About Circuit Cellar Staff

Circuit Cellar's editorial team comprises professional engineers, technical editors, and digital media specialists. You can reach the Editorial Department at editorial@circuitcellar.com, @circuitcellar, and facebook.com/circuitcellar

Innovative Magnetic Sensing Integrated IC

Texas Instruments recently unveiled the DRV421 magnetic sensing IC with a fully integrated fluxgate sensor and compensation coil driver. It includes all the required signal conditioning circuitry.DRV421_TI

Compared to traditional Hall effect sensors, the DRV421 provides high sensor accuracy and linearity, high dynamic range, and simpler system design. With it, you can easily design magnetic closed-loop current sensors for a variety of applications (e.g., motor control, renewable energy, battery chargers and power monitoring).

The $49 DRV421 evaluation module (DRV421EVM) makes it easy to evaluate the new current sensing IC’s features and performance. The DRV421 comes in a 4 mm- × 4 mm QFN package. Pre-production samples are available now. Production quantities will be available in Q3 2015 for 2.50 in 1,000-unit quantities.

Source: Texas Instruments

New Low-Cost MEMS Inertial Accelerometer

Silicon Designs recently announced the North American market introduction of the new Model 1525 Series integral inertial accelerometer family. Offering impressive low-noise performance, the nitrogen damped and hermetically sealed SDI Model 1525 Series is intended for tactical navigation, seismic, and other zero-to-medium frequency instrumentation applications that require high-repeatability, low noise, and maximum stability. SiliconDesigns 1525 MEMS Acc

Each miniature, hermetically sealed package combines a MEMS variable capacitive sense element and a custom integrated circuit that includes both a sense amplifier and 4.0 V differential output stage. Units are available in six unique full-scale ranges from 2 g to 100 g with reliable performance over a standard operating temperature range of –40°C to 85°C. Each device has a serial number for traceability. Each unit comes with a calibration test sheet showing measured bias, scale factor, linearity, operating current, and frequency response.

Source: Silicon Designs

Next-Gen Premium Multichannel DAC Series

A new series of 2/4/6/8-channel D/A converters from Asahi Kasei Microdevices (AKM) is powering the next generation of high-quality consumer electronic devices, measurement equipment, and control systems. The AK4452/AK4454/AK4456/AK4458 premium 32-bit DAC devices have up to eight channels. The devices are based on AKM’s Velvet Sound architecture. Combining fine sound details with the low-distortion architecture and 32-bit resolution digital filter processing, the new technology is already finding applications in new AV receivers, network audio and USB DACs, USB headphones, audio interfaces, and much more.AKM-NewDACsWeb

The digital input in the new DAC series supports up to 768-kHz PCM and 11.2-MHz Direct Stream Digital (DSD), suitable for high-resolution audio source playback. With up to eight channels and a TDM interface allowing daisy chaining, the series also provides a simple solution to a wide range of applications.

According to AKM, its Velvet Sound core architecture was designed specifically to support the high-resolution audio market and achieves the lowest distortion in the industry with –107 dB in the D/A conversion and 115-dB S/N. Using Over Sampling Ratio Doubler (OSRD), the new chips reduce out of band noise and include Impulse Response Designed (IRD) filters integrated with 32-bit processing. Five different digital filters types are selectable according to the user audio and system preferences.

The new lineup is available in 32-pin QFN, 5 × 5 mm (AK4452/AK4454) and 48-pin QFN, 7 × 7 mm (AK4456/AK4458) packages.

Via audioXpress

June Electrical Engineering Challenge Live (Sponsor: NetBurner)

Ready to put your electrical engineering skills to the test? The June Electrical Engineering Challenge (sponsored by NetBurner) is now live.

This month, find the error in the schematic posted below (and on the Challenge webpage) for a chance to win a NetBurner MOD54415 LC Development Kit ($129 value) or a Circuit Cellar Digital Subscription (1 year).

TAKE THE CHALLENGE NOW

Find the error in the code and submit your answer via the online Submission Form by the deadline: 2 PM EST on May 20, 2015. Two prize winners from the pool of respondents who submit the correct answer will be randomly selected.

Find the error in this schematic and submit your answer via the online Submission Form by the deadline: 2 PM EST on June 20, 2015. Two prize winners from the pool of respondents who submit the correct answer will be randomly selected.

PRIZES

Out of each month’s group of entrants who correctly find the error in the code or schematic, one person will be randomly selected to win a NetBurner IoT Cloud Kit and another person will receive a free 1-year digital subscription to Circuit Cellar.

  • NetBurner MOD54415 LC Development Kit: You can add Ethernet connectivity to an existing product or use it as your product’s core processor! The NetBurner Ethernet Core Module is a device containing everything needed for design engineers to add network control and to monitor a company’s communications assets. The module solves the problem of network-enabling devices with 10/100 Ethernet, including those requiring digital, analog, and serial control.NetburnerMod54415module
  • Circuit Cellar Digital Subscription (1 year): Each month, Circuit Cellar magazine reaches a diverse international readership of professional electrical engineers, EE/ECE academics, students, and electronics enthusiasts who work with embedded technologies on a regular basis.Circuit Cellar magazine covers a variety of essential topics, including embedded development, wireless communications, robotics, embedded programming, sensors & measurement, analog tech, and programmable logic.

RULES

Read the Rules, Terms & Conditions

SPONSOR

NetBurner solves the problem of network enabling devices, including those requiring digital, analog and serial control. NetBurner provides complete hardware and software solutions that help you network enable your devices.netburneroffer

NetBurner, Inc.
5405 Morehouse Dr.
San Diego, CA 92121 USA

Happy Gecko MCU Family Simplifies USB Connectivity for IoT Apps

Silicon Labs recently introduced new energy-friendly USB-enabled microcontrollers (MCUs). Part of its EFM32 32-bit MCU portfolio, the new Happy Gecko MCUs are designed to deliver the lowest USB power drain in the industry, enabling longer battery life and energy-harvesting applications. Based on the ARM Cortex-M0+ core and low-energy peripherals, the Happy Gecko family simplifies USB connectivity for a wide range of Internet of Things (IoT) applications including smart metering, building automation, alarm and security systems, smart accessories, wearable devices, and more.SiliconLabsEFM32

Silicon Labs developed the Happy Gecko family to address the rising demand for cost-effective, low-power USB connectivity solutions. With more than 3 billion USB-enabled devices shipping each year, USB is the fastest growing interface for consumer applications and is also gaining significant traction in industrial automation. In today’s IoT world, developers have discovered that adding USB interfaces to portable, battery-powered connected devices can double the application current consumption. Silicon Labs’ Happy Gecko MCUs provide an ideal energy-friendly USB connectivity solution for these power-sensitive IoT applications.

Happy Gecko USB MCUs feature an advanced energy management system with five energy modes enabling applications to remain in an energy-optimal state by spending as little time as possible in active mode. In deep-sleep mode, Happy Gecko MCUs have an industry-leading 0.9-μA standby current consumption (with a 32.768-kHz RTC, RAM/CPU state retention, brown-out detector and power-on-reset circuitry active). Active-mode power consumption drops down to 130 µA/MHz at 24 MHz with real-world code (prime number algorithm). The USB MCUs further reduce power consumption with a 2-µs wakeup time from Standby mode.

Like all EFM32 MCUs, the Happy Gecko family includes the Peripheral Reflex System (PRS) feature, which greatly enhances overall energy efficiency. The six-channel PRS monitors complex system-level events and allows different MCU peripherals to communicate autonomously with each other without CPU intervention. The PRS watches for specific events to occur before waking the CPU, thereby keeping the Cortex-M0+ core in an energy-saving standby mode as long as possible, reducing system power consumption and extending battery life.

Happy Gecko MCUs feature many of the same low-energy precision analog peripherals included in other popular EFM32 devices. These low-energy peripherals include an analog comparator, supply voltage comparator, on-chip temperature sensor, programmable current digital-to-analog converter (IDAC), and a 12-bit analog-to-digital converter (ADC) with 350 μA current consumption at a 1 MHz sample rate. On-chip AES encryption enables the secure deployment of wireless connectivity for IoT applications such as smart meters and wireless sensor networks.

The Happy Gecko family’s exceptional single-die integration enables developers to reduce component count and bill-of-materials (BOM) cost. While typical USB connectivity alternatives require external components such as crystals and regulators, the highly integrated Happy Gecko MCUs eliminate nearly all of these discretes with a crystal-less architecture featuring a full-speed USB PHY, an on-chip regulator and resistors. Happy Gecko MCUs are available in a choice of space-saving QFN, QFP and chip-scale package (CSP) options small enough for use in USB connectors and thin-form-factor wearable designs.

The Happy Gecko family is supported by Silicon Labs’ Simplicity Studio development platform, which helps developers simplify low-energy design. The Simplicity Energy Profiler enables real-time energy profiling and debugging of code. The Simplicity Battery Estimator calculates expected battery life based on an application profile, energy modes and peripherals in use. The Simplicity Configurator provides a visual interface for MCU pin configuration, automatically generating initialization code. Code developed for other EFM32 MCUs can be reused with Happy Gecko applications. Developers can download Simplicity Studio and access Silicon Labs’ USB source code and software examples at no charge at www.silabs.com/simplicity-studio.

To help developers move rapidly from design idea to final product, the Happy Gecko family is supported by the ARM mbed ecosystem, which includes new power management APIs developed by Silicon Labs and ARM. These low-power mbed APIs are designed with low-energy application scenarios in mind, enabling rapid prototyping for energy-constrained IoT designs. ARM mbed APIs running on EFM32 MCUs automatically enable the optimal sleep mode based on the MCU peripherals in use, dramatically reducing system-level energy consumption. The Happy Gecko starter kit supports ARM mbed right out of the box. Silicon Labs has also launched mbed API support for Leopard, Giant, Wonder and Zero Gecko MCUs.  For additional ARM mbed information including access to mbed software, example code, services and the mbed community, visit www.silabs.com/mbed.

The Happy Gecko family includes 20 MCU devices providing an array of memory, package and peripheral options, as well as pin and software compatibility with Silicon Labs’s entire EFM32 MCU portfolio. Samples and production quantities of Happy Gecko MCUs are available now in 24-pin and 32-pin QFN, 48-pin QFP and 3 mm × 2.9 mm CSP packages. Happy Gecko MCU pricing in 10,000-unit quantities begins at $0.83. The Happy Gecko SLSTK3400A starter kit costs $29.

Source: Silicon Labs

ARTIK Platform to Accelerate Internet of Things Development

Samsung Electronics Co. recently announced the Samsung ARTIK platform to allow faster, simpler development of new enterprise, industrial, and consumer applications for the Internet of Things (IoT). ARTIK is an open platform that includes a best-in-class family of integrated production-ready modules, advanced software, development boards, drivers, tools, security features and cloud connectivity designed to help accelerate development of a new generation of better, smarter IoT devices, solutions and services.Samsung ARTIK10

All members of the Samsung ARTIK family incorporate unique embedded hardware security technology, on-board memory and advanced processing power in an open platform. Security is also a key element of the advanced software integrated into the platform, along with the ability to connect to the Internet for cloud-based data analytics and enhanced services. As an open platform, Samsung ARTIK can be easily customized for more rapid deployment of IoT devices and the services that can be delivered using them.

The Samsung ARTIK platform comes in a variety of configurations to meet the specific requirements of a wide range of devices from wearables and home automation, to smart lighting and industrial applications. Initial members of the ARTIK family include:

  • ARTIK 1, the smallest IoT module currently available in the industry at 12 mm × 12 mm combines Bluetooth/BLE connectivity and a nine-axis sensor with best-in-class compute capabilities and power consumption. It is specifically designed for low-power, small form factor IoT applications.
  • ARTIK 5 delivers an outstanding balance of size, power and price-performance and is ideal for home hubs, drones and high-end wearables. It incorporates a 1-GHz dual-core processor and on-board DRAM and flash memory.
  • ARTIK 10 delivers advanced capabilities and high-performance to IoT with an eight-core processor, full 1080p video decoding/encoding, 5.1 audio and 2-GB DRAM along with 16-GB flash memory. The Samsung ARTIK 10 includes Wi-Fi, Bluetooth/BLE and ZigBee connectivity and is designed for use with home servers, media applications, and in industrial settings.

Additional technical highlights:

  • Security and privacy: The ARTIK platform offers a best-in-class, end-to-end security solution. At the hardware level, ARTIK contains am embedded secure element that goes beyond software-based encryption solutions alone. At the application level, ARTIK is equipped with a machine learning based anomaly detection system. This allows the user to identify abnormalities and unusual behavior in order to address possible hacking or intrusion activity.
  • IoT Software Stack: Samsung’s ARTIK platform comes with an extensive IoT software stack and tools needed to accelerate product development. Developers can go directly to application framework development, instead of spending time building low-level software libraries.
  • Local Storage and Computational Capability: ARTIK supports unique local storage and computational capabilities that in most current IoT environments are generally only addressable by large-scale cloud servers. Depending on user requirements, data can be managed locally or in the cloud in encrypted or unencrypted formats.
  • Low-Power Architecture: The ARTIK platform offers best-in-class power consumption to enable longer battery life for battery operated IoT devices like wearables. The platform includes a tiered architecture that allows applications and tasks to run at the right power-optimized performance and memory utilization.
  • Small Form Factor: All ARTIK modules offer the smallest form factor in their class. Certain ARTIK modules use Samsung’s next generation embedded Package-on-Package (ePoP) technology. Samsung Electromechanics, a global leader in component manufacturing, played a key role in developing advanced packaging technology for ARTIK.
  • Connectivity: Depending on the configuration, the ARTIK family offers all major connectivity protocols including Wi-Fi, Bluetooth (including BLE) and ZigBee. More information about the ARTIK platform and development tools may be found at www.artik.io.

Source: Samsung Electronics Co.

VectorCAST Test Automation Platform Integration with Lauterbach TRACE32

Vector Software has announced an advanced integration with the Lauterbach TRACE32 product. VectorCAST now enables development, test, and certification teams, to set and continuously collect, practically unlimited volumes of test data from RAM constrained embedded systems.vector_software_Lauterbach

This latest integration benefits customers in aerospace, defense, automotive, medical devices, industrial control, and commercial environments where software quality and industry compliance are critical. Vector Software’s development team worked closely with Lauterbach and the TRACE32 implementation of IEEE Standard 1149.1-1990 JTAG and IEEE-ISTO 5001-2003 NEXUS.

VectorCAST’s Unit Test Automation and Structural Code Coverage is data driven, making it the only Test Automation Platform capable of minimizing the on-target memory requirement for all aspects of test case data where cycles of 100,000 to 1 million or more are required. The impact of this combined capability, VectorCAST and TRACE32, affects all of the supported hardware from microprocessors—from companies such as ARM, Imagination Technologies MIPS, Freescale/NXP, Fujitsu, Intel, and AMD—microcontrollers—from companies such as TI (Including Hercules), STMicro, and more.

Source: Lauterbach

High-Accuracy, 3-D Magnetic Sensor

Infineon Technologies recently announced the availability of the TLV493D-A1B6, a 3-D magnetic sensor that features highly accurate three-dimensional sensing with extremely low power consumption in a small six-pin TSOP package. Magnetic field detection in x, y, and z directions enables the sensor to measure 3-D, linear, and rotation movements. The implemented digital I²C interface enables fast and bidirectional communication between the sensor and microcontroller.3D-Magnetic-Sensor_TSOP6_Infineon

The TLV493D-A1B6 is intended for consumer and industrial applications that require accurate 3-D measurements or angular measurements or low power consumption, such as joysticks, electric meters where the 3-D magnetic sensor helps to protect against tampering, and more. With its contactless position sensing and high temperature stability of magnetic threshold, the TLV493D-A1B6 enables these systems to become smaller, more accurate, and robust.

The 3-D magnetic sensor TLV493D-A1B6 enables smaller and more energy efficient e-meter systems. Today, up to three magnetic sensors—one for each dimension of external magnetic field—are needed to measure tampering attempts with large magnets. In future, the 3-D magnetic sensor TLV493D-A1B6 will replace all 3-D sensors thus making e-meters smaller and more energy efficient.

The 3-D sensor TLV493D-A1B6 detects all three dimensions of a magnetic field. Using lateral hall plates for the z direction and vertical Hall plates for the x and y direction of the magnetic field, the sensor can be used in a large magnetic field range of ±150 mT for all three dimensions. This allows measuring and covering a long magnet movement. The large operation scale also makes the magnet circuit design easy, robust and flexible.

The TLV493D-A1B6 provides 12-bit data resolution for each measurement direction. This allows a high data resolution of 0.098 mT per bit (LSB) so that even the smallest magnet movements can be measured.

One of the main development goals for the TLV493D-A1B6 sensor was low power consumption. In Power Down mode, the sensor only requires 7-nA supply current. To perform magnetic measurements, the sensor can be set in one of five different power modes. In Ultra Low Power Mode, for example, the sensor performs a magnetic measurement every 100 ms (10 Hz) resulting in a current consumption of 10 µA. The time between measurement cycles can be set flexibly allowing system specific solutions. Using the sensor with continuous measurements, the maximum power consumption is only 3.7 mA. Also, the power modes can be changed during operation.

The TLV493D-A1B6 uses a standard I²C digital protocol to communicate with external microcontrollers. It is possible to operate the sensors in a bus mode to eliminate additional wiring cost and efforts.

Targeting industrial and consumer applications, TLV493D-A1B6 can be operated on supply voltages between 2.7 and 3.5 V and in a temperature range from –40°C to 125°C. The product is qualified according to industry standard JESD47.

For a fast design-in process, Infineon offers the “3D Magnetic 2Go” evaluation board. In combination with the free 3-D sensor software, first magnetic measurements are attainable within minutes. The evaluation board applies the Infineon 32-bit XMC1100 micrcontroller that uses the ARM Cortex-M0 processor.

The “3D Magnetic 2Go” is currently available (www.ehitex.com). Engineering samples of the TLV493D-A1B6 designed for consumer and industrial applications will be available as of July 2015. Volume production is expected to start in January 2016.

Source: Infineon Technologies

55-nm ULP Physical IP Solution for Energy-Efficient Applications

ARM and United Microelectronics Corporation (UMC) recently announced the availability of a new ARM Artisan physical IP solution on 55 nm to accelerate the development of ARM processor-based embedded systems and Internet of Things (IoT) applications.

UMC’s 55-nm ultra-low-power process (55ULP) technology is emerging as an ideal solution for energy-efficient IoT applications. The new physical IP offering will enable silicon design teams to speed up and simplify the bring-up of ARM-based SoC designs for IoT and other embedded applications.

For many energy-constrained applications, maximizing battery life is critical to a successful design. The Artisan physical IP platform will enhance the ULP technology from UMC with the intent to maximize power efficiency and reduce leakage. Features such as thick gate oxide support and long, multi-channel library options give SoC designers multiple tools to help optimize IoT applications.

The Artisan libraries will support:

  • The 0.9-V ultra-low voltage domain, thereby saving up to 44% dynamic power and 25% leakage power when compared to 1.2-V domain operation
  • Multichannel libraries with multiple Vts to offer SoC designers leakage and performance options. Long channel libraries can be used to further reduce leakage by up to 80%. The Power Management Kit (PMK) enables both active and leakage power mitigation.
  • Innovative thick gate oxide library will offer dramatically reduced leakage (350× lower than regular standard cells) for always ON cells. The ability of this library to interface with higher voltages (including battery voltages used in IoT devices) can also offer the advantage of negating the need for a voltage regulator.
  • Next generation high-density memory compilers offer multiple integrated power modes to save state while minimizing standby leakage. Utilizing these modes will allow SoC designers to realize up to 95% lower leakage when compared to regular standby.

The UMC-based physical IP for 55ULP is available immediately via ARM’s DesignStart portal.

Source: ARM

Ultra-Low Power Wi-Fi Platform for IoT Applications

Atmel and MXCHIP recently announced that they’re jointly developing an ultra-low power Internet of Things (IoT) platform with secure Wi-Fi access to the cloud, enabling designers to quickly bring IoT devices to market. The platform combines Atmel’s ultra-low power SMART SAM G ARM Cortex-M4-based MCUs and its SmartConnect WILC1000 Wi-Fi solution with MXCHIP’s MiCO IoT operating system (OS), servicing a full range of smart device developers for IoT applications. The integrated platform is intended to give IoT designers the confidence that their battery-operated devices will have longer battery life and their data will be securely transferred to the cloud.

Atmel’s WILC1000 is an IEEE 802.11b/g/n IoT link controller leveraging its ultra-low power Wi-Fi transceiver with a fully integrated power amplifier. This solution delivers the industry’s best communication range of up to +20.5-dBm output, ideal for connected home devices. Integrated in packages as small as a 3.2 mm × 3.2 mm WLCSP, the Atmel WILC1000 link controller leverages in this platform Atmel’s SAM G MCU, an ideal solution for low-power IoT applications and optimized for lower power consumption, incorporating large SRAM, high performance and operating efficiency with floating-point unit in an industry-leading 2.84 mm × 2.84 mm package. When combined with secure Wi-Fi technology, the joint IoT platform connects directly to each other or to a local area network (LAN), enabling remote system monitoring or control. For increased security, the platform comes with an optional Atmel ATECC508A, which is the industry’s first crypto device to integrate ECDH key agreement, making it easy to add confidentiality to digital systems including IoT nodes used in home automation, industrial networking, accessory and consumable authentication, medical, mobile and other applications.

 

To accelerate the IoT design process, the platform includes the MiCOKit-G55 development kit, technical documentation, application notes and a software development kit.

Source: Atmel

Miniature Low-Power TCXO/VCTCXO

Housed in a small 2.0 × 2.5 × 0.8 mm ceramic package, IQD Frequency Products’s new IQXT-260 series of digitally compensated  TCXOs employs an analog ASIC for the oscillator and a high-order temperature compensation circuit that provides a smoother signal. With a maximum current consumption of only 2 mA, the IQXT-260 offers stabilities down to ±0.5 ppm over an operating temperature range of –40° to 85°C with a clipped sinewave output. Operating from 1.8 to 3.3 V, the new range is available in three versions: TCXO, VCTCXO, and TCXO with enable/disable function, all across a frequency range of 10 to 52 MHz. The version with the enable/disable option only requires a standby current of typically <0.01 µA, which is ideal for battery operated equipment.tcxo-vctcxo-IQD

As frequency bands such as 2.4 GHz become overcrowded and the bandwidths need to be narrower, the precise signal and tighter frequency stability of a TCXO solution is ideal plus frequency slope and perturbation specifications can be customized to suite application requirements. The IQXT-260’s high stability, low power consumption, small footprint, and powerful compensation method makes this new TCXO ideally suited for demanding GPS mobile applications including Portable Navigation Devices as well as Wi-Fi, WiMax, WLAN, and Ethernet applications.

IQD Frequency Products

Altium Launches Open Beta Program for PCB Design Tool

Altium recenlty announced an open beta program for its community-driven PCB design tool. CircuitMaker is intended to address the unique needs of the electronics maker and hobbyist community with a free software offering. Anyone interested in participating in the open beta can register now at CircuitMaker.com.open-beta-Altium

The open beta testing program enables designers to immediately download and begin using CircuitMaker while joining a collaborative electronics design community. The open beta process will also provide feedback and input to refine CircuitMaker.

CircuitMaker will be available at no cost to anyone interested in using the software, with no limits to design capability. This PCB design tool from Altium offers a polished and streamlined design tool for the maker community with features such as:

  • Comprehensive PCB design technology — Built from the foundation of existing Altium technology, all of the typical features needed for modern PCB design are built in to CircuitMaker. This includes schematic-PCB integration, interactive routing, and output generation tools.
  • Advanced community collaboration — With CircuitMaker, designers have the opportunity to collaborate in a community-driven design environment, with unlimited access to contributed design and component data. This collaboratively design process is made possible by combining an advanced, cloud-based platform and an industry-standard user experience in a native application-based design environment.
  • Streamlined interface — CircuitMaker is a native application, and provides a streamlined interface, allowing new and casual designers to create designs quickly. This removes the traditional, time-intensive learning curve usually required for new PCB design tools.

Open beta registrations for CircuitMaker begins today, and is freely available worldwide to all interested electronics designers. Those interested can register now for the open beta at the CircuitMaker website.

Source: Altium

IoT Project: Wireless Sump Pump Monitor

Do you worry about your basement flooding? You can build a microcontroller-based, three-unit wireless system can monitor the water level in your sump pit. The Pump-Eye is a three-unit water level monitoring system built around a Freescale Semiconductor MC9S08GT60 and MC9S12NE64 microcontrollers.

1—A hose connects the Pump-Eye sensor unit to a copper pipe. The pipe gets fastened to the side of the sump pit.

A hose connects the Pump-Eye sensor unit to a copper pipe. The pipe gets fastened to the side of the sump pit.

The sensor unit monitors the water level in a sump pump pit, the sump pump’s AC power, and the sensor unit’s backup battery. The base unit receives status information from the sensor unit via RF. The sensor and base units use MC9S08GT60 microcontrollers; they communicate with each other via 2.4-GHz transceivers based on an MC13192 SARD board. The Ethernet link creates and sends timestamp and log messages to a host when the pump runs. The system sends a warning e-mail when the water level is high or there’s a power failure. An alarm sounds when the water level exceeds the normal maximum height by 10%.

In “Wireless Sump Pump Monitoring System”  (Circuit Cellar 189), David Kanceruk writes:

The Pump-Eye is a flexible system comprised of three electronic units: a sensor unit, a base unit, and an Ethernet unit. Let’s take a look at each unit.

Figure 1—The base and Ethernet units are optional. There are five ways to set up the Pump-Eye system without having to make any software changes.

Click to enlarge. The base and Ethernet units are optional. There are five ways to set up the Pump-Eye system without having to make any software changes.

The sensor unit monitors the sump pit’s water level (see Photo 1). Data is displayed on a 10-segment LED bar graph so you don’t have to remove the sump pit’s lid to determine the water level. An alarm sounds when the water level exceeds the height you program into the system. A switch enables you to cancel the alarm at any time. LEDs illuminate when the AC power is off and when the sensor unit’s 9-V backup battery needs to be replaced.

The base unit features the same indicators as the sensor unit. It sounds the same alarm signal as the sensor unit. I chose the SOS Morse code sound (an old sound that’s recognizable to some of us) because it’s notably different than the sounds generated by my appliances. Canceling the alarm on the base unit cancels the alarm on the sensor unit and vice versa. Because the units are connected wire- lessly, I can place the base unit anywhere in my house. Therefore, I don’t have to go to my basement to read the sensor unit’s front panel.

The Ethernet unit can connect to either the sensor unit or the base unit via an RS-232 connection. I can place the Ethernet unit in the most convenient location for connecting to an uninterruptible power supply (UPS) and network. The Ethernet unit receives commands from the unit to which it’s attached. It then sends syslog messages to a syslog server so that pump cycles can be time stamped and counted. A record is kept of the pump’s run times. The Ethernet unit can also send me an e-mail or text message regarding conditions that require immediate attention (e.g., high water levels and a loss of AC power).

The sensor and base units feature Freescale MC9S08GT60 microcontrollers. They communicate with each other via 2.4-GHz ZigBee transceivers based on a Freescale MC13192 SARD board using IEEE 802.15.4 MAC soft- ware. The sensor unit monitors the sump pump’s AC power and its 9-V back-up battery.

The front panel electronics on the two units are similar, but there are a few differences. The sensor unit is larger. It also has an extra connector that’s used for passing signals to the rear panel’s electronics for the sensors. Because the base unit simply acts as a remote display to show what’s happening on the sensor unit, it doesn’t need sensing electronics on the rear panel.

When you cover the top of a straw with your finger and place it in a glass of water, the air in the straw becomes pressurized. The amount of pressure depends on the height of the water in the straw, and this depends on factors such as ambient air pressure, the mass density of the water, gravity, and the height of the water outside the straw: P = Pa + rg∆h. In this formula, P is the pressure, Pa is the ambient pressure, r is the mass density of fluid, g is 9.8066 m/s2, and h is the height of fluid.

You can nullify the effect of a change in ambient pressure if you use a gauge pressure sensor to measure pressure relative to ambient pressure. The formula then becomes P = rg∆h. You can assume that the mass density of water and gravity are constants, so the pressure will be proportional to a change in the water’s height. The sensor unit measures this pressure with a Freescale MPXM2010GS temperature-compensated gauge pressure sensor. The pressure is then converted to a percentage of normal water levels observed in the sump pit.

I tried placing a hose in the sump pit to sense the water level, but I quickly discovered that it wasn’t too reliable. This was probably because of the surface tension of the water clinging to the inside of the thin hose (5/64 inches in diameter). Therefore, I decided to use a 0.5 inches in diameter copper pipe as a sensor interface. The ratio of the area affected by surface tension to the total area is less significant with the larger diameter. I bought a length 0.125 inches in diameter brass pipe to use as a nipple for the hose that connects the MPXM2010GS to the cop- per pipe. I soldered the brass pipe to a standard 0.5 inch copper cap in which I had drilled a hole. The cap is soldered to the top of the copper pipe.

The copper pipe solved the problem of holding the open end of the hose at a fixed height, and it also alleviated my concerns about dirt clogging the thin hose. A plastic clamp screwed to the side of the plastic sump pit holds the pipe in place. I had originally placed the pipe to the bottom of the sump pit, but I found a negative pressure developing in it after numerous pump cycles. I concluded that this was the result of scavenging around the bottom of the pipe because of water currents caused by the pump. Keeping the end of the pipe at the height of the low water level pre- vented this from happening.

Read the full article.

Virtual Prototyping — The Future’s So Bright

Virtual prototyping has been making its appearance in the embedded software arena since the late 1990s, steadily gaining acceptance as a valuable software development target. It initially rode the wave of rapid advances in chip process technology, which enabled multiple programmable cores on a single chip. This triggered a domino effect in product capabilities, with deep convergence of multiple functions in the same device becoming possible (smartphones being the most idiomatic example). In the semiconductor business landscape, ASIC companies needed to grow into system-on-chip (SoC) companies. The force of growing software content, complexity in general and the specialized nature of the low-level SoC software specifically was amplified by increased time-to-market pressure. Traditional development practices (mostly post-silicon) and targets (physical boards, FPGAs, etc.) couldn’t answer the call for true pre-silicon software development. In its first decade, virtual prototyping has established itself as the key “shift left” enabler in SoC development.Synopsys Diagram2

During the past five years, virtual prototyping has silently enabled embedded software to get past key inflection points and challenges. In the mid-2000s, the introduction of multi-core architectures was a key hurdle for embedded software, requiring considerable refactoring of existing single-threaded/-core software stacks. Virtual prototyping’s debug and visibility advantages facilitated the transition. Around the same time, security hardware was introduced in leading mobile SoCs to provide the basis for a secure computing platform, enabling user services like mobile commerce. The complexity of the new security software and hostility of a physical target for development—a device is supposed to be hacking resistant—made a good case for virtual prototyping, which provided ample visibility into the complex secure/non-secure domain interactions and a less hostile development target.

More recently, we observed adoption to address the SoC power consumption challenge. Power efficiency correlates directly with longer battery times, and dedicated chip hardware, both on- and off-chip, was introduced to manage power. The hardware flexibility offered is large, with final control left to the software. Complex power management software layers were introduced in high-level software stacks, and as virtual prototyping uniquely allows for an accurate representation of the complex hardware clocking and voltage schemes (other technologies like FPGAs can’t easily tackle this), it not only became an enabler for this new development, but also proved its value in software optimization for power and energy.

Today virtual prototyping is powering the architecture transition from 32- to 64-bit in the embedded space, through its use for early instruction-set market introduction, by enabling the porting of large existing stacks prior to the first 64-bit physical implementation and by helping the SoC companies transition their software.

The above inflection points appear in different markets earlier than others, with mobile being on the leading edge of embedded software advances, typically followed by networking and automotive. For instance, automotive is only now facing the multi-core challenge. As such, virtual prototyping repeatedly will play a key role in tackling a specific inflection point.

Looking towards the future, the technology will make further advances on two major fronts: contribution to software quality testing and deeper anchoring into other parts of the SoC design flow, through integration with technologies like hardware emulation and FPGA-based prototyping. With its value for the development phase of software accepted, tackling the next phase, software testing, is natural. The software nature of virtual prototypes allows for large parallel deployment, ideal for regression testing. Moreover, with continuous integration now accepted as a regular practice in desktop and web software development, we expect the embedded market to follow this trend. And with a virtual target making continuous integration straightforward, we expect virtual prototypes to play an important role in the trend’s adoption. Markets including automotive (and mil/aero) have stringent safety and reliability requirements, and virtual prototypes’ unique fault injection capability is starting to show its value. Security testing and analysis is still an unexplored area, which not only has potential for the Internet of Things market, but can have a broad impact as security is becoming commonplace for any connected system.

Having simulation performance track the increasing SoC design scale and keeping the modeling effort under tabs to deliver value sufficiently early are not small engineering challenges. Just-In-Time compilation gave a major boost in the 2003–2004 timeframe, but the number of SoC subsystems requires another turbocharge right now. Exploiting the subsystem-level parallelism through new technologies that map subsystem simulations to different cores in the host machine, and deep-insight performance profiling tools that allow performance tuning, will carry the technology forward for another 5-10 years. Raising the modeling abstraction level, increasing automation and promotion of subsystem-based re-use and assembly methodology are effective arms to tackle the modeling effort challenge.

With its challenges being dealt with, virtual prototypes will continue to drive a further shift left and to converge with the numerous inflection point challenges of embedded software ahead. In 5-10 years, this embedded virtualization technology will likely be as accepted as virtualization technology is in the IT space today. A bright future indeed!

Filip Thoen is the principal engineer for virtual prototyping products at Synopsys, the Silicon to Software partner for innovative companies developing the electronic products and software applications we rely on every day. Thoen is responsible for the technical direction and architecture of the virtual prototyping products. Previously, he co-founded Virtio, a virtual prototyping leader later acquired by Synopsys, and served as its CTO. He has more than 15 years of experience in system simulation and embedded software, and has authored several articles, books, and patents in these areas. He holds MS and PhD degrees in Electrical Engineering from Catholic University of Leuven (Belgium).

This essay appears in Circuit Cellar 299 (June 2015).

Editors’ Pick: A Review of Current Embedded Security Risks

In recent years, security in embedded systems design has become a major concern. Patrick Schaumont’s CC25 article looks at the current state of affairs through several examples. The included tips and suggestions will help you evaluate the security needs of your next embedded design.

When you’re secure, you’re protected from loss or danger. Electronic security—the state of security for electronic systems—is essential for us because we rely so much on electronic embedded systems in everyday life. Embedded control units, RFID payment systems, wireless keys, cell phones, and intellectual-property firmware are just a few examples where embedded security matters to us. System malfunctions or the malicious uses of such devices are guaranteed to harm us. Security requires stronger guarantees than reliability. When we implement a secure system, we’re assuming an adversary with bad intentions. We’re dealing with someone who’s intentionally trying to cause harm. This article emphasizes attacks rather than solutions. The objective is to give you a sense of the issues.schaumont

Defining Embedded Security

As design engineers, we want to know how to create secure designs. Unfortunately, it’s hard to define the properties that make a design secure. Indeed, being “secure” often means being able to guarantee what is not going to happen. For example: “The wireless door opener on my house cannot be duplicated without my explicit authorization” or “The remote update of this wireless modem will not brick it.” Designing a secure system means being able to tell what will be prevented rather than enabled. This makes the design problem unique.

There is, of course, a good amount of science to help us. Cryptologists have long analyzed the desirable features of secure systems, and they have defined security objectives such as confidentiality, privacy, authentication, signatures, and availability. They have defined cryptographic algorithms such as encryption and decryption, public-key and symmetric-key operations, one-way functions, and random-number generation. They have also created cryptographic protocols, which show how to use those cryptographic algorithms in order to meet the intended security objectives.

Cryptography is a good starting point for secure embedded design. But it is not enough. Secure embedded designs face two specific challenges that are unique to embedded implementation. The first is that, by definition, embedded systems are resource-constrained. For example, they may use an 8-bit microcontroller and 32 KB of flash memory. Or they may even have no microcontroller at all and simply consist of a passively powered RFID device. Such severe resource constraints imply that there are hardly any compute cycles available for security functions. The second challenge is that embedded systems have simple, accessible form factors. Once deployed in the field, they become easy to tamper with, and they are subject to attacks that cryptologists never thought of. Indeed, classic cryptography assumes a “black-box” principle: it assumes that crypto-devices are free from tampering. Clearly, when an attacker can desolder components or probe microcontroller pins, the black-box principle breaks down.

Embedded Security Attacks

Embedded security attacks come in all forms and types. Here I’ll detail a few examples of recent, successful cases. In each of them, the attackers used a different approach. Refer to the documents listed in the Resources section at the end of this essay for pointers to in-depth discussions.

Let’s begin with a classic case of cryptanalysis. Keeloq was a proprietary encryption algorithm used in remote keyless entry systems. The algorithm is used by many car manufacturers, including Chrysler, General Motors, and Toyota, to name a few. It has a 64-bit key, which means that randomly trying keys will lead to a key search space of 264 possibilities. That is at the edge of what is practical for an attacker. Even when trying 10 million keys per second, you’d still need thousands of years to try all the keys of a 64-bit cipher. However, in 2008, researchers in Leuven, Belgium, found a way to reduce the search space to 44 bits. Essentially, they found a mathematical weakness in the algorithm and a way to exploit it. A 44-bit search space is much smaller. At 10 million keys per second, it only takes 20 days to cover the search space—a lot more practical. Clearly, deciding the key length of a secure embedded system is a critical design decision! Too short, and any progress in cryptanalysis may compromise your system. Too long, and the design may be too slow, and too big for embedded implementation.

Attackers go further, as well, and tamper with the security protocol. In 2010, researchers from Cambridge, UK, demonstrated a hack on the “Chip and PIN” system, an embedded system for electronic payments. Chip and PIN is a system for electronic purchases. It is similar to a debit card, but it is based on a chip-card (a credit card with a built-in microprocessor). To make a purchase, the user inserts the chip-card in a merchant terminal and enters a PIN code. A correct PIN code will authorize purchases. The researchers found a flaw in the communication protocol between the merchant terminal and the chip-card. The terminal will authorize purchases if two conditions are met: when it has identified the chip-card and when it receives a “PIN-is-correct” message from this card. The researchers intercepted the messages between the terminal and the chip-card. They were then able to generate a “PIN-is-correct” message without an actual PIN verification taking place. The terminal—having identified the chip-card, and received a “PIN-is-correct” message—will now authorize purchases to the chip-card issuer (a bank). This type of attack, called a man-in-the-middle attack, was done with a hacked chip-card, an FPGA board, and a laptop. Equally important, it was demonstrated on a deployed, commercial system. In the Resources section of this article I list a nice demonstration video that appeared on the BBC’s Newsnight program.

One step beyond the man-in-the-middle attack, the attacker will actively analyze the implementation, typically starting with the cryptographic components of the design. A recent and important threat in this category is side-channel analysis (SCA). In SCA, an attacker observes the characteristics of a cryptographic implementation: its execution time, its power dissipation, and its electromagnetic patterns. By sampling these characteristics at high speed, the attacker is able to observe data-dependent variations. These variations are called side-channel leakage. SCA is the systematic analysis of side-channel leakage. Given sufficient measurements—say, a few hundred to a few thousands of measurements—SCA is able to extract cryptographic keys from a device. SCA is practical and efficient. For example, in the past two years, SCA has been used successfully to break FPGA bitstream encryption and Atmel CryptoMemory. Links to detailed information are in the Resources section of this essay.

If there’s one thing obvious from these examples, it is that perfect embedded security cannot exist. Attackers have a wide variety of techniques at their disposal, ranging from analysis to reverse engineering. When attackers get their hands on your embedded system, it is only a matter of time and sufficient eyeballs before someone finds a flaw and exploits it.

What Can You Do?

The examples above are just the tip of the iceberg, and may leave the impression of a cumbersome situation. As design engineers, we should understand what can and what cannot be done. If we understand the risks, we can create designs that give the best possible protection at a given level of complexity. Think about the following four observations before you start designing an embedded security implementation.

First, you have to understand the threats that you are facing. If you don’t have a threat model, it makes no sense to design a protection—there’s no threat! A threat model for an embedded system will specify what can attacker can and cannot do. Can she probe components? Control the power supply? Control the inputs of the design? The more precisely you specify the threats, the more robust your defenses will be. Realize that perfect security does not exist, so it doesn’t make sense to try to achieve it. Instead, focus on the threats you are willing to deal with.

Second, make a distinction between what you trust and what you cannot trust. In terms of building protections, you only need to worry about what you don’t trust. The boundary between what you trust and what you don’t trust is suitably called the trust boundary. While trust boundaries were originally logical boundaries in software systems, they also have a physical meaning in embedded context. For example, let’s say that you define the trust boundary to be at the chip-package level of a microcontroller. This implies that you’re assuming an attacker will get as close to the chip as the package pins, but not closer. With such a trust boundary, your defenses should focus on off-chip communication. If there’s nothing or no one to trust, then you’re in trouble. It’s not possible to build a secure solution without trust.

Third, security has a cost. You cannot get it for free. Security has a cost in resources and energy. In a resource-limited embedded system, this means that security will always be in competition with other system features in terms of resources. And because security is typically designed to prevent bad things from happening rather than to enable good things, it may be a difficult trade-off. In feature-rich consumer devices, security may not be a feature for which a customer is willing to pay extra.

The fourth observation, and maybe the most important one, is to realize is that you’re not alone. There are many things to learn from conferences, books, and magazines. Don’t invent your own security. Adapt standards and proven techniques. Learn about the experiences of other designers. The following examples are good starting points for learning about current concerns and issues in embedded security.

Three Books for Your Desk

Security is a complex field with many different dimensions. I find it very helpful to have several reference works close by to help me navigate the steps of building any type of security service. The following three books describe the basics of information security and systems security. While not specifically targeted at the embedded context alone, the concepts they explain are equally valid for it as well.

Christof Paar and Jan Pelzl’s Understanding Cryptography: A Textbook for Students and Practitioners gives an overview of basic cryptographic algorithms. The authors explain the different types of encryption algorithms (stream and block ciphers, as well as various standards). They describe the use of public-key cryptography, covering RSA and elliptic curve cryptography (ECC), and their use for digital signatures. And they discuss hash algorithms and message authentication codes. The book does not cover cryptographic protocols, apart from key agreement. A nice thing about the book is that you can find online lectures for each chapter.

Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno’s Cryptography Engineering: Design Principles and Practical Applications covers basic cryptography as well, but with a slightly different emphasis as the first. It takes a more practical approach and frequently refers to existing practice in cryptography. It has sections on (software-oriented) implementation issues and practical implementation of key agreement protocols. This book would give immediate value to the practicing engineer—although it does not connect to the embedded context as well as the previous book. For example, it does not mention ECC.

Ross Anderson’s Security Engineering is a bible on secure systems design. It’s very broad. It builds up from basic cryptography over protocols up to secure systems design for telecoms, networking, copyright control, and more. It’s an excellent book on the systems perspective of secure design. The first edition of this book can be downloaded for free from the author’s website, though it’s well worth the investment to have the latest edition on your desk.

Four Sites

Many websites cover product teardowns and the specific security features of these implementations. Flylogic’s Analytics Blog (www.flylogic.net/blog/) describes the analysis of various chipcards. It contains chip micrographs and discusses various techniques to reverse-engineer chip security features. The website is an excellent showcase of what’s possible for a knowledgeable individual; it also clearly illustrates the point that perfect security cannot exist.

If you would like to venture in analysis of secure embedded designs yourself, then the Embedded Analysis wiki by Nathan Fain and Vadik is a must read (http://events.ccc.de/congress/2010/wiki/Embedded_Analysis). They discuss various reverse-engineering tools to help you monitor a serial line, extract the image of a flash memory, and analyze the JTAG interface of an unknown component. They also cover reverse-engineering practice in an online talk, which I’ll mention below.

Earlier I noted that cost is an important element in the security design. If you’re using cryptography, then this will cost you compute cycles, digital gates, and memory footprint. There are a few websites that give an excellent overview of these implementation costs for various algorithms.

The EBACS website contains a benchmark for cryptographic software, covering hash functions, various block and stream ciphers, and public-key implementations (http://bench.cr.yp.to/supercop.html). Originally designed for benchmarking on personal computers, it now also includes benchmarks for ARM-based embedded platforms. You can also download the benchmarks for a wealth of reference implementations of cryptographic algorithms. The Athena website at GMU presents a similar benchmark, but it’s aimed at cryptographic hardware (http://cryptography.gmu.edu/athena/). It currently concentrates on hash algorithms (in part due to its development for the SHA-3 competition). You can apply the toolkit to other types of cryptographic benchmarking as well. The website provides a host of hardware reference implementations for hash algorithms. It also distributes the benchmarking software, which is fully automated on top of existing FPGA design flows from Altera and Xilinx.

Three Newsletters

Security is a fast-evolving field. You can remain up to date on the latest developments by subscribing to a few newsletters. Here are three newsletters that have never failed to make a few interesting points to me. They do not exclusively focus on secure embedded implementations, but frequently mention the use of embedded technology in the context of a larger security issue.

The ACM RISKS list (http://catless.ncl.ac.uk/Risks) enumerates cases of typical security failures, many of them related to embedded systems. Some of the stories point out what can happen if we trust our embedded computers too blindly, such as GPS systems that lead people astray and stranded. Other stories discuss security implications of embedded computers, such as the recent news that 24% of medical device recalls are related to software failures.

Bruce Schneier’s “Schneier on Security” blog and Crypto-Gram newsletter (www.schneier.com/crypto-gram.html) focus on recent ongoing security issues. He covers everything from the issues with using airport scanners to the latest hack on BMW’s remote keyless entry system.

The Technicolor Security Newsletter (www.technicolor.com/en/hi/technology/research-publications/security-newsletters/security-newsletter-20) discusses contemporary security issues related to computer graphics, content protection, rights management, and more. The newsletter gives succinct, clear descriptions of content protection (and attacks on it) for mobile platforms, game machines, set-top boxes, and more.

Three Web Presentations

You can also learn from watching presentations by security professionals. Here are three interesting ones that specifically address security in embedded devices.

In a talk titled “Lessons Learned from Four Years of Implementation Attacks Against Real-World Targets,” Christof Paar covers the use of side-channel analysis (SCA) to break the security of various embedded devices, including wireless keys, encrypted FPGA bitstreams, and RFID smartcards. The talk is an excellent illustration of what can be achieved with SCA.

Nathan Fain gave a talk called “JTAG/Serial/Flash/PCB Embedded Reverse Engineering Tools and Technique” at a recent conference. The author discusses various tools for analyzing embedded systems. It’s the live version of the wiki page listed earlier. Go to his website (www.deadhacker.com) to download the tools he discusses.

Finally, in a talk titled “Comprehensive Experimental Analyses of Automotive Attack Surfaces,” Stephen Checkoway discusses the embedded security analysis of cars. The author demonstrates how an attacker is able to access a car’s internal network, a concept called “the attack surface.” He points out several known issues, such as the risks posed by the on-board diagnostics (ODB) port. But he also demonstrates a wide variety of additional access points, from CD to long-range wireless links. Each of these access points comes with specific risks, such as remote unlocking of doors and unauthorized tracking. It’s a fascinating discussion that demonstrates how the ubiquitous microcontroller has brought safety as well as risk to our cars.

Looking Forward

Security in embedded systems design requires a designer to think about ways in which bad things are prevented from happening. We have seen a great deal of progress in our understanding of the threats to embedded systems. However, it’s clear that there is no silver bullet. The threats are extremely diverse, and eventually it’s up to the designer to decide what to protect. In this article, I provided a collection of pointers that should help you learn more about these threats.—By Patrick Schaumont (Patrick is an associate professor at Virginia Tech, where he works with students on research projects relating to embedded security. Patrick has covered a variety of embedded security-related topics for Circuit Cellar: one-time passwords, electronic signatures for firmware updates, and hardware-accelerated encryption.)

RESOURCES

R. Anderson, Security Engineering, Second Edition, Wiley Publishing, Indianapolis, IN, 2008.

J. Balasch, B. Gierlichs, R. Verdult, L. Batina, and I. Verbauwhede, “Power Analysis of Atmel CryptoMemory — Recovering Keys from Secure EEPROMs.” In O. Dunkelman (ed.), Topics in Cryptology — CT-RSA 2012, The Cryptographer’s Track at the RSA Conference, Lecture Notes in Computer Science 7178, O. Dunkelman (ed.), Springer-Verlag, 2012.

BBC Newsnight, “Chip and PIN is Broken,” www.youtube.com/watch?v=1pMuV2o4Lrw.

D. Bernstein and T. Lange, “EBACS: ECRYPT Benchmarking of Cryptographic Systems,”

http://bench.cr.yp.to/supercop.html.

E. Biham, O. Dunkelman, S. Indesteege, N. Keller, and B. Preneel, “How to Steal Cars—A Practical Attack on Keeloq,” COSIC, www.cosic.esat.kuleuven.be/keeloq/.

S. Checkoway, “Comprehensive Experimental Analyses of Automotive Attack Surfaces,” www.youtube.com/watch?v=bHfOziIwXic.

E. Diels, “Technicolor Security Newsletter,” www.technicolor.com/en/hi/technology/research-publications/security-newsletters/security-newsletter-20.

N. Fain and Vadik, “Embedded Analysis,”

http://events.ccc.de/congress/2010/wiki/Embedded_Analysis.

———, “JTAG/Serial/Flash/PCB Embedded Reverse Engineering Tools and Technique,” www.youtube.comwatch?v=8Unisnu-cNo.

N. Ferguson, B. Schneier, and T. Kohno, Cryptography Engineering, Wiley Publishing, Indianapolis, IN, 2010.

Flylogic’s Analytics Blog, www.flylogic.net/blog/.

K. Gaj and J. Kaps, “ATHENa: Automated Tool for Hardware Evaluation,” Cryptographic Engineering Research Group, George Mason University, Fairfax, VA, http://cryptography.gmu.edu/athena/.

A. Moradi, A. Barenghi, T. Kasper, and C. Paar, “On the Vulnerability of FPGA Bitstream Encryption Against Power Analysis Attacks,” IACR ePrint Archive, 2011, http://eprint.iacr.org/2011/390.

S. Murdoch, S. Drimer, R. Anderson, and M. Bond, “Chip and PIN is Broken,” 2010 IEEE Symposium on Security and Privacy, www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf.

P. Neumann (moderator), “The Risks Digest: Forum on Risks to the Public in Computers and Related Systesm,” ACM Committee on Computers and Public Policy, http://catless.ncl.ac.uk/Risks.

C. Paar, “Lessons Learned from Four Years of Implementation Attacks Against Real-World Targets,” Seminar at the Isaac Newton Institute for Mathematical Sciences, 2012.

C. Paar and J. Pelzl, Understanding Cryptography, Springer-Verlag, 2010, www.crypto-textbook.com.

B. Schneier, “Crypto-gram Newsletter,” www.schneier.com/crypto-gram.html.

This article first appeared in CC25.