Tag Archives: TPM

Security coprocessor marks a new approach to provisioning for IoT edge devices


It’s worth noting that security breaches rarely involve breaking the encryption code; hackers mostly use techniques like spoofing to steal the ID.


The advent of security coprocessor that offloads the provisioning task from the main MCU or MPU is bringing new possibilities for the Internet of Things product developers to secure the edge device at lower cost and power points regardless of the scale.

Hardware engineers often like to say that there is now such thing as software security, and quote Apple that has all the money in the world and an army of software developers. The maker of the iPhone chose a secure element (SE)-based hardware solution while cobbling the Apple Pay mobile commerce service. Apparently, with a hardware solution, engineers have the ecosystem fully in control.

sec-1

Security is the basic building block of the IoT bandwagon, and there is a lot of talk about securing the access points. So far, the security stack has largely been integrated into the MCUs and MPUs serving the IoT products. However, tasks like encryption and authentication take a lot of battery power — a precious commodity in the IoT world.

Atmel’s solution: a coprocessor that offloads security tasks from main MCU or MPU. The ATECC508A uses elliptic curve cryptography (ECC) capabilities to create secure hardware-based key storage for IoT markets such as home automation, industrial networking and medical. This CryptoAuthentication chip comes at a manageable cost — 50 cents for low volumes — and consumers very low power. Plus, it makes provisioning — the process of generating a security key — a viable option for small and mid-sized IoT product developers.

A New Approach to Provisioning

It’s worth noting that security breaches rarely involve breaking the encryption code; hackers mostly use techniques like spoofing to steal the ID. So, the focus of the ATECC508A crypto engine is the tasks such as key generation and authentication. The chip employs ECC math to ensure sign-verify authentication and subsequently the verification of the key agreement.

The IoT security — which includes the exchange of certificates and other trusted objects — is implemented at the edge node in two steps: provisioning and commissioning. Provisioning is the process of loading a unique private key and other certificates to provide identity to a device while commissioning allows the pre-provisioned device to join a network. Moreover, provisioning is carried out during the manufacturing or testing of a device and commissioning is performed later by the network service provider and end-user.

Atmel ATECC508A crypto-engine

Presently, snooping threats are mostly countered through hardware security module (HSM), a mechanism to store, protect and manage keys, which requires a centralized database approach and entails significant upfront costs in infrastructure and logistics. On the other hand, the ATECC508A security coprocessor simplifies the deployment of secure IoT nodes through pre-provisioning with internally generated unique keys, associated certificates and certification-ready authentication.

It’s a new approach toward provisioning that not only prevents over-building, as done by the HSM-centric techniques, but also prevents cloning for the gray market. The key is controlled by a separate chip, like the ATECC508A coprocessor. Meaning, if there are 1,000 IoT systems to be built, there will be exactly 1,000 security coprocessors for them.

Certified-ID Security Platform

Back at ARM TechCon 2015, Atmel went one step ahead when it announced the availability of Certified-ID security platform for the IoT entry points like edge devices to acquire certified and trusted identities. This platform leverages internal key generation capabilities of the ATECC508A security coprocessor to deliver distributed key provisioning for any device joining the IoT network. That way it enables a decentralized secure key generation and eliminates the upfront cost of building the provisioning infrastructure for IoT setups being deployed at smaller scales.

AT88CKECCROOT-SIGNER

Atmel, a pioneer in Trusted Platform Module (TPM)-based secure microcontrollers, is now working with cloud service providers like Proximetry and Exosite to turn its ATECC508A coprocessor-based Certified-ID platform into an IoT edge node-to-cloud turnkey security solution. TPM chips, which have roots in the computer industry, aren’t well-positioned to meet the cost demands of low-price IoT edge devices.

Additionally, the company has announced the availability of two provisioning toolkits for low volume IoT systems. The AT88CKECCROOT toolkit is a ‘master template’ that creates and manages certificate root of trust in any IoT ecosystem. On the other hand, AT88CKECCSIGNER is a production kit that allows designers and manufacturers to generate tamper-resistant keys and security certifications in their IoT applications.

Are you designing for the latest automotive embedded system?


Eventually, self-driving cars will arrive. But until then, here’s a look at what will drive that progression.


The next arrow of development is set for automotive

We all have seen it. We all have read about it in your front-center technology news outlets. The next forefront for technology will take place in the vehicle. The growing market fitted with the feature deviation trend does not appeal to the vision of customizing more traditional un-connected, oiled and commonly leveraged chassis vehicles of today. Instead, ubiquity in smartphones have curved a design trend, now mature while making way for the connected car platform. The awaiting junction is here for more integration of the automotive software stack.  Opportunities for the connected car market are huge, but multiple challenges still exist. Life-cycles in the development of automotive and the mobile industry are a serious barrier for the future of connected cars. Simply, vehicles take much longer to develop than smartphones other portable gadgetry. More integration from vendors and suppliers are involved with the expertise to seamlessly fit the intended blueprint of the design. In fact, new features such as the operating system are becoming more prevalent, while the demand for sophisticated and centrally operated embedded systems are taking the height of the evolution. This means more dependence on integration of data from various channels, actuators, and sensors — the faculty to operate all the new uses cases such as automatic emergency response systems are functionality requiring more SoC embedded system requirements.

A step toward the connected car - ecall and how it works

What is happening now?

People. Process. Governance. Adoption. Let’s look at the similarities stemmed from change. We are going to witness new safety laws and revised regulations coming through the industry. These new laws will dictate the demand for connectivity. Indeed, drawing importance this 2015 year with the requirement set by 2018, European Parliament voted in favor of eCall regulation. Cars in Europe must be equipped with eCall, a system that automatically contacts emergency services directing them to the vehicle location in the event of an emergency. The automotive and mobile industries have different regional and market objectives. Together, all the participants in both market segments will need to find ways to collaborate in order to satisfy consumer connectivity needs. Case in point, Chrysler has partnered with Nextel to successfully connect cars like their Dodge Viper, while General Motors uses AT&T as its mobile development partner.

General Motors selected AT&T as its mobile partner

What is resonating from the sales floor and customer perspective?

The demand is increasing for more sophistication and integration of software in the cabin of cars. This is happening from the manufacturer to the supplier network then to the integration partners — all are becoming more engaged to achieve the single outcome, pacing toward the movement to the connected car. Stretched as far as the actual retail outlets, auto dealers are shifting their practice to be more tech savvy, too. The advent of the smart  vehicle has already dramatically changed the dealership model, while more transformation awaits the consumer.

On the sales floor as well as the on-boarding experience, sales reps must plan to spend an hour or more teaching customers how to use their car’s advanced technology. But still, these are only a few mentioned scenarios where things have changed in relation to cars and how they are sold and even to the point of how they are distributed, owned, and serviced. One thing for certain, though, is that the design and user trend are intersecting to help shape the demand and experience a driver wants in the connected car. This is further bolstered by the fast paced evolution of smartphones and the marketing experiences now brought forth by the rapid adoption and prolific expansion of the mobile industry tethered by their very seamless and highly evolved experiences drawn from their preferred apps.

Today, customer experiences are becoming more tailored while users, albeit on the screen or engaged with their mobile devices are getting highly acquainted with the expectation of “picking up from where I left off” regardless of what channel, medium, device, or platform.  Seamless experiences are breaking through the market.  We witness Uber, where users initialize their click on their smartphone then follows by telemetry promoted from Uber drivers and back to the users smart phone.  In fact, this happens vis versa, Uber driver’s have information on their console showing customer location and order of priority.  Real life interactions are being further enhanced by real-time data, connecting one device to draw forth another platform to continue the journey.  Transportation is one of the areas where we can see real-time solutions changing our day-to-day engagement.  Some of these are being brought forth by Atmel’s IoT cloud partners such as PubNub where they leverage their stack in devices to offer dispatch, vehicle state, and geo fencing for many vehicle platforms.  Companies like Lixar, LoadSmart, GetTaxi, Sidecar, Uber, Lyft are using real-time technologies as integral workings to their integrated vehicle platforms.

The design trajectory for connected cars continues to follow this arrow forward

Cars are becoming more of a software platform where value chain add-ons tied to an ecosystem are enabled within the software tethered by the cloud where data will continue to enhance the experience. The design trajectory for connected cars follow this software integration arrow.  Today, the demand emphasizes mobility along with required connectivity to customer services and advanced functions like power management for electric vehicles, where firmware/software updates further produce refined outcomes in the driver experience (range of car, battery management, other driver assisted functionalities).

Carmakers and mobile operators are debating the best way to connect the car to the web. Built-in options could provide stronger connections, but some consumers prefer tethering their existing smartphone to the car via Bluetooth or USB cable so they can have full access to their personal contacts and playlists. Connected car services will eventually make its way to the broader car market where embedded connections and embedded systems supporting these connections will begin to leverage various needs to integrate traditional desperate signals into a more centrally managed console.

Proliferation of the stack

The arrow of design for connected cars will demand more development, bolstering the concept that software and embedded systems factored with newly-introduced actuators and sensors will become more prevalent. We’re talking about “software on wheels,” “SoC on wheels,” and “secured mobility.”

Design wise, the cost-effective trend will still remain with performance embedded systems. Many new cars may have extremely broad range of sensor and actuator‑based IoT designs which can be implemented on a single compact certified wireless module.

The arrow for connected cars will demand more development bolstering the concept that software and embedded systems factored with newly introduced actuators & sensors will become more prevalent; “software on wheels”, “SoC on wheels” and “secured mobility”.

Similarly, having fastest startup times by performing the task with a high-performance MCU vs MPU, is economic for a designer. It can not only reduce significant bill of materials cost, development resources, sculpted form factor, custom wireless design capabilities, but also minimize the board footprint. Aside from that, ARM has various IoT device development options, offering partner ecosystems with modules that have open standards. This ensures ease of IoT or connected car connectivity by having type approval certification through restrictive access to the communications stacks.

Drivers will be prompted with new end user applications — demand more deterministic code and processing with chips that support the secure memory capacity to build and house the software stack in these connected car applications.

Feature upon feature, layer upon layer of software combined with characteristics drawn from the events committed by drivers, tires, wheels, steering, location, telemetry, etc. Adapted speed and braking technologies are emerging now into various connected car makes, taking the traditional ABS concept to even higher levels combined with intelligence, along with controlled steering and better GPS systems, which will soon enable interim or cruise hands-free driving and parking.

Connected Car Evolution

Longer term, the technological advances behind the connected car will eventually lead to self-driving vehicles, but that very disruptive concept is still far out.

Where lies innovation and change is disruption

Like every eventual market disruption, there will be the in-between development of this connected car evolution. Innovative apps are everywhere, especially the paradigm where consumers have adopted to the seamless transitional experiences offered by apps and smartphones. Our need for ubiquitous connectivity and mobility, no matter where we are physically, is changing our vehicles into mobile platforms that want us users to seamlessly be connected to the world. This said demand for connectivity increases with the cost and devices involved will become more available. Cars as well as other mobility platforms are increasingly becoming connected packages with intelligent embedded systems. Cars are offering more than just entertainment — beyond providing richer multimedia features and in-car Internet access.  Further integration of secure and trusted vital data and connectivity points (hardware security/processing, crypto memory, and crypto authentication) can enable innovative navigation, safety and predictive maintenance capabilities.

Carmakers are worried about recent hacks,  especially with issues of security and reliability, making it unlikely that they will be open to every kind of app.  They’ll want to maintain some manufactured control framework and secure intrusion thwarting with developers, while also limiting the number of apps available in the car managing what goes or conflicts with the experience and safety measures.  Importantly, we are taking notice even now. Disruption comes fast, and Apple and others have been mentioned to enter this connected car market. This is the new frontier for technological equity scaling and technology brand appeal. Much like what we seen in the earlier models of Blackberry to smartphones, those late in the developmental evolution of their platforms may be forced adrift or implode by the market.

No one is arguing it will happen. Eventually, self-driving cars will arrive.  But for now, it remains a futuristic concept.

What can we do now in the invention, design and development process?

The broader output of manufactured cars will need to continue in leveraging new designs that take in more integration of traditional siloed integration vendors so that the emergence of more unified and centrally managed embedded controls can make its way. Hence, the importance now exists in the DNA of a holistically designed platform fitted with portfolio of processors and security to take on new service models and applications.

This year, we have compiled an interesting mixture of technical articles to support the development and engineering of car access systems, CAN and LIN networks, Ethernet in the car, capacitive interfaces and capacitive proximity measurement.

In parallel to the support of helping map toward the progress and evolution of the connected car, a new era of design exists. One in which the  platform demands embedded controls to evenly match their design characteristics and application use cases. We want to also highlight the highest performing ARM Cortex-M7 based MCU in the market, combining exceptional memory and connectivity options for leading design flexibility. The Atmel | SMART ARM Cortex-M7 family is ideal for automotive, IoT and industrial connectivity markets. These SAM V/E/S family of microcontrollers are the industry’s highest performing Cortex-M microcontrollers enhancing performance, while keeping cost and power consumption in check.

So are you designing for the latest automotive, IoT, or industrial product? Here’s a few things to keep in mind:

  • Optimized for real-time deterministic code execution and low latency peripheral data access
  • Six-stage dual-issue pipeline delivering 1500 CoreMarks at 300MHz
  • Automotive-qualified ARM Cortex-M7 MCUs with Audio Video Bridging (AVB) over Ethernet and Media LB peripheral support (only device in the market today)
  • M7 provides 32-bit floating point DSP capability as well as faster execution times with greater clock speed, floating point and twice the DSP power of the M4

We are taking the connected car design to the next performance level — having high-speed connectivity, high-density on-chip memory, and a solid ecosystem of design engineering tools. Recently, Atmel’s Timothy Grai added a unveiling point to the DSP story in Cortex-M7 processor fabric. True DSPs don’t do control and logical functions well; they generally lack the breadth of peripherals available on MCUs. “The attraction of the M7 is that it does both — DSP functions and control functions — hence it can be classified as a digital signal controller (DSC).” Grai quoted the example of Atmel’s SAM V70 and SAM V71 microcontrollers are used to connect end-nodes like infotainment audio amplifiers to the emerging Ethernet AVB network. In an audio amplifier, you receive a specific audio format that has to be converted, filtered, and modulated to match the requirement for each specific speaker in the car. Ethernet and DSP capabilities are required at the same time.

“The the audio amplifier in infotainment applications is a good example of DSC; a mix of MCU capabilities and peripherals plus DSP capability for audio processing. Most of the time, the main processor does not integrate Ethernet AVB, as the infotainment connectivity is based on Ethernet standard,” Grai said. “Large SoCs, which usually don’t have Ethernet interface, have slow start-up time and high power requirements. Atmel’s SAM V7x MCUs allow fast network start-up and facilitate power moding.”

Atmel has innovative memory technology in its DNA — critical to help fuel connected car and IoT product designers. It allows them to run the multiple communication stacks for applications using the same MCU without adding external memory. Avoiding external memories reduces the PCB footprint, lowers the BOM cost and eliminates the complexity of high-speed PCB design when pushing the performance to a maximum.

Importantly, the Atmel | SMART ARM Cortex-M7 family achieves a 1500 CoreMark Score, delivering superior connectivity options and unique memory architecture that can accommodate the said evolve of the eventual “SoC on wheels” design path for the connected car.

How to get started

  1. Download this white paper detailing how to run more complex algorithms at higher speeds.
  2. Check out the Atmel Automotive Compilation.
  3. Attend hands-on training onboard the Atmel Tech on Tour trailer. Following these sessions, you will walk away with the Atmel | SMART SAM V71 Xplained Ultra Evaluation Kit.
  4. Design the newest wave of embedded systems using SAM E70, SAM S70, or SAM V70 (ideal for automotive, IoT, smart gateways, industrial automation and drone applications, while the auto-grade SAM V70 and SAM V71 are ideal for telematics, audio amplifiers and advanced media connectivity).

IMG_3659

[Images: European Commission, GSMA]

Secured SAMA5D4 for industrial, fitness or IoT display


To target applications like home automation, surveillance camera, control panels for security, or industrial and residential gateways, high DMIPS computing is not enough.


The new SAMA5D4 expands the Atmel | SMART Cortex-A5-based family, adding a 720p resolution hardware video decoder to target Human Machine Interface (HMI), control panel and IoT applications when high performance display capability is required. Cortex-A5 offers raw performance of 945 DMIPS (@ 600 MHz) completed by ARM NEON 128-bit SIMD (single instruction, multiple data) DSP architecture extension. To target applications like home automation, surveillance camera, control panels for security, or industrial and residential gateways, high DMIPS computing is not enough. In order to really make a difference, on top of the hardware’s dedicated video decoder (H264, VP8, MPEG4), you need the most complete set of security features.

Life-Fitness-F3-Folding-Treadmill-with-GO-Console-2_681x800

Whether for home automation purpose or industrial HMI, you want your system to be safeguarded from hackers, and protect your investment against counterfeiting. You have the option to select 16-b DDR2 interface, or 32-b if you need better performance, but security is no longer just an option. Designing with Atmel | SMART SAMA5D4 will guarantee secure boot, including ARM Trust Zone, encrypted DDR bus, tamper detection pins and secure data storage. This MPU also integrates hardware encryption engines supporting AES (Advanced Encryption Standard)/3DES (Triple Data Encryption Standard), RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curves Cryptography), as well as SHA (Secure Hash Algorithm) and TRNG (True Random Number Generator).

If you design fitness equipment, such as treadmills and exercise machines, you may be more sensitive to connectivity and user interface functions than to security elements — even if it’s important to feel safe in respect with counterfeiting. Connectivity includes gigabit and 10/100 Ethernet and up to two High-Speed USB ports (configurable as two hosts or one host and one device port) and one High Speed Inter-Chip Interface (HSIC) port, several SDIO/SD/MMC, dual CAN, etc. Because the SAMA5D4 is intended to support industrial, consumer or IoT applications requiring efficient display capabilities, it integrates LCD controllers with a graphics accelerator, resistive touchscreen controller, camera interface and the aforementioned 720p 30fps video decoder.

hmi-panels-sama5d4-atmel-processor

The MCU market is highly competitive, especially when you consider that most of the products are developed around the same ARM-based family of cores (from the Cortex-M to Cortex-A5 series). Performance is an important differentiation factor, and the SAMA5D4 is the highest performing MPUs in the Atmel ARM Cortex-A5 based MPU family, offering up to 945 DMIPS (@ 600 MHz) completed by DSP extension ARM NEON 128-bit SIMD (single instruction, multiple data). Using safety and security on top of performance to augment differentiation is certainly an efficient architecture choice. As you can see in the block diagram below, the part features the ARM TrustZone system-wide approach to security, completed by advanced security features to protect the application software from counterfeiting, like encrypted DDR bus, tamper detection pins and secure data storage. But that’s not enough. Fortunately, this microprocessor integrates hardware encryption engines supporting AES/3DES, RSA, ECC, as well as SHA and TRNG.

The SAMA5 series targets industrial or fitness applications where safety is a key differentiating factor. If security helps protecting the software asset and makes the system robust against hacking, safety directly protects the user. The user can be the woman on the treadmill, or the various machines connected to the display that SAMA5 MCU pilots. This series is equipped with functions that ease the implementation of safety standards like IEC61508, including a main crystal oscillator clock with failure detector, POR (power-on reset), independent watchdog timers, write protection register, etc.

Atmel-SMART-SAMA5D4-ARM-Cortex-MPU-AtmelThe SAMA5D4 is a medium-heavier processor and well suited for IoT, control panels, HMI, and the like, differentiating from other Atmel MCUs by the means of performance and security (not to mention, safety). The ARM Cortex-A5 based device delivers up to 945 DMIPS when running at 600 MHz, completed by DSP architecture extension ARM NEON 128-bit SIMD. The most important factor that sets the SAMA5D4 apart from the rest is probably its implemented security capabilities. These will protect OEM software investments from counterfeiting, user privacy against hacking, and its safety features make the SAMA5D4 ideal for industrial, fitness or IoT applications.


This post has been republished with permission from SemiWiki.com, where Eric Esteve is a principle blogger as well as one of the four founding members of the site. This blog first appeared on SemiWiki on October 6, 2015.

The CryptoCape is the BeagleBone’s first dedicated security daughterboard


The CryptoCape extends the hardware cryptographic abilities of the BeagleBone Black.


With the insecurity of connected devices called into question time and time again, wouldn’t it be nice to take comfort in knowing that your latest IoT gadget was secure? A facet in which many Makers may overlook, Josh Datko recently sought out to find a better way to safeguard those designs, all without hindering the DIY spirit. The result? The CrytpoCape — which initially debuted on SparkFun last year — is a dedicated security daughterboard for the BeagleBone that easily adds encryption and authentication options to a project.

Generally speaking, cryptography offers a solution to a wide-range of problems such as authentication, confidentiality, integrity and non-repudiation, according to Datko. SparkFun notes that the $60 Atmel powered cape adds specialized ICs that perform various cryptographic operations, amplifying a critical hardware security layer to various BeagleBone projects.

The CyrptoCape is packed with hardware, including 256k EEPROM with a defaulted I2C address (plus write protection), a real-time clock (RTC) module, a Trusted Platform Module (TPM) for RSA encryption/decryption, an AES-128 encrypted EEPROM, an ATSHA204 CrypoAuthentication chip that performs SHA-256 and HMAC-25 and an Atmel ATECC108 tasked with the Elliptic Curve Digital Signature Algorithm (ECDSA).

“You will also find an Atmel ATmega328P microcontroller and a large prototyping area available on the board. The ATmega is loaded with the Arduino Pro Mini 3.3V bootloader and has broken out most of the signals to surrounding pads,” its SparkFun page reveals.

Beyond that, each easy-to-use CryptoCape comes with pre-soldered headers making this board ready to be attached to your BeagleBone right out of the box. The only additional item a Maker will need to get the CryptoCape fully-functional is a CR1225 coin-cell battery.

Interested? You can check out the product’s official SparkFun page here. Meanwhile, those looking to learn more should also pick up a copy of Datko’s book entitled “BeagleBone for Secret Agents.” The third chapter of the resource is devoted to the CryptoCape where Makers will learn how to combine a fingerprint sensor, the on-board ATmega328P, and the crypto chips to make a biometric authentication system.

TPM: The heavy artillery of cryptography

Data security is becoming a virtual battleground — evident by the number of major data breaches that have broken out at retailers such as Target, Staples, Dairy Queen, Home Depot and EBay, at major banks such as JP Morgan, and at many other institutions worldwide. The recent spate of security viruses such as Heartbleed, Shellshock, Poodle, and BadUSB (and who knows what’s next) have been creating serious angst and concern. And, rightfully so. The question is what exactly should you bring to the cyber battleground to protect your assets? This question matters because everyone who is using software to store cryptographic keys is vulnerable to losing sensitive personal data, and today that is just about everybody. So, choose your weapons carefully.

Artilerry

Fortunately, there are weapons now available that are very powerful while still being cost-effective. The strongest data protection available comes from hardware key storage, which beats software key storage every time. Keys are what make cryptography possible, and keeping secret keys secret is the secret to cryptography. Atmel’s portfolio contains a range of innovative and robust hardware-based security products, with the heavy artillery being the Trusted Platform Module (TPM).

TPM

The TPM is a cryptographic device with heavy cryptographic firepower, such as Platform Configuration Registers, protected user configurable non-volatile storage, an enforced key hierarchy, and the ability to both seal and bind data to a TPM. It doesn’t stop there. Atmel’s TPM has a variety of Federal Information Processing Standards (FIPS) 140-2 certified cryptographic algorithms (such as RSA, SHA1, AES, RNG, and HMAC) and various sophisticated physical security counter-measures. The TPM can be used right out-of-the-box with standards-based commands defined by the Trusted Computing Group, along with a set of Atmel-specific commands, which are tested and ready to counter real world attacks.

The Arsenal

Platform Configuration Registers and Secure Boot

One of the important weapons contained in the TPM is a bank of Platform Configuration Registers (PCRs), which use cryptographic hashing functions. These registers can be used to ensure that only trusted code gets loaded at boot time of the system. This is done by using the existing data in a PCR as one input to a hashing function with the other input being new data. The result of that hashing function becomes the new PCR value that will be used as the input to the next hashing function with the next round of new data. This process provides security by continuously changing the value of the PCR.

Flor

As the PCR value gets updated, the updated values can then be compared with known hash values stored in the system. If the reference values previously stored in the TPM compare correctly with the newly generated PCR values, then the inputs to the hashing function (new data in the diagram) are proven to have been exactly the same as the reference inputs whose hash is stored on the TPM. Such matching of the hash values verifies the inputs as being authentic.

The PCR flow just described is very useful when enforcing secure boot of the system. Unless the hashes match showing that the code is, indeed, what it is supposed to be, the code will not be loaded. Even if a byte is added, deleted, changed, or if a bit is modified, the system will not boot. For secure boot, the data input to the hashing function is a piece of the BIOS (or operating system).

User Configurable Non-Volatile Storage

Another weapon is user-configurable, non-volatile storage with multiple configuration options. What this means is that the user is presented with several ways to restrict the access and use of the memory space, such as by password, physical presence of the user, and PCR states. Additionally, the memory space can be set up so that it can be written only once, not read until the next write or startup of the TPM, not written to until the next startup of the TPM, and others.

Enforced Key Hierarchy

The TPM also incorporates an enforced key hierarchy, meaning that the keys must have another key acting as a parent key (i.e. a key higher in a hierarchy) for that key to get loaded into the TPM. The authorization information for the parent key needs to be known before the child key can be used, thereby adding another layer of security.

Binding and Sealing Data

Another part of the TPM’s arsenal is the ability to bind and/or seal data to the TPM. A seal operation keeps the data contained (i.e. “sealed”) so that it can only be accessed if a particular pre-defined configuration of the system has been reached. This pre-defined configuration is held within the PCRs on the TPM. The TPM will not unseal the data until the platform configuration matches the configuration stored within the PCRs.

A bind operation creates encrypted data blobs (i.e. binary large objects) that are bound to a private key that is held within the TPM. The data within the blob can only be decrypted with the private key in the TPM. Thus, the data is said to be “bound” to that key — such keys can be reused for different sets of data.

The Armor 

So the Atmel TPM has some pretty cool weapons in its arsenal, but does it have any armor? The answer is yes it does!

FIPS 140-2 Certified 

Atmel has dozens of FIPS 140-2 full module-level certified devices with various I/O’s including LPC, SPI, and I2C. The TPM uses a number of FIPS certified algorithms to perform its operations. These standards were developed, tested, and certified by the United States federal government for use in computer systems. The TPM’s FIPS certified algorithms include RSA, SHA1, HMAC, AES, RNG and CVL (find out more details on Atmel’s TPM FIPS certifications here).

1024px-MET_Armures

Active Metal Shield

The TPM has built-in physical armor of its own. A serpentine active metal shield with tamper detection covers the entire device. If someone attempts to penetrate this shield to see the structures beneath it, the TPM can detect this and go into a fault condition that prevents further actions on the TPM.

Why TPM?

You might be asking, “Why can’t all those functions just be done in software?” While some of the protections can be provided in software, software alone is not nearly as robust as a hardware-based system. That is because software has bugs, despite how hard the developers try to eliminate them, and hackers can exploit those bugs to gain access to supposedly secure systems. TPM, on the other hand,stores secret keys in protected hardware that hackers cannot get access to, and they cannot attack what they cannot see.

The TPM embeds intelligence via an on-board microcontroller to manage and process cryptographic functions. The commands used by the Atmel TPM have been defined and vetted by the Trusted Computing Group (TCG), which is a global consortium of companies established to define robust standards for hardware security. Furthermore, the Atmel TPM has been successfully tested against TCG’s Compliance Test Suite to ensure conformance. Security is also enhanced because secrets never leave the TPM unless they have been encrypted.

With the battle for your data being an on-going reality, it simply makes sense to fight back with the heaviest artillery available. Combining all the weaponry and armor in one small, strong, cost effective, standards-based and certified package makes the Atmel TPM cryptographic the ideal choice for your arsenal.

This blog was contributed by Tom Moulton, Atmel Firmware Validation Engineer.

HackADay talks CryptoCape

The CryptoCape – which recently made its debut on SparkFun – is a dedicated security daughterboard for the BeagleBone designed in collaboration with Cryptotronix’s Josh Datko, which features Atmel’s Trusted Platform Module and SHA-256 Authenticator.

12773-03a

HackADay’s Brian Benchoff was lucky enough to catch up with Josh and asked him to break down how the nifty device works.

“If you need to add security to your project or you want to learn more about embedded security the CryptoCape adds encryption and authentication options,” the Maker added.

As its webpage notes, the CryptoCape functions as the BeagleBone’s first dedicated security daughterboard. Known as a BeagleBone Cape, the device attaches to the expansion headers of the BeagleBone and “adds specialized ICs that perform various cryptographic operations which will allow you to add a hardware security layer to your BeagleBone project.”

12773-05a

Previously discussed on Bits & Pieces, the CyrptoCape is packed with hardware, including 256k EEPROM with a defaulted I2C address (plus write protection), a real-time clock (RTC) module, a trusted platform module (TPM) for RSA encryption/decryption, an AES-128 encrypted EEPROM, an Atmel ATSHA204 authentication chip that performs SHA-256 and HMAC-25 and an Atmel ATECC108 that performs the Elliptic Curve Digital Signature Algorithm (ECDSA).

The reasoning behind the developer’s choice to use the SHA-256 Authenticator? “It creates 256-bit keys that can be used in keyed Message Authentication Codes (MACs), or HMAC, to prove the authenticity of the device.” In addition, the authenticator allows the device to “implement an anti-counterfeiting system with the exchange of nonces and MACs between other embedded devices.”

If you are interested in boosting the security of your Maker project or learning more about the CryptoCape, you can head to the product’s official SparkFun page here.

Atmel clinches FIPS 140-2 certification

Atmel has become the world’s first supplier to be awarded full FIPS 140-2 certification for its AT97SC3204 series of trusted platform modules (TPM). According to Todd Slack, Atmel’s Product Line Manager of Trusted Platform Solutions, the AT97SC3204 lineup now offers customers the highest level of confidence in hardware security for a wide range of computing devices, including smartphones, tablets and phablets.

FIPS140-2 certification was developed by the National Institute of Standards and Technology (NIST), the US government agency that works with industries to develop and apply technology, measurements and standards, to ensure that best security practices are implemented in security modules. To achieve this certification, vendors are required to pass a stringent testing process performed by independent accredited Cryptographic and Security Testing (CST) laboratories with NIST serving as the final validation authority, validating test results and issuing certificates.

“In this era of cloud computing and increased connectivity in the Internet of Things (IoT), devices are smarter and more connected. Security is a primary concern among every company within the computing supply chain as well as consumers,” Slack explained. “With Atmel’s FIPs-certified AT97SC3204 trusted platform modules, designers can be confident that these flexible, easy-to-use modules offer the most secure hardware features for their embedded designs.”

According to Slack, modules are available in FIPS/flexible-mode which reduce supply chain complexity by supporting both standard and FIPS-mode platforms with the same device and part number. Modules with FIPS/flexible mode permanently set and lock the device into either standard or FIPS-140-2 certified mode during the platform/device initialization.

Alternatively, Atmel is also offering pre-configured FIPs or standard-mode devices which simplify the initialization process. Atmel’s AT97SC3204 trusted modules are currently available in mass production, with pricing starting at $2.75 for 10,000 piece quantities.