Atmel Crypto Elements. 2015 Atmel Corporation

Similar documents
APPLICATION NOTE. Secure Personalization with Transport Key Authentication. ATSHA204A, ATECC108A, and ATECC508A. Introduction.

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

Application Note. Atmel ATSHA204 Authentication Modes. Prerequisites. Overview. Introduction

APPLICATION NOTE. Authentication Counting. Atmel CryptoAuthentication. Features. Introduction

More Secure, Less Costly IoT Edge Node Security Provisioning

How To Use Atmel'S Atmel Crypto Device For A Year On A Computer Or Cell Phone

APPLICATION NOTE. AT16268: JD Smart Cloud Based Smart Plug Getting. Started Guide ATSAMW25. Introduction. Features

CryptoAuth Xplained Pro

AT88CK490 Evaluation Kit

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

Internet of Things. Opportunities for device differentiation

SMARTCARD XPRO. Preface. SMART ARM-based Microcontrollers USER GUIDE

APPLICATION NOTE. AT17284: Proximetry Cloud Based Smart Plug User Guide. SMART ARM-based Microcontrollers. Introduction. Features

USER GUIDE EDBG. Description

How To Use An Atmel Atmel Avr32848 Demo For Android (32Bit) With A Microcontroller (32B) And An Android Accessory (32D) On A Microcontroller (32Gb) On An Android Phone Or

AT88CK490 and AT88CK590

The software is sold on an AS IS basis. ALVARION, its affiliates or its licensors MAKE NO

USER GUIDE. ZigBit USB Stick User Guide. Introduction

Administration Guide. Wireless software upgrades

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

Atmel AVR4921: ASF - USB Device Stack Differences between ASF V1 and V2. 8-bit Atmel Microcontrollers. Application Note. Features.

Short range low power wireless devices and Internet of Things (IoT)

APPLICATION NOTE. AT07175: SAM-BA Bootloader for SAM D21. Atmel SAM D21. Introduction. Features

WISE-4000 Series. WISE IoT Wireless I/O Modules

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

AVR1318: Using the XMEGA built-in AES accelerator. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Using AES 256 bit Encryption

AVR1922: Xplain Board Controller Firmware. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

The Internet of Things: Opportunities & Challenges

AVR115: Data Logging with Atmel File System on ATmega32U4. Microcontrollers. Application Note. 1 Introduction. Atmel

32-bit AVR UC3 Microcontrollers. 32-bit AtmelAVR Application Note. AVR32769: How to Compile the standalone AVR32 Software Framework in AVR32 Studio V2

Questions from The New SensorTag - IoT Made Easy Webinar

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Internet Protocol Support Profile

APPLICATION NOTE Atmel AT02509: In House Unit with Bluetooth Low Energy Module Hardware User Guide 8-bit Atmel Microcontroller Features Description

Dell Statistica. Statistica Document Management System (SDMS) Requirements

Dell One Identity Cloud Access Manager How to Configure for High Availability

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Security Guide. BES12 Cloud

Atmel AVR4903: ASF - USB Device HID Mouse Application. Atmel Microcontrollers. Application Note. Features. 1 Introduction

Capacitive Touch Technology Opens the Door to a New Generation of Automotive User Interfaces

AT12181: ATWINC1500 Wi-Fi Network Controller - AP Provision Mode. Introduction. Features. Atmel SmartConnect APPLICATION NOTE

10 easy steps to secure your retail network

Embedded Java & Secure Element for high security in IoT systems

Achieve Deeper Network Security

User Manual. Page 2 of 38

In the pursuit of becoming smart

Cisco TelePresence VCR MSE 8220

Atmel SMART ARM Core-based Embedded Microprocessors

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

APPLICATION NOTE. Atmel AT04389: Connecting SAMD20E to the AT86RF233 Transceiver. Atmel SAMD20. Description. Features

Using BroadSAFE TM Technology 07/18/05

PrivyLink Cryptographic Key Server *

Course Content Summary ITN 262 Network Communication, Security and Authentication (4 Credits)

AVR151: Setup and Use of the SPI. Introduction. Features. Atmel AVR 8-bit Microcontroller APPLICATION NOTE

Quick Connect Express for Active Directory

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

Security Features in Password Manager

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm

Security Protocols/Standards

AVR353: Voltage Reference Calibration and Voltage ADC Usage. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

AVR1309: Using the XMEGA SPI. 8-bit Microcontrollers. Application Note. Features. 1 Introduction SCK MOSI MISO SS

How to Deploy Models using Statistica SVB Nodes

Intel Trusted Platforms Overview

Nokia E90 Communicator Using WLAN

MODFLEX MINI GATEWAY ETHERNET USER S GUIDE

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Life With Big Data and the Internet of Things

Types of cyber-attacks. And how to prevent them

Organized, Hybridized Network Monitoring

Introducing a platform to facilitate reliable and highly productive embedded developments

Dell One Identity Manager Scalability and Performance

DEP Documentation DEP Customer's Host Programmers Guidelines

Quest vworkspace Virtual Desktop Extensions for Linux

Understanding and Configuring Password Manager for Maximum Benefits

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

8-bit. Application Note. Microcontrollers. AVR282: USB Firmware Upgrade for AT90USB

Wireless Field Data Backhaul

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

How To Secure An Rsa Authentication Agent

Computer Networks. Secure Systems

Contents Firewall Monitor Overview Getting Started Setting Up Firewall Monitor Attack Alerts Viewing Firewall Monitor Attack Alerts

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

ST19NP18-TPM-I2C. Trusted Platform Module (TPM) with I²C Interface. Features

Radius Integration Guide Version 9

Control4 MyHome: Remote Access Configuration

Temperature & Humidity SMS Alert Controller

Best Practices for Secure Mobile Access

Reducing Configuration Complexity with Next Gen IoT Networks

Logging and Alerting for the Cloud

Navigating the NIST Cybersecurity Framework

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Getting Started Guide

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Transcription:

Atmel Crypto Elements 1 2015 Atmel Corporation

What about Security 2 2015 Atmel Corporation

Security Attacks in the News Can Atmel Help? YES! LIFX: Networked LED lamps betrayed Wi-Fi passwords 07/22/2014 Irina Hübner With the Internet of Things, completely new security issues that are grossly underestimated result.now it have white-hat hackers managed to identify the wireless key on networked LED lamps. security researchers have attacked the context of smart LED lamps of the US manufacturer LIFX. These can be switched on and off using a smartphone or tablet. In addition, the color and brightness on the mobile devices can be controlled. The LED lamps communicate with each other over 6LoWPAN and shall provide about each other's Wi-Fi access. Although they use the AES algorithm to encrypt the passwords. However, the key underlying is never changed, thereby making it attackers easy to figure out the desired data. To decrypt the wireless access, the so-called white-hat hackers had neither authenticated nor was noticed their presence on the network.... https://translate.google.de/translate?hl=de&sl=de&tl=en&u=http%3a%2f%2fwww.elektronikn ktronik%2fledlighting%2fartikel%2f111302%2f&sandbox=1 3 2015 Atmel Corporation

Internet as a Top Security Concern Heartbleed, Shellcock, Poodle, Anthem What s next? Shodan: The Scariest Search Engine on the Internet By David Goldman, @DavidGoldmanCNN 1:41 p.m. ET April 8, 2015 Shodan navigates the Internet's back channels. It runs 24/7 and collects information on about 500 million connected devices and services each month. Countless traffic lights, security cameras, home automation devices & heating systems, connected to the Internet & easy to spot. Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan. The biggest risk to a successful proliferation of IoT Edge Nodes is how much thinking, effort and resources developers are willing to invest in security when they define and design their product. 4 2015 Atmel Corporation

5 2015 Atmel Corporation

6 2015 Atmel Corporation

Rogue software can see into memory. So, don t put important things there! 7 2015 Atmel Corporation

8 2015 Atmel Corporation

Microprobers are Easy to Find Can purchase used equipment readily Doesn t require any special support use it in your kitchen Typically easy to run wires from working system to prober 9 2015 Atmel Corporation

Questions Do you see Copy's for YOUR product, batteries, consumables, extension boards on the market? Is YOUR brand / brand name important for you? Is YOUR product connected and able for Firmware upgrades? Do YOU want to prevent modifications of your Firmware. Do YOU trust a connected node e.g. sensor? 10 2015 Atmel Corporation

SmartConnect Security Messaging 4 major angles tackling IoT Security concerns Data-Link IP-Transport Service HW Key Storage Protection on the Wireless network Authenticate & Encrypt all wireless and IP packets. Local bad guy unlocks your front door from a van parked outside Protection on the Internet Authenticate & Encrypt contents of IP packets Internet bad guy unlocks your front door from North Dakota Protection of corporatelevel services Authenticate & Encrypt device identity and service. Bad guy spoofs software download to install software that leaves the front door unlocked. Protection from physically present hackers Hacker reads the keys off the physically present device, then inserts keys into the Device Identity, Data-Link, or IP-Transport protocol. Bad guy unlocks your front door while standing at the door. Security is only as strong as the weakest link 11 2015 Atmel Corporation

SmartConnect IoT Layered Security Solutions Offering best in Class Security for IoT Edge Nodes Layer 7: Application Layer 6: Presentation Layer 5: Session Layer 4: Transport Layer 3: Network Wi-Fi APPLICATION HOMEKIT, OIC, HTTP, FTP, SMTP, SNMP, TLS/SSL TCP/UDP IP, ARP, DHCP Security Level CryptoAuthentication -> Storage of Keys / Certificates On-Chip (WINC1500) TLS 1.0 (SSL) -> Ensures Data Encryption Coming out of the LAN, also Known as Internet Security Layer 2: Link Layer 1: Physical 12 2015 Atmel Corporation 802.11b/g/n On-Chip (WINC1500) WEP, WPS, WPA2 Personal WPA2 Enterprise -> Ensures Data Encryption within the LAN to avoid intrusion

SmartConnect IoT Layered Security Solutions Offering best in Class Security for IoT Edge Nodes Layer 7: Application Layer 6: Presentation Layer 5: Session Layer 4: Transport Layer 3: Network Layer 2: Data Link Layer 1: Physical 6LoWPAN / Thread APPLICATION CoAP, MQTT, Etc,.. UDP + DTLS TCP + TLS (not in Thread) IP 6LoWPAN 802.14.5 (Thread) ContikiMAC Security Level CryptoAuthentication -> Authentication used for Anti-cloning, Ecosystem Management, Storage of Keys/Certificates On-Chip, HW/SW, mandatory (in Thread) DTLS 1.2 (EC-JPAKE) -> Authentication and key provisioning, Security outside of WPAN On-Chip, HW, mandatory AES-128 -> Basic Frame encryption 13 2015 Atmel Corporation

SmartConnect IoT Layered Security Solutions Offering best in Class Security for IoT Edge Nodes Layer 7: Application Layer 6: Presentation ZigBee APPLICATION ZCL Security Level CryptoAuthentication ATECC508A bundled -> Authentication Key Storage Layer 5: Session Layer 4: Transport Layer 3: Network ZigBee PRO On-Chip, HW, optional AES-128 On-Chip, HW, mandatory AES-128 Layer 2: Data Link Layer 1: Physical 802.14.5 14 2015 Atmel Corporation

SmartConnect IoT Layered Security Solutions Offering best in Class Security for IoT Edge Nodes Bluetooth SMART Security Level Layer 7: Application Application CryptoAuthentication ATECC508A bundled Layer 6: Presentation -> Authentication Key Storage Layer 5: Session Layer 4: Transport Layer 3: Network Layer 2: Data Link GAP SMP L2CAP GATT ATT Advanced Comm. Security BLE4.2 -> Enables Secure Connections -> Authentication with Key exchange. -> Association mode: Numeric Comparison HCI Link Layer Link Layer security BLE 4.X Layer 1: Physical 15 2015 Atmel Corporation Baseband + Radio -> Ensures Data Encryption within the Link to avoid intrusion -> Association mode: Just works, Passkey entry, Out of Band

Crypto Authentication and TPM Crypto elements with protected, hardware-based key storage work with any MCU to provide Confidentiality, data Integrity, & Authentication ECDSA Asymmetric ECDH Key Agreement supporting advanced algorithms SHA Symmetric 16 2015 Atmel Corporation Atmel Product Presentation - Q3 2015

Covering a wide range of applications To harden security at multiple layers Certified Hardware Requirements Access Point Security Gateway / Server / PC... MPU / TPM Gateway / POS Secure MPU Secur e MPU Connected Nodes Gateway / Server MPU / Connected Node Transport Layer Security MCU / MPU Wireless ATECC508A Accessories & Disposables Application Layer Security Challenge Response ATECC108A, ATECC508A, ATSHA204A, & ATAES132A 17 2015 Atmel Corporation Atmel Product Presentation - Q3 2015

Crypto Architecture Optimized for high security, ease-of-use and low cost Attackers cannot see what s inside Tamper-hardened Hardware Boundary Isolates any attack to a single device Standards based crypto engine between interface and memory ECC / SHA /AES Cryptographic Engine Unique Serial Number Monotonic Counters Secured EEPROM for keys & data Secured EEPROM High Quality Random Number Generator Tracks number of authentications I/O options simplify design in Multiple Serial I/O options Required for every crypto protocol 18 2015 Atmel Corporation

Hardware Security Features Strong Multi-Level HW Security: Active shield over entire chip All memories internally encrypted Data independent crypto execution Randomized math operations Internal state consistency checking Voltage tampers, isolated power rail Internal clock generation Secure test methods, no JTAG No debug probe points, no test pads No package or die identification Designed to Defend Against: Microprobe attacks Timing attacks Emissions attacks Faults, invalid command attacks Power cycling, clock glitches Partial personalization attacks ATMEL CryptoAuthentication Standard Devices Cannot achieve this level of security with software alone! 19 2015 Atmel Corporation

Portfolio with Complete Algorithm & Feature Mix High Security for Every Application, Use Case, Requirement ATSHA204A (SHA256-based Authentication) 4.5K bits secured storage (16 slots) Optimized for keys, secrets and configuration storage Very cost efficient ATECC108A (Asymmetric-key Authentication) No secrets in host more flexible usage 10K bits secured storage (16 slots) Well accepted from industrial customers Encryption Cryptographic Algorithms Hash ATAES132A(AES Authentication & Encryption) 32K bits secured storage (16 zones) Optimized for data storage, but includes 16 keys Examples: code, firmware, and biometric data ATECC Automotive ATECC108 automotive qualified version (development) Asymmetric- Key Symmetric- Key TPM AT97SC3204xxx & AT97SC3205xxx (Trusted Platform Module) In line to the TCG spec used in the PC world and more and more in the industrial world FIPS 140-2 certified & CC EAL 4+ pending LPC, I2C & SPI available 20 2015 Atmel Corporation

7things you were not told about IoT 1. IoT will expose the difference between Smart devices and flat-out dumb. M2M vs. IoT. (Be aware of false starts) 2. Your new IoT product is DOA (Homekit?, OIC/All seen?, Thread? Others?) 3. One size does not fit all 4. Can you solve the HW puzzle? 5. Forget Big data, its all about small data now 6. Security: You get what you pay for 7. Scalability. IPV6 21 2015 Atmel Corporation 06/05/2015

2012 Atmel Corporation. All rights reserved. Atmel, Atmel logo and combinations thereof, Enabling Unlimited Possibilities, and others are registered trademarks or trademarks of Atmel Corporation or its subsidiaries. Other terms and product names may be trademarks of others. Disclaimer: The information in this document is provided in connection with Atmel products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN THE ATMEL TERMS AND CONDITIONS OF SALES LOCATED ON THE ATMEL WEBSITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS AND PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATMEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and products descriptions at any time without notice. Atmel does not make any commitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atmel products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life. 22 2015 Copyright Atmel Corporation

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information