System Board 6295

MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing and Notification



Overview

The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.

NOTE: Operating the MAXREFDES143# requires a separate purchase of a MAX32600MBED# ARM® mbed™ platform.

Refer to the Details tab for more information. Design files including schematic, PCB files, and bill of materials (BOM) can be downloaded from the Design Resources tab.

Features

  • SHA-256 authentication
  • Unique secret for each node in the system
  • DeepCover® secure key storage
  • 1-Wire/I2C/Wi-Fi interfaces
  • Example source code
  • mbed shield equivalent to Arduino form factor pinout
  • Pmod-compatible protected sensor node

Competitive Advantages

  • Crypto-strong authentication
  • No need for secure key storage memory on processor
  • Low overhead performance for signed data between the web server and the mbed platform

Applications

  • Authentication of Internet of Things (IoT) device nodes
  • Data authentication at all levels from sensor node to web server
  • Protect industrial applications from counterfeiting
  • Track product lifetime with smart notifications
  • Invalidate unsafe industrial sensor nodes
MAXREFDES143# System Board Enlarge+


MAXREFDES143# Reference Design Block Diagram Enlarge+

Introduction

In this IoT-embedded world, security emerges as a paramount feature to protect industrial equipment from counterfeiting while tracking product lifetime with smart notifications. The MAXREFDES143# is a reference design that demonstrates an authenticated data chain from a protected sensor node to a web server. There are notifications to the user through the web server when intervention is required such as when it is time to change the consumable being monitored (i.e., the protected sensor node), a filter in this case, or if an unsafe consumable (i.e., counterfeit sensor node) is installed.

The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.

NOTE: Operating the MAXREFDES143# requires a separate purchase of a MAX32600MBED# ARM® mbed™ platform.

MAXREFDES143# System Board Enlarge+

Detailed Description of Hardware

The system in Figure 2 shows the high-level implementation of the design. The reference design sequence is as follows:

The mbed Platform uses the DS2465 to authenticate the DS28E15 on the Sensor Node. For details, refer to application note 5546, "The Fundamentals of a SHA-256 Master/Slave Authentication System."

  1. The Sensor Node measures temperature using the DS7505 and simulated filter life using the MAX44009, which measures light illuminating through the filter when requested from the mbed Platform.
  2. The mbed Platform uses the DS2465 to perform an Authenticated Write to filter life stored on the Sensor Node if necessary.
  3. The mbed Platform requests a challenge from the Web Server to prevent replay attacks.
  4. Use the DS2465 and the mbed Platform to formulate a MAC from the following components: formatted sensor data, a Transport Secret derived from the Master Secret, and received challenge from the Web Server.
  5. The mbed Platform sends sensor data and the newly formulated MAC to the Web Server using a Wi-Fi connection.
  6. The Web Server verifies MAC, adds authentic sensor data to the log, and distributes alerts if necessary.


Figure 1. The MAXREFDES143# reference design block diagram.

Hardware Setup

  • MAXREFDES143# kit including shield, Protected Sensor Node module, and ESP8266 Wi-Fi module (available for purchase)
    • Available for immediate download on the Design Resources tab is the schematic, BOM, and PCB Gerber.
  • MAX32600MBED# (ARM® mbed Enabled Development Platform for MAX32600—available for purchase separately) used as embedded microprocessor for the mbed Shield
  • USB A to USB Micro-B cable

Software Setup

Pinout
Figure 2 shows the shield pins (e.g., J3 to J6) that connect to the mbed Platform (e.g., MAX32600MBED#).

Shield Compatible Connections (Actual Connectors on the Back)
Figure 2. Shield compatible connections (actual connectors on the back).

Figure 3 shows the shield connections to the ESP8266 WiFi socket (J1), the Protected Sensor Node (J2), the three pushbuttons (i.e., SW1 to SW3), the RED LEDs (D1 and D2) and the LCD (part # NHD-C0220BiZ-FS(RGB)-FBW-3VM).

Peripheral and accessory connections.
Figure 3. Peripheral and accessory connections.

Quick Start

Required equipment:

  • Any PC or notebook computer with an internet browser and a free USB port
  • MAXREFDES143# board
  • MAX32600MBED# or equivalent mbed platform
  • USB A to USB Micro-B cable

Download, read, and carefully follow each step in the appropriate MAXREFDES143# Quick Start Guide.

ARM is a registered trademark and registered service mark of ARM Limited.
1-Wire and DeepCover are registered trademarks of Maxim Integrated Products, Inc.
Pmod is a trademark of Digilent Inc.

Quick Start

Required equipment:

  • Any PC or notebook computer with an internet browser and a free USB port
  • MAXREFDES143# board
  • MAX32600MBED# or equivalent mbed platform
  • USB A to USB Micro-B cable

Download, read, and carefully follow each step in the appropriate MAXREFDES143# Quick Start Guide.

 
Status:
Package:
Temperature:

DS28E15
DeepCover Secure Authenticator with 1-Wire SHA-256 and 512-Bit User EEPROM

  • 512-Bit EEPROM with SHA-256 Authentication for Reads and Writes
  • Minimalist 1-Wire Interface Lowers Cost and Interface Complexity

DS2465
DeepCover Secure Authenticator with SHA-256 Coprocessor and 1-Wire Master Function

  • SHA-256 Engine to Operate a Symmetric-Key-Based Bidirectional Secure Authentication Model
  • Two 32-Byte Pages of User EEPROM with Multiple Programmable Protection Options
  • 1-Wire Master Port with Selectable Active or Passive 1-Wire Pullup