Tag Archives: Embedded Security

The power of the platform in IoT and wearable designs


What IoT developers want? A candid look at the wearable designs shows how platform approach is helping design engineers confront daunting challenges in the IoT arena.


“Providers become platforms” is the second most prominent finding of the Forbes story entitled “The Five Most Disruptive Innovations at CES 2016.” Interestingly, all the five disrupting forces outlined in the story relate to the Internet of Things blaze one way or the other. A coincidence? Not really.

CES 2016 was mostly about demonstrating how the advent of a connected world is possible with the creation of an array of smart and interconnected devices. However, the IoT juggernaut, while exploring the true value of connectivity, also requires new business models, which in turn, makes time-to-market even more critical.

Smart badge brings efficiency in enterprise, hospitality and healthcare

Take smart wearable devices, for instance, which were arguably the biggest story on the CES floor this year. A wearable design comprises of one or more sensors, connectivity solution like a radio controller, a processor to carry out system-level functions, storage to log information, display and battery. And what IoT and wearable developers want?

A platform that allows them to facilitate the finished products quickly and efficiently. The design engineers simply can’t afford experimentation with the basic blocks as they need a precedence of basic hardware and software functions working efficiently and smoothly.

Anatomy of Wearable Design

First and foremost, wearable designs confront power constraints even greater than mobile devices. Not surprisingly, ultra-low-power MCUs lie at the heart of wearable designs because they combine flash, on-chip RAM and multiple interface options while intelligently turning power on and off during activity and idle periods, respectively.

The next design conundrum relates to the form factor because these devices are being worn, so they have to be small and light. That, in turn, demands even smaller circuit boards with a greater level of integration. Enter the IoT platforms.

Amid power, performance and form factor considerations, the choice of a right IoT platform means that designers will most likely get the basic building blocks right. And that will allow IoT developers to focus on the application, differentiation and customer needs.

That’s what Atmel is aiming for with the launch of a reference platform for cost-optimized IoT and wearable applications. Atmel’s ultra-low-power platform, which was announced over the week of CES, is aimed at battery-operated wearable devices requiring activity and environment monitoring.

Power has a critical role in the key IoT building blocks

IoT Developer Platform

Below are the key highlights of Atmel’s platform offering for the IoT and wearable designs.

Processor: Microcontroller’s low-power requirements make it a likely choice in wearable designs; MCUs that communicate and process sensor inputs draw very little power from the battery while asleep. Remember the L21 microcontroller that made headlines back in 2015 after leading the low-power benchmarks conducted by EEMBC ULPBench.

Atmel’s SMART SAM L21 MCU — based on ARM’s lowest power Cortex-M0+ processing core — scored 185 in the benchmark and was able to bring the power consumption down to 35µA/MHz in active mode and 200nA in sleep mode.

Communications: The BTLC1000 is an ultra-low power Bluetooth Smart (BLE 4.1) system-on-chip (SoC) that comes integrated with ARM Cortex-M0 core, transceiver, modem, MAC, power amplifier, TR switch, and power management unit (PMU). It can be used as a BLE link controller or data pump with external host MCU or as a standalone applications processor with embedded BLE connectivity and external memory.

Atmel claims that its BTLC1000 Bluetooth solution — a 2.2mm x 2.1mm wafer level chip scale package — is 25 percent smaller than the nearest competitor solution. And Electronic Products magazine has corroborated that premise by calling it the lowest power BLE chipset that consumes less than 4mA in RX and less than 3mA in TX at 0dbm.

Security: Atmel is among the first chipmakers to offer specialized security hardware for the IoT market. Its microcontrollers come integrated with anti-cloning, authentication and encryption features.

Display: Wearable devices often show data such as time, measurements, maps and notifications on a display, and here, capacitive touch provides a very intuitive form of interfacing with the information. Atmel’s MCUs can directly manage capacitive buttons through software libraries that the firm provides.

Furthermore, Atmel offers standalone display controllers that support capacitive button, slider and wheel (BSW) implementations. These touch solutions can be tuned to moisture environments, a key requirement for many wearable applications. Atmel’s maXTouch capacitive touchscreen controller technology is a leading interface solution for its low-power consumption, precision and sensitivity.

Sensors: The development framework for the wearable designs features BHI160 6-axis SmartHub motion sensor and BME280 environment sensor from Bosch. It’s worth noting that Bosch is one of Atmel’s sensor partners. However, wearable product designers are free to pick sensors of their choice from Atmel’s other sensor partners.

Software support: The software package includes RTOS, Atmel’s Studio 7 IDE and Atmel START, which Atmel claims is the world’s first intuitive web-based tool for software configuration and code generation. Moreover, Atmel Software Framework (ASF) offers communication libraries for Bluetooth radios.

Atmel's developer platform for IoT and wearable designs

The truth is that the design game has moved from hardware and software functional blocks to complete developer ecosystems since the iPhone days. Now the ecosystem play is taking platforms to a whole new level in the design diversity that comes with the IoT products.

The choice of a right IoT platform means that designers will most likely get the basic building blocks right, and then, they can focus on the application and customer needs. It also provides design engineers space for differentiation, a critical factor in making wearable devices a consumer success.

 

 

Secured SAMA5D4 for industrial, fitness or IoT display


To target applications like home automation, surveillance camera, control panels for security, or industrial and residential gateways, high DMIPS computing is not enough.


The new SAMA5D4 expands the Atmel | SMART Cortex-A5-based family, adding a 720p resolution hardware video decoder to target Human Machine Interface (HMI), control panel and IoT applications when high performance display capability is required. Cortex-A5 offers raw performance of 945 DMIPS (@ 600 MHz) completed by ARM NEON 128-bit SIMD (single instruction, multiple data) DSP architecture extension. To target applications like home automation, surveillance camera, control panels for security, or industrial and residential gateways, high DMIPS computing is not enough. In order to really make a difference, on top of the hardware’s dedicated video decoder (H264, VP8, MPEG4), you need the most complete set of security features.

Life-Fitness-F3-Folding-Treadmill-with-GO-Console-2_681x800

Whether for home automation purpose or industrial HMI, you want your system to be safeguarded from hackers, and protect your investment against counterfeiting. You have the option to select 16-b DDR2 interface, or 32-b if you need better performance, but security is no longer just an option. Designing with Atmel | SMART SAMA5D4 will guarantee secure boot, including ARM Trust Zone, encrypted DDR bus, tamper detection pins and secure data storage. This MPU also integrates hardware encryption engines supporting AES (Advanced Encryption Standard)/3DES (Triple Data Encryption Standard), RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curves Cryptography), as well as SHA (Secure Hash Algorithm) and TRNG (True Random Number Generator).

If you design fitness equipment, such as treadmills and exercise machines, you may be more sensitive to connectivity and user interface functions than to security elements — even if it’s important to feel safe in respect with counterfeiting. Connectivity includes gigabit and 10/100 Ethernet and up to two High-Speed USB ports (configurable as two hosts or one host and one device port) and one High Speed Inter-Chip Interface (HSIC) port, several SDIO/SD/MMC, dual CAN, etc. Because the SAMA5D4 is intended to support industrial, consumer or IoT applications requiring efficient display capabilities, it integrates LCD controllers with a graphics accelerator, resistive touchscreen controller, camera interface and the aforementioned 720p 30fps video decoder.

hmi-panels-sama5d4-atmel-processor

The MCU market is highly competitive, especially when you consider that most of the products are developed around the same ARM-based family of cores (from the Cortex-M to Cortex-A5 series). Performance is an important differentiation factor, and the SAMA5D4 is the highest performing MPUs in the Atmel ARM Cortex-A5 based MPU family, offering up to 945 DMIPS (@ 600 MHz) completed by DSP extension ARM NEON 128-bit SIMD (single instruction, multiple data). Using safety and security on top of performance to augment differentiation is certainly an efficient architecture choice. As you can see in the block diagram below, the part features the ARM TrustZone system-wide approach to security, completed by advanced security features to protect the application software from counterfeiting, like encrypted DDR bus, tamper detection pins and secure data storage. But that’s not enough. Fortunately, this microprocessor integrates hardware encryption engines supporting AES/3DES, RSA, ECC, as well as SHA and TRNG.

The SAMA5 series targets industrial or fitness applications where safety is a key differentiating factor. If security helps protecting the software asset and makes the system robust against hacking, safety directly protects the user. The user can be the woman on the treadmill, or the various machines connected to the display that SAMA5 MCU pilots. This series is equipped with functions that ease the implementation of safety standards like IEC61508, including a main crystal oscillator clock with failure detector, POR (power-on reset), independent watchdog timers, write protection register, etc.

Atmel-SMART-SAMA5D4-ARM-Cortex-MPU-AtmelThe SAMA5D4 is a medium-heavier processor and well suited for IoT, control panels, HMI, and the like, differentiating from other Atmel MCUs by the means of performance and security (not to mention, safety). The ARM Cortex-A5 based device delivers up to 945 DMIPS when running at 600 MHz, completed by DSP architecture extension ARM NEON 128-bit SIMD. The most important factor that sets the SAMA5D4 apart from the rest is probably its implemented security capabilities. These will protect OEM software investments from counterfeiting, user privacy against hacking, and its safety features make the SAMA5D4 ideal for industrial, fitness or IoT applications.


This post has been republished with permission from SemiWiki.com, where Eric Esteve is a principle blogger as well as one of the four founding members of the site. This blog first appeared on SemiWiki on October 6, 2015.

10 (+1) invaluable steps to launching your next IoT product


Let’s transition your products from a ‘dumb’ to ‘smart’ thing.


Many enterprises, startups and organizations have already been exposed to the innovation land grab stemming from the rapidly evolving Internet of Things (IoT). What’s available in the product/market fit arena? This is the hunt to cease some segment of the multi-trillion dollar growth reported to gain from the IoT, enabling embedded system connectivity coupled with the ecosystem value-add of a product or service. Even for that matter, transforming a mere idea that centers around connectivity solutions can present an array of challenges, particularly when one seeks to bring to market disruptive ways for the end-user to adopt from the more traditional way of doing things (e.g. GoPro, PebbleWatch, FitBit, and even to as far as e-health monitors, tire subscriptions, self-driving vehicles, smart bracelets, connected medical apparatus or Industrial Internet devices, home automation systems and more).

All together, there’s one overlaying theme to these Internet-enabled products. They are all pervasively SMART technologies that help monetize the IoT. Now, let’s get your products to transition from a once ordinary, mundane object to a much smarter, more secure “thing.” When doing so, this too can often present a few obstacles for designers, especially as it requires a unique set of skills needed to interface systems with connectivity to the cloud or Internet.

To top it all off, there may already be various product lines in existence that have a mandate to leverage a connected ecosystem/design. In fact, even new ones require connectivity to the cloud, having designs set forth to enhance via customer usage then combining this user data with other associated data points. Already, the development to enable such devices require an assortment of skills. It’s an undertaking, one in which requires knowledge and expertise to command stable connectivity in the infrastructure and design a product with security, scalability, and low power.

Moving ahead, here are some recommendations developers and Makers should know:

  1. Identify a need and market: The value of the smart device lies in in the service that it brings to the customer. Identify the need to develop a strong offer that brings value or enhances efficiency rather than creating a simple gadget. (See Marc Andreesen’s infamous blog on product/market fit for more tips).
  1. Validate your ideation: Carry out market research. Do your due diligence. Determine whether the device you think of creating already exists. Can improvements be ascertained with testimonial as an enhanced or unique experience? Indeed, benchmarking will allow you to discover any competitors, find sources of inspiration, develop a network of ideas to pool and find other areas for improvement as well.
  1. Prototype toward MVP: New device fabrication techniques, such as 3D printing, are the ideal creative validation for producing prototypes much faster and for less money. They also promote iteration, which is an integral process when designing the device towards MVP.
  1. Connect the ‘thing’ then concert it into a smart ‘thing:’ Right now, there is no mandatory standard for interconnecting different devices. Selecting the right technology is essential, particularly if the device requires low-power (speaking of low-power….) and event and state controls, which highly optimize extended power and the services to enrich the information system and eventally enhance user experience with a roadmap toward an ecosystem.
  1. Develop the application: Today, the primary smart devices are linked to an dedicated mobile app. Since the app transforms the smartphone into a remote control, it must be be easy to use for your end-users, and more importantly, simply upgraded via the cloud.
  1. Manage the data: Fitted with a multitude of sensors, connected gadgets generate an enormous amount of data that need to be processed and stored with the utmost security across all layers even to as far as using cryptography in memory. (After all, you don’t want your design become a ‘Tales from the Crypt-O” horror story.) 
  1. Analyze and exploit the data: By processing and analyzing the data, a company can extract the necessary information to deploy the right service in the right place at the right time.
  1. Measure the impact of the smart device: Set up probes to monitor your devices and data traffic quality. Answer questions objectively as to how it would securely scale and evolve should there be an instant high volume success and usage. This will help you measure the impact of the smart device in real time and adapt its actions accordingly, and model into the product roadmap and MVP spec.
  1. Iterate to fine-tune the device’s use: After launching the project, the process has only begun. Feedback needs to be taken into account in order to adjust and fine-tune the project. Due to its very nature, digital technology requires continuous adaptation and iteration. “Try and learn” and present riskier ideas to products are the fundamental principles behind transformation when imposing a new use.
  1. Prototype again: Continuous adaptation and iteration means that your company needs to produce a new prototype.
Here’s 10 + 1 invaluable Step to Launching Your IoT Project or Products

Here’s 10 + 1 invaluable steps to launching your IoT project or product.

11. Take advantage of the hands-on training in your region.

As an application space, IoT sensor nodes are enabled by a number of fundamental technologies, namely a low-power MCU, some form of wireless communication and strong security. With this in mind, the newly revealed Atmel IoT Secure Hello World series will offer attendees hands-on training, introducing them to some of the core technologies making the Internet of Things possible, including Wi-Fi and CryptoAuthentication.

What’s more, these sessions will showcase Atmel’s diverse Wi-Fi capabilities and CryptoAuthentication hardware key storage in the context of the simplest possible use cases. This includes learning how to send temperature information to any mobile device via a wireless network and how to enable the remote control of LEDs on a SAM D21 Xplained Pro board over a Wi-Fi network using a WINC1500. In addition, attendees will explore authentication of IoT nodes, as well as how to implement a secure communications link — something that will surely come in handy when preparing to launch your next smart product.

As you can see, so far, everyone is LOVING the Hello World sessions — from hardcore embedded engineers to hobbyists. Here some recent social activity following the recent Tech on Tour events in both Manchester and Heathrow, UK. Need we say more? These tweets say a thousand words!

Atmel-Tech-On-Tour-Europe-UK

Connected and ready to go… all before lunch! (Yes, there’s food as well!)

 

Atmel-Tech-On-Tour-Europe-BYOD

Atmel’s Tech on Tour and proud partner EBV Elektronik proudly thankful for the successful event in Manchester, UK.

 

Atmel-Tech-On-Tour-Europe

Atmel’s Tech on Tour just successfully completed a full house attendance training in Manchester, UK

 

Find out how you too can receive in-depth IoT training. As the Atmel | Tech on Tour makes it way throughout Europe, Asia, and North America, make sure you know when the team arrives in your town!  Don’t miss it. Upon registering, you will even receive a WINC1500 Xplained Pro Starter Kit to take home.

The 10 challenges of securing IoT communications


From the very beginning of developing an IoT product, IoT security must be a forethought.


One of the hottest topics at last week’s IoT StreamConf was security. In other words, how are we going to secure communication for billions of connected devices? How can we ensure that attackers can’t take control of our devices, steal information, disrupt services, or take down entire networks of expensive, imperative devices?

With IoT is still in its early stages, security is not fully understood and well-defined when compared to other industries, like the financial and e-commerce sectors. From the very beginning of developing an IoT product, whether it’s small-scale like a wearable device, to massive-scale IoT deployments, like an oil field sensor network or global delivery operation, IoT security must be a forethought.

10-challenges-securing-IoT-PubNub-Atmel

In this talk, Rohini Pandhi, Product Manager at PubNub, walks through the ten challenges of securing Internet of Things communication. Rohini discusses flexible and secure messaging design patterns for IoT communication, and how they can be implemented and scaled. There are a number of security considerations, but after watching this talk, you should have a good idea of how you can secure your IoT deployment.

(Scroll below video for a table of contents of when individual concepts are talked about in the video).

Video Table of Contents

  1. Defining the Internet of Things (10:27)
  2. Unprotected devices will be attacked (13:15)
  3. Encryption (15:46)
  4. Single security model for all communications (17:56)
  5. Access control (20:13)
  6. Tracking device metadata (21:14)
  7. Provisioning in the field (22:38)
  8. Firmware updates in the field (24:07)
  9. Compliance with regulations (25:15)
  10. Reinventing the wheel (26:17)

More Resources on Securing IoT Communication

Below are a couple great pieces on IoT security, and some code tutorials for IoT developers:

ChipWhisperer-Lite is an educational board for embedded security


ChipWhisperer is the first open-source toolchain for embedded hardware security research including side-channel power analysis and glitching.


Side-channel power analysis refers to a method of breaking implementations of completely secure algorithms such as AES-256. Such capabilities have been known for a long time – the attack was first published in 1998. But even today many consider side-channel attacks exotic, and don’t take them seriously when designing secure systems. That is why Canadian startup NewAE Technology has launched a new project to help inform designers that they need to take these threats seriously, by teaching them how the attacks work!

photo-1024x768

Recently debuted on Kickstarter, the aptly named ChipWhisperer-Lite is essentially an educational tool, designed to introduce embedded enthusiasts to the area of side-channel power analysis. You may also recall the project from last year’s Hackaday Prize, where it garnered second place accolades.

Side-channel attacks aren’t magic; in fact, it is possible to design systems which are resistant to them. For instance, Atmel has a line of secure processors which would have encryption peripherals which cannot easily be attacked. Another example is the ATAES132 device – again this has resistance against side-channel attacks, so you could be more confident in the security of that device, compared to a generic microcontroller with an AES hardware peripheral (such as the AVR XMEGA). It’s all about managing the risk!

8a98245ccbc082ea5c6f1c36fe33147c_large

Additionally, the ChipWhisperer-Lite required a high-speed USB interface, and so, the NewAE Technology team turned to the Atmel | SMART SAM3U2C to accomplish this feat.

“While a number of systems are designed around generic interface chips, using a high-speed USB microcontroller gave me a lot more flexibility. In addition the cost of the microcontroller chip was cheaper than the stand-alone interface chip I would have used, so all these benefits came at no penalty to the BOM cost,” writes company co-founder Colin O’Flynn.

This shows the basic connections between the SAM3U2C and the FPGA. The external memory interface on the SAM3U2C is used to simplify data and control transfer to and from the FPGA.

This shows the basic connections between the SAM3U2C and the FPGA. The external memory interface on the SAM3U2C is used to simplify data and control transfer to and from the FPGA.

According to O’Flynn, the SAM3U family was selected based on set of criteria:

  • High-speed USB 2.0 interface
  • External memory interface with programmable timing parameters
  • TQFP Package (as he wanted people to be able to build this project themselves)
  • Lower cost than standalone interface chip (he had been looking for roughly $3-$4 in a quantity of 1,000)
  • ROM-resident USB bootloader (so that people building their own don’t need a programmer, and makes the board unbrickable)

“The external memory interface is actually critical to achieving a simple FPGA interface. This allows me to memory-map sections of the FPGA right into the SAM3U processor memory. If transferring data over USB to the FPGA, I can point the USB code from the Atmel Software Framework (ASF) to the location in the FPGA I want the data to go,” O’Flynn adds. “This means no need to copy the data multiple times between buffers, or use some specialized protocol to transfer data from the microcontroller to the FPGA.”

Beyond that, the SAM3U2C simplifies system management. Meeting USB sleep mode current limits (2.5 mA) means shutting off the FPGA and analog portions of the board. Standalone interface chips provide a ‘SUSPEND’ output which you can use, but having the microcontroller offered much more control, which ChipWhisperer-Lite’s creators were able to use for meeting inrush current limits.

The USB standard has limits on the inrush current; this current occurs when the USB device is plugged in and all the capacitors start charging. To avoid exceeding these currents most boards need a ‘soft-start,’ where power supplies are turned on after some delay (or after the USB device finishes enumerating).

“Putting this in the microcontroller gives me control over that delay if fine-tuning is needed, or even having the option of adding multiple switches or slower ramps using a PWM output,” says O’Flynn.

This shows the switch for the FPGA and analog power supplies. Depending on the total load, an RC filter can be added to slow the turn-on speed of the FETs.

This shows the switch for the FPGA and analog power supplies. Depending on the total load, an RC filter can be added to slow the turn-on speed of the FETs.

Using the SAM3U2C also provided a nice set of peripherals to use, too. The ChipWhisperer-Lite required a ‘target’ device that the user (i.e. student) programs with their algorithm of interest. For this case, the team selected an XMEGA MCU to serve as a programmable target for the student.

The XMEGA device can easily be programmed with only two wires (PDI), and this is generated by one of the SPI modules in the SAM3U. O’Flynn also used a USART module to communicate with the XMEGA, and finally another SPI module to download configuration data to the FPGA.

“While generic interface chips often have support for serial protocols (such as SPI or USARTs), the problem is they are normally limited in the number of channels offered, or I couldn’t use the serial-interface mode at the same time as high-speed parallel interface mode.”

In addition the details of the protocol (such as the low-level PDI programming protocol for the XMEGA) go into the firmware on the SAM3U2C, simplifying the higher-layer USB interface.

c0213e143d5dc2cf1c1fb4dde421ea6b_large

“I find it easier to develop those low-level protocols on an embedded system from within Atmel Studio 6.2, compared to trying to send timing-specific information across the USB bus to be processed by the interface chip! Anytime you can avoid USB debugging is time well spent in my books,” O’Flynn emphasizes. “Using an ASF application example as a starting point for the whole application let me rocket through development, with satisfyingly few moments of pounding my head against the desk figuring out why things weren’t working!”

A final nicety of the design was the ability to use the unique ID programmed into the SAM3U2C as part of the USB device serial number. In other words, the NewAE Technology crew could generate unique serial numbers for each device without requiring any special manufacturing step – every device is loaded with the same binary firmware yet still has a unique serial number. As an end-user, having unique USB serial numbers improves the experience since otherwise Windows will reload the driver when you change the USB port the device is plugged into.

“We’re eliminating the problem for good by making the tools open-source. Because this whole area is an active research area, the tools need to be open-source. This isn’t a case of attempting to seem sexy by adding the word ‘open-source’, but placing something of commercial value into the open-source domain, in the hope it spurs a larger community. This includes hours of tutorials on this area, more than just a few board files and some source code.”

Indeed, this project was devised as a fairly advanced piece of test equipment for well-seasoned Makers, embedded developers and computer engineers. That being said, it is important to note that it is not Arduino-compatible, nor does it work with Raspberry Pi or BeagleBone. However, O’Flynn does reveal that an Arduino-compatible, ATmega328P based target board is in the works. Impressively, ChipWhisperer-Lite also enables users to snap off the ‘target board,’ giving them both a main measurement tool and a target device.

e1dd963d975ca506d1570c18a6023fae_large-1

Interested in learning more? You can head over to its official Kickstarter page, where the team is well on its way to achieving its $50,000 goal. Pending all goes to plan, shipment is slated for August 2015.

Forward secrecy made real easy


Taking a closer look at how ATECC508A CryptoAuthentication devices can help in providing robust authentication.  


Forward secrecy, which is often referred to as Perfect Forward Secrecy (PFS), is essentially the protection of ciphertext with respect to time and changes in security of your cryptographic session keys and/or primary keying material over time.

A cryptographic session key is used to authenticate messages and encrypt text into ciphertext before it is transmitted. This thwarts a “man in the middle” from understanding the message and/or altering that message. These keys are derived from primary keying material. In the case of Public Key Cryptography, this would be the private key.

Unless you are implementing your own security in the application layer, you probably rely on the TLS/SSL in the transport layer.

The Problem

One can envision a scenario in which ciphertext was recorded by an eavesdropper over time. For a variety of reasons out of your control, your session keys and/or primary keying material are eventually discovered and this eavesdropper could decipher all of those recorded transmissions.

Release of your secret keys could be the result of a deliberate act, as with a bribe, a disgruntled employee, or even someone thinking they are “doing the right thing” by exposing your secrets. Or, it could be the result of an unwitting transgression from protocol. Equipment could be decommissioned and disposed of improperly. The hard drives could be recovered using the infamous dumpster dive attack methodology, thus exposing your secrets.

If you rely solely on transport layer security, your security could be challenged knowingly or unknowingly by third parties controlling the servers you communicate with. Recently leaked NSA documents shows powerful government agencies can (and do) record ciphertext. Depending on how clever or influential your snoopers are, they could manipulate the server system against you.

There are many ways your forward security could be compromised at the server level, including server managers unwittingly compromise it due to bad practices, inadequate cipher suites, leaving session keys on the server too long, the use of resumption mechanisms, among countless others.

Let’s just say there are many, many ways the security of your session keys and/or primary keying material could eventually be compromised. It only takes one of them. Nevertheless, the damage is irreversible and the result is the same: Those recorded ciphertext transmissions are now open to unintended parties.

The Solution

You can wipe out much of your liability by simply changing where encryption takes place. If encryption and forward secrecy are addressed in the application layer, session keys will have no relationship with the server, thereby sidestepping server based liabilities.This, of course, does not imply transport layer security should be discarded.

A public/private key system demonstrates the property of forward secrecy if it creates new key pairs for communication sessions. These key pairs are generated on an as-needed basis and are destroyed after a single use. Their generation must be truly random. In fact, they cannot be the result of a deterministic algorithm. Once a session key is derived from the public/private key pair, that key pair must not be reused.

Atmel’s newly-revealed ATECC508A CryptoAuthentication device meets this set of criteria. It has the ability to generate new key pairs using a high quality truly random number generator. Furthermore, the ATECC508A supports ECDH, a method to spawn a cryptographic session key by knowing the public key of the recipient. When these spawned session keys are purposely short-lived, or ephemeral, the process is known as ECDHE.

Using this method, each communication session has its own unique keying material. Any compromise of this material only compromises that one transmission. The secrecy of all other transmissions remains secure.

The Need for Robust Authentication

Before any of the aforementioned instances can occur, the identity of the correspondents needs to be robustly authenticated. Their identities need to be assured without doubt (non-repudiation), because accepting an unknown public key without robust authentication of origin could authorize an attacker as a valid user. Atmel’s ATECC508A provides this required level of authentication and non-repudiation.

Not only is the ATECC508A a cost-effective asymmetric authentication engine available in a tiny package, it is super easy to design in and ultra-secure. Moreover, it offers protective hardware key storage on-board as well a built-in ECC cryptographic block for ECDSA and ECDH(E), a high quality random number generator, a monotonic counter, and unique serial number.

With security at its core, the Atmel CryptoAuthentication lineup is equipped with active defenses, such as an active shield protecting the entire device, tamper monitors and an active power supply circuit which disallows the ability to “listen” for bits changing. The ECC-based solutions offer an external tamper pin, so unauthorized opening of your product can be detected.

Atmel and IoT and Crypto, oh my!

One of the companies that is best positioned to supply components into the Internet of Things (IoT) market is Atmel. For the time being most designs will be done using standard components, not doing massive integration on an SoC targeted at a specific market. The biggest issue in the early stage of market development will be working out what the customer wants and so the big premium will be on getting to market early and iterating fast, not premature cost optimization for a market that might not be big enough to support the design/NRE of a custom design.

Latest product in Atmel's SmartConnect family, the SAM W25 module

Here is Atmel’s latest product in the SmartConnect family, the SAM W25 module

Atmel has microcontrollers, literally over 500 different flavors and in two families, the AVR family and a broad selection of ARM microcontrollers ad processors. They have wireless connectivity. They have strong solutions in security.

Indeed last week at Electronica in Germany they announced the latest product in the SmartConnect family, the SAM W25 module. It is the industry’s first fully-integrated FCC-certified Wi-Fi module with a standalone MCU and hardware security from a single source. The module is tiny, not much larger than a penny. The module includes Atmel’s recently-announced 2.4GHz IEEE 802.11 b/g/n Wi-Fi WINC1500, along with an Atmel | SMART SAM D21 ARM Cortex M0+-based MCU and Atmel’s ATECC108A optimized CryptoAuthentication engine with ultra-secure hardware-based key storage for secure connectivity.

Atmel at Electronica 2014

Atmel at Electronica 2014

That last item is a key component for many IoT designs. Security is going to be a big thing and with so many well-publicized breaches of software security, the algorithms, and particularly the keys, are moving quickly into hardware. That component, the ATECC108A, provides state-of-the-art hardware security including a full turnkey Elliptic Curve Digital Signature Algorithm (ECDSA) engine using key sizes of 256 or 283 bits – appropriate for modern security environments without the long computation delay typical of software solutions. Access to the device is through a standard I²C Interface at speeds up to 1Mb/sec. It is compatible with standard Serial EEPROM I²C Interface specifications. Compared to software, the device is:

  • Higher performance (faster encryption)
  • Lower power
  • Much harder to compromise

Atmel has a new white paper out, Integrating the Internet of Things, Necessary Building Blocks for Broad Market Adoption. Depending on whose numbers you believe, there will be 50 billion IoT edge devices connected by 2020.

Edge nodes are becoming integrated into everyone’s life

As it says in the white paper:

On first inspection, the requirements of an IoT edge device appear to be much the same as any other microcontroller (MCU) based development project. You have one or more sensors that are read by an MCU, the data may then be processed locally prior to sending it off to another application or causing another event to occur such as turning on a motor. However, there are decisions to be made regarding how to communicate with these other applications. Wired, wireless, and power line communication (PLC) are the usual options. But, then you have to consider that many IoT devices are going to be battery powered, which means that their power consumption needs to be kept as low as possible to prolong battery life. The complexities deepen when you consider the security implications of a connected device as well. And that’s not just security of data being transferred, but also ensuring your device can’t be cloned and that it does not allow unauthorized applications to run on it.
IoT Design Requirements - Software / Development Tools Ecosystem

IoT design requirements: Software / development tools ecosystem

For almost any application, the building blocks for an IoT edge node are the same:

  • Embedded processing
  • Sensors
  • Connectivity
  • Security
  • And while not really a “building block,” ultra-low power for always-on applications

My view is that the biggest of these issues will be security. After all, even though Atmel has hundreds of different microcontrollers and microprocessors, there are plenty of other suppliers. Same goes for connectivity solutions. But strong cryptographhic solutions implemented in hardware are much less common.

The new IoT white paper is available for download here.

This post has been republished with permission from SemiWiki.com, where Paul McLellan is a featured blogger. It first appeared there on November 19, 2014.