MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification
Dependencies: MaximInterface mbed
The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.
More information about the MAXREFDES143# is available on the Maxim Integrated website.
Diff: SensorNode.hpp
- Revision:
- 1:e1c7c1c636af
- Child:
- 6:b6bafd0a7013
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/SensorNode.hpp Thu Apr 14 19:48:01 2016 +0000 @@ -0,0 +1,156 @@ +/******************************************************************************* +* Copyright (C) 2016 Maxim Integrated Products, Inc., All Rights Reserved. +* +* Permission is hereby granted, free of charge, to any person obtaining a +* copy of this software and associated documentation files (the "Software"), +* to deal in the Software without restriction, including without limitation +* the rights to use, copy, modify, merge, publish, distribute, sublicense, +* and/or sell copies of the Software, and to permit persons to whom the +* Software is furnished to do so, subject to the following conditions: +* +* The above copyright notice and this permission notice shall be included +* in all copies or substantial portions of the Software. +* +* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +* IN NO EVENT SHALL MAXIM INTEGRATED BE LIABLE FOR ANY CLAIM, DAMAGES +* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +* OTHER DEALINGS IN THE SOFTWARE. +* +* Except as contained in this notice, the name of Maxim Integrated +* Products, Inc. shall not be used except as stated in the Maxim Integrated +* Products, Inc. Branding Policy. +* +* The mere transfer of this software does not imply any licenses +* of trade secrets, proprietary technology, copyrights, patents, +* trademarks, maskwork rights, or any other form of intellectual +* property whatsoever. Maxim Integrated Products, Inc. retains all +* ownership rights. +******************************************************************************* +*/ + +#ifndef _SENSORNODE_HPP +#define _SENSORNODE_HPP + +#include <cstdint> +#include <cstring> + +#include "DS7505.hpp" +#include "MAX44009.hpp" +#include "OneWire_Memory/Authenticators/DS28E15_22_25/DS28E15_22_25.hpp" + +class DS2465; +class RomId; +class SensorData; +namespace mbed { class I2C; } + +/// Interface to the Authenticated Sensor Node peripheral board. +class SensorNode +{ +public: + enum State + { + UnableToCommunicate, ///< I2C or 1-Wire communication failure. + NotProvisioned, ///< DS28E15 has not been provisioned. + NotAuthentic, ///< DS28E15 is not authentic. + Authentic ///< DS218E15 is authentic. + }; + + /// @param i2c Configured I2C communication interface. + /// @param ds7505_i2c_addr I2C bus address of the DS7505 in mbed format. + /// @param max44009_i2c_addr I2C bus address of the MAX44009 in mbed format. + /// @param ds2465 Interface to DS2465 on the Controller. + SensorNode(mbed::I2C & i2c, std::uint8_t ds7505_i2c_addr, std::uint8_t max44009_i2c_addr, DS2465 & ds2465); + + /// Detect if an authentic Sensor Node is connected. + /// @param userEntropy Additional entropy to supply to the RNG. + /// @returns Authentic on success. + State detect(unsigned int userEntropy); + + /// Read the current temperature and filter life measurements with authentication. + /// @param userEntropy Additional entropy to supply to the RNG. + /// @param sensorData Measurements output location. + /// @returns Authentic on success. + State authenticatedReadSensorData(unsigned int userEntropy, SensorData & sensorData); + + /// Reads the current temperature and filter life measurements. + /// @param sensorData Measurements output location. + /// @returns True on success or false if unable to communicate with a sensor. + bool readSensorData(SensorData & sensorData); + + /// Get the ROM ID for this sensor node. + const RomId & romId() const { return ds28e15_22_25.romId; } + + /// Get the initial lux measurement for this sensor node. + double initialLux() const { return m_initialLux; } + + // Grant access to hardware interfaces for provisioning. + friend class Factory; + +private: + /// Authenticated data stored in DS28E15. + struct AuthData + { + static const std::uint8_t initialFilterLife = 100; + DS28E15_22_25::Segment segment; + std::uint8_t & filterLife; + unsigned int pageNum, segmentNum; + + AuthData() : filterLife(segment[0]), pageNum(0), segmentNum(0) { reset(); } + + void reset() + { + std::memset(segment, 0, segment.length); + filterLife = initialFilterLife; + } + }; + + /// Padding value used in creation of the Slave Secret. + static const std::uint8_t defaultPaddingByte = 0x00; + + /// Indicates hardware RNG is initialized. + static bool rngInitialized; + // Initialize the hardware RNG. + static void initializeRng(); + + /// Initial lux measurement taken on initialization. + /// Assumed to be the maximum intensity that will be observed. + double m_initialLux; + + /// Authenticated data stored on the DS28E15. + AuthData authData; + + // Hardware interfaces + DS28E15_22_25 ds28e15_22_25; ///< DS28E15 for authentication. + DS7505 ds7505; ///< DS7505 temperature sensor. + MAX44009 max44009; ///< MAX44009 optical light sensor. + DS2465 & ds2465; ///< Interface to DS2465 on Controller. + + /// Initialize sensors for measurement. + /// @returns True on success. + bool initializeSensors(); + + /// Select the Slave Secret for this Sensor Node in the Controller. + /// @returns True on success. + bool setSecret(); + + /// Check if the Sensor Board is provisioned. + /// @param provisioned True if the sensor board is provisioned. + /// @returns True if provisioning check was successful. + bool checkProvisioned(bool & provisioned); + + /// Check if the Sensor Board is authentic. + /// @param userEntropy Additional entropy to supply to the RNG. + /// @returns True if the Sensor Board passed the authentication check. + bool checkAuthentic(unsigned int userEntropy); + + /// Checks if the authenticated data stored in the DS28E15 needs to be updated. + /// Updates the authenticated data if necessary. + /// @param sensorData Current sensor data to check. + /// @returns True on success. + bool checkAndWriteAuthData(SensorData & sensorData); +}; + +#endif \ No newline at end of file