Secure at any IoT deed

In his classic book, “Unsafe at Any Speed,” Ralph Nader assailed the auto industry and their approach to styling and cost efficiency at the expense of safety during the 1960s. He squared up on perceived defects in the Chevrolet Corvair, but extended his view to wider issues such as tire inflation ratings favoring passenger comfort over handling characteristics.

History has not treated Nader’s work kindly, possibly because of his politics including a crusade on environmental issues which spurred creation of the US Environmental Protection Agency. Sharp criticism of Nader’s automotive fault-finding came from Thomas Sowell in a book “The Vision of the Anointed”. He targeted “Teflon prophets,” Nader foremost among them, who foretell of impending calamity using questionable data, unless government intervenes as regulatory savior.

Sowell’s most scathing indictment of Nader was for failing to understand the trade-off between safety and affordability. Others targeted Nader’s logic by suggesting some non-zero level of risk and injury is acceptable if society progresses, supported by data the Corvair was actually no worse in terms of safety among its contemporaries on the automotive market at the time.

Yet, almost five decades later, we have Toyota sudden acceleration damage awards, GM ignition switches and massive recalls in progress, and the prospect that someday soon an autonomous car may go haywire. The problem seems to be not errors of commission, but errors of omission; complex engineering requirements, design, and test are becoming increasingly difficult. Getting all that done at volumes and prices needed to drive model year expectations and consumer market share is a big ask.

In an industrial context of the IoT, “safety critical” design is a science, with standards, and certification, and independent testing. In application segments such as aerospace and defense, medical, industrial automation, and others – even the automotive industry, which has made huge strides in electronics and software development – safety and risk are proactively managed.

Security of consumers on the IoT is another matter. Devices are inexpensive, often created by teams with little to no security experience. Worse yet, there is a stigma around many security features as unnecessary overkill that would slow down performance, get in the way of usability, or increase costs beyond competitiveness. This is an accident waiting to happen.

Or perhaps, one already in progress, if we believe the recent study on firmware in a sampling of consumer devices. A lot of folks think benevolent hackers are also polytetrafluoroethylene-coated, but it is hard to dispute there is cause for concern among embedded devices when it comes to security — especially when those devices connect to networks.

One of the areas cited in the study is encryption, and some rather sloppy handling of keys when it is used. Across the industry, embedded software is wildly inconsistent in approaches to encryption. As the study points out, developers are prone to stamp out copies of aged, flawed solutions because they are comfortable with and invested in a particular approach.

Regulation is the last thing we need here. Engineers need a lot more education, starting from the basics of including and using hardware encryption units on MCUs and SoCs, through the state-of-the-art knowledge in cryptography and certificate management, and up to IT-style approaches such as over-the-air software updates and two-factor authentication.

We also need some deeper thought on encryption implementations, beyond just NIST recommendations. In a web context, we have Transport Layer Security (TLS), but that protocol requires a full IP stack and a lot more horsepower than many small embedded devices can afford. On top of that, hardware encryption is currently very vendor-dependent. Vendors like Atmel are working with ARM on TrustZone technology to create newer implementations based on Trusted Exectuion Environment APIs, tuned for IoT devices instead of data center use.

Historically, encryption has been applied to securing closed systems – the IoT presents a paradox. If it devolves into a myriad of smaller, effectively closed systems that only intermittently share data, we may gain some benefit, but will never reach the vision.

The best case scenario is an effective set of industry practices emerge for encryption in consumer IoT devices before problems become widespread, defeating the very purpose of sharing data with the cloud. We need developers to not avoid encryption, but for that to happen it has to be cost- and implementation-effective for easier use.

This post has been republished with permission from SemiWiki.com, where Don Dingee is a featured blogger. It first appeared there on August 25, 2014.

Atmel clinches FIPS 140-2 certification

Atmel has become the world’s first supplier to be awarded full FIPS 140-2 certification for its AT97SC3204 series of trusted platform modules (TPM). According to Todd Slack, Atmel’s Product Line Manager of Trusted Platform Solutions, the AT97SC3204 lineup now offers customers the highest level of confidence in hardware security for a wide range of computing devices, including smartphones, tablets and phablets.

FIPS140-2 certification was developed by the National Institute of Standards and Technology (NIST), the US government agency that works with industries to develop and apply technology, measurements and standards, to ensure that best security practices are implemented in security modules. To achieve this certification, vendors are required to pass a stringent testing process performed by independent accredited Cryptographic and Security Testing (CST) laboratories with NIST serving as the final validation authority, validating test results and issuing certificates.

“In this era of cloud computing and increased connectivity in the Internet of Things (IoT), devices are smarter and more connected. Security is a primary concern among every company within the computing supply chain as well as consumers,” Slack explained. “With Atmel’s FIPs-certified AT97SC3204 trusted platform modules, designers can be confident that these flexible, easy-to-use modules offer the most secure hardware features for their embedded designs.”

According to Slack, modules are available in FIPS/flexible-mode which reduce supply chain complexity by supporting both standard and FIPS-mode platforms with the same device and part number. Modules with FIPS/flexible mode permanently set and lock the device into either standard or FIPS-140-2 certified mode during the platform/device initialization.

Alternatively, Atmel is also offering pre-configured FIPs or standard-mode devices which simplify the initialization process. Atmel’s AT97SC3204 trusted modules are currently available in mass production, with pricing starting at $2.75 for 10,000 piece quantities.

Atmel’s ATECC108 bolsters CryptoAuthentication security

Atmel has expanded its already formidable CryptoAuthentication portfolio with the ATECC108 – the company’s first Elliptical Curve asymmetric key authentication solution. According to Atmel engineer Steve Jarmusz, the ATECC108 features NIST standard P256, B283 and K283 Elliptic Curves, along with the FIPS 186-3 Elliptic Curve Digital Signature Algorithm.

“This combination of features – plus 8.5Kb EEPROM for storing up to 16 keys, unique 72-bit serial number and a FIPS standard based Random Number Generator – makes the ATECC108 ideal for a wide range of authentication applications,” Jarmusz told Bits & Pieces. “This includes consumer electronics, consumables, medical devices, industrial automation and IP licensing.”

The ATECC108 – which offers pin-to-pin compatibility with Atmel’s ATSHA204 symmetric key based authentication solution – consists of a SHA256 Hash Engine and is thus also functionally compatible with ATSHA204. The inclusion of both ECDSA and SHA256 will undoubtedly help engineers ease the migration from symmetric to asymmetric key authentication.

In addition, the ATECC108 utilizes 256- or 283-bit keys – both of which are more secure than a number of competing products weighing in at just 163 bits. Indeed, the NIST (Computer Security Research Center) recommends elliptic curves of 256/283-bit keys beyond the year 2030, while advising against key length less than 160 bit after 2010.

As expected, Atmel’s Elliptical Curve asymmetric key authentication solution offers comprehensive tamper protection, as it is built from the ground up to shield against a wide range of hardware attacks including micro-probing, timing, emission and power cycling.

“Perhaps most importantly, the ATECC108 offers a turnkey solution which is easy to use and does not require knowledge of cryptography,” Jarmusz added. “It is also supported by Atmel’s Studio 6 integrated development environment (IDE), facilitating an efficient design process and reducing time to market.”

Additional information about Atmel’s ATECC108 and extensive security portfolio can be found here.

Zigbee Smart Energy Profile

The much anticipated Zigbee Smart Energy Profile 2.0 was recently released. Representing an effort spanning more than three years, this milestone includes contributions from NIST, IETF and the Zigbee Alliance. Various companies also participated in the initiative, including utility, meter, silicon and software stack vendors.

Smart Energy – the application profile that drove the Zigbee Alliance development of the Zigbee IP (ZIP) –  is the first public profile requiring ZIP instead of the current Zigbee and Zigbee PRO underlying stacks. Zigbee IP (ZIP) and SEP 2.0 offer TCP/IP based interoperability for smart energy networks, thereby facilitating participation in the Internet of Things (IoT) without the need for special gateways. In fact, ZIP is designed to be physical layer (phy) agnostic and is capable of running across various platforms including 802.15.4 Wireless, WiFi, Power Line Carrier Ethernet and more.

SEP 2.0 is built using numerous mainstream protocols such as TLS/HTTPS, XML, EXI, mDNX  and REST. Each SEP 2.0 device boasts an optimized HTTP server serving up and responding to data objects defined by an XML schema. Security is ensured by familiar HTTPS with strong authentication, while an RFC compliant IPv6 stack provides the network with specific routing and translation layers for the wireless PHY.  The SEP 2.0 presentation from the Zigbee Alliance is available here [PDF].

Two recommended implementation strategies for SEP 2.0 in devices are Single Chip and Multi-Phy. Single Chip implementations use a dedicated microcontroller and RF transceiver (or a combined SoC) running a dedicated stack. This strategy works particularly well when adding Zigbee SEP 2.0 support where there is no other network or TCP/IP stack in low to mid range devices. A good example might be a thermostat or load control device, both of which require communications with other smart energy devices – even if they are equipped with a small processor dedicated to the control and UI functions of the device.

The Multi-Phy implementation –  a new way of looking at Zigbee – offers advantages in devices equipped with multiple network interfaces and/or a capable processor such as an Atmel SAM4, SAM9, or SAMA5 MPU or MCU. In such cases, the 802.15.4 transceiver (like the AT86RF233) becomes the network interface PHY layer underneath the IPv6 stack and SEP 2.0 layers running on the processor. Since the IPv6 stack is a compliant implementation, other network PHYs are also supported by the stack. Running two or more physical interfaces with a single processor is certainly not an issue, as devices that communicate via Zigbee, WiFi, PLC, and Ethernet can be designed. Because a single processor and IPv6 stack are used, the cost will ultimately be lower than duplicating these functions in a separate chip dedicated to Zigbee SEP 2.0.

Single Chip and Multi-Phy implementation

The multi-phy implementation is also ideal for gateway devices bridging different physical layers. And since SEP 2.0 is built using standard web protocols, once you bridge the smart energy network to the Internet, managing your home energy devices from a tablet or smartphone is no stretch at all and brings us closer to the reality of the Internet of Things (IoT).

Atmel, along with software stack partner Exegin Technologies, offers robust and compliant solutions for Zigbee IP and SEP 2.0. There is already interest from leading networking and utility companies, with deployment of certified devices expected before the end of 2013. The critical design decision most of us have to consider? Whether to dedicate the cost and complexity of a single chip Zigbee solution – or optimize it and lower cost with a software stack and radio transceiver solution that offers shared resources and the possibility of multiple networks.

Symmetric vs. Asymmetric Encryption: Which Way is Better?

There are two fundamental ways to use keys or secrets for encryption:symmetric and asymmetric.  Symmetric encryption uses the identical key to both encrypt and decrypt the data.  Symmetric key algorithms are much faster computationally than asymmetric algorithms as the encryption process is less complicated.  The length of the key size is critical for the strength of the security.  NIST has recommendations on how long a key should be– in general, 160-512 bits.   There are inherent challenges with symmetric key encryption in that the key must somehow be managed.  Distributing a shared key is a major security risk.

symmetric encryption

Asymmetric encryption uses two related keys (public and private) for data encryption and decryption, and takes away the security risk of key sharing.  The private key is never exposed.  A message that is encrypted by using the public key can only be decrypted by applying the same algorithm and using the matching private key.   Likewise, a message that is encrypted by using the private key can only be decrypted by using the matching public key.

Asymmetric Encryption

Are you building out for secure devices to protect your engineering designs and secure any potential hacking in your product? Receive a FREE Atmel CryptoAuthentication development tool?

This blog was written by Steve Jarmusz, Atmel Applications Manager for Crypto, Memory and Analog Devices.