Maxim Integrated / Mbed 2 deprecated DeepCover Embedded Security in IoT

MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification

Dependencies:   MaximInterface mbed

The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.

More information about the MAXREFDES143# is available on the Maxim Integrated website.

Files at this revision

API Documentation at this revision

Revision 8:594529956266, committed 2016-05-14

Comitter:
IanBenzMaxim
Date:
Sat May 14 14:28:31 2016 -0500
Parent:
7:e24f0b29f1f7
Child:
9:bc3d211d75ce
Commit message:
Updated following downstream restructuring in OneWire library.

Changed in this revision

Factory.cpp Show annotated file Show diff for this revision Revisions of this file
Factory.hpp Show annotated file Show diff for this revision Revisions of this file
SensorNode.cpp Show annotated file Show diff for this revision Revisions of this file
SensorNode.hpp Show annotated file Show diff for this revision Revisions of this file
WebServerInterface.cpp Show annotated file Show diff for this revision Revisions of this file
WebServerInterface.hpp Show annotated file Show diff for this revision Revisions of this file
main.cpp Show annotated file Show diff for this revision Revisions of this file 
--- a/Factory.cpp	Fri May 13 14:54:04 2016 -0500
+++ b/Factory.cpp	Sat May 14 14:28:31 2016 -0500
@@ -34,15 +34,13 @@
 #include "Factory.hpp"
 #include "SensorNode.hpp"
 #include "common.hpp"
+#include "RomCommands.h"
 #include "Masters/DS2465/DS2465.h"
 #include "Authenticators/DS28E15_22_25/DS28E15_22_25.h"
 #include "wait_api.h"
 
-using OneWire::Masters::OneWireMaster;
-using OneWire::Masters::DS2465;
-using OneWire::OneWireSlave;
-using OneWire::Authenticators::DS28E15_22_25;
-using OneWire::Authenticators::ISha256MacCoproc;
+using namespace OneWire;
+using namespace OneWire::RomCommands;
 
 const uint8_t Factory::masterSecret[] = { 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x21,
                                               0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x31, 0x32 };
@@ -82,7 +80,7 @@
   DS28E15_22_25::BlockProtection protectionStatus;
   bool result;
   // Select device through Skip ROM
-  result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+  result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   if (result)
     result = (sensorNode.ds28e15_22_25.readBlockProtection(blockNum, protectionStatus) == OneWireSlave::Success);
   // Check if invalid protections are set
@@ -90,13 +88,13 @@
     result = ((protectionStatus.statusByte() & ~(desiredProtection.statusByte())) == 0x00);
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Load secret into scratchpad
   if (result)
     result = (sensorNode.ds28e15_22_25.writeScratchpad(validSecret ? masterSecret : invalidMasterSecret) == OneWireSlave::Success);
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Load master secret from scratchpad without locking
   if (result)
     result = (sensorNode.ds28e15_22_25.loadSecret(false) == OneWireSlave::Success);
@@ -112,19 +110,19 @@
   
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Read page data
   if (result)
     result = (sensorNode.ds28e15_22_25.readPage(sensorNode.authData.pageNum, pageData, false) == OneWireSlave::Success);
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Load partial secret into scratchpad
   if (result)
     result = (sensorNode.ds28e15_22_25.writeScratchpad(partialSecret) == OneWireSlave::Success);
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Compute secret
   if (result)
     result = (sensorNode.ds28e15_22_25.computeSecret(sensorNode.authData.pageNum, false) == OneWireSlave::Success);
@@ -133,13 +131,13 @@
     result = (DS28E15_22_25::computeNextSecret(sensorNode.ds2465, pageData, sensorNode.authData.pageNum, partialSecret, sensorNode.ds28e15_22_25.romId, sensorNode.ds28e15_22_25.manId) == ISha256MacCoproc::Success);
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Enable authentication protection if not set
   if (result && (protectionStatus != desiredProtection))
     result = (sensorNode.ds28e15_22_25.writeAuthBlockProtection(sensorNode.ds2465, desiredProtection, protectionStatus) == OneWireSlave::Success);
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Write initial filter life and set all other segments to default value
   if (result)
   {
@@ -147,7 +145,7 @@
     std::memset(blankSegment, SensorNode::defaultPaddingByte, blankSegment.length);
     for (size_t i = 0; i < DS28E15_22_25::segmentsPerPage; i++)
     {
-      result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+      result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
       if (result)
         result = (sensorNode.ds28e15_22_25.writeAuthSegment(sensorNode.ds2465, sensorNode.authData.pageNum, i,
                                                             ((i == sensorNode.authData.segmentNum) ? sensorNode.authData.segment : blankSegment),
@@ -161,31 +159,31 @@
   // Reload secret with known page values
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Load master secret into scratchpad
   if (result)
     result = (sensorNode.ds28e15_22_25.writeScratchpad(masterSecret) == OneWireSlave::Success);
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Load master secret
   if (result)
     result = (sensorNode.ds28e15_22_25.loadSecret(false) == OneWireSlave::Success);
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Read page data
   if (result)
     result = (sensorNode.ds28e15_22_25.readPage(sensorNode.authData.pageNum, pageData, false) == OneWireSlave::Success);
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Write partial secret to scratchpad
   if (result)
     result = (sensorNode.ds28e15_22_25.writeScratchpad(partialSecret) == OneWireSlave::Success);
   // Select device through Skip ROM
   if (result)
-    result = (sensorNode.ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Compute secret
   if (result)
     result = (sensorNode.ds28e15_22_25.computeSecret(sensorNode.authData.pageNum, false) == OneWireSlave::Success);

--- a/Factory.hpp	Fri May 13 14:54:04 2016 -0500
+++ b/Factory.hpp	Sat May 14 14:28:31 2016 -0500
@@ -36,7 +36,7 @@
 
 #include <stdint.h>
 
-namespace OneWire { namespace Masters { class DS2465; } }
+namespace OneWire { class DS2465; }
 class SensorNode;
 
 /// Represents the secure factory that will perform the initial provisioning of
@@ -46,7 +46,7 @@
 public:
   /// Provision the DS2465 on a Controller.
   /// @returns True on success.
-  bool provision(OneWire::Masters::DS2465 & ds2465);
+  bool provision(OneWire::DS2465 & ds2465);
   
   /// Provision the DS28E15 on a Sensor Node.
   /// @param validSecret True to provision using the valid system secret or false to imitate an invalid Controller.

--- a/SensorNode.cpp	Fri May 13 14:54:04 2016 -0500
+++ b/SensorNode.cpp	Sat May 14 14:28:31 2016 -0500
@@ -33,6 +33,7 @@
 
 #include "SensorNode.hpp"
 #include "common.hpp"
+#include "RomCommands.h"
 #include "Masters/DS2465/DS2465.h"
 #include "I2C.h"
 
@@ -44,11 +45,8 @@
 #include <cstdlib>
 #endif
 
-using OneWire::Masters::OneWireMaster;
-using OneWire::Masters::DS2465;
-using OneWire::OneWireSlave;
-using OneWire::Authenticators::DS28E15_22_25;
-using OneWire::Authenticators::ISha256MacCoproc;
+using namespace OneWire;
+using namespace OneWire::RomCommands;
 
 bool SensorNode::rngInitialized = false;
 
@@ -101,7 +99,7 @@
   bool result;
   
   // Select device through Skip ROM
-  result = (ds2465.OWSkipRom() == OneWireMaster::Success);
+  result = (OWSkipRom(ds2465) == OneWireMaster::Success);
   if (result)
     result = (ds28e15_22_25.readBlockProtection(0, protectionStatus) == OneWireSlave::Success);
   if (result)
@@ -109,7 +107,7 @@
     if (!protectionStatus.noProtection())
     {
       // Select device through Skip ROM
-      result = (ds2465.OWSkipRom() == OneWireMaster::Success);
+      result = (OWSkipRom(ds2465) == OneWireMaster::Success);
       if (result)
         result = (ds28e15_22_25.readSegment(authData.pageNum, authData.segmentNum, authData.segment) == OneWireSlave::Success);
       if (result)
@@ -129,7 +127,7 @@
   DS28E15_22_25::Page pageData;
   
   // Select device through Skip ROM
-  if (ds2465.OWSkipRom() != OneWireMaster::Success)
+  if (OWSkipRom(ds2465) != OneWireMaster::Success)
     return false;
   // Read page data
   if (ds28e15_22_25.readPage(authData.pageNum, pageData, false) != OneWireSlave::Success)
@@ -152,13 +150,13 @@
   }
 
   // Select device through Skip ROM
-  if (ds2465.OWSkipRom() != OneWireMaster::Success)
+  if (OWSkipRom(ds2465) != OneWireMaster::Success)
     return false;
   // Write challenge to scratchpad
   if (ds28e15_22_25.writeScratchpad(challenge) != OneWireSlave::Success)
     return false;
   // Select device through Skip ROM
-  if (ds2465.OWSkipRom() != OneWireMaster::Success)
+  if (OWSkipRom(ds2465) != OneWireMaster::Success)
     return false;
   // Have device compute MAC
   DS28E15_22_25::Mac nodeMac;
@@ -210,7 +208,7 @@
     AuthData oldAuthData(authData);
     authData.filterLife = sensorData.filterLife;
     // Select device through Skip ROM
-    result = (ds2465.OWSkipRom() == OneWireMaster::Success);
+    result = (OWSkipRom(ds2465) == OneWireMaster::Success);
     // Write new filter life to DS28E15
     if (result)
       result = (ds28e15_22_25.writeAuthSegment(ds2465, authData.pageNum, authData.segmentNum, authData.segment, oldAuthData.segment, false) == OneWireSlave::Success);
@@ -225,7 +223,7 @@
   
   ds2465.OWSetSpeed(DS2465::OverdriveSpeed);
   
-  if (ds2465.OWReadRom(ds28e15_22_25.romId) != OneWireMaster::Success)
+  if (OWReadRom(ds2465, ds28e15_22_25.romId) != OneWireMaster::Success)
     return UnableToCommunicate;
   
   if (!checkProvisioned(provisioned))

--- a/SensorNode.hpp	Fri May 13 14:54:04 2016 -0500
+++ b/SensorNode.hpp	Sat May 14 14:28:31 2016 -0500
@@ -45,7 +45,7 @@
 namespace OneWire
 {
   class RomId;
-  namespace Masters { class DS2465; }
+  class DS2465;
 }
 namespace mbed { class I2C; }
 
@@ -65,7 +65,7 @@
   /// @param ds7505_i2c_addr I2C bus address of the DS7505 in mbed format.
   /// @param max44009_i2c_addr I2C bus address of the MAX44009 in mbed format.
   /// @param ds2465 Interface to DS2465 on the Controller.
-  SensorNode(mbed::I2C & i2c, uint8_t ds7505_i2c_addr, uint8_t max44009_i2c_addr, OneWire::Masters::DS2465 & ds2465);
+  SensorNode(mbed::I2C & i2c, uint8_t ds7505_i2c_addr, uint8_t max44009_i2c_addr, OneWire::DS2465 & ds2465);
   
   /// Detect if an authentic Sensor Node is connected.
   /// @param userEntropy Additional entropy to supply to the RNG.
@@ -97,7 +97,7 @@
   struct AuthData
   {
     static const uint8_t initialFilterLife = 100;
-    OneWire::Authenticators::DS28E15_22_25::Segment segment;
+    OneWire::DS28E15_22_25::Segment segment;
     uint8_t & filterLife;
     unsigned int pageNum, segmentNum;
     
@@ -126,10 +126,10 @@
   AuthData authData;
   
   // Hardware interfaces
-  OneWire::Authenticators::DS28E15_22_25 ds28e15_22_25; ///< DS28E15 for authentication.
+  OneWire::DS28E15_22_25 ds28e15_22_25; ///< DS28E15 for authentication.
   DS7505 ds7505; ///< DS7505 temperature sensor.
   MAX44009 max44009; ///< MAX44009 optical light sensor.
-  OneWire::Masters::DS2465 & ds2465; ///< Interface to DS2465 on Controller.
+  OneWire::DS2465 & ds2465; ///< Interface to DS2465 on Controller.
   
   /// Initialize sensors for measurement.
   /// @returns True on success.

--- a/WebServerInterface.cpp	Fri May 13 14:54:04 2016 -0500
+++ b/WebServerInterface.cpp	Sat May 14 14:28:31 2016 -0500
@@ -40,7 +40,7 @@
 #include "Serial.h"
 #include "wait_api.h"
 
-using OneWire::Authenticators::ISha256MacCoproc;
+using OneWire::ISha256MacCoproc;
 
 const char WebServerInterface::wifiSsid[] = "WifiSsid";
 const char WebServerInterface::wifiPassword[] = "WifiPassword";

--- a/WebServerInterface.hpp	Fri May 13 14:54:04 2016 -0500
+++ b/WebServerInterface.hpp	Sat May 14 14:28:31 2016 -0500
@@ -44,7 +44,7 @@
 };
 
 namespace mbed { class Serial; }
-namespace OneWire { namespace Authenticators { class ISha256MacCoproc; } }
+namespace OneWire { class ISha256MacCoproc; }
 class ESP8266;
 struct SensorData;
 
@@ -70,7 +70,7 @@
   /// @postData Message body as determined by the event message type.
   /// @setSecret True if the Transport Secret needs to be selected in the coprocessor.
   /// @returns True on success.
-  bool authPostHttpEvent(OneWire::Authenticators::ISha256MacCoproc & macCoproc, PostEvent event, const std::string & postData, bool setSecret);
+  bool authPostHttpEvent(OneWire::ISha256MacCoproc & macCoproc, PostEvent event, const std::string & postData, bool setSecret);
   
   /// Format sensor data as text suitable for use in a POST body.
   /// @param sensorData Sensor data to format.

--- a/main.cpp	Fri May 13 14:54:04 2016 -0500
+++ b/main.cpp	Sat May 14 14:28:31 2016 -0500
@@ -44,7 +44,7 @@
 #include "mbed.h"
 
 using OneWire::RomId;
-using OneWire::Masters::DS2465;
+using OneWire::DS2465;
 
 /// Main status for the program.
 enum Status