Maxim Integrated / Mbed OS MAXREFDES155#

DeepCover Embedded Security in IoT: Public-key Secured Data Paths

Dependencies:   MaximInterface

The MAXREFDES155# is an internet-of-things (IoT) embedded-security reference design, built to authenticate and control a sensing node using elliptic-curve-based public-key cryptography with control and notification from a web server.

The hardware includes an ARM® mbed™ shield and attached sensor endpoint. The shield contains a DS2476 DeepCover® ECDSA/SHA-2 coprocessor, Wifi communication, LCD push-button controls, and status LEDs. The sensor endpoint is attached to the shield using a 300mm cable and contains a DS28C36 DeepCover ECDSA/SHA-2 authenticator, IR-thermal sensor, and aiming laser for the IR sensor. The MAXREFDES155# is equipped with a standard Arduino® form-factor shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The combination of these two devices represent an IoT device. Communication to the web server is accomplished with the shield Wifi circuitry. Communication from the shield to the attached sensor module is accomplished over I2C . The sensor module represents an IoT endpoint that generates small data with a requirement for message authenticity/integrity and secure on/off operational control.

The design is hierarchical with each mbed platform and shield communicating data from the sensor node to a web server that maintains a centralized log and dispatches notifications as necessary. The simplicity of this design enables rapid integration into any star-topology IoT network to provide security with the low overhead and cost provided by the ECDSA-P256 asymmetric-key and SHA-256 symmetric-key algorithms.

More information about the MAXREFDES155# is available on the Maxim Integrated website.

NormalOperationWindow.hpp@12:46c5974a565f, 2017-06-01 (annotated)

Committer:
IanBenzMaxim
Date:
Thu Jun 01 14:21:58 2017 -0500
Revision:
12:46c5974a565f
Parent:
10:71359af61af8
Child:
13:6a6225690c2e
Added bidirectional challenge support.

Who changed what in which revision?

UserRevisionLine numberNew contents of line
IanBenzMaxim 0:33d4e66780c0 1 /*******************************************************************************
IanBenzMaxim 0:33d4e66780c0 2 * Copyright (C) 2017 Maxim Integrated Products, Inc., All Rights Reserved.
IanBenzMaxim 0:33d4e66780c0 3 *
IanBenzMaxim 0:33d4e66780c0 4 * Permission is hereby granted, free of charge, to any person obtaining a
IanBenzMaxim 0:33d4e66780c0 5 * copy of this software and associated documentation files (the "Software"),
IanBenzMaxim 0:33d4e66780c0 6 * to deal in the Software without restriction, including without limitation
IanBenzMaxim 0:33d4e66780c0 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
IanBenzMaxim 0:33d4e66780c0 8 * and/or sell copies of the Software, and to permit persons to whom the
IanBenzMaxim 0:33d4e66780c0 9 * Software is furnished to do so, subject to the following conditions:
IanBenzMaxim 0:33d4e66780c0 10 *
IanBenzMaxim 0:33d4e66780c0 11 * The above copyright notice and this permission notice shall be included
IanBenzMaxim 0:33d4e66780c0 12 * in all copies or substantial portions of the Software.
IanBenzMaxim 0:33d4e66780c0 13 *
IanBenzMaxim 0:33d4e66780c0 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
IanBenzMaxim 0:33d4e66780c0 15 * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
IanBenzMaxim 0:33d4e66780c0 16 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IanBenzMaxim 0:33d4e66780c0 17 * IN NO EVENT SHALL MAXIM INTEGRATED BE LIABLE FOR ANY CLAIM, DAMAGES
IanBenzMaxim 0:33d4e66780c0 18 * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
IanBenzMaxim 0:33d4e66780c0 19 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
IanBenzMaxim 0:33d4e66780c0 20 * OTHER DEALINGS IN THE SOFTWARE.
IanBenzMaxim 0:33d4e66780c0 21 *
IanBenzMaxim 0:33d4e66780c0 22 * Except as contained in this notice, the name of Maxim Integrated
IanBenzMaxim 0:33d4e66780c0 23 * Products, Inc. shall not be used except as stated in the Maxim Integrated
IanBenzMaxim 0:33d4e66780c0 24 * Products, Inc. Branding Policy.
IanBenzMaxim 0:33d4e66780c0 25 *
IanBenzMaxim 0:33d4e66780c0 26 * The mere transfer of this software does not imply any licenses
IanBenzMaxim 0:33d4e66780c0 27 * of trade secrets, proprietary technology, copyrights, patents,
IanBenzMaxim 0:33d4e66780c0 28 * trademarks, maskwork rights, or any other form of intellectual
IanBenzMaxim 0:33d4e66780c0 29 * property whatsoever. Maxim Integrated Products, Inc. retains all
IanBenzMaxim 0:33d4e66780c0 30 * ownership rights.
IanBenzMaxim 0:33d4e66780c0 31 *******************************************************************************/
IanBenzMaxim 0:33d4e66780c0 32
IanBenzMaxim 0:33d4e66780c0 33 #ifndef NORMALOPERATIONSTATE_HPP
IanBenzMaxim 0:33d4e66780c0 34 #define NORMALOPERATIONSTATE_HPP
IanBenzMaxim 0:33d4e66780c0 35
IanBenzMaxim 0:33d4e66780c0 36 #include <memory>
IanBenzMaxim 0:33d4e66780c0 37 #include <vector>
IanBenzMaxim 0:33d4e66780c0 38 #include <TCPSocket.h>
IanBenzMaxim 12:46c5974a565f 39 #include <array.h>
IanBenzMaxim 0:33d4e66780c0 40 #include "Button.hpp"
IanBenzMaxim 0:33d4e66780c0 41 #include "Window.hpp"
IanBenzMaxim 0:33d4e66780c0 42
IanBenzMaxim 12:46c5974a565f 43 /// Challenge received from the server with a command to sign the response against.
IanBenzMaxim 12:46c5974a565f 44 typedef std::vector<uint8_t> ResponseChallenge;
IanBenzMaxim 12:46c5974a565f 45
IanBenzMaxim 12:46c5974a565f 46 /// Challenge sent to the server with a command response to sign the next command against.
IanBenzMaxim 12:46c5974a565f 47 typedef OneWire::array<uint8_t, 32> CommandChallenge;
IanBenzMaxim 12:46c5974a565f 48
IanBenzMaxim 0:33d4e66780c0 49 /// Handles normal operation of the demo including displaying status information and processing
IanBenzMaxim 0:33d4e66780c0 50 /// commands from the server.
IanBenzMaxim 0:33d4e66780c0 51 class NormalOperationWindow : public Window
IanBenzMaxim 0:33d4e66780c0 52 {
IanBenzMaxim 0:33d4e66780c0 53 public:
IanBenzMaxim 0:33d4e66780c0 54 /// @param socket Socket that has been initialized by connecting to the web server. This must
IanBenzMaxim 0:33d4e66780c0 55 /// be a heap allocated object that NormalOperationWindow will take ownership of.
IanBenzMaxim 8:a0d75dff3c9b 56 explicit NormalOperationWindow(std::auto_ptr<TCPSocket> & socket);
IanBenzMaxim 0:33d4e66780c0 57
IanBenzMaxim 0:33d4e66780c0 58 protected:
IanBenzMaxim 8:a0d75dff3c9b 59 virtual void resized();
IanBenzMaxim 8:a0d75dff3c9b 60 virtual void updated();
IanBenzMaxim 10:71359af61af8 61 virtual void doRender(Bitmap & bitmap, int xOffset, int yOffset) const;
IanBenzMaxim 0:33d4e66780c0 62 virtual bool doProcessKey(Key key);
IanBenzMaxim 0:33d4e66780c0 63
IanBenzMaxim 0:33d4e66780c0 64 private:
IanBenzMaxim 0:33d4e66780c0 65 enum SensorNodeState
IanBenzMaxim 0:33d4e66780c0 66 {
IanBenzMaxim 0:33d4e66780c0 67 Disconnected, // No sensor node is connected.
IanBenzMaxim 0:33d4e66780c0 68 Invalid, // Sensor node is not valid.
IanBenzMaxim 0:33d4e66780c0 69 ValidLaserDisabled, // Sensor node is valid, and laser is disabled.
IanBenzMaxim 0:33d4e66780c0 70 ValidLaserEnabled, // Sensor node is valid, and laser is enabled.
IanBenzMaxim 0:33d4e66780c0 71 FailedProvision // Attempt to provision sensor node failed.
IanBenzMaxim 0:33d4e66780c0 72 };
IanBenzMaxim 0:33d4e66780c0 73
IanBenzMaxim 0:33d4e66780c0 74 enum Result
IanBenzMaxim 0:33d4e66780c0 75 {
IanBenzMaxim 0:33d4e66780c0 76 NoChange, // Windows not changed; No redraw required.
IanBenzMaxim 0:33d4e66780c0 77 WindowsChanged // Windows have changed; Redraw is required.
IanBenzMaxim 0:33d4e66780c0 78 };
IanBenzMaxim 0:33d4e66780c0 79
IanBenzMaxim 0:33d4e66780c0 80 std::auto_ptr<TCPSocket> socket;
IanBenzMaxim 0:33d4e66780c0 81 char recvBuf[1280]; // Socket receive buffer. Must be large enough to hold the largest command.
IanBenzMaxim 12:46c5974a565f 82 CommandChallenge commandChallenge;
IanBenzMaxim 12:46c5974a565f 83 bool sendChallenge;
IanBenzMaxim 0:33d4e66780c0 84
IanBenzMaxim 0:33d4e66780c0 85 // Device status information.
IanBenzMaxim 0:33d4e66780c0 86 bool validSignature;
IanBenzMaxim 0:33d4e66780c0 87 SensorNodeState lastSensorNodeState;
IanBenzMaxim 0:33d4e66780c0 88 double lastObjectTemp;
IanBenzMaxim 0:33d4e66780c0 89 double lastAmbientTemp;
IanBenzMaxim 0:33d4e66780c0 90
IanBenzMaxim 0:33d4e66780c0 91 Button validSignatureButton;
IanBenzMaxim 0:33d4e66780c0 92 Button showWebIdButton;
IanBenzMaxim 0:33d4e66780c0 93
IanBenzMaxim 0:33d4e66780c0 94 // Button event handlers.
IanBenzMaxim 0:33d4e66780c0 95 void showWebId();
IanBenzMaxim 0:33d4e66780c0 96 void toggleValidSignature();
IanBenzMaxim 0:33d4e66780c0 97
IanBenzMaxim 0:33d4e66780c0 98 // Send a message to the server message log.
IanBenzMaxim 0:33d4e66780c0 99 void sendMessage(const char * message);
IanBenzMaxim 0:33d4e66780c0 100
IanBenzMaxim 0:33d4e66780c0 101 static SensorNodeState detectSensorNode();
IanBenzMaxim 0:33d4e66780c0 102 Result processReceivedData(size_t recvBufSize);
IanBenzMaxim 12:46c5974a565f 103 Result sendStatus(const ResponseChallenge & responseChallenge);
IanBenzMaxim 12:46c5974a565f 104 Result sendObjectTemp(const ResponseChallenge & responseChallenge);
IanBenzMaxim 12:46c5974a565f 105 Result sendAmbientTemp(const ResponseChallenge & responseChallenge);
IanBenzMaxim 0:33d4e66780c0 106 void displayImage(const std::vector<uint8_t> & imageData);
IanBenzMaxim 0:33d4e66780c0 107 };
IanBenzMaxim 0:33d4e66780c0 108
IanBenzMaxim 0:33d4e66780c0 109 #endif