MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification
Dependencies: MaximInterface mbed
The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.
More information about the MAXREFDES143# is available on the Maxim Integrated website.
Revision 9:bc3d211d75ce, committed 2016-05-16
- Comitter:
- IanBenzMaxim
- Date:
- Mon May 16 10:36:49 2016 -0500
- Parent:
- 8:594529956266
- Child:
- 10:5eb19685b496
- Commit message:
- Updated following downstream restructuring in OneWire library.
Changed in this revision
--- a/ESP8266.cpp Sat May 14 14:28:31 2016 -0500
+++ b/ESP8266.cpp Mon May 16 10:36:49 2016 -0500
@@ -86,7 +86,7 @@
if (resetPin.is_connected())
{
resetPin = 0;
- wait_ms(10);
+ wait_ms(100);
resetPin = 1;
wait_ms(1000);
}
--- a/Factory.cpp Sat May 14 14:28:31 2016 -0500
+++ b/Factory.cpp Mon May 16 10:36:49 2016 -0500
@@ -34,13 +34,11 @@
#include "Factory.hpp"
#include "SensorNode.hpp"
#include "common.hpp"
-#include "RomCommands.h"
#include "Masters/DS2465/DS2465.h"
#include "Authenticators/DS28E15_22_25/DS28E15_22_25.h"
#include "wait_api.h"
using namespace OneWire;
-using namespace OneWire::RomCommands;
const uint8_t Factory::masterSecret[] = { 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x21,
0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x31, 0x32 };
@@ -79,22 +77,14 @@
// Read current protection status
DS28E15_22_25::BlockProtection protectionStatus;
bool result;
- // Select device through Skip ROM
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
- if (result)
- result = (sensorNode.ds28e15_22_25.readBlockProtection(blockNum, protectionStatus) == OneWireSlave::Success);
+ // Read block protections
+ result = (sensorNode.ds28e15_22_25.readBlockProtection(blockNum, protectionStatus) == OneWireSlave::Success);
// Check if invalid protections are set
if (result)
result = ((protectionStatus.statusByte() & ~(desiredProtection.statusByte())) == 0x00);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Load secret into scratchpad
if (result)
result = (sensorNode.ds28e15_22_25.writeScratchpad(validSecret ? masterSecret : invalidMasterSecret) == OneWireSlave::Success);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Load master secret from scratchpad without locking
if (result)
result = (sensorNode.ds28e15_22_25.loadSecret(false) == OneWireSlave::Success);
@@ -108,36 +98,21 @@
DS28E15_22_25::Page pageData;
std::memset(partialSecret, SensorNode::defaultPaddingByte, partialSecret.length);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Read page data
if (result)
result = (sensorNode.ds28e15_22_25.readPage(sensorNode.authData.pageNum, pageData, false) == OneWireSlave::Success);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Load partial secret into scratchpad
if (result)
result = (sensorNode.ds28e15_22_25.writeScratchpad(partialSecret) == OneWireSlave::Success);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Compute secret
if (result)
result = (sensorNode.ds28e15_22_25.computeSecret(sensorNode.authData.pageNum, false) == OneWireSlave::Success);
// Configure slave secret on DS2465
if (result)
result = (DS28E15_22_25::computeNextSecret(sensorNode.ds2465, pageData, sensorNode.authData.pageNum, partialSecret, sensorNode.ds28e15_22_25.romId, sensorNode.ds28e15_22_25.manId) == ISha256MacCoproc::Success);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Enable authentication protection if not set
if (result && (protectionStatus != desiredProtection))
result = (sensorNode.ds28e15_22_25.writeAuthBlockProtection(sensorNode.ds2465, desiredProtection, protectionStatus) == OneWireSlave::Success);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Write initial filter life and set all other segments to default value
if (result)
{
@@ -145,11 +120,9 @@
std::memset(blankSegment, SensorNode::defaultPaddingByte, blankSegment.length);
for (size_t i = 0; i < DS28E15_22_25::segmentsPerPage; i++)
{
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
- if (result)
- result = (sensorNode.ds28e15_22_25.writeAuthSegment(sensorNode.ds2465, sensorNode.authData.pageNum, i,
- ((i == sensorNode.authData.segmentNum) ? sensorNode.authData.segment : blankSegment),
- pageData.toSegment(i), false) == OneWireSlave::Success);
+ result = (sensorNode.ds28e15_22_25.writeAuthSegment(sensorNode.ds2465, sensorNode.authData.pageNum, i,
+ ((i == sensorNode.authData.segmentNum) ? sensorNode.authData.segment : blankSegment),
+ pageData.toSegment(i), false) == OneWireSlave::Success);
if (!result)
break;
@@ -157,33 +130,18 @@
}
// Reload secret with known page values
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Load master secret into scratchpad
if (result)
result = (sensorNode.ds28e15_22_25.writeScratchpad(masterSecret) == OneWireSlave::Success);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Load master secret
if (result)
result = (sensorNode.ds28e15_22_25.loadSecret(false) == OneWireSlave::Success);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Read page data
if (result)
result = (sensorNode.ds28e15_22_25.readPage(sensorNode.authData.pageNum, pageData, false) == OneWireSlave::Success);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Write partial secret to scratchpad
if (result)
result = (sensorNode.ds28e15_22_25.writeScratchpad(partialSecret) == OneWireSlave::Success);
- // Select device through Skip ROM
- if (result)
- result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
// Compute secret
if (result)
result = (sensorNode.ds28e15_22_25.computeSecret(sensorNode.authData.pageNum, false) == OneWireSlave::Success);
--- a/SensorNode.cpp Sat May 14 14:28:31 2016 -0500
+++ b/SensorNode.cpp Mon May 16 10:36:49 2016 -0500
@@ -33,7 +33,6 @@
#include "SensorNode.hpp"
#include "common.hpp"
-#include "RomCommands.h"
#include "Masters/DS2465/DS2465.h"
#include "I2C.h"
@@ -46,7 +45,6 @@
#endif
using namespace OneWire;
-using namespace OneWire::RomCommands;
bool SensorNode::rngInitialized = false;
@@ -62,7 +60,7 @@
}
SensorNode::SensorNode(mbed::I2C & i2c, uint8_t ds7505_i2c_addr, uint8_t max44009_i2c_addr, DS2465 & ds2465)
- : m_initialLux(1), ds28e15_22_25(ds2465), ds7505(i2c, ds7505_i2c_addr), max44009(i2c, max44009_i2c_addr), ds2465(ds2465)
+ : m_initialLux(1),ds2465(ds2465), selector(ds2465), ds28e15_22_25(selector), ds7505(i2c, ds7505_i2c_addr), max44009(i2c, max44009_i2c_addr)
{
if (!rngInitialized)
{
@@ -98,18 +96,13 @@
DS28E15_22_25::BlockProtection protectionStatus;
bool result;
- // Select device through Skip ROM
- result = (OWSkipRom(ds2465) == OneWireMaster::Success);
- if (result)
- result = (ds28e15_22_25.readBlockProtection(0, protectionStatus) == OneWireSlave::Success);
+
+ result = (ds28e15_22_25.readBlockProtection(0, protectionStatus) == OneWireSlave::Success);
if (result)
{
if (!protectionStatus.noProtection())
{
- // Select device through Skip ROM
- result = (OWSkipRom(ds2465) == OneWireMaster::Success);
- if (result)
- result = (ds28e15_22_25.readSegment(authData.pageNum, authData.segmentNum, authData.segment) == OneWireSlave::Success);
+ result = (ds28e15_22_25.readSegment(authData.pageNum, authData.segmentNum, authData.segment) == OneWireSlave::Success);
if (result)
provisioned = true;
}
@@ -126,9 +119,6 @@
DS28E15_22_25::Scratchpad challenge;
DS28E15_22_25::Page pageData;
- // Select device through Skip ROM
- if (OWSkipRom(ds2465) != OneWireMaster::Success)
- return false;
// Read page data
if (ds28e15_22_25.readPage(authData.pageNum, pageData, false) != OneWireSlave::Success)
return false;
@@ -149,15 +139,9 @@
#endif
}
- // Select device through Skip ROM
- if (OWSkipRom(ds2465) != OneWireMaster::Success)
- return false;
// Write challenge to scratchpad
if (ds28e15_22_25.writeScratchpad(challenge) != OneWireSlave::Success)
return false;
- // Select device through Skip ROM
- if (OWSkipRom(ds2465) != OneWireMaster::Success)
- return false;
// Have device compute MAC
DS28E15_22_25::Mac nodeMac;
if (ds28e15_22_25.computeReadPageMac(0, false, nodeMac) != OneWireSlave::Success)
@@ -207,11 +191,8 @@
{
AuthData oldAuthData(authData);
authData.filterLife = sensorData.filterLife;
- // Select device through Skip ROM
- result = (OWSkipRom(ds2465) == OneWireMaster::Success);
// Write new filter life to DS28E15
- if (result)
- result = (ds28e15_22_25.writeAuthSegment(ds2465, authData.pageNum, authData.segmentNum, authData.segment, oldAuthData.segment, false) == OneWireSlave::Success);
+ result = (ds28e15_22_25.writeAuthSegment(ds2465, authData.pageNum, authData.segmentNum, authData.segment, oldAuthData.segment, false) == OneWireSlave::Success);
}
return result;
@@ -223,7 +204,7 @@
ds2465.OWSetSpeed(DS2465::OverdriveSpeed);
- if (OWReadRom(ds2465, ds28e15_22_25.romId) != OneWireMaster::Success)
+ if (ds2465.OWReadRom(ds28e15_22_25.romId) != OneWireMaster::Success)
return UnableToCommunicate;
if (!checkProvisioned(provisioned))
--- a/SensorNode.hpp Sat May 14 14:28:31 2016 -0500 +++ b/SensorNode.hpp Mon May 16 10:36:49 2016 -0500 @@ -126,10 +126,11 @@ AuthData authData; // Hardware interfaces + OneWire::DS2465 & ds2465; ///< Interface to DS2465 on Controller. + OneWire::SingledropRomIterator selector; OneWire::DS28E15_22_25 ds28e15_22_25; ///< DS28E15 for authentication. DS7505 ds7505; ///< DS7505 temperature sensor. MAX44009 max44009; ///< MAX44009 optical light sensor. - OneWire::DS2465 & ds2465; ///< Interface to DS2465 on Controller. /// Initialize sensors for measurement. /// @returns True on success.
--- a/WebServerInterface.cpp Sat May 14 14:28:31 2016 -0500 +++ b/WebServerInterface.cpp Mon May 16 10:36:49 2016 -0500 @@ -42,9 +42,9 @@ using OneWire::ISha256MacCoproc; -const char WebServerInterface::wifiSsid[] = "WifiSsid"; -const char WebServerInterface::wifiPassword[] = "WifiPassword"; -const char WebServerInterface::serverAddress[] = "website.com"; +const char WebServerInterface::wifiSsid[] = "XT1095 8406"; +const char WebServerInterface::wifiPassword[] = "IanABenz"; +const char WebServerInterface::serverAddress[] = "www.mxim-security.us"; const unsigned int WebServerInterface::serverPort = 80; const char WebServerInterface::serverPostPath[] = "/post.php"; const char WebServerInterface::serverChallengePath[] = "/challenge.php";
MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification