MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification
Dependencies: MaximInterface mbed
The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.
More information about the MAXREFDES143# is available on the Maxim Integrated website.
Diff: SensorNode.hpp
- Revision:
- 32:0a09505a656d
- Parent:
- 25:37ea43ff81be
--- a/SensorNode.hpp Tue Apr 04 14:10:48 2017 -0500 +++ b/SensorNode.hpp Mon Nov 06 17:34:13 2017 -0600 @@ -28,129 +28,126 @@ * trademarks, maskwork rights, or any other form of intellectual * property whatsoever. Maxim Integrated Products, Inc. retains all * ownership rights. -******************************************************************************* -*/ +*******************************************************************************/ #ifndef SENSORNODE_HPP #define SENSORNODE_HPP #include <stdint.h> -#include <cstring> - +#include <MaximInterface/Devices/DS28E15_22_25.hpp> +#include <MaximInterface/Utilities/RomId.hpp> +#include <MaximInterface/Utilities/ManId.hpp> #include "DS7505.hpp" #include "MAX44009.hpp" -#include "Slaves/Authenticators/DS28E15_22_25/DS28E15.h" class SensorData; -namespace OneWire -{ - class RomId; - class DS2465; -} +namespace MaximInterface { class DS2465; } namespace mbed { class I2C; } /// Interface to the Authenticated Sensor Node peripheral board. -class SensorNode -{ +class SensorNode { public: - enum State - { + enum State { UnableToCommunicate, ///< I2C or 1-Wire communication failure. - NotProvisioned, ///< DS28E15 has not been provisioned. - NotAuthentic, ///< DS28E15 is not authentic. - Authentic ///< DS218E15 is authentic. + NotProvisioned, ///< DS28E15 has not been provisioned. + NotAuthentic, ///< DS28E15 is not authentic. + Authentic ///< DS218E15 is authentic. }; - + /// @param i2c Configured I2C communication interface. /// @param ds7505_i2c_addr I2C bus address of the DS7505 in mbed format. /// @param max44009_i2c_addr I2C bus address of the MAX44009 in mbed format. /// @param ds2465 Interface to DS2465 on the Controller. - SensorNode(mbed::I2C & i2c, uint8_t ds7505_i2c_addr, uint8_t max44009_i2c_addr, OneWire::DS2465 & ds2465); - + SensorNode(mbed::I2C & i2c, uint8_t ds7505_i2c_addr, + uint8_t max44009_i2c_addr, MaximInterface::DS2465 & ds2465); + /// Detect if an authentic Sensor Node is connected. /// @param userEntropy Additional entropy to supply to the RNG. /// @returns Authentic on success. State detect(unsigned int userEntropy); - + /// Read the current temperature and filter life measurements with authentication. /// @param userEntropy Additional entropy to supply to the RNG. /// @param sensorData Measurements output location. /// @returns Authentic on success. - State authenticatedReadSensorData(unsigned int userEntropy, SensorData & sensorData); - + State authenticatedReadSensorData(unsigned int userEntropy, + SensorData & sensorData); + /// Reads the current temperature and filter life measurements. /// @param sensorData Measurements output location. /// @returns True on success or false if unable to communicate with a sensor. bool readSensorData(SensorData & sensorData); - + /// Get the ROM ID for this sensor node. - const OneWire::RomId romId() const { return ds28e15.romId(); } - + const MaximInterface::RomId romId() const { return romId_; } + /// Get the initial lux measurement for this sensor node. - double initialLux() const { return m_initialLux; } - + double initialLux() const { return initialLux_; } + // Grant access to hardware interfaces for provisioning. - friend bool provisionCoprocessor(OneWire::DS2465 & ds2465); + friend bool provisionCoprocessor(MaximInterface::DS2465 & ds2465); friend bool provisionSensorNode(SensorNode & sensorNode, bool validSecret); - + private: /// Authenticated data stored in DS28E15. - struct AuthData - { + struct AuthData { static const uint8_t initialFilterLife = 100; - OneWire::DS28E15_22_25::Segment segment; - uint8_t & filterLife; - unsigned int pageNum, segmentNum; - - AuthData() : filterLife(segment[0]), pageNum(0), segmentNum(0) { reset(); } - - void reset() - { + MaximInterface::DS28E15::Segment segment; + int pageNum, segmentNum; + + uint8_t & filterLife() { return segment[0]; } + const uint8_t & filterLife() const { return segment[0]; } + + AuthData() : pageNum(0), segmentNum(0) { reset(); } + + void reset() { segment.fill(0); - filterLife = initialFilterLife; + filterLife() = initialFilterLife; } }; - + /// Padding value used in creation of the Slave Secret. static const uint8_t defaultPaddingByte = 0x00; - + + static const MaximInterface::ManId manId; + /// Indicates hardware RNG is initialized. static bool rngInitialized; // Initialize the hardware RNG. static void initializeRng(); - + /// Initial lux measurement taken on initialization. /// Assumed to be the maximum intensity that will be observed. - double m_initialLux; - + double initialLux_; + /// Authenticated data stored on the DS28E15. AuthData authData; - + // Hardware interfaces - OneWire::DS2465 & ds2465; ///< Interface to DS2465 on Controller. - OneWire::SingledropRomIterator selector; - OneWire::DS28E15 ds28e15; ///< DS28E15 for authentication. - DS7505 ds7505; ///< DS7505 temperature sensor. + MaximInterface::DS2465 & ds2465; ///< Interface to DS2465 on Controller. + MaximInterface::DS28E15 ds28e15; ///< DS28E15 for authentication. + MaximInterface::RomId romId_; + DS7505 ds7505; ///< DS7505 temperature sensor. MAX44009 max44009; ///< MAX44009 optical light sensor. - + /// Initialize sensors for measurement. /// @returns True on success. bool initializeSensors(); - + /// Select the Slave Secret for this Sensor Node in the Controller. /// @returns True on success. bool setSecret(); - + /// Check if the Sensor Board is provisioned. /// @param provisioned True if the sensor board is provisioned. /// @returns True if provisioning check was successful. bool checkProvisioned(bool & provisioned); - + /// Check if the Sensor Board is authentic. /// @param userEntropy Additional entropy to supply to the RNG. /// @returns True if the Sensor Board passed the authentication check. bool checkAuthentic(unsigned int userEntropy); - + /// Checks if the authenticated data stored in the DS28E15 needs to be updated. /// Updates the authenticated data if necessary. /// @param sensorData Current sensor data to check.