Tag Archives: Hardware-Based Security

10 (+1) invaluable steps to launching your next IoT product


Let’s transition your products from a ‘dumb’ to ‘smart’ thing.


Many enterprises, startups and organizations have already been exposed to the innovation land grab stemming from the rapidly evolving Internet of Things (IoT). What’s available in the product/market fit arena? This is the hunt to cease some segment of the multi-trillion dollar growth reported to gain from the IoT, enabling embedded system connectivity coupled with the ecosystem value-add of a product or service. Even for that matter, transforming a mere idea that centers around connectivity solutions can present an array of challenges, particularly when one seeks to bring to market disruptive ways for the end-user to adopt from the more traditional way of doing things (e.g. GoPro, PebbleWatch, FitBit, and even to as far as e-health monitors, tire subscriptions, self-driving vehicles, smart bracelets, connected medical apparatus or Industrial Internet devices, home automation systems and more).

All together, there’s one overlaying theme to these Internet-enabled products. They are all pervasively SMART technologies that help monetize the IoT. Now, let’s get your products to transition from a once ordinary, mundane object to a much smarter, more secure “thing.” When doing so, this too can often present a few obstacles for designers, especially as it requires a unique set of skills needed to interface systems with connectivity to the cloud or Internet.

To top it all off, there may already be various product lines in existence that have a mandate to leverage a connected ecosystem/design. In fact, even new ones require connectivity to the cloud, having designs set forth to enhance via customer usage then combining this user data with other associated data points. Already, the development to enable such devices require an assortment of skills. It’s an undertaking, one in which requires knowledge and expertise to command stable connectivity in the infrastructure and design a product with security, scalability, and low power.

Moving ahead, here are some recommendations developers and Makers should know:

  1. Identify a need and market: The value of the smart device lies in in the service that it brings to the customer. Identify the need to develop a strong offer that brings value or enhances efficiency rather than creating a simple gadget. (See Marc Andreesen’s infamous blog on product/market fit for more tips).
  1. Validate your ideation: Carry out market research. Do your due diligence. Determine whether the device you think of creating already exists. Can improvements be ascertained with testimonial as an enhanced or unique experience? Indeed, benchmarking will allow you to discover any competitors, find sources of inspiration, develop a network of ideas to pool and find other areas for improvement as well.
  1. Prototype toward MVP: New device fabrication techniques, such as 3D printing, are the ideal creative validation for producing prototypes much faster and for less money. They also promote iteration, which is an integral process when designing the device towards MVP.
  1. Connect the ‘thing’ then concert it into a smart ‘thing:’ Right now, there is no mandatory standard for interconnecting different devices. Selecting the right technology is essential, particularly if the device requires low-power (speaking of low-power….) and event and state controls, which highly optimize extended power and the services to enrich the information system and eventally enhance user experience with a roadmap toward an ecosystem.
  1. Develop the application: Today, the primary smart devices are linked to an dedicated mobile app. Since the app transforms the smartphone into a remote control, it must be be easy to use for your end-users, and more importantly, simply upgraded via the cloud.
  1. Manage the data: Fitted with a multitude of sensors, connected gadgets generate an enormous amount of data that need to be processed and stored with the utmost security across all layers even to as far as using cryptography in memory. (After all, you don’t want your design become a ‘Tales from the Crypt-O” horror story.) 
  1. Analyze and exploit the data: By processing and analyzing the data, a company can extract the necessary information to deploy the right service in the right place at the right time.
  1. Measure the impact of the smart device: Set up probes to monitor your devices and data traffic quality. Answer questions objectively as to how it would securely scale and evolve should there be an instant high volume success and usage. This will help you measure the impact of the smart device in real time and adapt its actions accordingly, and model into the product roadmap and MVP spec.
  1. Iterate to fine-tune the device’s use: After launching the project, the process has only begun. Feedback needs to be taken into account in order to adjust and fine-tune the project. Due to its very nature, digital technology requires continuous adaptation and iteration. “Try and learn” and present riskier ideas to products are the fundamental principles behind transformation when imposing a new use.
  1. Prototype again: Continuous adaptation and iteration means that your company needs to produce a new prototype.
Here’s 10 + 1 invaluable Step to Launching Your IoT Project or Products

Here’s 10 + 1 invaluable steps to launching your IoT project or product.

11. Take advantage of the hands-on training in your region.

As an application space, IoT sensor nodes are enabled by a number of fundamental technologies, namely a low-power MCU, some form of wireless communication and strong security. With this in mind, the newly revealed Atmel IoT Secure Hello World series will offer attendees hands-on training, introducing them to some of the core technologies making the Internet of Things possible, including Wi-Fi and CryptoAuthentication.

What’s more, these sessions will showcase Atmel’s diverse Wi-Fi capabilities and CryptoAuthentication hardware key storage in the context of the simplest possible use cases. This includes learning how to send temperature information to any mobile device via a wireless network and how to enable the remote control of LEDs on a SAM D21 Xplained Pro board over a Wi-Fi network using a WINC1500. In addition, attendees will explore authentication of IoT nodes, as well as how to implement a secure communications link — something that will surely come in handy when preparing to launch your next smart product.

As you can see, so far, everyone is LOVING the Hello World sessions — from hardcore embedded engineers to hobbyists. Here some recent social activity following the recent Tech on Tour events in both Manchester and Heathrow, UK. Need we say more? These tweets say a thousand words!

Atmel-Tech-On-Tour-Europe-UK

Connected and ready to go… all before lunch! (Yes, there’s food as well!)

 

Atmel-Tech-On-Tour-Europe-BYOD

Atmel’s Tech on Tour and proud partner EBV Elektronik proudly thankful for the successful event in Manchester, UK.

 

Atmel-Tech-On-Tour-Europe

Atmel’s Tech on Tour just successfully completed a full house attendance training in Manchester, UK

 

Find out how you too can receive in-depth IoT training. As the Atmel | Tech on Tour makes it way throughout Europe, Asia, and North America, make sure you know when the team arrives in your town!  Don’t miss it. Upon registering, you will even receive a WINC1500 Xplained Pro Starter Kit to take home.

Keeping consumables real


The most cost-effective and secure way to keep things real is through symmetric authentication without secret storage on the host using a fixed challenge.


With the ever present threat of counterfeiting, having a cost-effective and highly-secure way to ensure that a consumable product is real is a great idea. In fact, there is a proven industry standard approach to apply sophisticated cryptographic engineering and mathematics to fight counterfeiting; namely, crypto elements like the Atmel ATSHA204A device.

Crypto elements can attach to a consumable good, such as the classic example of an ink cartridge, even without being soldered in. The device can be glued directly outside of the product. When the ink or other consumable is inserted into the host system (where the MCU is), the crypto element makes contact and the host is able to communicate with the item to validate whether or not it is real. This is called authentication.

consumable

The most cost-effective yet secure way to authenticate is through symmetric authentication without secret storage on the host using a fixed challenge.

With symmetric authentication, a client and the host run the exact same calculation on each side, and if the client (the consumable) is real, then the results of those calculations (called the “responses”) will match. There is a way to go about using a very inexpensive MCU without running the crypto calculations within the host side’s MCU. That is where the concept of fixed challenge comes into play. The idea of a fixed challenge is that the calculation done for the host is conducted ahead of time, and the challenge/response pair from that calculation is loaded into the host.

The fixed challenge method is ideal when certain considerations are in play, such as the folowing:

  1. Very limited processing power (e.g. low-cost MCU)
  2. Abundance of available memory to easily store challenge-response pairs (e.g. in a smartphone)
  3. Need to get something out quickly or temporarily (e.g. time to market)
  4. Need a very low cost on the host (e.g. can’t afford adding a key storage device)
  5. Desire to not store a secret key in the host

So, how does a fixed challenge work? Like with other challenge-response operations, the process starts with the host controller sending the client a numerical challenge to be used in a calculation to create a response, which then gets compared to a “response” number in the host. What makes this “fixed” is that, because there is no crypto device in the host to generate random numbers (or make digests using hashing algorithms), the challenge cannot be random. That means that the challenges and their corresponding responses must be pre-calculated using the client’s secret key and the challenge and response pair loaded into the memory of the host. This can be looked at as effectively time-shifting the calculations used for authentication.

fixed 1

Let’s look at an example using the ATSHA204A installed in the client.

Step 1: In the factory when the host manufactured challenges are loaded into the host MCU memory together with a response that is calculated by hashing the client’s secret with that challenge.

Step 2: When the consumable is inserted into the host machine out in the field, the host MCU will ask the client (consumable) to prove it is real by sending it the preloaded challenge.

Step 3: The client will then run the hash algorithm on that challenge number using its stored secret key to generate a response, which it sends back to the host.

Step 4: The host will compare the response from the clients with the preloaded response value stored in its memory.

Step 5: If the client is real, the response from the client (which is the hash value based on the secret key and the challenge) will be the same as the response value that was preloaded in the host.

Since each host is loaded with a different challenge/response pair, each product that the host is incorporated into is then unique by definition. Cloning beyond only one copy is impossible; thus, this is a highly-secure and very cost-effective technique as it can be easily implemented with very inexpensive MCUs.

This approach can be used for firmware protection and designs with no secrets in the host (as noted), as well as be implemented with very low-cost MCUs that do not have the processing power to run the hashing algorithms.

The many benefits of fixed challenge authentication:

  • Symmetric authentication is fast
  • No secrets in the host
  • Can use low-cost MCU of host because less computation is needed for a fixed challenge
  • Prevents cloning
  • Protects investments in firmware
  • Enhances safety
  • Protects revenue stream
  • Protects brand image
  • Better control of the supply channel

Atmel crypto element devices — including ATSHA204AATECC108AATECC508A and ATAES132A — implement hardware-based key storage, which is much stronger than software based storage due to the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software, and hardware products from cloning, counterfeiting, hacking, and other malicious threats.

Atmel and Sequitur Labs bring robust adaptive security to the IoT


The recent partnership highlights a new approach to IoT security and management along with ultra-secure hardware at Embedded World 2015.


Sequitur Labs, a developer of advanced security solutions and policy management for the mobile computing and connected devices markets, and Atmel will be demonstrating a joint platform for enhanced security and manageability of Internet of Things (IoT) devices and applications at Embedded World 2015 in Nuremberg, Germany.

The Seattle-based company has integrated their programmable, context aware security and manageability platform for embedded and smart gadgets with Atmel’s SAMA5D4 and SAM D21 MCUs, ATWINC1500 Wi-Fi modules, as well as ATECC508A crypto element devices employing ultra-secure hardware-based key storage. The joint solution significantly raises the bar on countering threats aimed at the IoT by implementing a system-wide, dynamic approach to security policy enforcement.

As recent reports suggest, the IoT market is projected to grow significantly with 69% of U.S. consumers planning to buy network-connected technology for their homes by 2019. And, with the number of intelligent devices entering the market on the rise, enhanced security and manageability of data becomes critical for IoT adoption. Threat vectors are expected to multiply quickly as connected nodes increase in volume with immense potential repercussions for business, critical infrastructure, medical systems, transport systems and personal data.

“Security and manageability of IoT nodes are the primary needs in this market. ‘Thing’ makers must stay ahead of the game by creating devices that are ‘secure by design’ and that employ a systems-driven approach. This means robust security and management need to be designed right from the outset and not added as an afterthought,” explained Phil Attfield, CEO of Sequitur Labs.

It should be noted that Sequitur’s security framework includes secure, policy driven command and control, enhanced data protection and hardware encryption, secure firmware updates, and programmable policy for greater customization.

“As a leader in security, Atmel is committed to delivering comprehensive, ultra-secure solutions to the billions of forthcoming connected devices,” said Bill Boldt, Atmel Senior Marketing Manager for Crypto Products. “Atmel’s innovative ecosystem partner, Sequitur Labs, is accelerating and simplifying IoT and embedded system development to provide the full complement of security capabilities, specifically confidentiality, data integrity and authentication. We are excited to work with Sequitur Labs to continue bringing ultra-secure, hardware-based key storage solutions to a wide range of applications including IoT, wireless, consumer, medical, and industrial, among others.”

The Sequitur Labs and Atmel product demonstration platform can be seen in the Atmel booth (4A-230) all week long at Embedded World. Additionally, Sequitur Labs CEO Phil Attfield will present “Reducing Risk and Liability of IoT with a Systems-based Approach to the 20 Critical Security Controls,” while Atmel’s very own Kerry Maletsky will explore “Making IoT a Reality—Leveraging Hardware Security Devices.”

Interested in learning more? Head over to Sequitur Labs’ official page here.

Forward secrecy made real easy


Taking a closer look at how ATECC508A CryptoAuthentication devices can help in providing robust authentication.  


Forward secrecy, which is often referred to as Perfect Forward Secrecy (PFS), is essentially the protection of ciphertext with respect to time and changes in security of your cryptographic session keys and/or primary keying material over time.

A cryptographic session key is used to authenticate messages and encrypt text into ciphertext before it is transmitted. This thwarts a “man in the middle” from understanding the message and/or altering that message. These keys are derived from primary keying material. In the case of Public Key Cryptography, this would be the private key.

Unless you are implementing your own security in the application layer, you probably rely on the TLS/SSL in the transport layer.

The Problem

One can envision a scenario in which ciphertext was recorded by an eavesdropper over time. For a variety of reasons out of your control, your session keys and/or primary keying material are eventually discovered and this eavesdropper could decipher all of those recorded transmissions.

Release of your secret keys could be the result of a deliberate act, as with a bribe, a disgruntled employee, or even someone thinking they are “doing the right thing” by exposing your secrets. Or, it could be the result of an unwitting transgression from protocol. Equipment could be decommissioned and disposed of improperly. The hard drives could be recovered using the infamous dumpster dive attack methodology, thus exposing your secrets.

If you rely solely on transport layer security, your security could be challenged knowingly or unknowingly by third parties controlling the servers you communicate with. Recently leaked NSA documents shows powerful government agencies can (and do) record ciphertext. Depending on how clever or influential your snoopers are, they could manipulate the server system against you.

There are many ways your forward security could be compromised at the server level, including server managers unwittingly compromise it due to bad practices, inadequate cipher suites, leaving session keys on the server too long, the use of resumption mechanisms, among countless others.

Let’s just say there are many, many ways the security of your session keys and/or primary keying material could eventually be compromised. It only takes one of them. Nevertheless, the damage is irreversible and the result is the same: Those recorded ciphertext transmissions are now open to unintended parties.

The Solution

You can wipe out much of your liability by simply changing where encryption takes place. If encryption and forward secrecy are addressed in the application layer, session keys will have no relationship with the server, thereby sidestepping server based liabilities.This, of course, does not imply transport layer security should be discarded.

A public/private key system demonstrates the property of forward secrecy if it creates new key pairs for communication sessions. These key pairs are generated on an as-needed basis and are destroyed after a single use. Their generation must be truly random. In fact, they cannot be the result of a deterministic algorithm. Once a session key is derived from the public/private key pair, that key pair must not be reused.

Atmel’s newly-revealed ATECC508A CryptoAuthentication device meets this set of criteria. It has the ability to generate new key pairs using a high quality truly random number generator. Furthermore, the ATECC508A supports ECDH, a method to spawn a cryptographic session key by knowing the public key of the recipient. When these spawned session keys are purposely short-lived, or ephemeral, the process is known as ECDHE.

Using this method, each communication session has its own unique keying material. Any compromise of this material only compromises that one transmission. The secrecy of all other transmissions remains secure.

The Need for Robust Authentication

Before any of the aforementioned instances can occur, the identity of the correspondents needs to be robustly authenticated. Their identities need to be assured without doubt (non-repudiation), because accepting an unknown public key without robust authentication of origin could authorize an attacker as a valid user. Atmel’s ATECC508A provides this required level of authentication and non-repudiation.

Not only is the ATECC508A a cost-effective asymmetric authentication engine available in a tiny package, it is super easy to design in and ultra-secure. Moreover, it offers protective hardware key storage on-board as well a built-in ECC cryptographic block for ECDSA and ECDH(E), a high quality random number generator, a monotonic counter, and unique serial number.

With security at its core, the Atmel CryptoAuthentication lineup is equipped with active defenses, such as an active shield protecting the entire device, tamper monitors and an active power supply circuit which disallows the ability to “listen” for bits changing. The ECC-based solutions offer an external tamper pin, so unauthorized opening of your product can be detected.

Atmel launches next-generation CryptoAuthentication device


Atmel becomes first to ship ultra-secure crypto element enabling smart, connected and secure systems.


Just announced, the Atmel ATECC508A is the first device to integrate ECDH (Elliptic Curve Diffie–Hellman) security protocol — an ultra-secure method to provide key agreement for encryption/decryption, along with ECDSA (Elliptic Curve Digital Signature Algorithm) sign-verify authentication — for the Internet of Things (IoT) market including home automation, industrial networking, accessory and consumable authentication, medical and mobile, among many others.

Atmel_September2014_pg2

Atmel’s ATECC508A is the second integrated circuit (IC) in the CryptoAuthentication portfolio with advanced Elliptic Curve Cryptography (ECC) capabilities. With built-in ECDH and ECDSA, this device is ideal for the rapidly growing IoT market by easily providing confidentiality, data integrity and authentication in systems with MCU or MPUs running encryption/decryption algorithms (such as AES) in software. Similar to all Atmel CryptoAuthentication products, the new ATECC508A employs ultra-secure hardware-based cryptographic key storage and cryptographic countermeasures which are more secure than software-based key storage.

This next-generation CryptoAuthentication device is compatible with any microcontroller or microprocessor on the market today including Atmel | SMART and Atmel AVR MCUs and MPUs. As with all CryptoAuthentication devices, the ATECC508A delivers extremely low-power consumption, requires only a single general purpose I/O over a wide voltage range, and available in a tiny form factor, making it ideal for a variety of applications that require longer battery life and flexible form factors.

“As a leader in security, Atmel is committed to delivering innovative secure solutions to the billions of devices to be connected in the IoT market,” explained Rob Valiton, SVP and GM of Atmel’s Automotive, Aerospace and Memory Business Units. “Atmel’s newest CryptoAuthentication IC is the first of its kind to apply hardware-based key storage to provide the full complement of security capabilities, specifically confidentiality, data integrity and authentication. We are excited to continue bringing ultra-secure crypto element solutions to a wide range of applications including IoT, wireless, consumer, medical, industrial, and automotive, among others.”

CryptoSecurityALT_HPBanner_980x352_Final_v_2

Key security features of the ATECC508A include:

  • Optimized key storage and authentication
  • ECDH operation using stored private key
  • ECDSA (elliptic-curve digital signature algorithm) sign-verify
  • Support for X.509 certificate formats
  • 256-bit SHA/HMAC hardware engine
  • Multilevel RNG using FIPS SP 800-90A DRBG
  • Guaranteed 72-bit unique ID
  • I2C and single-wire interfaces
  • 2 to 5.5V operation, 150-nA standby current
  • 10.5-kbit EEPROM for secret and private keys
  • High-Endurance Monotonic Counters
  • UDFN, SOIC, and 3-lead contact packages

In the wake of recent incidents, it is becoming increasingly clear that embedded system insecurity impacts everyone and every company. The effects of insecurity may not only be personal, such as theft of sensitive financial and medical data, but a bit more profound on the corporate level. Products can be cloned, software copied, systems tampered with and spied on, and many other things that can lead to revenue loss, increased liability, and diminished brand equity.

Data security is directly linked to how exposed the cryptographic key is to being accessed by unintended parties including hackers and cyber-criminals. The best solution to keeping the “secret key secret” is to lock it in protected hardware devices. That is exactly what this latest iteration of security devices have, are and will continue to do. They are an inexpensive, easy, and ultra-secure way to protect firmware, software, and hardware products from cloning, counterfeiting, hacking, and other malicious threats.

Interested in learning more? Discover the latest in hardware-based security here. Meanwhile, you may also want to browse through recent articles on the topic, including “Is the Internet of Things just a toy?,” “Greetings from Digitopia,” “What’s ahead this year for digital insecurity?,” and “Don’t be an ID-IoT.