DeepCover Embedded Security in IoT - MAXREFDES143#: DeepCover Embedded Security in IoT…

Maxim Integrated » Code » DeepCover Embedded Security in IoT

Maxim Integrated / Mbed 2 deprecated DeepCover Embedded Security in IoT

MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification

The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.

More information about the MAXREFDES143# is available on the Maxim Integrated website.

Factory.cpp@35:3d414ba9ab6c, 2018-01-19 (annotated)

Committer:: IanBenzMaxim
Date:: Fri Jan 19 10:33:16 2018 -0600
Revision:: 35:3d414ba9ab6c
Parent:: 32:0a09505a656d

Updated MaximInterface revision.

Who changed what in which revision?

User	Revision	Line number	New contents of line
IanBenzMaxim	1:e1c7c1c636af	1	/*******************************************************************************
IanBenzMaxim	1:e1c7c1c636af	2	* Copyright (C) 2016 Maxim Integrated Products, Inc., All Rights Reserved.
IanBenzMaxim	1:e1c7c1c636af	3	*
IanBenzMaxim	1:e1c7c1c636af	4	* Permission is hereby granted, free of charge, to any person obtaining a
IanBenzMaxim	1:e1c7c1c636af	5	* copy of this software and associated documentation files (the "Software"),
IanBenzMaxim	1:e1c7c1c636af	6	* to deal in the Software without restriction, including without limitation
IanBenzMaxim	1:e1c7c1c636af	7	* the rights to use, copy, modify, merge, publish, distribute, sublicense,
IanBenzMaxim	1:e1c7c1c636af	8	* and/or sell copies of the Software, and to permit persons to whom the
IanBenzMaxim	1:e1c7c1c636af	9	* Software is furnished to do so, subject to the following conditions:
IanBenzMaxim	1:e1c7c1c636af	10	*
IanBenzMaxim	1:e1c7c1c636af	11	* The above copyright notice and this permission notice shall be included
IanBenzMaxim	1:e1c7c1c636af	12	* in all copies or substantial portions of the Software.
IanBenzMaxim	1:e1c7c1c636af	13	*
IanBenzMaxim	1:e1c7c1c636af	14	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
IanBenzMaxim	1:e1c7c1c636af	15	* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
IanBenzMaxim	1:e1c7c1c636af	16	* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IanBenzMaxim	1:e1c7c1c636af	17	* IN NO EVENT SHALL MAXIM INTEGRATED BE LIABLE FOR ANY CLAIM, DAMAGES
IanBenzMaxim	1:e1c7c1c636af	18	* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
IanBenzMaxim	1:e1c7c1c636af	19	* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
IanBenzMaxim	1:e1c7c1c636af	20	* OTHER DEALINGS IN THE SOFTWARE.
IanBenzMaxim	1:e1c7c1c636af	21	*
IanBenzMaxim	1:e1c7c1c636af	22	* Except as contained in this notice, the name of Maxim Integrated
IanBenzMaxim	1:e1c7c1c636af	23	* Products, Inc. shall not be used except as stated in the Maxim Integrated
IanBenzMaxim	1:e1c7c1c636af	24	* Products, Inc. Branding Policy.
IanBenzMaxim	1:e1c7c1c636af	25	*
IanBenzMaxim	1:e1c7c1c636af	26	* The mere transfer of this software does not imply any licenses
IanBenzMaxim	1:e1c7c1c636af	27	* of trade secrets, proprietary technology, copyrights, patents,
IanBenzMaxim	1:e1c7c1c636af	28	* trademarks, maskwork rights, or any other form of intellectual
IanBenzMaxim	1:e1c7c1c636af	29	* property whatsoever. Maxim Integrated Products, Inc. retains all
IanBenzMaxim	1:e1c7c1c636af	30	* ownership rights.
IanBenzMaxim	32:0a09505a656d	31	*******************************************************************************/
IanBenzMaxim	1:e1c7c1c636af	32
IanBenzMaxim	32:0a09505a656d	33	#include <MaximInterface/Devices/DS2465.hpp>
IanBenzMaxim	32:0a09505a656d	34	#include <MaximInterface/Devices/DS28E15_22_25.hpp>
IanBenzMaxim	32:0a09505a656d	35	#include <MaximInterface/Utilities/Segment.hpp>
IanBenzMaxim	1:e1c7c1c636af	36	#include "Factory.hpp"
IanBenzMaxim	1:e1c7c1c636af	37	#include "SensorNode.hpp"
IanBenzMaxim	1:e1c7c1c636af	38
IanBenzMaxim	32:0a09505a656d	39	using namespace MaximInterface;
IanBenzMaxim	6:b6bafd0a7013	40
IanBenzMaxim	25:37ea43ff81be	41	/// The valid master secret for the system.
IanBenzMaxim	32:0a09505a656d	42	static const Sha256::Hash masterSecret = {
IanBenzMaxim	32:0a09505a656d	43	0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B,
IanBenzMaxim	32:0a09505a656d	44	0x1C, 0x1D, 0x1E, 0x1F, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
IanBenzMaxim	32:0a09505a656d	45	0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x31, 0x32};
IanBenzMaxim	25:37ea43ff81be	46	/// An invalid master secret for example purposes.
IanBenzMaxim	32:0a09505a656d	47	static const Sha256::Hash invalidMasterSecret = {
IanBenzMaxim	32:0a09505a656d	48	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
IanBenzMaxim	32:0a09505a656d	49	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
IanBenzMaxim	32:0a09505a656d	50	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
IanBenzMaxim	1:e1c7c1c636af	51
IanBenzMaxim	32:0a09505a656d	52	bool provisionCoprocessor(DS2465 & ds2465) {
IanBenzMaxim	32:0a09505a656d	53	bool result = !ds2465.writeMasterSecret(masterSecret);
IanBenzMaxim	32:0a09505a656d	54	if (result) {
IanBenzMaxim	1:e1c7c1c636af	55	SensorNode::AuthData authData;
IanBenzMaxim	32:0a09505a656d	56	DS28E15::Page pageData;
IanBenzMaxim	25:37ea43ff81be	57	pageData.fill(uint8_t(SensorNode::defaultPaddingByte));
IanBenzMaxim	32:0a09505a656d	58	const std::pair<DS28E15::Page::iterator, DS28E15::Page::iterator>
IanBenzMaxim	32:0a09505a656d	59	pageSegment =
IanBenzMaxim	32:0a09505a656d	60	createSegment(pageData.begin(), pageData.end(),
IanBenzMaxim	32:0a09505a656d	61	authData.segment.size(), authData.segmentNum);
IanBenzMaxim	32:0a09505a656d	62	if (pageSegment.first != pageData.end()) {
IanBenzMaxim	32:0a09505a656d	63	std::copy(authData.segment.begin(), authData.segment.end(),
IanBenzMaxim	32:0a09505a656d	64	pageSegment.first);
IanBenzMaxim	32:0a09505a656d	65	}
IanBenzMaxim	32:0a09505a656d	66	result = !ds2465.writePage(0, pageData);
IanBenzMaxim	1:e1c7c1c636af	67	}
IanBenzMaxim	1:e1c7c1c636af	68	return result;
IanBenzMaxim	1:e1c7c1c636af	69	}
IanBenzMaxim	1:e1c7c1c636af	70
IanBenzMaxim	32:0a09505a656d	71	bool provisionSensorNode(SensorNode & sensorNode, bool validSecret) {
IanBenzMaxim	1:e1c7c1c636af	72	const int blockNum = sensorNode.authData.pageNum / 2;
IanBenzMaxim	32:0a09505a656d	73	const DS28E15::BlockProtection desiredProtection(
IanBenzMaxim	32:0a09505a656d	74	false, false, false, true, blockNum); // Authentication Protection only
IanBenzMaxim	32:0a09505a656d	75
IanBenzMaxim	1:e1c7c1c636af	76	// Reset to starting defaults
IanBenzMaxim	1:e1c7c1c636af	77	sensorNode.authData.reset();
IanBenzMaxim	32:0a09505a656d	78
IanBenzMaxim	1:e1c7c1c636af	79	// Read current protection status
IanBenzMaxim	32:0a09505a656d	80	DS28E15::BlockProtection protectionStatus;
IanBenzMaxim	32:0a09505a656d	81	bool result =
IanBenzMaxim	32:0a09505a656d	82	!sensorNode.ds28e15.readBlockProtection(blockNum, protectionStatus);
IanBenzMaxim	1:e1c7c1c636af	83	// Check if invalid protections are set
IanBenzMaxim	1:e1c7c1c636af	84	if (result)
IanBenzMaxim	32:0a09505a656d	85	result = ((protectionStatus.statusByte() &
IanBenzMaxim	32:0a09505a656d	86	~(desiredProtection.statusByte())) == 0x00);
IanBenzMaxim	1:e1c7c1c636af	87	// Load secret into scratchpad
IanBenzMaxim	1:e1c7c1c636af	88	if (result)
IanBenzMaxim	32:0a09505a656d	89	result = !sensorNode.ds28e15.writeScratchpad(
IanBenzMaxim	32:0a09505a656d	90	validSecret ? masterSecret : invalidMasterSecret);
IanBenzMaxim	1:e1c7c1c636af	91	// Load master secret from scratchpad without locking
IanBenzMaxim	1:e1c7c1c636af	92	if (result)
IanBenzMaxim	32:0a09505a656d	93	result = !sensorNode.ds28e15.loadSecret(false);
IanBenzMaxim	32:0a09505a656d	94
IanBenzMaxim	1:e1c7c1c636af	95	// Setup is complete if not using a valid secret
IanBenzMaxim	1:e1c7c1c636af	96	if (!validSecret)
IanBenzMaxim	1:e1c7c1c636af	97	return result;
IanBenzMaxim	32:0a09505a656d	98
IanBenzMaxim	1:e1c7c1c636af	99	// Create constant partial secret
IanBenzMaxim	32:0a09505a656d	100	DS28E15::Scratchpad partialSecret;
IanBenzMaxim	32:0a09505a656d	101	DS28E15::Page pageData;
IanBenzMaxim	25:37ea43ff81be	102	partialSecret.fill(uint8_t(SensorNode::defaultPaddingByte));
IanBenzMaxim	32:0a09505a656d	103
IanBenzMaxim	1:e1c7c1c636af	104	// Read page data
IanBenzMaxim	1:e1c7c1c636af	105	if (result)
IanBenzMaxim	32:0a09505a656d	106	result =
IanBenzMaxim	32:0a09505a656d	107	!sensorNode.ds28e15.readPage(sensorNode.authData.pageNum, pageData);
IanBenzMaxim	1:e1c7c1c636af	108	// Load partial secret into scratchpad
IanBenzMaxim	1:e1c7c1c636af	109	if (result)
IanBenzMaxim	32:0a09505a656d	110	result = !sensorNode.ds28e15.writeScratchpad(partialSecret);
IanBenzMaxim	1:e1c7c1c636af	111	// Compute secret
IanBenzMaxim	1:e1c7c1c636af	112	if (result)
IanBenzMaxim	32:0a09505a656d	113	result =
IanBenzMaxim	32:0a09505a656d	114	!sensorNode.ds28e15.computeSecret(sensorNode.authData.pageNum, false);
IanBenzMaxim	1:e1c7c1c636af	115	// Configure slave secret on DS2465
IanBenzMaxim	32:0a09505a656d	116	if (result) {
IanBenzMaxim	32:0a09505a656d	117	const Sha256::SlaveSecretData data = DS28E15::createSlaveSecretData(
IanBenzMaxim	32:0a09505a656d	118	pageData, sensorNode.authData.pageNum, partialSecret,
IanBenzMaxim	32:0a09505a656d	119	sensorNode.romId(), sensorNode.manId);
IanBenzMaxim	32:0a09505a656d	120	result = !sensorNode.ds2465.computeSlaveSecret(data);
IanBenzMaxim	32:0a09505a656d	121	}
IanBenzMaxim	1:e1c7c1c636af	122	// Enable authentication protection if not set
IanBenzMaxim	32:0a09505a656d	123	if (result && (protectionStatus != desiredProtection)) {
IanBenzMaxim	32:0a09505a656d	124	const Sha256::WriteMacData data = DS28E15::createProtectionWriteMacData(
IanBenzMaxim	32:0a09505a656d	125	desiredProtection, protectionStatus, sensorNode.romId(),
IanBenzMaxim	32:0a09505a656d	126	sensorNode.manId);
IanBenzMaxim	32:0a09505a656d	127	Sha256::Hash mac;
IanBenzMaxim	32:0a09505a656d	128	result = !sensorNode.ds2465.computeWriteMac(data, mac);
IanBenzMaxim	32:0a09505a656d	129	if (result)
IanBenzMaxim	32:0a09505a656d	130	result =
IanBenzMaxim	32:0a09505a656d	131	!sensorNode.ds28e15.writeAuthBlockProtection(desiredProtection, mac);
IanBenzMaxim	32:0a09505a656d	132	}
IanBenzMaxim	1:e1c7c1c636af	133	// Write initial filter life and set all other segments to default value
IanBenzMaxim	32:0a09505a656d	134	if (result) {
IanBenzMaxim	32:0a09505a656d	135	DS28E15::Segment blankSegment;
IanBenzMaxim	25:37ea43ff81be	136	blankSegment.fill(uint8_t(SensorNode::defaultPaddingByte));
IanBenzMaxim	32:0a09505a656d	137	for (int i = 0; i < DS28E15::segmentsPerPage; i++) {
IanBenzMaxim	32:0a09505a656d	138	const DS28E15::Segment newSegment = (i == sensorNode.authData.segmentNum)
IanBenzMaxim	32:0a09505a656d	139	? sensorNode.authData.segment
IanBenzMaxim	32:0a09505a656d	140	: blankSegment;
IanBenzMaxim	32:0a09505a656d	141	const std::pair<DS28E15::Page::iterator, DS28E15::Page::iterator>
IanBenzMaxim	32:0a09505a656d	142	pageSegment = createSegment(pageData.begin(), pageData.end(),
IanBenzMaxim	32:0a09505a656d	143	DS28E15::Segment::size(), i);
IanBenzMaxim	32:0a09505a656d	144	DS28E15::Segment oldSegment;
IanBenzMaxim	32:0a09505a656d	145	std::copy(pageSegment.first, pageSegment.second, oldSegment.begin());
IanBenzMaxim	32:0a09505a656d	146	const Sha256::WriteMacData data = DS28E15::createSegmentWriteMacData(
IanBenzMaxim	32:0a09505a656d	147	sensorNode.authData.pageNum, i, newSegment, oldSegment,
IanBenzMaxim	32:0a09505a656d	148	sensorNode.romId(), sensorNode.manId);
IanBenzMaxim	32:0a09505a656d	149	Sha256::Hash mac;
IanBenzMaxim	32:0a09505a656d	150	result = !sensorNode.ds2465.computeWriteMac(data, mac);
IanBenzMaxim	32:0a09505a656d	151	if (!result)
IanBenzMaxim	32:0a09505a656d	152	break;
IanBenzMaxim	32:0a09505a656d	153	result = !sensorNode.ds28e15.writeAuthSegment(sensorNode.authData.pageNum,
IanBenzMaxim	32:0a09505a656d	154	i, newSegment, mac);
IanBenzMaxim	1:e1c7c1c636af	155	if (!result)
IanBenzMaxim	1:e1c7c1c636af	156	break;
IanBenzMaxim	1:e1c7c1c636af	157	}
IanBenzMaxim	1:e1c7c1c636af	158	}
IanBenzMaxim	32:0a09505a656d	159
IanBenzMaxim	1:e1c7c1c636af	160	// Reload secret with known page values
IanBenzMaxim	1:e1c7c1c636af	161	// Load master secret into scratchpad
IanBenzMaxim	1:e1c7c1c636af	162	if (result)
IanBenzMaxim	32:0a09505a656d	163	result = !sensorNode.ds28e15.writeScratchpad(masterSecret);
IanBenzMaxim	1:e1c7c1c636af	164	// Load master secret
IanBenzMaxim	1:e1c7c1c636af	165	if (result)
IanBenzMaxim	32:0a09505a656d	166	result = !sensorNode.ds28e15.loadSecret(false);
IanBenzMaxim	1:e1c7c1c636af	167	// Read page data
IanBenzMaxim	1:e1c7c1c636af	168	if (result)
IanBenzMaxim	32:0a09505a656d	169	result =
IanBenzMaxim	32:0a09505a656d	170	!sensorNode.ds28e15.readPage(sensorNode.authData.pageNum, pageData);
IanBenzMaxim	1:e1c7c1c636af	171	// Write partial secret to scratchpad
IanBenzMaxim	1:e1c7c1c636af	172	if (result)
IanBenzMaxim	32:0a09505a656d	173	result = !sensorNode.ds28e15.writeScratchpad(partialSecret);
IanBenzMaxim	1:e1c7c1c636af	174	// Compute secret
IanBenzMaxim	1:e1c7c1c636af	175	if (result)
IanBenzMaxim	32:0a09505a656d	176	result =
IanBenzMaxim	32:0a09505a656d	177	!sensorNode.ds28e15.computeSecret(sensorNode.authData.pageNum, false);
IanBenzMaxim	1:e1c7c1c636af	178	// Configure slave secret on DS2465
IanBenzMaxim	32:0a09505a656d	179	if (result) {
IanBenzMaxim	32:0a09505a656d	180	const Sha256::SlaveSecretData data = DS28E15::createSlaveSecretData(
IanBenzMaxim	32:0a09505a656d	181	pageData, sensorNode.authData.pageNum, partialSecret,
IanBenzMaxim	32:0a09505a656d	182	sensorNode.romId(), sensorNode.manId);
IanBenzMaxim	32:0a09505a656d	183	result = !sensorNode.ds2465.computeSlaveSecret(data);
IanBenzMaxim	32:0a09505a656d	184	}
IanBenzMaxim	1:e1c7c1c636af	185
IanBenzMaxim	1:e1c7c1c636af	186	return result;
IanBenzMaxim	1:e1c7c1c636af	187	}

Repository toolbox

Export to desktop IDE

Build repository

Repository details

Type:	Program
Mbed OS support:	Mbed 2 deprecated
Created:	13 Apr 2016
Imports:	94
Forks:	0
Commits:	36
Dependents:	0
Dependencies:	2
Followers:	65

Components