim, and that is the big collective “ah-ha” moment for digital security. (Maybe it’s more of an “oh-no!” moment?) As illustrated by the chart below, the magnitude, types and sheer number of recent attacks should make anyone feel a sense of unease about their own digital exposure. Why is this dangerous to everyone? Well, because data now literally translates into money. And I literally mean literally. Here’s why…

Bitcoin Exposes the Dirty Little Secret About Money 

Bitcoin is a great starting point because it’s the poster child of the data = money equation. Bitcoin currency is nothing more than authenticated data, and completely disposes any pretense of money being physical. It is this ephemeral-by-design nature of Bitcoin that, in fact, exposes the dirty little secret about all money, which is that without gold, silver or other tangible backing, dollars, the Euro, Renmimbi, Yen, Won, Franc, Pound, Kroner, Ruble and everything else is nothing but data. Money is a manmade concept — really just an idea.

How this works can best be described by putting it into cryptographic engineering terms. Governments are the “issuing certification authority” of money. Each country or monetary union (e.g. EU) with a currency of their own is literally an “issuer.” All roads lead back to the issuer’s central bank via a type of authentication process to prove that the transaction is based upon the faith and credit of the issuer.

Banks are the links on that authentication/certification chain back that leads back to the issuer. Each link on the chain (or each bank) is subject to strict rules (i.e. laws) and audits established by the issuer about exactly how to deal with the issuer, with other banks in the system, with the currencies created by other issues (i.e. other countries), with customers, and how to account for transactions. Audits, laws, and rules are therefore an authentication process. Consumers’ bank accounts and credit cards are the end-client systems. Those end-client systems are linked back through the chain of banks via the authentication process (rules, etc.) to the issuer of the money. That linkage is what creates the monetary system.

Bitcoin was built precisely and purposefully upon cryptographic authentication and certification. It is cryptography and nothing more. There is no central issuing authority and it remains peer-to-peer on purpose. Bitcoin bypasses banks precisely so that no overseer can control the value (i.e. create inflation and deflation at their political whim). This also preserves anonymity.

The bottom line is that the modern banking system has been based upon “fiat money” since the Nixon Administration abandoned the gold standard. The Latin word “fiat” means “arbitrary agreement” and that is what money is: an arbitrary agreement that numbers in a ledger have some type of value and can act as a medium of exchange. Note that physical money (paper and coins) is only an extremely small fraction of the world’s money supply. The bulk of the world’s money is comprised of nothing more than accounting entries in the ledgers of the world’s banking system.

See?  Money = Data. Everything else is window dressing to make it appear more than that (e.g. marble columned bank buildings, Fort Knox, Treasury agents with sunglasses and guns, engraved bonds, armored cars, multi-colored paper currency, coins, etc.).

So, if money equals data, then thieves will not rob banks as often; however, those who can will raid data bases instead, despite what Willie Sutton said. Data bases are where the money is now.

By now, the problem should be obvious to anyone who is paying attention — data of any kind is vulnerable to attack by a wide variety of antagonists from hacker groups and cyber-criminals to electronic armies, techno-vandals and other unscrupulous organizations and people. The reason is simple. Yes, you guessed it: It is because data = money. To make it worse, because of the web of interconnections between people, companies, things, institutions and everything else, everyone and everything digital is exposed.

Big Data. Little Freedom.

The 800-pound gorillas of Digitopia are without a doubt governments. Governments mandate that all kinds of data be presented to them at their whim. Tax returns, national health insurance applications, VA and student loan applications, and other things loaded with very sensitive personal data are routinely demanded and handed over. Individuals and corporations cannot refuse to provide data to the government if they want the monopolized “services” governments provide (or to stay out of jail). And, that is just the open side of the governmental data collection machine.

The surreptitious, snooping side is even larger and involves clandestine scanning of personal conversations, emails, and many other things. However, there is another, non-governmental component to data gathering (I will not use the term “private sector” because it is way too ironic). Companies are now becoming very sophisticated at mining data and tracking people, and getting more so every day. This is the notion of “big data,” and it is getting bigger and bigger all the time.

The Economist recently articulated how advertisers are tracking people to a degree once reserved for fiction. (Think George Orwell’s 1984.) Thousands of firms are now invisibly gathering intelligence. Consumers are being profiled with skills far exceeding that of FBI profilers. When consumers view a website, advertisers compete via a hidden bidding process to show them targeted ads based on the individual’s profile. These ads are extremely well focused due to intensive analytics and extensive data collection. These auctions take milliseconds and the ads are displayed when the website loads. We have all seen these ads targeted at us by now. This brave new advertising world is a sort of a cross between Mad Men and Minority Report with an Orwellian script.

The Personalization Conundrum

There is a certain seductiveness associated with consumer targeting. It is the notion of personalization. People tend to like having a certain level of personalized targeting. It makes sense to have things that you like presented to you without any effort on your part. It is sort of an electronic personal shopping experience. Most people don’t seem to mind the risk of having their preferences and habits collected and used by those they don’t even know. Consumers are complicit and habituated to revealing a great deal about themselves.  Millennials have grown up in a world where the notion of privacy is more of a quaint anachronism from days gone by. But, that is all likely to change as more people get hurt.

Volunteering information is one thing, but much of the content around our digital selves is being collected automatically and used for things we don’t have any idea about. People are increasingly buying products that track their activities, location, physical condition, purchases and other things. Cars are already storing data about our driving habits and downloading that to other parties without the need for consent. So, the question is becoming at point does the risk of sharing too much information outweigh the convenience? It is likely that point has already been reached, if you ask me at least.

The Need for a Digital Switzerland

With the unholy trinity of governmental data gathering, corporate targeting, and cyber-criminality, the need for personal data security should be more than obvious. Yet, the ability to become secure is not something that individuals will be able to make happen on their own. Data collection systems are not accessible, and they are not modifiable by people without PhDs in computer science.

With privacy being compromised every time one views a webpage, uses a credit card, pays taxes, applies for a loan, goes to the doctor, drives on a toll way, buys insurance, gets into a car, or does a collection of other things, it becomes nearly impossible to preserve privacy. The central point here is that privacy is becoming scarce, and scarcity creates value. So, we could be on the verge of privacy and anonymity becoming a valuable commodity that people will pay for. A privacy industry will arise. Think of a digital Pinkerton’s.

It is likely that those who can afford digital anonymity will be the first to take measures to regain it. To paraphrase a concept from a famous American financial radio show host, privacy could replace the BMW as the modern status symbol. The top income earners who want to protect themselves and their companies will be looking for a type of digital Switzerland.

Until now a modicum of privacy had been attainable from careful titling and sequestering of assets (i.e. numbered bank accounts, trusts, shell corporations, etc.). That is not enough anymore. The U.S. Patriot Act, European Cy­bercrime Convention, and EU rules on data retention are the first stirrings concerning a return to the right to anonymity. These acts will apply pressure to the very governmental agencies that are driving privacy away. Dripping irony…

Legal, investigational, and engineering assets will need to be brought to bear to provide privacy services. It will take a team of experts to find where the bits are buried and secure them. Privacy needs do not stop at people either. Engineers will have to get busy to secure things as well.

The Internet of Things

Everything said until this point about the loss of personal privacy also applies to the mini-machines that are proliferating in the environment and communicating with each other about all kinds of things. The notion of the Internet of Things (IoT) is fundamentally about autonomous data collection and communication and it is expected that tens of billions of dispersed objects will be involved in only a few years form now. These numerous and ubiquitous so-called things will typically sense data about their surroundings, and that includes sensing people and what those people are doing. Therefore, these things have to add security to keep personal information out of the hands of interlopers and to keep the data from being tampered with. This is called data integrity in cryptographic parlance.

What Can be Done?

To ensure that things are what they say they are, it is necessary to use authentication. Authentication, in a cryptographic sense, requires that a secret or private key be securely stored somewhere for use by a system. If that secret key is not secret then there is no such thing as security. That is a simple point but of paramount importance.

The most secure way to store a cryptographic key is in secure hardware that is designed to be untamperable and impervious to a range of attacks to get at it. Atmel has created a line of products called CryptoAuthentication precisely for this purpose.  Atmel CryptoAuthentication products — such as ATSHA204A, ATECC108A and ATAES132 — implement hardware-based key storage, which is much stronger then software based storage because of the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time.

It is most likely that as we citizens of Digitopia continue to realize how dependent we are on data and how dependent those pieces of data are on real security, there will be a powerful move towards the strongest type of security that can be achieved. (Yes, I mean hardware.)

In the future, the most important question may even become, “Does your system have hardware key storage?” We should all be asking that already and avoiding those systems that do not. Cryptography is, as Edward Snowden has said, the “defense against the dark arts for the digital realm.”  We should all start to take cover.