Tag Archives: MCU

Atmel | SMART SAM L21 is winning the low-power battle

EE Times highlights the ongoing game of leapfrog between MCU vendors for the lowest-power solution. Can you guess who’s winning?

Writing for EE TimesRich Quinnell notes that MCU vendors have become engaged in a new game of leapfrog, announcing a slew of products with ever-improving benchmark results and leadership in ultra-low power processing.


“While this may seem like a marketing game, developers will ultimately be the winners as vendors refine their techniques for saving power. In the past, a low powered MCU also meant low performance, but vendors have been challenging this correlation by offering increasingly powerful MCUs for low-power applications,” he writes. “Developers, however, faced a problem in evaluating these offerings. Traditional specifications such as operating current in mW/MHz and sleep-mode leakage currents became increasingly difficult to evaluate in the face of the multiple power states that devices offered, and in the face of inconsistency in the industry in the descriptions and specifications used to characterize low-power operation.”

The Embedded Microprocessor Benchmark Consortium (more commonly referred to as EEMBC) develops benchmarks to help system designers select the optimal processors and understand the performance and energy characteristics of their systems. EEMBC has benchmark suites spanning across countless application areas, targeting just about everything from the cloud and big data, to mobile devices (Android phones and tablets) and digital media, to the Internet of Things and ultra-low power microcontrollers. In particular, the EEMBC ULPBench power benchmark, which was introduced last year, standardizes datasheet parameters and provides a methodology to reliably and equitably measure MCU energy efficiency.

“This is one of the strictest benchmarks we’ve ever done in terms of setup and such. The benchmark has the MCU perform 20k clock cycles of active work once a second, and sleep the remainder of the second. This way each processor performs the same workload, which levels the playing field with regard to executing the benchmark,” EEMBC President Marcus Levy told EE Times in a recent interview.


In order to calculate the final ULPMark-CP score, 1,000 is divided by the median value for average energy used per second during each of 10 benchmark cycles. A larger value therefore represents less energy consumed.

Using this benchmark, MCU vendors have begun publishing their results and surpassing one another to temporarily claim their stake at the top of the low-power leaderboard. Still, the leapfrog game is likely to continue for some time. Andreas Eieland, Atmel Director of Product Marketing explained to EE Times, “Low power is an area where everyone is pouring a lot of R&D into, and it has taken on a much faster pace than before. We know we’re the lowest power now, but you never know where your competition is in its efforts. So, we’re already looking at the next step.”

Eieland points out that at first low-power development efforts mainly concentrated on architectural improvements to the CPU, however optimizing the CPU wasn’t enough. This meant companies needed to begin going through every peripheral and optimizing it, looking at every transistor in the product. He adds, “We [Atmel] started developing clock-on-demand features, logic that allows peripherals to operate stand-alone, using the minimum circuitry needed to complete their task, gating away the clock and even establishing a variety of power domains so we could shut down circuits not in use and eliminate even their leakage current.”


“TI surpassed its own earlier result by announcing the MSP-432 family based on the Cortex M4F. It achieved a ULPBench score of 167.4. While TI was briefing the media on this product, however, Atmel quietly published a ULPBench score of 185.8 for its SAM L21 MCU based on the Cortex M0+, a product announced last year that was scheduled to be released at about this time,” Quinnell reveals.

The Atmel | SMART SAM L21 family delivers ultra-low power running down to 35µA/MHz in active mode, consuming less than 900nA with full 32kB RAM retention, and 200nA in the deepest sleep mode. With rapid wake-up times, Event System, Sleepwalking and the innovative picoPower peripherals, the SAM L21 is ideal for handheld and battery-operated devices in a variety of markets.

As time goes on, we can surely expect to see benchmark scores continue to improve and the competition to pick up. However, despite their differences, everyone can agree that these scores are only a mere starting point for developers seeking the lowest-power device for their design.

“The ULP benchmark isn’t 100% fair; no benchmark can ever be,” Eieland concluded. “But it does take a lot of the marketing out of low power, and it gives you a relative comparison you can use.”

Want to read more? Head over to the entire EE Times write-up here.

Adafruit unveils the GEMMA v2

The newest version of the Adafruit GEMMA features an on/off switch and Micro-USB.

We’re not quite sure as to how we missed this bit of news on #WearableWednesday, however if DIY wearable projects are your thing, then perhaps you’d like know about the brand-spanking new Adafruit GEMMA v2.


The latest version — which is essentially identical to its predecessor in terms of aesthetics and code — has swapped out the Mini-B for a Mirco-B USB connector to provide some more on-board space. With all that new room, the GEMMA now is able to welcome the addition of an on/off switch.

For the 1% of you who are not familiar with Adafruit and its versatile lineup of Atmel based body boards, GEMMA is a tiny wearable MCU that packs a whole lot of awesome in a 1-inch (27mm) diameter area. The mini yet powerful platform is powered by an ATtiny85 and is programmable with the Arduino IDE via USB. It also features a 3.3V regulator with 150mA output capability and ultra-low dropout. Beyond that, v2’s ATtiny85 chip package has switched from SOIC to QFN.


“We designed a USB bootloader so you can plug it into any computer and reprogram it over a USB port just like an Arduino (it uses 2 of the 5 I/O pins, leaving you with 3). In fact, we even made some simple modifications to the Arduino IDE so that it works like a mini-FLORA,” the Adafruit team explains.

Ideal for small and simple projects sewn with conductive thread, the [tinyAVR based] GEMMA fits the needs of nearly every entry-level wearable creation — ranging from reading sensors to driving addressable LED pixels.

“We wanted to design a microcontroller board that was small enough to fit into any project, and low cost enough to use without hesitation. Perfect for when you don’t want to give up your Flora and you aren’t willing to take apart the project you worked so hard to design. It’s our lowest-cost sewable controller.”


Aside from the ATtiny85 MCU, other key hardware specs of GEMMA include:

  • Operating Voltage: 3.3V
  • Input voltage (recommended): 4-16V via battery port
  • Digital I/O pins: 3
  • PWM channels: 2
  • Analog input channels: 1
  • Flash memory: 8KB (ATtiny85) of which 2.75KB used by bootloader
  • SRAM: 512 bytes (ATtiny85)
  • EEPROM: 512 bytes (ATtiny85)
  • Clock speed: 8 MHz
  • Micro-USB for USB bootloader

Interested in learning more? Head over to its official page here. Or, watch Adafruit’s Becky Stern show off the new and improved GEMMA v2 below!

MIT Media Lab’s morphing table has Atmel under the hood

Tangible Media Group has created a shapeshifting display that lets users interact with digital information in a tangible way. 

As previously shared on Bits & Pieces, MIT Media Lab’s Tangible Media Group has devised a morphing table with several ATmega2560 MCUs under the hood. The installation was recently exhibited at the Cooper-Hewitt Smithsonian Design Museum in New York, and can be seen in action below!


inFORM is described its creators as a dynamic shape display that can render 3D content physically, so users can interact with digital information in a tangible way. In order to make that a reality, the table is equipped with 900 individually actuated white polystyrene pins that make up the surface in an array of 30 x 30 pixels. The interactive piece can display 3D information in real-time and in a more accurate and interactive manner compared to the flat rendering often created by computer user interface.


This was all accomplished by tasking a Kinect sensor to capture 3D data. This information was then processed with a computer and relayed over to a display, enabling the system to remotely manipulate a physical ball. Aside from being able to produce a controlled physical environment for the ball, the pins are able to detect touch, pressing down and pulling.


An overhead projector provides visual guidance of the system, with each pin capable of actuating 100mm and exerting a force of up to 1.08 Newtons each. Actuation is achieved via push-pull rods that are utilized to maximize the dense pin arrangement — making the display independent of the size of the actuators. The table is driven by 150 ATmega2560 based Arduino PCBs arranged in 15 rows of vertical panels, each with 5×2 boards. The boards then communicate with a PC over five RS485 buses bridged to USB. Meanwhile, graphics are rendered using OpenGL and openFrameworks software.

“One area we are working on is Geospatial data, such as maps, GIS, terrain models and architectural models. Urban planners and architects can view 3D designs physically and better understand, share and discuss their designs,” the team writes. “Cross sections through Volumetric Data such as medical imaging CT scans can be viewed in 3D physically and interacted with. We would like to explore medical or surgical simulations. We are also very intrigued by the possibilities of remotely manipulating objects on the table.”


Its creators are hoping to spark several collaborations with everyone from urban planners and architects, to designers and modelers, to doctors and surgeons. The display could be used as an alternative to 3D printing low-resolution prototypes as well as rendering 3D data — ranging from construction plans and CT scans — that a user will be able to interact with by physically molding the pins.

Interested? A detailed paper of the project by can be found here.

What’s ahead this year in digital insecurity?

Here’s a closer look at the top 10 cyber security predictions for 2015.

In 2014 worries about security went from a simple “meh” to “WTF!” Not only did high-profile attacks get sensational media coverage, but those incidents led to a pivotal judicial ruling that corporations can be sued for data breaches. And as hard as it is to believe, 2015 will only get worse because attack surfaces are expanding as mobile BYOD policies overtake enterprises, cloud services spread, and a growing number of IoT networks get rolled out. Add m-commerce, e-banking, and mobile payments to the questionable tradition of lax credit card security infrastructure in the U.S. and you get a perfect storm for cybercrime.

In fact, 92% of attacks across the range of segments come from nine basic sources (seen in the diagram below), according to Verizon. More numerous and sophisticated cyber crimes are anticipated for this year and beyond.


 1. More companies to get “Sony’d”

2014 saw the release of highly-evolved threats from criminals that in the past only came from governments, electronic armies and defense firms. A wide-range of targets included organizations in retail, entertainment, finance, healthcare, industrial, military, among countless other industries. As a repeat offender, Sony is now the cyber-victim poster child, and the term “Sony’d” has become a verb meaning digital security incompetence. Perhaps Sony’s motto should be changed from “make.believe.” to “make.believe.security.” Just saying!

Prior to 2014, companies on a wholesale basis tended to simply deny cyber vulnerabilities. However, a string of higher profile data breaches — such as Sony, Heartbleed, Poodle, Shellshock, Russian Cyber-vor, Home Depot, Target, PF Chang’s, eBay, etc. — have changed all of that. Denial is dead, but confusion and about what to do is rampant.

2. Embedded insecurity rising

Computing naturally segregates into embedded systems and humans sitting in front of screens.  Embedded systems are processor-based subsystems that are “embedded” into other machines or bigger systems.  Examples are routers, industrial controls, avionics, automotive engine and in-cabin systems, medical diagnostics, white goods, consumer electronics, smart weapons, and countless others.  Embedded security was not a big deal until the IoT emerged, which will lead to billions of smart, communicating nodes.  15 to more than 20 billion IoT nodes are being forecast by 2020, which will create a gigantic attack platform and make security paramount.

IoT Installed

A recent study by HP revealed that 70% of interconnected (IoT) devices have serious vulnerabilities to attacks. The devices they investigated consisted of “things” like cloud-connected TVs, smart thermostats and electronic door locks.

“The current state of Internet of Things security seems to take all the vulnerabilities from existing spaces — network security, application security, mobile security and Internet-connected devices — and combine them into a new, even more insecure space, which is troubling,” HP’s Daniel Miessler stated.

Issues HP identified ranged from weak passwords, to lack of encryption, to poor interfaces, to troubling firmware, to unencrypted updating protocols. Other notable findings included:

  • 60% of devices were subject to weak credentials
  • 90% collected personal data
  • 80% did not use passwords or used very weak passwords
  • 70% of cloud connected mobile devices allowed access to user accounts
  • 70% of devices were unencrypted

Investigators at the Black Hat Conference demonstrated serious security flaws in home automation systems. At DEFCON, investigators hacked NFC-based payment systems showing that passwords and account data was vulnerable. They also revealed that the doors of a Tesla car could be hacked to open while in motion. Nice! Other attacks were exploited on smart TVs, Boxee TV devices, smartphone biometric systems, routers, IP cameras, smart meters, healthcare devices, SCADA (supervisory, control and data acquisition) devices, engine control units, and some wearables. Even simple USB firmware was proven to be highly vulnerable… “Bad USB.”

These are just the tip of the embedded insecurity iceberg. Under the surface is the entire Dark Net which adds even more treacherousness. Security companies like Symmantic have identified home automation as a likely early IoT attack point. That is not surprising because home automation will be an early adopter of IoT technologies, after all. In-house appliances also represent an attractive attack surface as more firmware is contained in smart TVs, set top boxes, white goods, and routers that also communicate. Node-to-node connectivity security extends to industrial settings as well.

Tools like Shodan, which is the Google of embedded systems, make it very easy for hackers to get into the things in the IoT.  CNN recently called Shodan the scariest search engine on the Internet. You can see why since everything that is connected is now accessible. Clearly strong security, including hardware-based crypto elements, is paramount.

 3. More storms from the cloud


It became clear in 2014 that cloud services such as iCloud, GoogleDrive, DropBox and others were rather large targets because they are replete with sensitive data (just ask Jennifer Lawrence). The cloud is starting to look like the technological Typhoid Mary that can spread viruses, malware, ransomware, rootkits, and other bad things around the world. As we know by now, the key to security is how well cryptographic keys are stored.   Heartbleed taught us that, so utilizing new technologies and more secure approaches to maintain and control cryptographic keys will accelerate in 2015 to address endemic cloud exposure. Look for more use of hardware-based key storage.

4. Cyber warfare breaks out

eBay, PF Chang’s, Home Depot, Sony, JP Morgan, and Target are well-known names on the cybercrime blotter, and things will just get worse as cyber armies go on the attack. North Korea’s special cyber units, the Syrian Electronic Army, the Iranian Cyber Army (ICA), and Unit 61398 of the People’s Liberation Army of China are high profile examples of cyber-armies that are hostile to Western interests. Every country now seems to have a cyber-army units to conduct asymmetric warfare. (These groups are even adopting logos, with eagles appearing to be a very popular motif.)


Cyber warfare is attractive because government-built malware is cheap, accessible, and covert, and thus highly efficient. Researchers have estimated that 87% of cyber-attacks on companies are state-affiliated, 11% by organized crime, 1% by competitors, and another 1% by former employees. Long story short, cyber war is real and it has already been waged against non-state commercial actors such as Sony. It won’t stop there.

 5. Cybercrime mobilizes

According to security researchers, mobile will become an increasingly attractive target for hackers. Fifteen million mobile devices are infected with malware according to a report by Alcatel-Lucent’s Kindsight Security Labs. Malvertising is rampant on untrusted app stores and ransomware is being attached to virtual currencies. Easily acquired malware generation kits and source code make it extremely easy to target mobile devices. Malicious apps take advantage of the Webkit plugin and gain control over application data which hands credentials, bank account, and email details over to hackers. What’s more, online banking malware is also spreading. 2014 presented ZeuS, which stole data, and VAWTRAK that hit online banking customers in Japan.

Even two-factor authentication measures that banks employ have recently been breached using schemes, such as Operation Emmental. Emmental is the real name of Swiss cheese, which of course is full of holes just like the banking systems’ security mechanisms.  Emmental uses fake mobile apps and Domain Name System (DNS) changers to launch mobile phishing attacks to get at online  banking  accounts and steal identities. Some researchers believe that cybercriminals will increasingly use such sophisticated attacks to make illegal equity front running and short selling scams.


6. Growing electronic payments tantalize attackers

Apple Pay could be a land mine just waiting to explode due to NFC’s susceptibility to hacking. Google Wallet is an example of what can happen when a malicious app is granted NFC privileges making it capable of stealing account information and money. M-commerce schemes like WeChat could be another big potential target.


E-payments are growing and with that so will the attacks on mobile devices using schemes ranging from FakeID to master key. Master key is an exploit kit similar to blackhole exploit kit that specifically targets mobile, where FakeID allows malicious apps to impersonate legitimate apps that allow access to sensitive data without triggering suspicion.

7. Health records represent a cyber-crime gold mine

Electronic Health Records (EHR) are now mandatory in the U.S. and a vast amount of personal data is being collected and stored as never before. Because information is money, thieves will go where the information is (to paraphrase Willie Sutton). Health records are considered higher value in the hacking underground than stolen credit card data. Criminals throughout both the U.S. and UK are now specializing in health record hacking. In fact, the U.S. Identity Theft Resource Center reported 720 major data breaches during 2014 with 42% of those being health records.

8. Targeted attacks increase

Targeted attacks, also known as Advanced Persistent Threats (APTs), are very frightening due to their stealthy nature. The main differences between APTs and traditional cyber-attacks are target selection, silence, and duration of attack. According to research company APTnotes, the number of attacks by year went from 3 in 2010 to 14 in 2012 to 53 in 2014. APT targets are carefully selected, in contrast to traditional attacks that use any available corporate targets. The goal is to get in quietly and stay unnoticed for long periods of time, as seen in the famous APT attack that victimized the networking company Nortel. Chinese spyware was present on Nortel’s systems for almost ten years without being detected and drained the company of valuable intellectual property and other information. Now that’s persistent!

9. Laws and regulations try to play catch up

A number of cyber security laws are being considered in the U.S. including the National Cybersecurity Protection Act of 2014, which advocates the sharing of cybersecurity information with the private sector, provide technical assistance and incident response to companies and federal agencies.   Another one to note is the Federal Information Security Modernization Act of 2014 that is designed to better protect federal agencies from cyber-attacks. A third is the Border Patrol Agent Pay Reform Act of 2013 to recruit and retain cyber professionals who are in high demand. Additionally, there is the Cybersecurity Workforce Assessment Act, which aims to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce. President Obama stated that wants a 30-day deadline for notices and a revised “Consumer Privacy Bill of Rights.”

One of the more interesting and intelligent recommendations came from the FDA, who issued guidelines for wireless medical device security to ensure hackers could not interfere with things such as implanted pacemakers and defibrillators. This notion was is part stimulated by worry about Dick Cheney’s pacemaker being hacked. In fact countermeasures were installed by on the device by Cheney’s surgeon. More regulation of health data and equipment is expected in 2015.

“Security — or the lack of it — will largely determine the success or failure of widespread adoption of internet-connected devices,” the FTC Commissioner recently shared in an article. The FTC also released a report entitled, “Privacy & Security in a Connected World.”

10. Hardware-based security may change the game

According to respected market researcher Gartner, all roads to the digital future lead through security. At this point, who can really argue with that statement? Manufacturers and service providers are seeing the seriousness of cyber-danger and are starting to integrate security at every connectivity level. Crypto element integrated circuits with hardware-based key storage are starting to be employed for that. Furthermore, these crypto elements are a kind of silver bullet given that they easily and instantly add the strongest type of security possible (i.e. protected hardware-based key storage) to IoT endpoints and embedded systems. This is a powerful concept whose fundamental value is only starting to be recognized.

IoT Node Chart 1

Crypto elements contain cryptographic engines to efficiently handle crypto functions such as hashing, sign-verify, ECDSA, key agreement (e.g.  ECDH), authentication (symmetric or asymmetric), encryption/decryption, message authentication coding (MAC), run crypto algorithms (e.g. elliptic curve cryptography, AES, SHA) and many other functions.

The hardware key storage plus crypto engine combination in a single device makes it simple, ultra-secure, tiny, and inexpensive to add robust security. Recent crypto element products offer ECDH for key agreement and ECDSA for authentication. Adding a device with both of these powerful capabilities to any system with a microprocessor that can run encryption algorithms (such as AES) brings all three pillars of security (confidentiality, data integrity and authentication) into play.


With security rising in significance as attack platforms increase in size and threats become more sophisticated, it is good to know that solutions are already available to ensure that digital systems are not only smart and connected, but robustly secured by hardware key storage. This could be the one of the biggest stories in security going forward.

Symmetric or asymmetric encryption, that is the question!

With the emergence of breaches and vulnerabilities, the need for hardware security has never been so paramount.

Confidentiality — one of the three foundational pillars of security, along with data integrity and authenticity — is created in a digital system via encryption and decryption. Encryption, of course, is scrambling a message in a certain way that only the intended party can descramble (i.e. decrypt) it and read it.


Throughout time, there have been a number of ways to encrypt and decrypt messages. Encryption was, in fact, used extensively by Julius Caesar, which led to the classic type of encryption aptly named, Caesar Cipher. The ancient Greeks beat Caesar to the punch, however. They used a device called a “Scytale,” which was a ribbon of leather or parchment that was wrapped around a rod of a diameter, of which only the sender and receiver were aware. The message was written on the wrapping and unfurled, then sent to the receiver who wrapped on on the rod of the same diameter in order to read it.



Modern Encryption

Modern encryption is based on published and vetted digital algorithms, such as Advanced Encryption System (AES), Secure Hashing Algorithms (SHA) and Elliptic Curve Cryptography (ECC), among many others. Given that these algorithms are public and known to everyone, the security must come from something else — that thing is a secret cryptographic “key.” This fundamental principal was articulated in the 19th century by  Auguste Kerckhoffs, a Dutch linguist, cryptographer and professor.

Kerckhoffs’ principle states that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. In other words: “The key to encryption is the key.” Note that Kirchoffs advocated what is now commonly referred to as “open-source” for the algorithm. Point being, this open-source method is more secure than trying to keep an algorithm itself obscured (sometimes called security by obscurity). Because the algorithms are known, managing the secret keys becomes the most important task of a cryptographer. Now, let’s look at that.

kirchoff 1

Symmetric and Asymmetric

Managing the key during the encryption-decryption process can be done in two basic ways: symmetric and asymmetric. Symmetric encryption uses the identical key to both encrypt and decrypt the data. Symmetric key algorithms are much faster computationally than asymmetric algorithms because the encryption process is less complicated. That’s because there is less processing involved.

The length of the key size directly determines the strength of the security. The longer the key, the more computation it will take to crack the code given a particular algorithm. The table below highlights the NIST guidelines for key length for different algorithms with equivalent security levels.  You can see that Elliptic Curve Cryptography (ECC) is a very compact algorithm. It has a small software footprint, low hardware implementation costs, low bandwidth requirements, and high device performance. That is one of the main reasons that ECC-based asymmetric cryptographic processes, such as ECDSA and  ECDH, are now being widely adopted. The strength of the sophisticated mathematics of ECC are a great ally of all three pillars of security, especially encryption.


Not only is symmetric faster and simpler; furthermore, a shorter key length can be used since the keys are never made public as is the case with asymmetric (i.e. Public Key Infrastructure) encryption. The challenge, of course, with symmetric is that the keys must be kept secret on both the sender and receiver sides. So, distributing a shared key to both sides is a major security risk. Mechanisms that maintain the secrecy of the shared key are paramount. One method for doing this is called Symmetric Session Key Exchange.

Asymmetric encryption is different in that it uses two mathematically related keys (a public and private key pair) for data encryption and decryption.  That takes away the security risk of key sharing. However, asymmetric requires much more processing power. Unlike the public key, the private key is never exposed. A message that is encrypted by using a public key can only be decrypted by applying the same algorithm and using the matching private key.

A message that is encrypted by using the private key can only be decrypted by using the matching public key. This is sort of like mathematical magic. Some of the  trade offs of symmetric and asymmetric are summarized below.


  • Keys must be distributed in secret
  • If a key is compromised the attacker can decrypt any message and/or impersonate one of the parties
  • A network requires a large number of keys


  • Around 1000 times slower than symmetric
  • Vulnerability to a “man-in-the-middle” attack, where the public key is intercepted and altered

Due to the time length associated with asymmetric, many real-world systems utilize combination of the two, where the secret key used in the symmetric encryption is itself encrypted with asymmetric encryption, and sent over an insecure channel.Then, the rest of the data is encrypted using symmetric encryption and sent over the insecure channel in the encrypted format. The receiver gets the asymmetrically encrypted key and decrypts it with his private key. Once the receiver has the symmetric key, it can be used to decrypt the symmetrically encrypted message. This is a type of key exchange.

Note that the man in the middle vulnerability can be easily addressed by employing the other pillar of security; namely authentication. Crypto engine devices with hardware key storage, most notably Atmel’s CrypotoAuthentication, have been designed specifically to address all three pillars of security in an easy to design and cost-effective manner. Ready to secure your next design? Get started here.

What is Ambient Security?

New technology and business buzzwords pop up constantly. Hardly a day goes by that you don’t see or hear words such as “cloud”, “IoT,” or “big data.” Let’s add one more to the list: “Ambient security.”

Ambient 1

You’ll notice that big data, the cloud, and the IoT are all connected, literally and figuratively, and that is the point. Billions of things will communicate with each other without human intervention, mainly through the cloud, and will be used to collect phenomenal and unprecedented amounts of data that will ultimately change the universe.

As everything gets connected, each and every thing will also need to be secure. Without security, there is no way to trust that the things are who they say they are (i.e. authentic), and that the data has not been altered (i.e. data integrity). Due to the drive for bigger data, the cloud and smart communicating things are becoming ambient; and, because those things all require security, security itself is becoming ambient as well.  Fortunately, there is a method to easily spread strong security to all the nodes. (Hint: Atmel CryptoAuthentication.)

Big Data

At the moment, big data can be described as the use of inductive statistics and nonlinear system analysis on large amounts of low density (or quickly changing) data to determine correlations, regressions, and causal effects that were not previously possible. Increases in network size, bandwidth, and computing power are among the things enabling this data to get bigger — and this is happening at an exponential rate.

Big data became possible when the PC browser-based Internet first appeared, which paved the way for data being transferred around the globe. The sharp rise in data traffic was driven to a large extent by social media and companies’ desire to track purchasing and browsing habits to find ways to micro-target purchasers. This is the digitally-profiled world that Google, Amazon, Facebook, and other super-disruptors foisted upon us.  Like it or not, we are all being profiled, all the time, and are each complicit in that process. The march to bigger data continues despite the loss of privacy and is, in fact, driving a downfall in privacy. (Yet that’s a topic for another article.)


The smart mobile revolution created the next stage of “biggering” (in the parlance of Dr. Seuss). Cell phones metamorphosed from a hybrid of old-fashioned wired telephones and walkie-talkies into full blown hand-held computers, thus releasing herds of new data into the wild. Big data hunters can thank Apple and the Android army for fueling that, with help from the artists formerly known as Nokia, Blackberry, and Motorola. Mobile data has been exploding due to its incredible convenience, utility, and of course, enjoyment factors. Now, the drive for bigger data is continuing beyond humans and into the autonomous realm with the advent of the Internet of Things (IoT).

biggering 1

Bigger Data, Little Things

IoT is clearly looking like the next big thing, which means the next big thing will be literally little things. Those things will be billions of communicating sensors spread across the world like smart dust — dust that talks to the “cloud.”

big data

More Data

The availability of endless data and the capability to effectively process it is creating a snowball effect where big data companies want to collect more data about more things, ad infinitum. You can almost hear chanting in the background: “More data… more data… more data…”

More data means many more potential correlations, and thus more insight to help make profits and propel the missions of non-profit organizations, governments, and other institutions. Big data creates its own appetite, and the data to satisfy that growing appetite will derive from literally everywhere via sensors tied to the Internet. This has already started.

Sensors manufacture data. That is their sole purpose. But, they need a life support system including smarts (i.e. controllers) and communications (such as Wi-Fi, Bluetooth and others). There is one more critical part of that: Security.

No Trust? No IoT! 

There’s no way to create a useful communicating sensor network without node security. To put it a different way, the value of the IoT depends directly on whether those nodes can be trusted. No trust. No IoT.  Without security, the Internet of Things is just a toy.

What exactly is security? It can best be defined by using the three-pillar model, which (ironically) can be referred to as “C.I.A:” Confidentiality, Integrity and Authenticity.



Confidentiality is ensuring that no one can read the message except its intended receiver. This is typically accomplished through encryption and decryption, which hides the message from all parties but the sender and receiver.

Integrity, which is also known as data integrity, is assuring that the received message was not altered. This is done using cryptographic functions. For symmetric, this is typically done by hashing the data with a secret key and sending the resulting MAC with the data to the other side which does the same functions to create the MAC and compare. Sign-verify is the way that asymmetric mechanisms ensure integrity.

Authenticity refers to verification that the sender of a message is who they say they are — in other words, ensuring that the sender is real. Symmetric authentication mechanisms are usually done with a challenge (often a random number) that are sent to the other side, which is hashed with a secret key to create a MAC response, before getting sent back to run the same calculations. These are then compared to the response MACs from both sides.

(Sometimes people add non-repudiation to the list of pillars, which is preventing the sender from later denying that they sent the message in the first place.)

The pillars of security can be  implemented with devices such as Atmel CryptoAuthentication crypto engines with secure key storage. These tiny devices are designed to make it easy to add robust security to lots of little things – -and big things, too.

So, don’t ever lose sight of the fact that big data, little things and cloud-based IoT are not even possible without ambient security. Creating ambient security is what CryptoAuthentication is all about.

Tutorial: Building cool projects with MCUs (Part 5)

I finally received the circuit boards! And, in this fifth and final part of the microcontroller tutorial, we are going to solder the components to the circuit board and program the MCU using the USB port of a computer.

Just to refresh our memories, so far we have learned:

Microcontroller PCB

I recently ordered the PCBs from Seeed Studio. In order to expedite their delivery, I used a more expensive shipping option from UPS. I did get the boards pretty fast – but I also got an unexpected bill from them because they had to take it through customs.

So, even though the boards were only $10, I ended up with paying about $60 in shipping and customs… But luckily, there exists a much cheaper shipping option (about $3-4) – you just have to wait a little bit longer for the boards to arrive.

Let’s solder the board!

I wanted to make this circuit in such a way that it was possible to make it at home. To solder the circuit, I’m going to use my old Ersa soldering iron and some standard solder wire. The tip of the iron is a bit thick, so it’s really not ideal for this job. However, I know many people only have a simple soldering iron like this lying around the house – so it’s the perfect test to see if this is something that anyone can build from the comfort of your home.

Ersa30 Soldering Iron

The first thing we’re going to solder is the MCU chip. This is also the hardest part to solder. I have to admit – when I looked at my soldering iron, then looked at the chip – I was a bit worried that it was going to be hard. But the main trick here was to be patient!

To solder the surface mount components, we can use the techniques described in this smd soldering article.

First, we solder one corner pin of the chip. When we have managed to solder this one pin correctly – and all the pins are aligned over their pads – we move on to the corner on the other side. With two corners soldered properly, all we need to do is to add a tiny bit of solder to all the other pins and pads.

MCU chip soldered

Don’t rush it. Take your time. Inspect the pins closely to see if they are soldered and that they don’t have a “solder bridges” to their neighbors. And, don’t worry if it looks a bit like a war-zone with solder all over – just look at mine above – it still works!

Now, safe to say that the worst part is over. The other components are pretty straightforward to solder. Just make sure the LED and the polarized capacitor is placed in the correct direction.

Microcontroller circuit board

Programming the circuit

Once we are confident that the components are soldered properly, it’s time to test it! First, we need to check if the USB interface works. Otherwise, we won’t be able to program the circuit. To test the USB interface, all we need to do is to connect a USB cable and connect the circuit to our computer. From there, we can just check if it pops up as a USB device on the computer.

And… it does!

So, let’s program the MCU. A simple way of testing it is to make an LED-blink program. This is a simple program that, well, makes our LED blink. It looks like this:

#define F_CPU 1000000 // The chip runs at 1 MHz as default (even if you are using a 8MHz crystal)


int main(void)
DDRC = (1<<PC7); //Sets the direction of the PC7 to output
PORTC = (1<<PC7); //Sets PC7 high

_delay_ms(500); //Wait 500 milliseconds
PORTC &= ~(1<<PC7); //Turn LED off

_delay_ms(500); //Wait 500 milliseconds
PORTC |= (1<<PC7); //Turn LED on

return 0;

We save this code in a file called led-blink.c

Compiling our code

The first thing we need to do is to compile our code into machine code that the MCU can read. One way of doing this is through Atmel Studio. But, since I am a big fan of using the Linux terminal, I’ll show you how to compile and upload a program using Ubuntu.

First, install avr-gcc with the command:

sudo apt-get install avr-gcc

Then, compile the code and make it into the right format with the following commands:

avr-gcc -mmcu=atmega32u2 -Os blink-led.c -o blink-led.out
avr-objcopy -j .text -j .data -O ihex blink-led.out blink-led.hex

The resulting file – blink-led.hex – can now be uploaded to the microcontroller. You can find more information on the commands here.

Uploading the code to the MCU

Time to upload the program and see if it works. One way to do this is by using Atmel’s FLIP software. But, once again, let’s see how we can do it with the Linux terminal.

Install dfu-programmer with the command:

sudo apt-get install dfu-programmer

Then, erase the old flash memory on the MCU and upload the compiled .hex file:

sudo dfu-programmer atmega32u2 erase
sudo dfu-programmer atmega32u2 flash blink-led.hex

Unplug the circuit from your computer, then plug it in again. And what do you know, the LED starts to blink!

Blink LED microcontroller circuit

Making something cool

Now that we’ve got it working, we’re ready to make something cool. There are so many cool things you can make with a microcontroller. For example, you can connect it to this Wi-Fi module and make the LED blink every time @AtmelMakes posts a new tweet.

Or, how about connecting it to this sound module and this motion sensor, and make it play a Christmas song every time someone goes near your Christmas tree? As Atmel always says, the possibilities are truly endless.

If you missed any of the previous parts of this tutorial – you can find them here: