MAXREFDES155# DeepCover Embedded Security in IoT: Public-key Secured Data Paths Quick Start Guide

Similar documents
MAXREFDES131#: 1-WIRE GRID-EYE SENSOR

MAXREFDES145# 8-Channel IO-Link Master Quick Start Guide

MAXREFDES44# MicroZed Quick Start Guide

Smart Plug User Guide

Evaluating the MAX14827 with mbed User Guide UG6248; Rev 0; 3/16

Getting to Know Your Mobile WiFi

Evaluates: DS28E38 and DS2476. DS28E38 Evaluation System. Features. General Description. EV Kit Contents

Manual for configuring VPN in Windows 7

AT&T Mobile Hotspot MiFi Quickstart

Description Building Automation Platform ARM mbed and Arduino

AT&T USBConnect Mercury Getting Started Guide

Manufacturing Instruction

Evaluates: DS28E83 and DS2476. DS28E83 Evaluation System. Features. General Description. EV Kit Contents

Jump Test of ESP8266 s Secondary Bootloader (V1.6+)

Point of View SmartTV-500 Center - Android 4.2. General notices for use...2 Disclaimer...2 Box Contents...2

APPLICATION NOTE 4633 Bluetooth to 1-Wire Communication Using the DS9097U

mbed Kit User Guide of NQ62x daughter board

BNO080 Development Kit for Nucleo Quick Start Guide

BT MobileXpress App V2 for Android Quick Guide

MAXREFDES27# IO-Link Proximity Sensor Quick Start Guide

MAXREFDES220#: Finger Heart Rate and Pulse Oximeter Smart Sensor with Digital Signal Processing

Evaluates: DS28E50. DS28E50 Evaluation Kit. General Description. Quick Start. Benefits and Features. EV Kit Contents

IBM ThinkPad 380XD/385XD Setup Guide

Manual Supplement. This supplement contains information necessary to ensure the accuracy of the above manual.

Getting to Know Your Mobile WiFi Note: Thank you for choosing VIVA LTE Mobile WiFi

linkzone User ManUal

MAXIM MR16 EVALUATION PLATFORM User Manual. UG6078; Rev 0; 3/15

QSG119: Wizard Gecko WSTK Quick-Start Guide

ESP8266 Quick Start Guide

EAN-FPGA Firmware Update 1500-OEM

Raspberry Pi shield board

Wi-Fi expansion board based on SPWF01SA module for STM32 Nucleo. Description

Running a simple 6LowPAN network consisting of one receiver node and one or more sensor nodes in a Sub-1GHz RF band

C8051F411-EK C8051F411 EVALUATION KIT USER S GUIDE. 1. Kit Contents. 2. Kit Overview. 3. Evaluation Board Interface LCD User Interface

UM1853 User manual. STM32CubeF1 Nucleo demonstration firmware. Introduction

ESP8266 Quick Start Guide

AN LPC82x Touch Solution Quick Start Guide. Document information. Keywords

X-NUCLEO-53L1A1. Long distance ranging Time-of-Flight sensor expansion board based on VL53L1X for STM32 Nucleo. Description.

Getting started with the FP-NET-6LPBLE1 function pack for 6LoWPAN IoT node connection to a smartphone via BLE interface

SAMSUNG ELECTRONICS RESERVES THE RIGHT TO CHANGE PRODUCTS, INFORMATION AND SPECIFICATIONS WITHOUT NOTICE. Products and specifications discussed

FSM300 Quick Start Guide with Nucleo

ESP8266 AT Command Examples

UG370: Wireless Xpress AMW007 Kit User's Guide

RN-111B-EVAL IGRN111B-EVAL 3/10/2009. WiFly evaluation Kit. Features. Description. Getting Started

C8051F411-EK C8051F411 EVALUATION KIT USER S GUIDE. 1. Kit Contents. 2. Kit Overview. 3. Evaluation Board Interface LCD User Interface

SEVIO User Guide. Document ID: sv_user_guide_en_v17_05

MAXREFDES43# ZedBoard Quick Start Guide

AT&T USBConnect Lightning Quickstart

TiWi-SL Simple Web Server Demo Quickstart Guide

Downloaded from manuals search engine. Quick Start

COALESCE: MEETING PLACE EDITION

UM2356 User manual. VL53L1X API user manual. Introduction

V-Series V30x Module Electrical, Physical Layer, and Application Integration. Customer Information Brief Version 1.4

TLx5012B 2go Evaluation Kit

ATAES132A Firmware Development Library. Introduction. Features. Atmel CryptoAuthentication USER GUIDE

ST25DV-DISCOVERY. Discovery kit for the ST25DV04K dynamic NFC/RFID tag. Features

User Manual: LPC1830-Xplorer LPC1830-Xplorer

X-NUCLEO-53L0A1. Ranging and gesture detection sensor expansion board based on VL53L0X for STM32 Nucleo. Description. Features

DT0095 Design tip. Datalogging the SensorTile through a PC. Purpose and benefits. Description

5.1 Configure each Sensor Pin Rename Set Rules Export Data Switching Nodes... 25

ONECONTROL CONNECTANYWHERE TM ACTIVATION

Load Position-Independent Code (PIC) on a Kinetis Platform Using the IAR EWARM Compiler

MAXIM INTEGRATED INSTRUCTIONS FOR PROGRAMMING THE MAXREFDES220 ALGORITHM

ABRIDGED DATA SHEET. DeepCover Secure Authenticator. Benefits and Features. General Description. Applications

AN2737 Application note Basic in-application programming example using the STM8 I 2 C and SPI peripherals Introduction

Getting Started... 1 Overview... 2 System Requirements... 2 Components... 3 Device Display... 5 Display Indicators... 5 Battery Management...

ECO and Workarounds for Bugs in ESP32

SIGFOX-CCT (Configuration and Communication Tool) User Manual

GAT Handheld Coder Pro+ User Manual

ESP8266 FOTA Guide Version 1.7 Copyright 2016

ArduCAM CC3200 UNO board

P-NUCLEO-IKA02A1. STM32 Nucleo pack: electrochemical toxic gas sensor expansion board with CO sensor. Description. Features

ESP8266 SSL User Manual

This user guide describes how to run the Atmel ATWINC3400 Bluetooth Low Energy (BLE) Provisioning demo from out-of-box conditions.

Hello [again] from the mbed Team!

NexPump Ai Network\Notification Guide

DynaPro Go. Secure PIN Entry Device PCI PTS POI Security Policy. September Document Number: D REGISTERED TO ISO 9001:2008

Arducam ESP32 UNO board

IBM ThinkPad 600 Setup Guide

ARM TrustZone for ARMv8-M for software engineers

Quick Start. Status LED Camera lens. Earpiece. 3.5 mm headset jack Camera lens Laser auto focus Volume keys. Micro USB charging port.

AT&T Global Network Client for Android

Getting started with STEVAL-IDB007V1 and STEVAL-IDB008V1 evaluation boards

Secure Held Print Jobs. Administrator's Guide

UM LPC General Purpose Shield (OM13082) Rev November Document information. Keywords

epass FIDO -NFC PRODUCT MANUAL

QNC Best Practices. System Affected. Description. QNC Configuration Procedure. Technical Bulletin CS-18-04

STSW-STWBCFWDT. STWBC firmware downloader tool. Description. Features

CHANGING THE MODES OF MOD-WIFI-ESP8266-DEV

NovoConnect B360. Wireless Presentation & Collaboration System. User Manual Version 0.98

Smart Home System Kit

PWR-I/O-DB Power and I/O Daughterboard (#28301)

lgusa.com/revolution Set Up Customize Your Phone Record and View HD Video Download Apps Use Multilanguage Entry Take and Send a Picture

ACR880 GPRS Portable Smart Card Terminal

Procedure to Connect NIC VPN in Windows for ebiz

QUICK START GUIDE. U.S. Cellular Customer Care:

USING YOUR DMX PROFUSION

Zultys Mobile Communicator for iphone 8.0

Quick Start Guide. Hs CUSTOMIZABLE. lgusa.com/apex HOME SCREEN THEMES QWERTY SOCIAL NETWORKING PHONE SETUP KEYBOARD WIRELESS SETTINGS NAVIGATION

Cisco Desktop Collaboration Experience DX650 Security Overview

Transcription:

MAXREFDES155# DeepCover Embedded Security in IoT: Public-key Secured Data Paths Quick Start Guide UG6389; Rev 2; 5/17 Abstract This Quick Start Guide provides information about preparing and running the MAXREFDES155# ARM mbed example and web client. The MAXREFDES155# subsystem reference design secures an authenticated data link between IoT devices and the web using the DS2476 DeepCover secure coprocessor.

Table of Contents Required Equipment... 3 Import Firmware... 4 Load Firmware... 4 Demo Setup... 9 Run the Demo... 15 Temperature Demo... 15 Image Demo... 18 Trademarks... 19 List of Figures Figure 1. Import into Compiler button... 4 Figure 2. Add to your mbed Compiler button... 4 Figure 3. Selecting the MAX32600MBED as the compiler target... 5 Figure 4. Open the Wi-Fi connect source file.... 6 Figure 5. Editing the Wi-Fi SSID and password fields for personal hotspot.... 7 Figure 6. Compiling the firmware.... 7 Figure 7. Connect the MAX32600MBED to a computer using the HDK USB port.... 8 Figure 8. Inserting pins on the MAXREFDES155# shield into the MAX32600MBED# base board.... 9 Figure 9a. Power the MAX32600MBED# and MAXREFDES155# using the DEV USB port.... 9 Figure 9b. Display the Web ID.... 10 Figure 10. Embedded Security in IoT home page.... 10 Figure 11. and enter your mbed Web ID.... 11 Figure 13. Sending valid signatures to the web server.... 12 Figure 14. Web server verification that the mbed is Authentic.... 13 Figure 15. Establishing the setup connection to the web server.... 14 Figure 16. An authenticated temperature reading.... 15 Figure 17. An Authenticated temperature reading with history graphed.... 16 Figure 18. An illustration of Authenticated temperature readings.... 17 Figure 19. Select image to download... 18 Maxim Integrated, Inc. Page 2 of 19

Required Equipment The equipment, ARM mbed shield (MAXREDES155#) and mbed base board (MAX32600MBED#), are available for separate purchase at Maxim Integrated s website to produce the hardware needed for the mbed system. Here is the list of the equipment required: MAXREFDES155# kit including: MAXREFDES155# mbed shield. Infrared (IR) laser-sensor module. 30.48cm long x 1mm pitch SR Cable (A04SR04SR30K305B). MAX32600MBED# base board. Wi-Fi Hotspot (internet access is needed for MAXREFDES155#) USB A to USB micro-b cable Internet-connected computer with USB-to-load firmware. Maxim Integrated, Inc. Page 3 of 19

Import Firmware 1. Load the mbed repository page for the MAXREFDES155 firmware program in your web browser. a. Go to the mbed web page located at https://developer.mbed.org. b. In the upper-right corner use the Search mbed box type the text string MAXREFDES155 and hit the enter key to initiate the search. c. Click on the top search result that begins with MAXREFDES155. 2. Import the latest revision of the program into the online compiler by clicking on the Import into Compiler button in the mbed repository page (Figure 1). A free mbed account is required to access the online compiler. Figure 1. Import into Compiler button. Load Firmware 1. Add the MAX32600MBED platform to your compiler by clicking the Add to your mbed Compiler button at the top right side of the MAX32600MBED platform page (Figure 2). Figure 2. Add to your mbed Compiler button. Maxim Integrated, Inc. Page 4 of 19

2. Return to the online compiler page, and select the MAX32600MBED as the compiler target by the following steps in Figure 3: Figure 3. Selecting the MAX32600MBED as the compiler target. Maxim Integrated, Inc. Page 5 of 19

3. Open the source file WifiConnectWindow.cpp in the imported copy of MAXREFDES155 (Figure 4). Figure 4. Open the Wi-Fi connect source file. Maxim Integrated, Inc. Page 6 of 19

4. Edit the Wi-Fi SSID and password fields in WifiConnectWindow.cpp with the values for a personal hotspot (Figure 5). Figure 5. Editing the Wi-Fi SSID and password fields for personal hotspot. 5. You will be prompted to download MAXREFDES155.bin, which is the compiled binary firmware. Compile the firmware (Figure 6). Figure 6. Compiling the firmware. Maxim Integrated, Inc. Page 7 of 19

6. Connect the MAX32600MBED to the computer using the HDK USB port for programming (Figure 7). Figure 7. Connect the MAX32600MBED to a computer using the HDK USB port. 7. The MAX32600MBED# acts as a USB-storage drive when connected to the computer. Drag the MAXREFDES155_MAX32600MBED.bin binary to the MBED USB storage drive to program the MAX32600MBED. When done transferring the binary, safely disconnect (eject) the MAX32600MBED# HDK USB port as you would any USB storage drive. Maxim Integrated, Inc. Page 8 of 19

Demo Setup This section describes the steps to setup the hardware for the demo. 1. Connect the IR-laser-sensor module (J7) to the MAXREFDES155# mbed shield (J3) using the supplied SR cable. 2. Insert the downward facing pins on the MAXREFDES155# assembly into the MAX32600MBED# as shown (Figure 8). Figure 8. Inserting pins on the MAXREFDES155# shield into the MAX32600MBED# base board. 3. Power the MAX32600MBED# through the DEV USB port (Figure 9a). Click any key to begin and the LCD immediately displays the unique Web ID for the MAXREFDES155# mbed shield (Figure 9b). This is used for session tracking on the web server. Write down this session Web ID for later. Figure 9a. Power the MAX32600MBED# and MAXREFDES155# using the DEV USB port. Maxim Integrated, Inc. Page 9 of 19

Figure 9b. Display the Web ID. 4. With a PC, go to www.maxim-security.com and click on the MAXREFDES155# image (Figure 10). Figure 10. Embedded Security in IoT home page. Maxim Integrated, Inc. Page 10 of 19

5. Type in the 64-bit Web ID that you wrote down from the Demo Setup, step 3 as shown in Figure 11, and click on Continue Figure 11. and enter your mbed Web ID. 6. Verify the PC is connected to the web server as shown in Figure 12. Figure 12. Verify the PC Connected to Server. Maxim Integrated, Inc. Page 11 of 19

7. Provide the internet hotspot setup with the network name and network password with the values created for Figure 5. Make sure to place the hotspot in reasonable proximity to the mbed. 8. Follow the directions of each step on the LCD screen of the mbed shield using the directional keys (up, down, left, right) to move the selection box between menu options and the Left Click key to select options. 9. Verify the mbed shield LCD screen shows Sensor node: Valid, laser disabled as shown in Figure 13 indicating the mbed is sending valid signatures to the web server but the laser is not enabled. Note: Toggling the Use invalid sig. instructs the mbed to make the generated temperature measurement signatures unauthenticated when using the web client per Figure 16 and 17. Figure 13. Sending valid signatures to the web server. Maxim Integrated, Inc. Page 12 of 19

10. Verify the web client shows Data Authenticated as in Figure 14. This is critical as it indicates from the web server that an authentic mbed connection has been recognized. Note: The example web client for this design utilizes a shared instance provided by Maxim for your convenience. Maxim makes no guarantees regarding reliability, availability, or data security when utilizing the shared web-client instance. The authenticated connection recognized in this demo is between the mbed and the web server. Figure 14. Web server verification that the mbed is Authentic. Maxim Integrated, Inc. Page 13 of 19

11. To summarize, if everything is correct the following (as illustrated in Figure 15) shows what occurred to establish a secure connection to the Web Server: a. mbed connects to the web server through Wi-Fi. b. The web server sends a signed command and challenge requesting the mbed s identity information. c. mbed verifies command and sends Web ID, device public key, key certificate, and signature generated from preceding data and provided challenge to the web server. d. The web server uses the system public key to verify mbed is part of the system by checking the certificate. e. The web server verifies the signature by using the received data challenge, and device public key. If the mbed is authenticated, then the web server allows the connection. If not authenticated, the web server drops the mbed connection and does not accept any incoming data. Figure 15. Establishing the setup connection to the web server. Maxim Integrated, Inc. Page 14 of 19

Run the Demo Temperature Demo A web client runs the demo by executing the mbed commands and displaying the results of temperature that was authenticated by the web server. After the Demo Setup has successfully completed do the following to run this demo: 1. Click on the Enable Laser Module so the laser-pointer power is enabled securely. Note: For safety, when the mbed receives the enable sensor module, the DS2476 authenticates the DS28C36. If the DS28C36 is found authentic then the DS28C36 GPIO is enabled by a write authentication. This in turn enables the laser-pointer power. Otherwise, the DS28C36 GPIO is kept disabled which in turn keeps the laser pointer in a safe state. 2. Click on the Read Temp button (Figure 16) and verify a temperature was read and is authentic. Figure 16. An authenticated temperature reading. Maxim Integrated, Inc. Page 15 of 19

3. Slide the Enable Periodic Updates and this continually requests and receives an authenticated temperature reading while graphing a log of the results in the Temperature Readings panel. The increments of the temperature readings occur every five seconds. Each reading can be verified to be authentic as listed in the Communication Log panel as shown in Figure 17. Figure 17. An Authenticated temperature reading with history graphed. Maxim Integrated, Inc. Page 16 of 19

4. In summary, the Temperature Demo authenticates temperature each time by doing the following (Figure 18): a. The mbed receives a get temperature command along with the challenge from the web server (i.e., it is instructed by the web client). b. On the mbed, DS2476 locally authenticates (i.e., by using a locally symmetricbased authentication with HMAC SHA-256) the DS28C36 on the sensor module and locally reads the temperature. c. Assuming the sensor module is declared authentic, the mbed reads and signs the temperature reading with the device private key in DS2476 and the received challenge. The mbed sends the temperature reading and signature to the web server. d. The web server uses the device public key obtained beforehand during the Demo Setup, the challenge, and the just received temperature reading/signature to verify authenticity. Figure 18. An illustration of Authenticated temperature readings. Maxim Integrated, Inc. Page 17 of 19

Image Demo The web client can also be used to send an image securely to the mbed platform. After the Demo Setup has completed successfully, do the following to run this demo: 1. In the web client, click on the Secure Download button and a popup window opens. 2. Select an image to download, check the Valid box so the image has a digital signature generated/used that is valid and click on Download to send the image to the LCD display of the mbed shield (Figure 19). Note: The web client contains the color images and the correlating black & white LCD image. Figure 19. Select image to download. 3. Verify the MAXREFDES155# mbed shield shows the selected ibutton image in black and white on the LCD display. 4. In summary, the Image Demo authenticates the image each time by doing the following: a. The web client sends the LCD image bytes and settings to the web server. (Figure 18) b. The web server uses system private keys and signs the LCD image data. The web server checks the Valid flag. If not checked, the web server corrupts the LCD image data after simulating a man-in-the-middle attack. Then, it sends the LCD image data and signature to mbed. c. The mbed gets the LCD image data plus the correlating signature and verifies the signature. If the signature passes, then the mbed LCD shows the image. If the signature fails, then the mbed LCD does not show the image but an error message. Maxim Integrated, Inc. Page 18 of 19

Trademarks DeepCover is a registered trademark of Maxim Integrated Products, Inc. ibutton is a registered trademark of Maxim Integrated Products, Inc mbed is a registered trademark of ARM Limited. 2017 by Maxim Integrated Products, Inc. All rights reserved. Information in this publication concerning the devices, applications, or technology described is intended to suggest possible uses and may be superseded. MAXIM INTEGRATED PRODUCTS, INC. DOES NOT ASSUME LIABILITY FOR OR PROVIDE A REPRESENTATION OF ACCURACY OF THE INFORMATION, DEVICES, OR TECHNOLOGY DESCRIBED IN THIS DOCUMENT. MAXIM ALSO DOES NOT ASSUME LIABILITY FOR INTELLECTUAL PROPERTY INFRINGEMENT RELATED IN ANY MANNER TO USE OF INFORMATION, DEVICES, OR TECHNOLOGY DESCRIBED HEREIN OR OTHERWISE. The information contained within this document has been verified according to the general principles of electrical and mechanical engineering or registered trademarks of Maxim Integrated Products, Inc. All other product or service names are the property of their respective owners. Maxim Integrated, Inc. Page 19 of 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback