Side-Channel Power Analysis

Easy Path to Proof

Side-channel power analysis is a method of breaking security on embedded systems, and something Colin has covered extensively in his column. This time Colin shows how you can prove some of the fundamental assumptions that underpin side-channel power analysis. He uses the open-source ChipWhisperer project with Jupyter notebooks for easy interactive evaluation.

By Colin O’Flynn

This month I thought I’d bring you an introduction to side-channel power analysis (again). I’ve covered this in past articles, but it’s been a few years and I know new readers are going to be picking up this issue of Circuit Cellar. But don’t worry—I’m doing more than just giving you a rehash of old material. My open-source ChipWhisperer project has recently had the Version 5.0 release, which uses a new interactive Python interface (using something called Jupyter notebooks). As part of this release, several new tutorials are available, and some of them cover aspects I haven’t previously shown you.

In particular, I’m going to show you how some of the fundamental assumptions around side-channel power analysis can be easily proven. It’s not something for which you have to take my word. It’s something you can test yourself, and experiment with the differences that show up for various firmware code you might be running.

Simple Power Analysis

My intro is going to push through all sorts of examples. The first thing we’ll talk about is simple power analysis (SPA). This form of power analysis commonly refers to the fact that you can see the flow of data through a system. This can be used to break code that has an execution path that depends on the secret data being processed. What sort of code might that be? We’ll take a look at a simple password check as shown in Listing 1. That might look straight-forward—but what if you could see the loop execution time? Power analysis lets us do exactly that, meaning that we could discover which character of our password was incorrect.

Listing 1
An example of a simple password check, where if one could figure out the loop count, one could recover the password byte-by-byte.

The code from Listing 1 also contains a trigger_high() and trigger_low() call. Those actually provide an added piece of instrumentation being used only for our demonstration. Using a resistor in the power pin, we could see how the power is varying, as in Figure 1. I’m doing that with my ChipWhisperer platform, but you could use an oscilloscope or other similar piece of gear. You can see in Figure 2 the loop has an obvious pattern, and we see four iterations through the loop.

Figure 1
Power consumption can be measured with a resistor in the VCC line of the device. Here I’ve also removed decoupling capacitors to improve the strength of the signal. We AC-couple the measurement to remove the high-DC bias, since we are looking at small variations only.

Figure 2 A power trace of the loop execution helps you understand how many iterations through the loop your code ran, which could break the password check in Listing 1.

How does that help us crack a password? We could monitor the power consumption of the device and send every possible first character of the password. When we see a change in the power trace, we know that suddenly another code path was taken. Most likely this “other code path” is in fact the loop going into the second iteration. We don’t need to be clever or look for a specific signature. We just look for “different.”

Listing 2
An example of a time-independent password check that could be broken by looking at power consumption of the device.

It’s hard to hide this difference. If we add a random delay afterward, we can still see the time at which the power traces changed. We can notice that at this point in time whether it seems to go into a busy-wait loop or continues processing data. If you don’t believe me, there is an exact example of this in the open-source ChipWhisperer Jupyter.
So, if you think you’re clever, you’ll implement the code as in Listing 2. This takes the same amount of time, no matter what code is executed. Let’s see how to break that.

Data Affects Power

What if I told you that the very data being processed affect the power consumption? The theory behind this is fairly simple. Internal to the device, a data bus consists of wires over a ground plane. Changing the voltage on this is equivalent to charging and discharging a capacitor. As a nice feature, most internal data-buses go to an intermediate state between valid data transmissions. These intermediate states mean that every time we send a value across the data-bus, we have to charge a certain number of data lines to the ‘1’ state. If we looked at the power consumed on the VCC rail, we would expect to see spikes related to the data being sent across a bus. If all the bits of the data-bus were going high, we would expect to see larger spikes than when only one or two lines went high. You can see our expected results in Figure 3.

Figure 3
Different numbers of bits being set to ‘1’ on the power trace result in different power consumption on each clock cycle.

But how could we test that? We could send some data to a chip, and try to find a location where, for example, we see a strong difference in the power being used that depends on the data. Since we expect our signal to be very weak, we might need to average a number of such traces over time.  …

Read the full article in the March 344 issue of Circuit Cellar
(Full article word count: 2133 words; Figure count: 7 Figures.)

Don’t miss out on upcoming issues of Circuit Cellar. Subscribe today!

Note: We’ve made the October 2017 issue of Circuit Cellar available as a free sample issue. In it, you’ll find a rich variety of the kinds of articles and information that exemplify a typical issue of the current magazine.

Firms Team Up to Provide End-to-End LoRa Security Solution

Microchip Technology, in partnership with The Things Industries, has announced the what it claims is industry’s first end-to-end security solution that adds secure, trusted and managed authentication to LoRaWAN devices at a global scale. The solution brings hardware-based security to the LoRa ecosystem, combining the MCU- and radio-agnostic ATECC608A-MAHTN-T CryptoAuthentication device with The Things Industries’ managed join servers and Microchip’s secure provisioning service.

The joint solution significantly simplifies provisioning LoRaWAN devices and addresses the inherent logistical challenges that come with managing LoRaWAN authentication keys from inception and throughout the life of a device. Traditionally, network and application server keys are unprotected in the edge node, and unmonitored, as LoRaWAN devices pass through various supply chain steps and are installed in the field.

The Common Criteria Joint Interpretation Library (JIL) “high”-rated ATECC608A comes pre-configured with secure key storage, keeping a device’s LoRaWAN secret keys isolated from the system so that sensitive keys are never exposed throughout the supply chain nor when the device is deployed. Microchip’s secure manufacturing facilities safely provision keys, eliminating the risk of exposure during manufacturing. Combined with The Things Industries’ agnostic secure join server service to the LoRaWAN network and application server providers, the solution decreases the risk of device identity corruption by establishing a trusted authentication when a device connects to a network.

Similar to how a prepaid data plan works for a mobile device, each purchase of an ATECC608A-MAHTN-T device comes with one year of managed LoRaWAN join server service through The Things Industries. Once a device identifies itself to join a LoRaWAN network, the network contacts The Things Industries join server to verify that the identity comes from a trusted device and not a fraudulent one. The temporary session keys are then sent securely to the network server and application server of choice. The Things Industries’ join server supports any LoRaWAN network, from commercially operated networks to private networks built on open-source components. After the one-year period, The Things Industries provides the option to extend the service.

Microchip and The Things Industries have also partnered to make the onboarding process of LoRaWAN devices seamless and secure. LoRaWAN device identities are claimed by The Things Industries’ join server with minimal intervention, relieving developers from needing expertise in security. Customers can not only choose any LoRaWAN network but can also migrate to any other LoRaWAN join server by rekeying the device. This means there is not a vendor lock-in and customers have full control over where and how the device keys are stored.

The ATECC608A is agnostic and can be paired with any MCU and LoRa radio. Developers can deploy secure LoRaWAN devices by combining the ATECC608A with the SAM L21 MCU, supported by the Arm Mbed OS LoRaWAN stack, or the recently-announced SAM R34 System-in-Package with Microchip’s LoRaWAN stack. For rapid prototyping, designers can use the CryptoAuthoXPRO socket board and The Things Industries provisioned parts in samples with the SAM L21 Xplained Pro (atsamd21-xpro) or SAM R34 Xplained Pro (DM320111).

The ATECC608A-MAHTN-T device for The Things Industries, including the initial year of prepaid TTN service, is available in volume production for $0.81 each in 10,000-unit quantities.

Microchip Technology | www.microchip.com

 

Secure MCU Family Targets Low Power, Small Footprint Designs

STMicroelectronics has added the new STM32G0 microcontrollers (MCUs) to the STM32 family. The new G0 series targets entry-level applications that require greater energy efficiency, functionality, security, and value, in a smaller footprint. Extremely flexible packaging and memory options enable designers to do more within less space, and save cost. A new power-distribution architecture reduces external power and ground connections to just a single pair of pins, allowing more of the package pins—a precious resource in many embedded projects—to be allocated for user connectivity.

In addition, ST is making large memory densities available in small and economical low-pin-count packages. On top of this, the new generation features power-saving innovations that trim consumption close to that of specialized ultra-low-power devices.

To provide robust security for today’s connected devices, the STM32G0 series introduces a variety of hardware-based features including memory protection to support secure boot. Some devices in the series add to these features an AES-256 hardware cryptographic accelerator with a true random number generator (TRNG) to aid encryption.

Another valuable feature that anticipates a growing need is support for the latest USB Type-C specifications that allow easy, high-speed connectivity and battery charging, including Power Delivery version 3.0.

The STM32G0 series is based on the Arm Cortex-M0+ core, which is conceived to deliver sharp performance within a tight power budget. It targets fast-evolving products in the connected world, including smartphones, smart kitchen equipment, and appliances, air conditioning, consumer or industrial motor controls, advanced user interfaces, IoT devices, rechargeable connected devices, drones, lighting systems and more.

Package options are available from 8-pin, enabling developers to easily upgrade aging 8-bit MCU designs, to 100-pin. Flash from 16 KB to 512 KB, with 512 KB available in packages as small as 32-pin, enables more sophisticated applications on small, low-cost products.

The maximum CPU frequency of 64 MHz permits high execution speeds, compared to typical entry-level MCUs. On the other hand, extremely flexible clock configuration allows users to tailor performance within the available power budget. The internal clock is remarkably stable and comparable to high-end devices, being accurate to within ±1% from 0-85°C and ±2% over the wider range from -40°C to 125°C. This not only saves the board space and pins needed to connect a dedicated external timing device, but also can trim at least 10 cents from the bill of materials.

The STM32G0 series is extremely efficient, running at less than 100µA/MHz in run mode, and provides multiple reduced-power operating modes to save energy and extend battery runtimes. Devices draw as little as 3-8µA in stop mode with the real-time clock (RTC) running, and just 500 nA in standby with RTC (all at 3.0V, 25°C).

Moreover, peripherals are upgraded to enhance performance, speed, and accuracy. The devices feature a 12-bit 2.5 MSPS ADC, with hardware oversampling for 16-bit precision. There is also a 2-channel DAC, fast comparators, and high-accuracy timers with 7.8 ns resolution.

In addition to permitting extra user-assignable I/Os, the internal (ST-patented) power-distribution scheme also helps save BoM costs by reducing the number of external power-supply decoupling components.

Enhanced internal prevention of electromagnetic susceptibility (EMS) is yet another feature that saves board space and BoM costs. Protection against fast-transient bursts above 4.5kV, in accordance with IEC 61000-4-4, relaxes the demands for surrounding filtering components and eases board layout. For product-development teams, the ability to easily ensure good electromagnetic behavior facilitates EMC certifications for faster time to market.

ST is planning several STM32G0 lines, including the STM32G071 and similar STM32G081 with hardware cryptographic enhancement. There are also Value Line STM32G070 devices for mass-market applications. Pricing starts from $0.69 for the STM32G070CBT6 Value Line MCU in a 48-pin package, with 128 KB flash, for orders of 10,000 pieces.

STMicroelectronics | www.st.com

Connecting USB to Simple MCUs

Helpful Hosting

Sometimes you want to connect a USB device such as a flash drive to a simple microcontroller. The problem is most MCUs cannot function as a USB host. In this article, Stuart steps through the technology and device choices that solve this challenge. He also puts the idea into action via a project that provides this functionality.

By Stuart Ball

Even though many microcontrollers (MCUs) may have a USB device interface that can connect to a host, rarely is a host interface available on simple MCUs. There are various reasons for this, including the complexity of implementing a USB host interface on a simple processor, the need to enumerate and recognize many device types and the memory required to do so. Functioning as a single USB device is much simpler. Implementing a host interface also puts some constraints on the MCU for throughput and clock speed choices.

I have been working on a retro CPU board design, using the Z80180 processor that can run the old CP/M-80 operating system. This is just a fun project, with no real practical use. But the project needed storage that could replace the floppy disk normally used in CP/M. I considered using SD cards, but in experimenting with them, I decided that they are just not what I wanted. What I did want was the ability to plug a USB flash drive into the circuit.

Even though my CP/M project is not that useful, there are other applications where the ability to plug a USB flash drive into an MCU-based circuit is desirable. Examples include:

• Capturing logging or debug data
• Flashing new code into the MCU
(if the MCU has self-programming flash)
• Downloading crypto keys or other
one-time data to the MCU
• Downloading configuration information
to enable or disable features
• Downloading language translation
information
• Retaining critical data
• Serving as a “key” to restrict access to
maintenance mode functions only
to authorized personnel
• Downloading GPS coordinates or map
information
• Updating stored part numbers, serial
numbers or any stored value that can
change.

There are ways to implement USB host capability on an MCU, especially if it has a USB interface that supports OTG (on-the-go) USB capability. But no matter how you do it, you have to write or obtain drivers and integrate the functionality into your software. You will also be constrained as to which MCUs you can use, based on availability of USB host capability. But for a simple design, you may not want to be forced to use a part just because it has USB host capability.

VDrive3

FTDI makes a USB host module called the VDrive3 that provides a limited USB host interface and can connect to an MCU (or even a PC) using an asynchronous serial port. The module also has an SPI interface, although I did not use that in my design. A link to the datasheet is provided on the Circuit Cellar article materials webpage.

The VDrive3 (Figure 1) uses the FTDI Vinculum IC, which provides a USB host interface on one side and a serial or SPI interface to your MCU on the other. Since all of the hardware and software to implement the USB host interface is inside the VDrive3 module, you don’t need to develop USB stacks or drivers, or deal with licensing issues. The VDrive3 comes in a plastic housing so it is easy to mount in a rectangular cutout.

Figure 1
VDrive3 module. The module comes with the attached cable, which I modified to use a different connector on my board.

The VDrive3 has a file-based interface for USB flash drives, which means that you don’t need to manage the memory yourself. You open files, write to them, read them, close them and create directories. The VDrive3 shields the host from the memory management functionality, allowing all this to be done with simple commands over the serial interface. The VDrive3 manages the file system so you don’t have to.

In my application, I was emulating a floppy disk. I defined the “virtual floppy” to have 256 tracks of 32 sectors each. To implement that on the VDrive3, I created 256 directories named TRAK000 through TRAK0FF. In each directory, I created 32 files named SEC00 through SEC1F. So, when the CP/M operating system wants to read or write a specific sector, the AVR MCU navigates to the directory that represents the selected track and opens the sector file corresponding to the specified sector.

This is a simple mechanism that is really applicable only to the way I’m using the flash drive, but the general principles apply to any VDrive3 application. You can create a directory, and then create files within the directory that correspond to whatever information you need to store. Or you can skip the directories and store everything at the top directory level.

One advantage of using the VDrive3 is interoperability with a PC. If I used SD drives, I would either have a proprietary format that couldn’t be read in a PC, or else I’d have to manage a PC-compatible file system in my MCU. But the VDrive3 recognizes the standard FAT12, FAT16, and FAT32 file systems, so a flash drive written on a VDrive3 can be inserted into a PC and read. This could be very useful if you are collecting debug or log data from your MCU application. In my case, I could make a copy of a CP/M “floppy” on a PC.

Commands

The VDrive3 recognizes various commands, including SEK (seek to file offset), OPW (open file for writing) and WRF (write to file). The commands used in my application are listed in Table 1. VDrive3 commands can be sent in ASCII as in the command list in Table 1, or you can configure it to use a short command set that requires fewer bytes to transmit. Data can be either ASCII or binary. The VDrive3 defaults to the extended command set and binary data transfer, and I leave the module in that mode for my application.

Table 1
The VDrive3 recognizes various commands. Shown here are the commands used in my application. VDrive3 commands can be sent in ASCII as in this command list, or you can configure it to use a short command set that requires fewer bytes to transmit.

Generally, each command is sent as a string of two or three characters. If data such as a filename are needed, the command is followed by a space, the appropriate text and a carriage return character (0x0D). If no data are needed, such as for the FWV (FW version) command, the command can be immediately followed by the carriage return. Setting the baud rate requires a divisor value, so the SBD command (set baud rate) is followed by a 3-byte divisor value and then a carriage return. …

Read the full article in the January 342 issue of Circuit Cellar

Don’t miss out on upcoming issues of Circuit Cellar. Subscribe today!

Note: We’ve made the October 2017 issue of Circuit Cellar available as a free sample issue. In it, you’ll find a rich variety of the kinds of articles and information that exemplify a typical issue of the current magazine.

January Circuit Cellar: Sneak Preview

Happy New Years! The January issue of Circuit Cellar magazine is coming soon. Don’t miss this 1st issue of Circuit Cellar 2019. Enjoy pages and pages of great, in-depth embedded electronics articles.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of January 2019 Circuit Cellar:

TRENDS & CHOICES IN EMBEDDED COMPUTING

Comms and Control for Drones
Consumer and commercial drones represent one of the most dynamic areas of embedded design today. Chip, board and system suppliers are offering improved ways for drones to do more processing on board the drone, while also providing solutions for implementing the control and communication subsystems in drones. This article by Circuit Cellar’s Editor-in-Chief Jeff Child looks at the technology and products available today that are advancing the capabilities of today’s drones.

Choosing an MPU/MCU for Industrial Design
By Microchip Technology’s Jacko Wilbrink
As MCU performance and functionality improve, the traditional boundaries between MCUs and microprocessor units (MPUs) have become less clear. In this article, Jacko examines the changing landscape in MPU vs. MCU capabilities, OS implications and the specifics of new SiP and SOM approaches for simplifying higher-performance computing requirements in industrial applications.

Product Focus: COM Express Boards
The COM Express architecture has found a solid and growing foothold in embedded systems. COM Express boards provide a complete computing core that can be upgraded when needed, leaving the application-specific I/O on the baseboard. This Product Focus section updates readers on this technology and provides a product album of representative COM Express products.

MICROCONTROLLERS ARE DOING EVERYTHING

Connecting USB to Simple MCUs
By Stuart Ball
Sometimes you want to connect a USB device such as a flash drive to a simple microcontroller. Problem is most MCUs cannot function as a USB host. In this article, Stuart steps through the technology and device choices that solve this challenge. He also puts the idea into action via a project that provides this functionality.

Vision System Enables Overlaid Images
By Daniel Edens and Elise Weir
In this project article, learn how these two Cornell students designed a system to overlay images from a visible light camera and an infrared camera. They use software running on a PIC32 MCU to interface the two types of cameras. The MCU does the computation to create the overlaid images, and displays them on an LCD screen.

DATA ACQUISITION AND MEASUREMENT

Data Acquisition Alternatives
By Jeff Child
While the fundamentals of data acquisition remain the same, its interfacing technology keeps evolving and changing. USB and PCI Express brought data acquisition off the rack, and onto the lab bench top. Today solutions are emerging that leverage Mini PCIe, Thunderbolt and remote web interfacing. Circuit Cellar’s Editor-in-Chief, Jeff Child, dives into the latest technology trends and product developments in data acquisition.

High-Side Current Sensing
By Jeff Bachiochi
Jeff says he likes being able to measure things—for example, being able to measure load current so he can predict how long a battery will last. With that in mind, he recently found a high-side current sensing device, Microchip’s EMC1701. In his article, Jeff takes you through the details of the device and how to make use of it in a battery-based system.

Power Analysis Capture with an MCU
By Colin O’Flynn
Low-cost microcontrollers integrate many powerful peripherals in them. You can even perform data capture directly to internal memory. In his article, Colin uses the ChipWhisperer-Nano as a case study in how you might use such features which would otherwise require external programmable logic.

TOOLS AND TECHNIQUES FOR EMBEDDED SYSTEM DESIGN

Easing into the IoT Cloud (Part 2)
By Brian Millier
In Part 1 of this article series Brian examined some of the technologies and services available today enabling you to ease into the IoT cloud. Now, in Part 2, he discusses the hardware features of the Particle IoT modules, as well as the circuitry and program code for the project. He also explores the integration of a Raspberry Pi solution with the Particle cloud infrastructure.

Hierarchical Menus for Touchscreens
By Aubrey Kagan
In his December article, Aubrey discussed his efforts to build a display subsystem and GUI for embedded use based on a Noritake touchscreen display. This time he shares how he created a menu system within the constraints of the Noritake graphical display system. He explains how he made good use of Microsoft Excel worksheets as a tool for developing the menu system.

Real Schematics (Part 2)
By George Novacek
The first part of this article series on the world of real schematics ended last month with wiring. At high frequencies PCBs suffer from the same parasitic effects as any other type of wiring. You can describe a transmission line as consisting of an infinite number of infinitesimal resistors, inductors and capacitors spread along its entire length. In this article George looks at real schematics from a transmission line perspective.

December Circuit Cellar: Sneak Preview

The December issue of Circuit Cellar magazine is coming soon. Don’t miss this last issue of Circuit Cellar in 2018. Pages and pages of great, in-depth embedded electronics articles prepared for you to enjoy.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of December 2018 Circuit Cellar:

AI, FPGAs and EMBEDDED SUPERCOMPUTING

Embedded Supercomputing
Gone are the days when supercomputing levels of processing required a huge, rack-based systems in an air-conditioned room. Today, embedded processors, FPGAs and GPUs are able to do AI and machine learning kinds of operation, enable new types of local decision making in embedded systems. In this article, Circuit Cellar’s Editor-in-Chief, Jeff Child, looks at these technology and trends driving embedded supercomputing.

Convolutional Neural Networks in FPGAs
Deep learning using convolutional neural networks (CNNs) can offer a robust solution across a wide range of applications and market segments. In this article written for Microsemi, Ted Marena illustrates that, while GPUs can be used to implement CNNs, a better approach, especially in edge applications, is to use FPGAs that are aligned with the application’s specific accuracy and performance requirements as well as the available size, cost and power budget.

NOT-TO-BE-OVERLOOKED ENGINEERING ISSUES AND CHOICES

DC-DC Converters
DC-DC conversion products must juggle a lot of masters to push the limits in power density, voltage range and advanced filtering. Issues like the need to accommodate multi-voltage electronics, operate at wide temperature ranges and serve distributed system requirements all add up to some daunting design challenges. This Product Focus section updates readers on these technology trends and provides a product gallery of representative DC-DC converters.

Real Schematics (Part 1)
Our magazine readers know that each issue of Circuit Cellar has several circuit schematics replete with lots of resistors, capacitors, inductors and wiring. But those passive components don’t behave as expected under all circumstances. In this article, George Novacek takes a deep look at the way these components behave with respect to their operating frequency.

Do you speak JTAG?
While most engineers have heard of JTAG or have even used JTAG, there’s some interesting background and capabilities that are so well know. Robert Lacoste examines the history of JTAG and looks at clever ways to use it, for example, using a cheap JTAG probe to toggle pins on your design, or to read the status of a given I/O without writing a single line of code.

PUTTING THE INTERNET-OF-THINGS TO WORK

Industrial IoT Systems
The Industrial Internet-of-Things (IIoT) is a segment of IoT technology where more severe conditions change the game. Rugged gateways and IIoT edge modules comprise these systems where the extreme temperatures and high vibrations of the factory floor make for a demanding environment. Here, Circuit Cellar’s Editor-in-Chief, Jeff Child, looks at key technology and product drives in the IIoT space.

Internet of Things Security (Part 6)
Continuing on with his article series on IoT security, this time Bob Japenga returns to his efforts to craft a checklist to help us create more secure IoT devices. This time he looks at developing a checklist to evaluate the threats to an IoT device.

Applying WebRTC to the IoT
Web Real-time Communications (WebRTC) is an open-source project created by Google that facilitates peer-to-peer communication directly in the web browser and through mobile applications using application programming interfaces. In her article, Callstats.io’s Allie Mellen shows how IoT device communication can be made easy by using WebRTC. With WebRTC, developers can easily enable devices to communicate securely and reliably through video, audio or data transfer.

WI-FI AND BLUETOOTH IN ACTION

IoT Door Security System Uses Wi-Fi
Learn how three Cornell students, Norman Chen, Ram Vellanki and Giacomo Di Liberto, built an Internet connected door security system that grants the user wireless monitoring and control over the system through a web and mobile application. The article discusses the interfacing of a Microchip PIC32 MCU with the Internet and the application of IoT to a door security system.

Self-Navigating Robots Use BLE
Navigating indoors is a difficult but interesting problem. Learn how these two Cornell students, Jane Du and Jacob Glueck, used Received Signal Strength Indicator (RSSI) of Bluetooth Low Energy (BLE) 4.0 chips to enable wheeled, mobile robots to navigate towards a stationary base station. The robot detects its proximity to the station based on the strength of the signal and moves towards what it believes to be the signal source.

IN-DEPTH PROJECT ARTICLES WITH ALL THE DETAILS

Sun Tracking Project
Most solar panel arrays are either fixed-position, or have a limited field of movement. In this project article, Jeff Bachiochi set out to tackle the challenge of a sun tracking system that can move your solar array to wherever the sun is coming from. Jeff’s project is a closed-loop system using severs, opto encoders and the Microchip PIC18 microcontroller.

Designing a Display System for Embedded Use
In this project article, Aubrey Kagan takes us through the process of developing an embedded system user interface subsystem—including everything from display selection to GUI development to MCU control. For the project he chose a 7” Noritake GT800 LCD color display and a Cypress Semiconductor PSoC5LP MCU.

November Circuit Cellar: Sneak Preview

The November issue of Circuit Cellar magazine is coming soon. Clear your decks for a new stack of in-depth embedded electronics articles prepared for you to enjoy.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of November 2018 Circuit Cellar:

SOLUTIONS FOR SYSTEM DESIGNS

3D Printing for Embedded Systems
Although 3D printing for prototyping has existed for decades, it’s only in recent years that it’s become a mainstream tool for embedded systems development. Today the ease of use of these systems has reached new levels and the types of materials that can be used continues to expand. This article by Circuit Cellar’s Editor-in-Chief, Jeff Child looks at the technology and products available today that enable 3D printing for embedded systems.

Add GPS to Your Embedded System
We certainly depend on GPS technology a lot these days, and technology advances have brought fairly powerful GPS functionally into our pockets. Today’s miniaturization of GPS receivers enables you to purchase an inexpensive but capable GPS module that you can add to your embedded system designs. In this article, Stuart Ball shows how to do this and take advantage of the GPS functionality.

FCL for Servo Drives
Servo drives are a key part of many factory automation systems. Improving their precision and speed requires attention to fast-current loops and related functions. In his article, Texas Instruments’ Ramesh Ramamoorthy gives an overview of the functional behavior of the servo loops using fast current loop algorithms in terms of bandwidth and phase margin.

FOCUS ON ANALOG AND POWER

Analog and Mixed-Signal ICs
Analog and mixed-signal ICs play important roles in a variety of applications. These applications depend heavily on all kinds of interfacing between real-world analog signals and the digital realm of processing and control. Circuit Cellar’s Editor-in-Chief, Jeff Child, dives into the latest technology trends and product developments in analog and mixed-signal chips.

Sleeping Electronics
Many of today’s electronic devices are never truly “off.” Even when a device is in sleep mode, it draws some amount of power—and drains batteries. Could this power drain be reduced? In this project article, Jeff Bachiochi addresses this question by looking at more efficient ways to for a system to “play dead” and regulate power.

BUILDING CONNECTED SYSTEMS FOR THE IoT EDGE

Easing into the IoT Cloud (Part 1)
There’s a lot of advantages for the control/monitoring of devices to communicate indirectly with the user interface for those devices—using some form of “always-on” server. When this server is something beyond one in your home, it’s called the “cloud.” Today it’s not that difficult to use an external cloud service to act as the “middleman” in your system design. In this article, Brian Millier looks at the technologies and services available today enabling you to ease in to the IoT cloud.

Sensors at the Intelligent IoT Edge
A new breed of intelligent sensors has emerged aimed squarely at IoT edge subsystems. In this article, Mentor Graphics’ Greg Lebsack explores what defines a sensor as intelligent and steps through the unique design flow issues that surround these kinds of devices.

FUN AND INTERESTING PROJECT ARTICLES

MCU-Based Project Enhances Dance Game
Microcontrollers are perfect for systems that need to process analog signals such as audio and do real-time digital control in conjunction with those signals. Along just those lines, learn how two Cornell students Michael Solomentsev and Drew Dunne recreated the classic arcade game “Dance Dance Revolution” using a Microchip Technology PIC32 MCU. Their version performs wavelet transforms to detect beats from an audio signal to synthesize dance move instructions in real-time without preprocessing.

Building an Autopilot Robot (Part 2)
In part 1 of this two-part article series, Pedro Bertoleti laid the groundwork for his autopiloted four-wheeled robot project by exploring the concept of speed estimation and speed control. In part 2, he dives into the actual building of the robot. The project provides insight to the control and sensing functions of autonomous electrical vehicles.

… AND MORE FROM OUR EXPERT COLUMNISTS

Embedded System Security: Live from Las Vegas
This month Colin O’Flynn summarizes a few interesting presentations from the Black Hat conference in Las Vegas. He walks you through some attacks on bitcoin wallets, x86 backdoors and side channel analysis work—these and other interesting presentations from Black Hat.

Highly Accelerated Product Testing
It’s a fact of life that every electronic system eventually fails. Manufacturers use various methods to weed out most of the initial failures before shipping their product. In this article, George Novacek discusses engineering attempts to bring some predictability into the reliability and life expectancy of electronic systems. In particular, he focuses on Highly Accelerated Lifetime Testing (HALT) and Highly Accelerated Stress Screening (HASS).

Security Takes Center Stage for MCUs

Enabling Secure IoT

Embedded systems face security challenges unlike those in the IT realm. To meet those needs, microcontroller vendors continue to add ever-more sophisticated security features to their devices—both on their own and via partnerships with security specialists.

By Jeff Child, Editor-in-Chief

For embedded systems, there is no one piece of technology that can take on all the security responsibilities of a system on their own. Indeed, everything from application software to firmware to data storage has a role to play in security. That said, microcontollers have been trending toward assuming a central role in embedded security. One driving factor for this is the Internet-of-Things (IoT). As the IoT era moves into full gear, all kinds of devices are getting more connected. And because MCUs are a key component in those connected systems, MCUs have evolved in recent years to include more robust security features on chip.

That trend has continued over the last 12 months, with the leading MCU vendors ramping up those embedded security capabilities in a variety of ways—some on their own and some by teaming up with hardware and software security specialists.

Built for IoT Security

Exemplifying these trends, Microchip Technology in June released its SAM L10 and SAM L11 MCU families (Figure 1). The devices were designed to address the increasing risks of exposing intellectual property (IP) and sensitive information in IoT-based embedded systems. The MCU families are based on the Arm Cortex-M23 core, with the SAM L11 featuring Arm TrustZone for Armv8-M, a programmable environment that provides hardware isolation between certified libraries, IP and application code. Security features on the MCUs include tamper resistance, secure boot and secure key storage. These, combined with TrustZone technology, protect applications from both remote and physical attacks.

Figure 1
The SAM L10 and SAM L11 MCU families provide TrustZone for Armv8-M hardware isolation between certified libraries, IP and application code. The MCUs also feature tamper resistance, secure boot and secure key storage.

In addition to TrustZone technology, the SAM L11 security features include an on-board cryptographic module supporting Advanced Encryption Standard (AES), Galois Counter Mode (GCM) and Secure Hash Algorithm (SHA). The secure boot and secure key storage with tamper detection capabilities establish a hardware root of trust. It also offers a secure bootloader for secure firmware upgrades.

Microchip has partnered with Trustonic, a member of Microchip’s Security Design Partner Program, to offer a comprehensive security solution framework that simplifies implementation of security and enables customers to introduce end products faster. Microchip has also partnered with Secure Thingz and Data I/O Corporation to offer secure provisioning services for SAM L11 customers that have a proven security framework.

Wireless MCU

Likewise focusing on IoT security, NXP Semiconductor in February announced its K32W0x wireless MCU platform. According to NXP, it’s the first single-chip device with a dual-core architecture and embedded multi-protocol radio. It provides a solution for miniaturizing sophisticated applications that typically require a larger, more costly two-chip solution. Examples include consumer devices such as wearables, smart door locks, thermostats and other smart home devices.

The K32W0x embeds a dual-core architecture comprised of an Arm Cortex-M4 core for high performance application processing and a Cortex-M0+ core for low-power connectivity and sensor processing. Memory on chip includes 1.25 MB of flash and 384 KB of SRAM. Its multi-protocol radio supports Bluetooth 5 and IEEE 802.15.4 including the Thread IP-based mesh networking stack and the Zigbee 3.0 mesh networking stack.

Figure 2
Security features of the K32W0x MCU include a cryptographic sub-system that has a dedicated core, dedicated instruction and data memory for encryption, signing and hashing algorithms including AES, DES, SHA, RSA and ECC.

Features of the K32W0x’s security system include a cryptographic sub-system that has a dedicated core, dedicated instruction and data memory for encryption, signing and hashing algorithms including AES, DES, SHA, RSA and ECC. Secure key management is provided for storing and protecting sensitive security keys (Figure 2). Support is enabled for erasing the cryptographic sub-system memory, including security keys, upon sensing a security breach or physical tamper event. The device has a Resource Domain Controller for access control, system memory protection and peripheral isolation. Built-in secure boot and secure over-the-air programming is supported to assure only authorized and authenticated code runs in the device.

To extend the on-chip security features of the K32W0x MCU platform, NXP has collaborated with B-Secur, an expert in biometric authentication, to develop a system that uses an individual’s unique heart pattern (electrocardiogram/ECG) to validate identity, making systems more secure than using an individual’s fingerprint or voice.

IP Boosts Security

For its part, Renesas Electronics addressed the IoT security challenge late last year when it expanded its RX65N/RX651 Group MCU lineup.  …

Read the full article in the October 339 issue of Circuit Cellar

Don’t miss out on upcoming issues of Circuit Cellar. Subscribe today!

Note: We’ve made the October 2017 issue of Circuit Cellar available as a free sample issue. In it, you’ll find a rich variety of the kinds of articles and information that exemplify a typical issue of the current magazine.

High-Performance MCUs Serve IoT Device Needs

STMicroelectronics has added two new lines to its STM32 MCU family, the STM32F7x0 and H7x0 Value Line. The MCUs are aimed at enabling system designers to create affordable performance-oriented systems including real-time IoT devices, without compromising features or cyber protection.

These new lines trim embedded flash to the essential, still allowing secure boot, sensitive code and real-time routines to run safely on-chip, leveraging access times over 25 times faster than for external Flash (for cache miss). If needed, applications can scale-up either by adding off-chip serial or parallel (up to 32-bit) memories and leveraging the MCUs’ broad external interfaces and eXecute in Place (XiP) capability, or by porting to other pin-to-pin compatible STM32F7 or STM32H7 MCU lines, with up to 2 MB Flash and up to 1 MB RAM, supported by the same ecosystem with the same easy-to-use tools.

The Value Lines retain powerful STM32F7 and H7 features, such as the state-of-the-art peripherals, hardware accelerators, and the real-time architecture with ultra-fast internal buses, short interrupt latency, and fast (approximately 1 ms) boot-up. The MCUs are also energy efficient, with flexible power modes, gated power domains, and on-chip power management that simplify design and reduce BOM cost.

With execution performance up to 2020 CoreMark at the heart of a secure and power-efficient architecture, the new Value Line devices are the entry point to IoT innovation in medical, industrial, and consumer applications. CoreMark is the EEMBC standardized benchmark for embedded-CPU performance. With up to 125°C as the maximum junction temperature, developers can leverage the full core and peripherals performance even when ambient temperature increases.

The entry-level STM32F730 delivers 1082 CoreMark performance running at 216MHz aided by ST’s unique ART Accelerator for zero-wait-state execution from Flash. Features include cryptographic hardware acceleration, a USB 2.0 High Speed port with PHY, and a CAN interface. There is a 64Kbyte Flash, 8KByte Instruction and data caches for high-performance execution from internal or external memories, 256KB of system RAM and 16 KB plus 64 KB of Tightly Coupled Memory (TCM) for the most critical routines and data.

The STM32F750 adds a TFT-LCD controller with ST’s proprietary Chrom-ART Graphics Accelerator. It has hardware acceleration for hash algorithms, two CAN interfaces, an Ethernet MAC, camera interface, and two USB 2.0 interfaces with Full Speed PHY. There are 64Kbytes of Flash, 4Kbyte instruction and 4 KB data caches, 320 KB of system RAM and 16 KB plus 64 KB TCM.

The high-end STM32H750 delivers 2020 CoreMark performance at 400 MHz and adds a hardware JPEG coder/decoder to the TFT controller and Chrom-ART Accelerator for even faster GUI performance. There is also a CANFD port and additional CANFD with time-trigger capability and best-in-class operational amplifiers and 16-bit ADCs running at up to 3.6 Msample/s. The 128 KB flash, 16 KB instruction and data caches, 864 KB system RAM and the 64 KB+128 KB of TCM all feature ECC (Error Correction Code) for safe execution from internal or external memory.

The STM32F730, STM32F750, and STM32H750 Value Line MCUs are in production, in various LQFP and BGA package options from 64-pin to 240-pin. Prices start from $1.64 for the STM32F730, $2.39 for the STM32F750 and $2.69 for the STM32H750 for orders of 1,000 pieces.

STMicroelectronics | www.st.com

Compact MCU Offers Enhanced Security Features

Maxim Integrated Products has announced the MAX32558 “DeepCover” family of secure microcontrollers that provide advanced cryptography, secure key storage and tamper detection in a 50% smaller package. As electronic products become smaller and increasingly connected, there is a growing threat to sensitive information and privacy, requiring manufacturers to keep security top of mind when designing their devices. While designers should prevent security breaches at the device level, they often struggle with the tradeoff of enhanced security with minimized board space, as well as the cost of design complexity and meeting time to market goals.
The MAX32558 DeepCover Arm Cortex-M3 flash-based secure microcontroller solves these challenges by delivering strong security in a small footprint while simplifying design integration and speeding time to market. It integrates several security features into a small package, including secure key storage, a secure bootloader, active tamper detection and secure cryptographic engines. It also supports multiple communications channels such as USB, serial peripheral interface (SPI), universal asynchronous receiver-transmitter (UART) and I2C, making it ideal for a wide range of applications. Maxim’s long-standing reputation and experience in payment terminal certifications as well as its established support and technology can help streamline the certification process for customers, reducing the process up to 6 months’ time (rather than the typical 12 to 18 months).

Security:Features:

  • Shields sensitive data by providing the most secure key storage available
  • Offers secure bootloader, active tamper detection and secure cryptographic engines
  • Compliant with Federal Information Processing Standard (FIPS) 140-2 L3&4 certification

Compared to a secure authenticator, the MAX32558 provides 30x more general-purpose input/output (GPIO) in the same PCB footprint (4.34 mm x 4.34 mm) wafer-level package (WLP). The closest competitor, meanwhile, offers a device with similar features but in a much larger package (8 mm x 9 mm ball-grid array 121 (BGA121)). The devices reduces footprint by embedding a number of security features to address point-of-sale Payment Card Industry (PCI) pin transaction security (PTS) requirements, as well as several analog interfaces. It provides 512 KB of internal flash and 96 KB of internal SRAM

Easy design integration is enabled by a complete software framework including real-time operating system (RTOS) integration and code examples in evaluation kit. Code can be easily ported from one device to another as it shares the same API software library as the rest of the product family. A pre-certified Europay, Mastercard and Visa (EMV)-L1 stack for smartcard interface is provided. Extensive documentation and code is provided for managing the device lifecycle, such as secure firmware signing and device personalization. The MAX32558 is available at Maxim’s website for $3.80 (1,000-up).

Maxim Integrated | www.maximintegrated.com

September Circuit Cellar: Sneak Preview

The September issue of Circuit Cellar magazine is coming soon. Clear your decks for a new stack of in-depth embedded electronics articles prepared for you to enjoy.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of September 2018 Circuit Cellar:

MOTORS, MOTION CONTROL AND MORE

Motion Control for Robotics
Motion control technology for robotic systems continues to advance, as chip- and board-level solutions evolve to meet new demands. These involve a blending of precise analog technologies to control position, torque and speed with signal processing to enable accurate, real-time motor control. Here, Circuit Cellar’s Editor-in-Chief, Jeff Child, looks the latest technology and product advances in motion control for robotics.

Electronic Speed Control (Part 3)
Radio-controlled drones are one among many applications that depend on the use of an Electronic Speed Controller (ESC) as part of its motor control design. After observing the operation of a number of ESC modules, in this part Jeff Bachiochi focuses in more closely on the interaction of the ESC with the BLDC motor.

BUILDING CONNECTED SYSTEMS

Product Focus: IoT Gateways
IoT gateways are a smart choice to facilitate bidirectional communication between IoT field devices and the cloud. Gateways also provide local processing and storage capabilities for offline services as well as near real-time management and control of edge devices. This Product Focus section updates readers on these technology trends and provides a product gallery of representative IoT gateways.

Wireless Weather Station
Integrating wireless technologies into embedded systems has become much easier these days. In this project article, Raul Alvarez Torrico describes his home-made wireless weather station that monitors ambient temperature, relative humidity, wind speed and wind direction, using Arduino and a pair of cheap Amplitude Shift Keying (ASK) radio modules.

FOCUS ON ANALOG AND POWER TECHNOLOGY

Frequency Modulated DDS
Prompted by a reader’s query, Ed became aware that you can no longer get crystal oscillator modules tuned to specific frequencies. With that in mind, Ed set out to build a “Channel Element” replacement around a Teensy 3.6 board and a DDS module. In this article, Ed Nisley explains how the Teensy’s 32-bit datapath and 180 MHz CPU clock affect the DDS frequency calculations. He then explores some detailed timings.

Power Supplies / Batteries
Sometimes power decisions are left as an afterthought in system designs. But your choice of power supply or battery strategy can have a major impact on your system’s capabilities. Circuit Cellar’s Editor-in-Chief, Jeff Child, dives into the latest technology trends and product developments in power supplies and batteries.

Murphy’s Laws in the DSP World (Part 3)
Unpredictable issues crop up when you move from the real world of analog signals and enter the world of digital signal processing (DSP). In Part 3 of this article series, Mike Smith and Mai Tanaka focuses on strategies for how to—or how to try to—avoid Murphy’s Laws when doing DSP.

SYSTEM DESIGN ISSUES IN VIDEO AND IMAGING

Virtual Emulation for Drones
Drone system designers are integrating high-definition video and other features into their SoCs. Verifying the video capture circuitry, data collection components and UHD-4K streaming video capabilities found in drones is not trivial. In his article, Mentor’s Richard Pugh explains why drone verification is a natural fit for hardware emulation because emulation is very efficient at handling large amounts of streamed data.

LIDAR 3D Imaging on a Budget
Demand is on the rise for 3D image data for use in a variety of applications, from autonomous cars to military base security. That has spurred research into high precision LIDAR systems capable of creating extremely clear 3D images to meet this demand. Learn how Cornell student Chris Graef leveraged inexpensive LIDAR sensors to build a 3D imaging system all within a budget of around $200.

AND MORE FROM OUR EXPERT COLUMNISTS

Velocity and Speed Sensors
Automatic systems require real-life physical attributes to be measured and converted to electrical quantities ready for electronic processing. Velocity is one such attribute. In this article, George Novacek steps through the math, science and technology behind measuring velocity and the sensors used for such measurements.

Recreating the LPC Code Protection Bypass
Microcontroller fuse bits are used to protect code from being read out. How well do they work in practice? Some of them have been recently broken. In this article Colin O’Flynn takes you through the details of such an attack to help you understand the realistic threat model.

MCUs Bring Enhanced Security to IoT Systems

Microchip has announced its SAM L10 and SAM L11 MCU families addressing the growing need for security in IoT applications. The new MCU families are based on the Arm Cortex-M23 core, with the SAM L11 featuring Arm TrustZone for Armv8-M, a programmable environment that provides hardware isolation between certified libraries, IP and application code. Security features on the MCUs include tamper resistance, secure boot and secure key storage. These, combined with TrustZone technology, protect applications from both remote and physical attacks.

In addition to TrustZone technology, the SAM L11 security features include an on-board cryptographic module supporting Advanced Encryption Standard (AES), Galois Counter Mode (GCM) and Secure Hash Algorithm (SHA). The secure boot and secure key storage with tamper detection capabilities establish a hardware root of trust. It also offers secure bootloader for secure firmware upgrades.

Microchip has partnered with Trustonic, a member of Microchip’s Security Design Partner Program, to offer a comprehensive security solution framework that simplifies implementation of security and enables customers to introduce end products faster. Microchip has also partnered with Secure Thingz and Data I/O Corporation to offer secure provisioning services for SAM L11 customers that have a proven security framework.

Both MCU families offer Microchip’s latest-generation Peripheral Touch Controller (PTC) for capacitive touch capabilities. Designers can easily add touch interfaces that provide an impressively smooth and efficient user experience in the presence of moisture and noise while maintaining low power consumption. The touch interface makes the devices ideal for a myriad of automotive, appliance, medical and consumer Human Machine Interface (HMI) applications.

The SAM L10 and SAM L11 Xplained Pro Evaluation Kits are available to kick-start development. All SAM L10/L11 MCUs are supported by the Atmel Studio 7 Integrated Development Environment (IDE), IAR Embedded Workbench, Arm Keil MDK as well as Atmel START, a free online tool to configure peripherals and software that accelerates development. START also supports TrustZone technology to configure and deploy secure applications. A power debugger and data analyzer tool are available to monitor and analyze power consumption in real time and fine tune the consumption numbers on the fly to meet application needs. Microchip’s QTouch Modular Library, 2D Touch Surface Library and QTouch Configurator are also available to simplify touch development.

Devices in the SAM L10 series are available starting at $1.09 (10,000s). Devices in the SAM L11 series are available starting at $1.22 (10,000s).

Microchip Technology | www.microchip.com

Verifying Code Readout Protection Claims

Think Like an Attacker

How do you verify the security of microcontrollers? MCU manufacturers often make big claims, but sometimes it is in your best interest to verify them yourself. In this article, Colin discusses a few threats against code readout and looks at verifying some of those claimed levels.

By Colin O’Flynn

You’ve got your latest and greatest IoT toaster designed, and you’re looking to move forward with production. But one thing concerns you: How do you know this stellar code isn’t going to be cloned as soon as you release it to the market?

You turn to the firmware protection features of your chosen microcontroller, but how good is it? This article can’t hope to answer that question in general, rather it will instead give you a short example of how to help answer that question for any specific microcontroller.

In particular, it will teach you to “think like an attacker” when reading through datasheets. Look for small loopholes that could have big consequences, and you will have a much better time navigating the landscape of potential attacks.

Know What’s Out There

One of the most important things is to keep an eye out for new and interesting attacks against these devices. In my January 2018 article (Circuit Cellar 330) I described how there is a published attack against some of the NXP LPC devices, which makes it very easy to unlock them. You can see the presentation entitled “Breaking Code Read Protection on the NXP LPC-family Microcontrollers” by Chris Gerlinsky which describes this attack. Another recent one is an attack against STMicroelectronics’ STM32F0 devices entitled “Shedding Too Much Light on a Microcontroller’s Firmware Protection” by Johannes Obermaier and Stefan Tatschner. That one is a little more limited, but still has some interesting information regarding potential security attacks.

I’m hoping to distill some of these attacks down into common problems, which will help you close a few loopholes before someone rips off your IoT toaster design. At least now if it fails in the marketplace you have no one to blame but yourself.
To give you something concrete to read (and for me to reference), I’ve chosen to use the ST STM32F303 series because it’s a device I’ve been using myself lately. I’m not going to be revealing any unknown vulnerabilities—so if you’re reading this from your office at  STMicroelectronics, no need to sweat. It also has some pretty common configuration options, so makes for a nice reference you can apply to a range of other devices.

ST Read Protection (RDP)

The first step when you are looking at a new device should be to very carefully inspect the security or debug lock protection portion of the datasheet. They will typically go into a fair amount of detail around how the protection mechanism works.
The STM32F3 Reference Manual (RM0316) has this split into two sections. Section 5, entitled “Option byte description” provides information about how the flags are stored in flash. Section 4.3 entitled “Memory Protection” details how this is actually used to protect the code in your device.

Table 1
This excerpt from the datasheet shows how the flash memory read protection levels are defined for the STM32F3 device.

The two important pieces of information for us are replicated in Table 1 and
Table 2. They are the flash memory protection levels, and the associated access allowed at each level. The RDP byte is a special “option byte”, which is the value of a specific location in flash memory. Note the scheme they have chosen uses two bytes, where one is always programmed to be the complement of the other byte. This is presumably used for error checking, and if a byte is not matched with a complement, an error flag is set.

Table 2
Code protection levels 1 and 2 have differing protection abilities. This excerpt from the datasheet shows where flash memory can be read/written/executed from.

Right away you should notice that this scheme does not fall victim to the same problem as the LPC attack I talked about before. In particular the LPC attack exploited the fact a fault or glitch could corrupt the flag value, which caused the CPU to disable the protection.

With the STM32F303, these invalid levels will all map to Protection Level 1. This protection level does not allow external flash access, which “should” be a good sign. The highest protection level also claims to be impossible to remove, but if we could corrupt the value of the option bytes in memory we could downgrade from Protection Level 2 to Protection Level 1. In fact, this “downgrade” is exactly what was presented by Obermaier & Tatschner. The downgrade used a chip decapsulation and light to flip the bits, which is relatively invasive. Other fault attacks (such as voltage or EM) might work but would require investigation before assuming that. Such temporary fault attacks would require the value is read and latched.

But as a good designer, you should assume such faults could be made possible. In this case it would be possible to “downgrade” the device from Protection Level 2 to Protection Level 1. So, what happens if an attacker performed this downgrade? That takes us into the second part of this article. …

Read the full article in the July 336 issue of Circuit Cellar

Don’t miss out on upcoming issues of Circuit Cellar. Subscribe today!

Note: We’ve made the October 2017 issue of Circuit Cellar available as a free sample issue. In it, you’ll find a rich variety of the kinds of articles and information that exemplify a typical issue of the current magazine.

August Circuit Cellar: Sneak Preview

The August issue of Circuit Cellar magazine is coming soon. Be on the lookout for a whole shipload of top-notch embedded electronics articles for you to enjoy.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of August 2018 Circuit Cellar:

FPGAs REDEFINE THE DEFINITION OF “SYSTEM”

FPGA System Design
Long gone now are the days when FPGAs were thought of as simple programmable circuitry for interfacing and glue logic. Today, FPGAs are powerful system chips with on-chip processors, signal processing functionality and rich offerings or high-speed connectivity. Here, Circuit Cellar’s Editor-in-Chief, Jeff Child, looks at the latest technology and trends in FPGA system design.

Managing FPGA Design Complexity
Modern FPGAs can contain millions of logic gates and thousands of embedded DSP processors allowing FPGA hardware designers to create extremely sophisticated and complex application-specific hardware functions. In this article, Pentek’s Bob Sgandurra explores how today’s FPGA technology has revamped the roles of both hardware and software engineers as well as how dealing with on-chip IP adds new layers of complexity.

HIGH-INTEGRATION AT THE CHIP-
AND BOARD-LEVEL

Product Focus: Small and Tiny Embedded Boards
An amazing amount of computing functionality can be squeezed on to a small form factor board these days. These company—and even tiny—board-level products meet the needs of applications where extremely low SWaP (size, weight and power) beats all other demands. This Product Focus section updates readers on this technology trend and provides a product album of representative small and tiny embedded boards.

Microcontrollers and Processors
Today’s crop of microcontrollers and embedded processors provide a rich continuum of features, functions and capabilities. It’s hard to tell anymore where the dividing line is, especially when a lot of them use the same CPU cores. Circuit Cellar’s Editor-in-Chief, Jeff Child, delves into the technology and product trends of MCUs and embedded processors.

CAN’T STOP THE SIGNAL

Murphy’s Laws in the DSP World (Part 2)
Many unexpected issues come into play when you move from the real world of analog signals and enter the world of digital signal processing (DSP). Part 2 of this article series by Michael Smith, Mai Tanaka and Ehsan Shahrabi Farahani charges forward introducing “Murphy’s Laws of DSP” #7, #8 and #9 and looks at the spectral analysis of DSP signals.

Signature Analyzer Uses NXP MCU
Doing a signature analysis of a signal used to require an oscilloscope to display your results. In this article, Brian Millier shows how you can build a free-standing tester that uses mostly just the internal peripherals of an NXP ARM microcontroller. He described how the tester operates and how he implemented it using a Teensy 3.5 development module and an intelligent 4.3-inch TFT touch-screen display.

Pitfalls of Filtering Pulsed Signals
Filtering pulsed signals can be a tricky prospect. Using a recent customer implementation as an example, Robert Lacoste highlights various alternative approaches and describes the key concepts involved. Simulation results are provided to help readers understand what’s going on.

PROJECT-BASED STORIES WITH ALL THE DETAILS

Electronic Speed Control (Part 2)
In Part 1, Jeff Bachiochi discussed the mechanical differences between DC brushed and brushless DC (BLDC) motors. This time he dives into basics of an Electronic Speed Controller’s operations and its circuitry. And all this is illustrated via his ESC-based project that uses a Microchip PIC MCU.

Build an Audio Response Light Display
Light shows have been a part of entertainment situations seemingly forever, but the technology has evolved over time. These light shows have their origin in the primitive “light organs” of the 1960s in which each spectral band had its own color that pulsed in intensity with audio amplitudes within its range of frequencies. In this article, Devlin Gualtieri discusses his circuit design that implements a light organ using today’s IC and LED technologies.

AND MORE FROM OUR EXPERT COLUMNISTS

Internet of Things Security (Part 4)
In this next part of his article series on IoT security, Bob Japenga looks at how checklists and the common criteria framework can help us create more secure IoT devices. He covers how to create a list of security assets and to establish threat checklists that identify all the threats to your security assets.

Thermoelectric Cooling (Part 2)
In Part 1 George Novacek described how he built a test chamber using some electronics combined with components salvaged from his thermoelectric water cooler. To confirm his test results, he purchased another thermoelectric cooler and repeated the tests. In Part 2 he covers the results of these tests along with some theoretical performance calculations.

July Circuit Cellar: Sneak Preview

The July issue of Circuit Cellar magazine is coming soon. And we’ve rustled up a great herd of embedded electronics articles for you to enjoy.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of July 2018 Circuit Cellar:

TECHNOLOGIES FOR THE INTERNET-OF-THINGS

Wireless Standards and Solutions for IoT  
One of the critical enabling technologies making the Internet-of-Things possible is the set of well-established wireless standards that allow movement of data to and from low-power edge devices. Here, Circuit Cellar’s Editor-in-Chief, Jeff Child, looks at key wireless standards and solutions playing a role in IoT.

Product Focus: IoT Device Modules
The rapidly growing IoT phenomenon is driving demand for highly integrated modules designed to interface with IoT devices. This Product Focus section updates readers on this technology trend and provides a product album of representative IoT interface modules.

TOOLS AND TECHNIQUES AT THE DESIGN PHASE

EMC Analysis During PCB Layout
If your electronic product design fails EMC compliance testing for its target market, that product can’t be sold. That’s why EMC analysis is such an important step. In his article, Mentor Graphics’ Craig Armenti shows how implementing EMC analysis during the design phase provides an opportunity to avoid failing EMC compliance testing after fabrication.

Extreme Low-Power Design
Wearable consumer devices, IoT sensors and handheld systems are just a few of the applications that strive for extreme low-power consumption. Beyond just battery-driven designs, today’s system developers want no-battery solutions and even energy harvesting. Circuit Cellar’s Editor-in-Chief, Jeff Child, dives into the latest technology trends and product developments in extreme low power.

Op Amp Design Techniques
Op amps can play useful roles in circuit designs linking the real analog world to microcontrollers. Stuart Ball shares techniques for using op amps and related devices like comparators to optimize your designs and improve precision.

Wire Wrapping Revisited
Wire wrapping may seem old fashioned, but this tried and true technology can solve some tricky problems that arise when you try to interconnect different kinds of modules like Arduino, Raspberry Pi and so on. Wolfgang Matthes steps through how to best employ wire wrapping for this purpose and provides application examples.

DEEP DIVES ON MOTOR CONTROL AND MONITORING

BLDC Fan Current
Today’s small fans and blowers depend on brushless DC (BLDC) motor technology for their operation. In this article, Ed Nisley explains how these seemingly simple devices are actually quite complex when you measure them in action. He makes some measurements on the motor inside a tangential blower and explores how the data relates to the basic physics of moving air.

Electronic Speed Control (Part 1)
An Electronic Speed Controller (ESC) is an important device in motor control designs, especially in the world of radio-controlled (RC) model vehicles. In Part 1, Jeff Bachiochi lays the groundwork by discussing the evolution of brushed motors to brushless motors. He then explores in detail the role ESC devices play in RC vehicle motors.

MCU-Based Motor Condition Monitoring
Thanks to advances in microcontrollers and sensors, it’s now possible to electronically monitor aspects of a motor’s condition, like current consumption, pressure and vibration. In this article, Texas Instrument’s Amit Ashara steps through how to best use the resources on an MCU to preform condition monitoring on motors. He looks at the signal chain, connectivity issues and A-D conversion.

AND MORE FROM OUR EXPERT COLUMNISTS

Verifying Code Readout Protection Claims
How do you verify the security of microcontrollers? MCU manufacturers often make big claims, but sometimes it is in your best interest to verify them yourself. In this article, Colin O’Flynn discusses a few threats against code readout and looks at verifying some of those claimed levels.

Thermoelectric Cooling (Part 1)
When his thermoelectric water color died prematurely, George Novacek was curious whether it was a defective unit or a design problem. With that in mind, he decided to create a test chamber using some electronics combined with components salvaged from the water cooler. His tests provide some interesting insights into thermoelectric cooling.