Maxim Integrated / Mbed 2 deprecated DeepCover Embedded Security in IoT

MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification

Dependencies:   MaximInterface mbed

The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.

More information about the MAXREFDES143# is available on the Maxim Integrated website.

Diff: SensorNode.hpp

Revision:
1:e1c7c1c636af
Child:
6:b6bafd0a7013
diff -r 19b8608fc4ee -r e1c7c1c636af SensorNode.hpp
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/SensorNode.hpp	Thu Apr 14 19:48:01 2016 +0000
@@ -0,0 +1,156 @@
+/*******************************************************************************
+* Copyright (C) 2016 Maxim Integrated Products, Inc., All Rights Reserved.
+*
+* Permission is hereby granted, free of charge, to any person obtaining a
+* copy of this software and associated documentation files (the "Software"),
+* to deal in the Software without restriction, including without limitation
+* the rights to use, copy, modify, merge, publish, distribute, sublicense,
+* and/or sell copies of the Software, and to permit persons to whom the
+* Software is furnished to do so, subject to the following conditions:
+*
+* The above copyright notice and this permission notice shall be included
+* in all copies or substantial portions of the Software.
+*
+* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+* IN NO EVENT SHALL MAXIM INTEGRATED BE LIABLE FOR ANY CLAIM, DAMAGES
+* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+* OTHER DEALINGS IN THE SOFTWARE.
+*
+* Except as contained in this notice, the name of Maxim Integrated
+* Products, Inc. shall not be used except as stated in the Maxim Integrated
+* Products, Inc. Branding Policy.
+*
+* The mere transfer of this software does not imply any licenses
+* of trade secrets, proprietary technology, copyrights, patents,
+* trademarks, maskwork rights, or any other form of intellectual
+* property whatsoever. Maxim Integrated Products, Inc. retains all
+* ownership rights.
+*******************************************************************************
+*/
+
+#ifndef _SENSORNODE_HPP
+#define _SENSORNODE_HPP
+
+#include <cstdint>
+#include <cstring>
+
+#include "DS7505.hpp"
+#include "MAX44009.hpp"
+#include "OneWire_Memory/Authenticators/DS28E15_22_25/DS28E15_22_25.hpp"
+
+class DS2465;
+class RomId;
+class SensorData;
+namespace mbed { class I2C; }
+
+/// Interface to the Authenticated Sensor Node peripheral board.
+class SensorNode
+{
+public:
+  enum State
+  {
+    UnableToCommunicate, ///< I2C or 1-Wire communication failure.
+    NotProvisioned, ///< DS28E15 has not been provisioned.
+    NotAuthentic, ///< DS28E15 is not authentic.
+    Authentic ///< DS218E15 is authentic.
+  };
+  
+  /// @param i2c Configured I2C communication interface.
+  /// @param ds7505_i2c_addr I2C bus address of the DS7505 in mbed format.
+  /// @param max44009_i2c_addr I2C bus address of the MAX44009 in mbed format.
+  /// @param ds2465 Interface to DS2465 on the Controller.
+  SensorNode(mbed::I2C & i2c, std::uint8_t ds7505_i2c_addr, std::uint8_t max44009_i2c_addr, DS2465 & ds2465);
+  
+  /// Detect if an authentic Sensor Node is connected.
+  /// @param userEntropy Additional entropy to supply to the RNG.
+  /// @returns Authentic on success.
+  State detect(unsigned int userEntropy);
+  
+  /// Read the current temperature and filter life measurements with authentication.
+  /// @param userEntropy Additional entropy to supply to the RNG.
+  /// @param sensorData Measurements output location.
+  /// @returns Authentic on success.
+  State authenticatedReadSensorData(unsigned int userEntropy, SensorData & sensorData);
+  
+  /// Reads the current temperature and filter life measurements.
+  /// @param sensorData Measurements output location.
+  /// @returns True on success or false if unable to communicate with a sensor.
+  bool readSensorData(SensorData & sensorData);
+  
+  /// Get the ROM ID for this sensor node.
+  const RomId & romId() const { return ds28e15_22_25.romId; }
+  
+  /// Get the initial lux measurement for this sensor node.
+  double initialLux() const { return m_initialLux; }
+  
+  // Grant access to hardware interfaces for provisioning.
+  friend class Factory;
+  
+private:
+  /// Authenticated data stored in DS28E15.
+  struct AuthData
+  {
+    static const std::uint8_t initialFilterLife = 100;
+    DS28E15_22_25::Segment segment;
+    std::uint8_t & filterLife;
+    unsigned int pageNum, segmentNum;
+    
+    AuthData() : filterLife(segment[0]), pageNum(0), segmentNum(0) { reset(); }
+    
+    void reset()
+    {
+      std::memset(segment, 0, segment.length);
+      filterLife = initialFilterLife;
+    }
+  };
+  
+  /// Padding value used in creation of the Slave Secret.
+  static const std::uint8_t defaultPaddingByte = 0x00;
+  
+  /// Indicates hardware RNG is initialized.
+  static bool rngInitialized;
+  // Initialize the hardware RNG.
+  static void initializeRng();
+  
+  /// Initial lux measurement taken on initialization.
+  /// Assumed to be the maximum intensity that will be observed.
+  double m_initialLux;
+  
+  /// Authenticated data stored on the DS28E15.
+  AuthData authData;
+  
+  // Hardware interfaces
+  DS28E15_22_25 ds28e15_22_25; ///< DS28E15 for authentication.
+  DS7505 ds7505; ///< DS7505 temperature sensor.
+  MAX44009 max44009; ///< MAX44009 optical light sensor.
+  DS2465 & ds2465; ///< Interface to DS2465 on Controller.
+  
+  /// Initialize sensors for measurement.
+  /// @returns True on success.
+  bool initializeSensors();
+  
+  /// Select the Slave Secret for this Sensor Node in the Controller.
+  /// @returns True on success.
+  bool setSecret();
+  
+  /// Check if the Sensor Board is provisioned.
+  /// @param provisioned True if the sensor board is provisioned.
+  /// @returns True if provisioning check was successful.
+  bool checkProvisioned(bool & provisioned);
+  
+  /// Check if the Sensor Board is authentic.
+  /// @param userEntropy Additional entropy to supply to the RNG.
+  /// @returns True if the Sensor Board passed the authentication check.
+  bool checkAuthentic(unsigned int userEntropy);
+  
+  /// Checks if the authenticated data stored in the DS28E15 needs to be updated.
+  /// Updates the authenticated data if necessary.
+  /// @param sensorData Current sensor data to check.
+  /// @returns True on success.
+  bool checkAndWriteAuthData(SensorData & sensorData);
+};
+
+#endif
\ No newline at end of file