Maxim Integrated / Mbed 2 deprecated DeepCover Embedded Security in IoT

MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification

Dependencies:   MaximInterface mbed

The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.

More information about the MAXREFDES143# is available on the Maxim Integrated website.

Files at this revision

API Documentation at this revision

Revision 9:bc3d211d75ce, committed 2016-05-16

Comitter:
IanBenzMaxim
Date:
Mon May 16 10:36:49 2016 -0500
Parent:
8:594529956266
Child:
10:5eb19685b496
Commit message:
Updated following downstream restructuring in OneWire library.

Changed in this revision

ESP8266.cpp Show annotated file Show diff for this revision Revisions of this file
Factory.cpp Show annotated file Show diff for this revision Revisions of this file
SensorNode.cpp Show annotated file Show diff for this revision Revisions of this file
SensorNode.hpp Show annotated file Show diff for this revision Revisions of this file
WebServerInterface.cpp Show annotated file Show diff for this revision Revisions of this file 
--- a/ESP8266.cpp	Sat May 14 14:28:31 2016 -0500
+++ b/ESP8266.cpp	Mon May 16 10:36:49 2016 -0500
@@ -86,7 +86,7 @@
   if (resetPin.is_connected())
   {
     resetPin = 0;
-    wait_ms(10);
+    wait_ms(100);
     resetPin = 1;
     wait_ms(1000);
   }

--- a/Factory.cpp	Sat May 14 14:28:31 2016 -0500
+++ b/Factory.cpp	Mon May 16 10:36:49 2016 -0500
@@ -34,13 +34,11 @@
 #include "Factory.hpp"
 #include "SensorNode.hpp"
 #include "common.hpp"
-#include "RomCommands.h"
 #include "Masters/DS2465/DS2465.h"
 #include "Authenticators/DS28E15_22_25/DS28E15_22_25.h"
 #include "wait_api.h"
 
 using namespace OneWire;
-using namespace OneWire::RomCommands;
 
 const uint8_t Factory::masterSecret[] = { 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x21,
                                               0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x31, 0x32 };
@@ -79,22 +77,14 @@
   // Read current protection status
   DS28E15_22_25::BlockProtection protectionStatus;
   bool result;
-  // Select device through Skip ROM
-  result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
-  if (result)
-    result = (sensorNode.ds28e15_22_25.readBlockProtection(blockNum, protectionStatus) == OneWireSlave::Success);
+  // Read block protections
+  result = (sensorNode.ds28e15_22_25.readBlockProtection(blockNum, protectionStatus) == OneWireSlave::Success);
   // Check if invalid protections are set
   if (result)
     result = ((protectionStatus.statusByte() & ~(desiredProtection.statusByte())) == 0x00);
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Load secret into scratchpad
   if (result)
     result = (sensorNode.ds28e15_22_25.writeScratchpad(validSecret ? masterSecret : invalidMasterSecret) == OneWireSlave::Success);
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Load master secret from scratchpad without locking
   if (result)
     result = (sensorNode.ds28e15_22_25.loadSecret(false) == OneWireSlave::Success);
@@ -108,36 +98,21 @@
   DS28E15_22_25::Page pageData;
   std::memset(partialSecret, SensorNode::defaultPaddingByte, partialSecret.length);
   
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Read page data
   if (result)
     result = (sensorNode.ds28e15_22_25.readPage(sensorNode.authData.pageNum, pageData, false) == OneWireSlave::Success);
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Load partial secret into scratchpad
   if (result)
     result = (sensorNode.ds28e15_22_25.writeScratchpad(partialSecret) == OneWireSlave::Success);
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Compute secret
   if (result)
     result = (sensorNode.ds28e15_22_25.computeSecret(sensorNode.authData.pageNum, false) == OneWireSlave::Success);
   // Configure slave secret on DS2465
   if (result)
     result = (DS28E15_22_25::computeNextSecret(sensorNode.ds2465, pageData, sensorNode.authData.pageNum, partialSecret, sensorNode.ds28e15_22_25.romId, sensorNode.ds28e15_22_25.manId) == ISha256MacCoproc::Success);
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Enable authentication protection if not set
   if (result && (protectionStatus != desiredProtection))
     result = (sensorNode.ds28e15_22_25.writeAuthBlockProtection(sensorNode.ds2465, desiredProtection, protectionStatus) == OneWireSlave::Success);
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Write initial filter life and set all other segments to default value
   if (result)
   {
@@ -145,11 +120,9 @@
     std::memset(blankSegment, SensorNode::defaultPaddingByte, blankSegment.length);
     for (size_t i = 0; i < DS28E15_22_25::segmentsPerPage; i++)
     {
-      result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
-      if (result)
-        result = (sensorNode.ds28e15_22_25.writeAuthSegment(sensorNode.ds2465, sensorNode.authData.pageNum, i,
-                                                            ((i == sensorNode.authData.segmentNum) ? sensorNode.authData.segment : blankSegment),
-                                                            pageData.toSegment(i), false) == OneWireSlave::Success);
+      result = (sensorNode.ds28e15_22_25.writeAuthSegment(sensorNode.ds2465, sensorNode.authData.pageNum, i,
+                                                          ((i == sensorNode.authData.segmentNum) ? sensorNode.authData.segment : blankSegment),
+                                                          pageData.toSegment(i), false) == OneWireSlave::Success);
       
       if (!result)
         break;
@@ -157,33 +130,18 @@
   }
   
   // Reload secret with known page values
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Load master secret into scratchpad
   if (result)
     result = (sensorNode.ds28e15_22_25.writeScratchpad(masterSecret) == OneWireSlave::Success);
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Load master secret
   if (result)
     result = (sensorNode.ds28e15_22_25.loadSecret(false) == OneWireSlave::Success);
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Read page data
   if (result)
     result = (sensorNode.ds28e15_22_25.readPage(sensorNode.authData.pageNum, pageData, false) == OneWireSlave::Success);
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Write partial secret to scratchpad
   if (result)
     result = (sensorNode.ds28e15_22_25.writeScratchpad(partialSecret) == OneWireSlave::Success);
-  // Select device through Skip ROM
-  if (result)
-    result = (OWSkipRom(sensorNode.ds2465) == OneWireMaster::Success);
   // Compute secret
   if (result)
     result = (sensorNode.ds28e15_22_25.computeSecret(sensorNode.authData.pageNum, false) == OneWireSlave::Success);

--- a/SensorNode.cpp	Sat May 14 14:28:31 2016 -0500
+++ b/SensorNode.cpp	Mon May 16 10:36:49 2016 -0500
@@ -33,7 +33,6 @@
 
 #include "SensorNode.hpp"
 #include "common.hpp"
-#include "RomCommands.h"
 #include "Masters/DS2465/DS2465.h"
 #include "I2C.h"
 
@@ -46,7 +45,6 @@
 #endif
 
 using namespace OneWire;
-using namespace OneWire::RomCommands;
 
 bool SensorNode::rngInitialized = false;
 
@@ -62,7 +60,7 @@
 }
 
 SensorNode::SensorNode(mbed::I2C & i2c, uint8_t ds7505_i2c_addr, uint8_t max44009_i2c_addr, DS2465 & ds2465)
-  : m_initialLux(1), ds28e15_22_25(ds2465), ds7505(i2c, ds7505_i2c_addr), max44009(i2c, max44009_i2c_addr), ds2465(ds2465)
+  : m_initialLux(1),ds2465(ds2465), selector(ds2465), ds28e15_22_25(selector), ds7505(i2c, ds7505_i2c_addr), max44009(i2c, max44009_i2c_addr)
 {
   if (!rngInitialized)
   {
@@ -98,18 +96,13 @@
   DS28E15_22_25::BlockProtection protectionStatus;
   bool result;
   
-  // Select device through Skip ROM
-  result = (OWSkipRom(ds2465) == OneWireMaster::Success);
-  if (result)
-    result = (ds28e15_22_25.readBlockProtection(0, protectionStatus) == OneWireSlave::Success);
+  
+  result = (ds28e15_22_25.readBlockProtection(0, protectionStatus) == OneWireSlave::Success);
   if (result)
   {
     if (!protectionStatus.noProtection())
     {
-      // Select device through Skip ROM
-      result = (OWSkipRom(ds2465) == OneWireMaster::Success);
-      if (result)
-        result = (ds28e15_22_25.readSegment(authData.pageNum, authData.segmentNum, authData.segment) == OneWireSlave::Success);
+      result = (ds28e15_22_25.readSegment(authData.pageNum, authData.segmentNum, authData.segment) == OneWireSlave::Success);
       if (result)
         provisioned = true;
     }
@@ -126,9 +119,6 @@
   DS28E15_22_25::Scratchpad challenge;
   DS28E15_22_25::Page pageData;
   
-  // Select device through Skip ROM
-  if (OWSkipRom(ds2465) != OneWireMaster::Success)
-    return false;
   // Read page data
   if (ds28e15_22_25.readPage(authData.pageNum, pageData, false) != OneWireSlave::Success)
     return false;
@@ -149,15 +139,9 @@
 #endif
   }
 
-  // Select device through Skip ROM
-  if (OWSkipRom(ds2465) != OneWireMaster::Success)
-    return false;
   // Write challenge to scratchpad
   if (ds28e15_22_25.writeScratchpad(challenge) != OneWireSlave::Success)
     return false;
-  // Select device through Skip ROM
-  if (OWSkipRom(ds2465) != OneWireMaster::Success)
-    return false;
   // Have device compute MAC
   DS28E15_22_25::Mac nodeMac;
   if (ds28e15_22_25.computeReadPageMac(0, false, nodeMac) != OneWireSlave::Success)
@@ -207,11 +191,8 @@
   {
     AuthData oldAuthData(authData);
     authData.filterLife = sensorData.filterLife;
-    // Select device through Skip ROM
-    result = (OWSkipRom(ds2465) == OneWireMaster::Success);
     // Write new filter life to DS28E15
-    if (result)
-      result = (ds28e15_22_25.writeAuthSegment(ds2465, authData.pageNum, authData.segmentNum, authData.segment, oldAuthData.segment, false) == OneWireSlave::Success);
+    result = (ds28e15_22_25.writeAuthSegment(ds2465, authData.pageNum, authData.segmentNum, authData.segment, oldAuthData.segment, false) == OneWireSlave::Success);
   }
   
   return result;
@@ -223,7 +204,7 @@
   
   ds2465.OWSetSpeed(DS2465::OverdriveSpeed);
   
-  if (OWReadRom(ds2465, ds28e15_22_25.romId) != OneWireMaster::Success)
+  if (ds2465.OWReadRom(ds28e15_22_25.romId) != OneWireMaster::Success)
     return UnableToCommunicate;
   
   if (!checkProvisioned(provisioned))

--- a/SensorNode.hpp	Sat May 14 14:28:31 2016 -0500
+++ b/SensorNode.hpp	Mon May 16 10:36:49 2016 -0500
@@ -126,10 +126,11 @@
   AuthData authData;
   
   // Hardware interfaces
+  OneWire::DS2465 & ds2465; ///< Interface to DS2465 on Controller.
+  OneWire::SingledropRomIterator selector;
   OneWire::DS28E15_22_25 ds28e15_22_25; ///< DS28E15 for authentication.
   DS7505 ds7505; ///< DS7505 temperature sensor.
   MAX44009 max44009; ///< MAX44009 optical light sensor.
-  OneWire::DS2465 & ds2465; ///< Interface to DS2465 on Controller.
   
   /// Initialize sensors for measurement.
   /// @returns True on success.

--- a/WebServerInterface.cpp	Sat May 14 14:28:31 2016 -0500
+++ b/WebServerInterface.cpp	Mon May 16 10:36:49 2016 -0500
@@ -42,9 +42,9 @@
 
 using OneWire::ISha256MacCoproc;
 
-const char WebServerInterface::wifiSsid[] = "WifiSsid";
-const char WebServerInterface::wifiPassword[] = "WifiPassword";
-const char WebServerInterface::serverAddress[] = "website.com";
+const char WebServerInterface::wifiSsid[] = "XT1095 8406";
+const char WebServerInterface::wifiPassword[] = "IanABenz";
+const char WebServerInterface::serverAddress[] = "www.mxim-security.us";
 const unsigned int WebServerInterface::serverPort = 80;
 const char WebServerInterface::serverPostPath[] = "/post.php";
 const char WebServerInterface::serverChallengePath[] = "/challenge.php";