Maxim Integrated
MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification
Dependencies: MaximInterface mbed
The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.
More information about the MAXREFDES143# is available on the Maxim Integrated website.
Diff: SensorNode.cpp
- Revision:
- 32:0a09505a656d
- Parent:
- 30:0784010d6975
--- a/SensorNode.cpp Tue Apr 04 14:10:48 2017 -0500
+++ b/SensorNode.cpp Mon Nov 06 17:34:13 2017 -0600
@@ -28,222 +28,217 @@
* trademarks, maskwork rights, or any other form of intellectual
* property whatsoever. Maxim Integrated Products, Inc. retains all
* ownership rights.
-*******************************************************************************
-*/
+*******************************************************************************/
+#include <I2C.h>
+#include <MaximInterface/Devices/DS2465.hpp>
+#include <MaximInterface/Links/RomCommands.hpp>
+#include <MaximInterface/Platforms/mbed/Sleep.hpp>
#include "SensorNode.hpp"
#include "SensorData.hpp"
-#include "Masters/DS2465/DS2465.h"
-#include "RomId/RomCommands.h"
-#include "I2C.h"
#ifdef TARGET_MAX32600
-#include "max32600.h"
-#include "clkman_regs.h"
-#include "tpu_regs.h"
+#include <max32600.h>
+#include <clkman_regs.h>
+#include <tpu_regs.h>
#else
#include <cstdlib>
#endif
-using namespace OneWire;
-using namespace OneWire::RomCommands;
+using namespace MaximInterface;
+const ManId SensorNode::manId = {0, 0};
bool SensorNode::rngInitialized = false;
-void SensorNode::initializeRng()
-{
+void SensorNode::initializeRng() {
#ifdef TARGET_MAX32600
- MXC_CLKMAN->clk_config |= (MXC_F_CLKMAN_CLK_CONFIG_CRYPTO_ENABLE | MXC_F_CLKMAN_CLK_CONFIG_CRYPTO_RESET_N); // Enable crypto oscillator
- while ((MXC_CLKMAN->intfl & MXC_F_CLKMAN_INTFL_CRYPTO_STABLE) != MXC_F_CLKMAN_INTFL_CRYPTO_STABLE) ; // Wait for crypto oscillator stability
- MXC_CLKMAN->clk_ctrl |= MXC_F_CLKMAN_CLK_CTRL_CRYPTO_GATE_N; // Disable crypto clock gating
- MXC_CLKMAN->crypt_clk_ctrl_2_prng = MXC_CLKMAN->clk_ctrl_10_prng = 1; // Set PRNG clock to crypto clock
- MXC_CLKMAN->clk_gate_ctrl2 |= (1 << MXC_F_CLKMAN_CLK_GATE_CTRL2_TPU_CLK_GATER_POS); // Use dynamic clock gating
+ // Enable crypto oscillator
+ MXC_CLKMAN->clk_config |= (MXC_F_CLKMAN_CLK_CONFIG_CRYPTO_ENABLE |
+ MXC_F_CLKMAN_CLK_CONFIG_CRYPTO_RESET_N);
+ // Wait for crypto oscillator stability
+ while ((MXC_CLKMAN->intfl & MXC_F_CLKMAN_INTFL_CRYPTO_STABLE) !=
+ MXC_F_CLKMAN_INTFL_CRYPTO_STABLE);
+ // Disable crypto clock gating
+ MXC_CLKMAN->clk_ctrl |= MXC_F_CLKMAN_CLK_CTRL_CRYPTO_GATE_N;
+ // Set PRNG clock to crypto clock
+ MXC_CLKMAN->crypt_clk_ctrl_2_prng = MXC_CLKMAN->clk_ctrl_10_prng = 1;
+ // Use dynamic clock gating
+ MXC_CLKMAN->clk_gate_ctrl2 |=
+ (1 << MXC_F_CLKMAN_CLK_GATE_CTRL2_TPU_CLK_GATER_POS);
#endif
}
-SensorNode::SensorNode(mbed::I2C & i2c, uint8_t ds7505_i2c_addr, uint8_t max44009_i2c_addr, DS2465 & ds2465)
- : m_initialLux(1), ds2465(ds2465), selector(ds2465), ds28e15(selector), ds7505(i2c, ds7505_i2c_addr), max44009(i2c, max44009_i2c_addr)
-{
- if (!rngInitialized)
- {
+SensorNode::SensorNode(::mbed::I2C & i2c, uint8_t ds7505_i2c_addr,
+ uint8_t max44009_i2c_addr, DS2465 & ds2465)
+ : initialLux_(1), ds2465(ds2465),
+ ds28e15(MaximInterface::mbed::Sleep::instance(), ds2465, &skipRom),
+ ds7505(i2c, ds7505_i2c_addr), max44009(i2c, max44009_i2c_addr) {
+ if (!rngInitialized) {
initializeRng();
rngInitialized = true;
}
}
-bool SensorNode::initializeSensors()
-{
- return (max44009.read_current_lux(m_initialLux) == MAX44009::Success);
+bool SensorNode::initializeSensors() {
+ return (max44009.read_current_lux(initialLux_) == MAX44009::Success);
}
-bool SensorNode::setSecret()
-{
- DS28E15_22_25::Scratchpad scratchpad;
- DS28E15_22_25::Page pageData;
-
+bool SensorNode::setSecret() {
// Create constant partial secret
+ DS28E15::Scratchpad scratchpad;
scratchpad.fill(uint8_t(defaultPaddingByte));
- // Read page data
- bool result = (ds2465.readMemory(DS2465::UserMemoryPage0, pageData.data(), pageData.size(), false) == OneWireMaster::Success);
// Calculate secret
- if (result)
- {
- result = (DS28E15_22_25::computeNextSecret(ds2465, pageData, authData.pageNum, scratchpad, ds28e15.romId(), ds28e15.manId()) == ISha256MacCoproc::Success);
- }
- return result;
+ const Sha256::SlaveSecretData data = DS28E15::createSlaveSecretData(
+ DS28E15::Page(), authData.pageNum, scratchpad, romId_, manId);
+ return !ds2465.computeSlaveSecretWithSwap(data, 0, DS2465::FullPage);
}
-bool SensorNode::checkProvisioned(bool & provisioned)
-{
- DS28E15_22_25::BlockProtection protectionStatus;
+bool SensorNode::checkProvisioned(bool & provisioned) {
+ DS28E15::BlockProtection protectionStatus;
bool result;
-
-
- result = (ds28e15.readBlockProtection(0, protectionStatus) == OneWireSlave::Success);
- if (result)
- {
- if (!protectionStatus.noProtection())
- {
- result = (ds28e15.readSegment(authData.pageNum, authData.segmentNum, authData.segment) == OneWireSlave::Success);
+
+ result = !ds28e15.readBlockProtection(0, protectionStatus);
+ if (result) {
+ if (!protectionStatus.noProtection()) {
+ result = !ds28e15.readSegment(authData.pageNum, authData.segmentNum,
+ authData.segment);
if (result)
provisioned = true;
- }
- else
- {
+ } else {
provisioned = false;
}
}
return result;
}
-bool SensorNode::checkAuthentic(unsigned int userEntropy)
-{
- DS28E15_22_25::Scratchpad challenge;
- DS28E15_22_25::Page pageData;
-
+bool SensorNode::checkAuthentic(unsigned int userEntropy) {
+ DS28E15::Scratchpad challenge;
+ DS28E15::Page pageData;
+
// Read page data
- if (ds28e15.readPage(authData.pageNum, pageData, false) != OneWireSlave::Success)
+ if (ds28e15.readPage(authData.pageNum, pageData))
return false;
-
+
// Create random challenge
// Use hardare RNG on MAX32600
-#ifdef TARGET_MAX32600
+#ifdef TARGET_MAX32600
MXC_TPU->prng_user_entropy = userEntropy;
#else
std::srand(userEntropy);
#endif
- for (size_t i = 0; i < challenge.size(); i++)
- {
+ for (size_t i = 0; i < challenge.size(); i++) {
#ifdef TARGET_MAX32600
challenge[i] = MXC_TPU->prng_rnd_num;
#else
- challenge[i] = std::rand();
+ challenge[i] = std::rand();
#endif
}
// Write challenge to scratchpad
- if (ds28e15.writeScratchpad(challenge) != OneWireSlave::Success)
+ if (ds28e15.writeScratchpad(challenge))
return false;
// Have device compute MAC
- DS28E15_22_25::Mac nodeMac;
- if (ds28e15.computeReadPageMac(0, false, nodeMac) != OneWireSlave::Success)
+ Sha256::Hash nodeMac;
+ if (ds28e15.computeReadPageMac(0, false, nodeMac))
return false;
// Compute expected MAC
- DS28E15_22_25::Mac controllerMac;
- if (DS28E15_22_25::computeAuthMac(ds2465, pageData, authData.pageNum, challenge, ds28e15.romId(), ds28e15.manId(), controllerMac) != ISha256MacCoproc::Success)
+ const Sha256::AuthMacData controllerMacData = DS28E15::createAuthMacData(
+ pageData, authData.pageNum, challenge, romId_, manId);
+ Sha256::Hash controllerMac;
+ if (ds2465.computeAuthMac(controllerMacData, controllerMac))
return false;
// Check if authentic
return (nodeMac == controllerMac);
}
-bool SensorNode::readSensorData(SensorData & sensorData)
-{
+bool SensorNode::readSensorData(SensorData & sensorData) {
bool result;
int8_t temp;
-
+
// Read temperature sensor
result = (ds7505.read_current_temp(temp) == DS7505::Success);
-
- if (result)
- {
+
+ if (result) {
sensorData.temp = temp;
-
+
// Read light sensor
double currentLux;
result = (max44009.read_current_lux(currentLux) == MAX44009::Success);
- if (result)
- {
+ if (result) {
// Convert lux to remaining filter life
- sensorData.filterLife = (unsigned int)((currentLux / m_initialLux) * 100);
+ sensorData.filterLife =
+ static_cast<uint8_t>((currentLux / initialLux_) * 100);
}
}
-
+
return result;
}
-bool SensorNode::checkAndWriteAuthData(SensorData & sensorData)
-{
+bool SensorNode::checkAndWriteAuthData(SensorData & sensorData) {
bool result = true;
-
- if (sensorData.filterLife > authData.filterLife)
- {
- sensorData.filterLife = authData.filterLife;
+
+ if (sensorData.filterLife > authData.filterLife()) {
+ sensorData.filterLife = authData.filterLife();
+ } else if (sensorData.filterLife < authData.filterLife()) {
+ AuthData newAuthData = authData;
+ newAuthData.filterLife() = sensorData.filterLife;
+ const Sha256::WriteMacData macData = DS28E15::createSegmentWriteMacData(
+ authData.pageNum, authData.segmentNum, newAuthData.segment,
+ authData.segment, romId_, manId);
+ Sha256::Hash mac;
+ result = !ds2465.computeWriteMac(macData, mac);
+ if (result)
+ result = !ds28e15.writeAuthSegment(authData.pageNum, authData.segmentNum,
+ newAuthData.segment, mac);
+ if (result)
+ authData = newAuthData;
}
- else if (sensorData.filterLife < authData.filterLife)
- {
- AuthData oldAuthData(authData);
- authData.filterLife = sensorData.filterLife;
- // Write new filter life to DS28E15
- result = (ds28e15.writeAuthSegment(ds2465, authData.pageNum, authData.segmentNum, authData.segment, oldAuthData.segment, false) == OneWireSlave::Success);
- }
-
+
return result;
}
-SensorNode::State SensorNode::detect(unsigned int userEntropy)
-{
+SensorNode::State SensorNode::detect(unsigned int userEntropy) {
bool provisioned;
-
- ds2465.OWSetSpeed(DS2465::OverdriveSpeed);
-
- RomId romId;
- if (OWReadRom(ds2465, romId) != OneWireMaster::Success)
+
+ ds2465.setSpeed(DS2465::OverdriveSpeed);
+
+ if (readRom(ds2465, romId_))
return UnableToCommunicate;
- ds28e15.setRomId(romId);
-
+
if (!checkProvisioned(provisioned))
return UnableToCommunicate;
-
+
if (!provisioned)
- return NotProvisioned;
-
+ return NotProvisioned;
+
if (!setSecret())
return UnableToCommunicate;
-
+
if (!checkAuthentic(userEntropy))
return NotAuthentic;
-
+
if (!initializeSensors())
return UnableToCommunicate;
-
+
return Authentic;
}
-SensorNode::State SensorNode::authenticatedReadSensorData(unsigned int userEntropy, SensorData & sensorData)
-{
- ds2465.OWSetSpeed(DS2465::OverdriveSpeed);
-
+SensorNode::State
+SensorNode::authenticatedReadSensorData(unsigned int userEntropy,
+ SensorData & sensorData) {
+ ds2465.setSpeed(DS2465::OverdriveSpeed);
+
if (!setSecret())
return UnableToCommunicate;
-
+
if (!checkAuthentic(userEntropy))
return NotAuthentic;
-
+
if (!readSensorData(sensorData))
return UnableToCommunicate;
-
+
if (!checkAndWriteAuthData(sensorData))
return NotAuthentic;
-
+
return Authentic;
}
\ No newline at end of file
Repository toolbox
| Export to desktop IDE |
| Build repository |
Repository details
| Type: | Program |
|---|---|
| Mbed OS support: | Mbed 2 deprecated |
| Created: | 13 Apr 2016 |
| Imports: | 94 |
| Forks: | 0 |
| Commits: | 36 |
| Dependents: | 0 |
| Dependencies: | 2 |
| Followers: | 65 |
MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification