May Circuit Cellar: Sneak Preview

The May issue of Circuit Cellar magazine is out next week!. We’ve been hard at work laying the foundation and nailing the beams together with a sturdy selection of  embedded electronics articles just for you. We’ll soon be inviting you inside this 84-page magazine.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of May 2019 Circuit Cellar:

EMBEDDED COMPUTING AT WORK

Technologies for Digital Signage
Digital signage ranks among the most dynamic areas of today’s embedded computing space. Makers of digital signage players, board-level products and other technologies continue to roll out new solutions for implementing powerful digital signage systems. Circuit Cellar Chief Editor Jeff Child looks at the latest technology trends and product developments in digital signage.

PC/104 and PC/104 Family Boards
PC/104 has come a long way since its inception over 25 ago. With its roots in ISA-bus PC technology, PC/104 evolved through the era of PCI and PCI Express by spinning off its wider family of follow on versions including PC/104-Plus, PCI-104, PCIe/104 and PCI/104-Express. This Product Focus section updates readers on these technology trends and provides a product gallery of representative PC/104 and PC/104-family boards.

TOOLS & TECHNIQUES FOR EMBEDDED ENGINEERING

Code Analysis Tools
Today it’s not uncommon for embedded devices to have millions of lines of software code. Code analysis tools have kept pace with these demands making it easier for embedded developers to analyze, debug and verify complex embedded software. Circuit Cellar Chief Editor Jeff Child explores the latest technology trends and product developments in code analysis tools.

Transistor Basics
In this day and age of highly integrated ICs, what is the relevance of the lone, discrete transistor? It’s true that most embedded systems can be solved by chip level solutions. But electronic component vendors do still make and sell individual transistors because there’s still a market for them. In this article, Stuart Ball reviews some important basics about transistors and how you can use them in your embedded system design.

Pressure Sensors
Over the years, George Novacek has done articles examining numerous types of sensors that measure various physical aspects of our world. But one measurement type he’s not yet discussed in the past is pressure. Here, George looks at pressure sensors in the context of using them in an electronic monitoring or control system. The story looks at the math, physics and technology associated with pressure sensors.

MICROCONTROLLERS DO IT ALL

Robotic Arm Plays Beer Pong
Simulating human body motion is a key concept in robotics development. With that in mind, learn how these Cornell graduates Daniel Fayad, Justin Choi and Harrison Hyundong Chang accurately simulate the movement of a human arm on a small-sized robotic arm. The Microchip PIC32 MCU-based system enables the motion-controlled, 3-DoF robotic arm to take a user’s throwing motion as a reference to its own throw. In this way, they created a robotic arm that can throw a ping pong ball and thus play beer pong.

Fancy Filtering with the Teensy 3.6
Signal filtering entails some tricky tradeoffs. A fast MCU that provides hardware-based floating-point capability eases some of those tradeoffs. In the past, Brian Millier has used the Arm-based Teensy MCU modules to serve meet those needs. In this article, Brian taps the Teensy 3.6 Arm MCU module to perform real-time audio FFT-convolution filtering.

Real-Time Stock Monitoring Using an MCU
With today’s technology, even very simple microcontroller-based devices can fetch and display data from the Internet. Learn how Cornell graduates David Valley and Saelig Khatta built a system using that can track stock prices in real-time and display them conveniently on an LCD screen. For the design, they used an Espressif Systems ESP8266 Wi-Fi module controlled by a Microchip PIC32 MCU. Our fun little device fetches chosen stock prices in real-time and displays them on a screen.

… AND MORE FROM OUR EXPERT COLUMNISTS

Attacking USB Gear with EMFI
Many products use USB, but have you ever considered there may be a critical security vulnerability lurking in your USB stack? In this article, Colin O’Flynn walks you through on example product that could be broken using electromagnetic fault injection (EMFI) to perform this attack without even removing the device enclosure.

An Itty Bitty Education
There’s no doubt that we’re living in a golden age when it comes to easily available and affordable development kits for fun and education. With that in mind, Jeff Bachiochi shares his experiences programming and playing with the Itty Bitty Buggy from Microduino. Using the product, you can build combine LEGO-compatible building blocks into mobile robots controlled via Bluetooth using your cellphone.

5 V MCU Family Provides Water Tolerant Touch Integration

NXP Semiconductor has announced its 5 V KE1xZ family of MCUs. Based on the Arm Cortex-M0+ core, the MCUs are suited for embedded control systems in harsh electrical environments and provide an integrated CAN controller and capacitive touch from 32 KB flash. Designed for a wide range of industrial applications, the KE1xZ family offers mixed-signal integration across a range of compact memory variants. The 1-MS/s ADC and FlexTimer modules, combined with NXP’s Freemaster software tools library and Motor Control Application Tuning plugin (MCAT) enable designs of Brushless DC (BLDC) and other motor-control systems.

NXP’s KE1xZ MCU family offers advanced noise immunity, water-tolerant touch and low-power wake-on-touch operation—essential features for the strict electromagnetic compatibility (EMC) standards of the industrial and home appliance markets. NXP’s touch IP, combined with software and tools provide a high level of stability, accuracy and ease of use, with continued responsiveness and functionality through wet conditions. It can sustain 10 V in conducted noise, in alignment with International Electrotechnical Commission (IEC) 6100-4-6 test level 3.

Additional KE1xZ MCU features:

  • Internal 48MHz internal reference clock with 1% accuracy over full operating range
  • Boot ROM with built in bootloader and 128-bit unique device identifier (UID)
  • ADC self-calibration feature
  • Flash Access Control (FAC)
  • Cyclic Redundancy Check (CRC) generator module
  • Internal watchdog (WDOG) with independent clock source and external watchdog monitor (EWM)
  • On-chip clock loss monitoring
  • IEC 60730 Class B safety certification
  • LQFP package with 48- and 44-pin options

The KE1xZ MCU family will be available globally in March 2019 from NXP and its distribution partners with a suggested resale price from $0.79 at 10,000-unit quantities. NXP enables developers through its MCUXpresso software and tools ecosystem, along with its FRDM-KE15Z and FRDM-TOUCH development platforms (see image above), with respective suggested resale prices of $35 and $15. Third-party support is enabled from the broad ARM ecosystem.

NXP Semiconductor | www.nxp.com

 

Low-Power Wireless MCUs Provide Real-Time Performance

STMicroelectronics (ST) has announced its latest Bluetooth offering, its STM32WBx5 dual-core wireless MCUs. The devices come with Bluetooth 5, OpenThread and ZigBee 3.0 connectivity combined with ultra-low-power performance. Fusing features of ST’s STM32L4 Arm Cortex-M4 MCUs and in-house radio managed by a dedicated Cortex-M0+, the STM32WBx5 is power-conscious yet capable of concurrent wireless-protocol and real-time application execution. It is well suited to remote sensors, wearable trackers, building automation controllers, computer peripherals, drones and other IoT devices.
Security features of the STM32WBx5 MCUs include Customer Key Storage (CKS), Public Key Authorization (PKA), and encryption engines for the radio MAC and upper layers. The MCUs have up to 1 MB of on-chip flash and a Quad-SPI port for efficient connection to external memory, if needed. Additional features include crystal-less Full-Speed USB, 32 MHz RF oscillator with trimming capacitors, a touch-sense controller, LCD controller, analog peripherals and multiple timers and watchdogs. The balun for antenna connection is also integrated.

Leveraging ultra-low-power technologies of the STM32L4 line, STM32WBx5 MCUs feature multiple power-saving modes including 13 nA shutdown mode, adaptive voltage scaling, and the adaptive real-time (ART) accelerator to maximize energy efficiency and ensure long-lasting performance in self-powered applications. The integrated radio transmitter is optimized for high RF performance and low power consumption to maximize battery runtime. The RF output power is programmable up to +6 dBm in 1 dB increments, and the MCU draws only 5.2 mA when transmitting at 0 dB. Receive sensitivity is -96 dBm for BLE communication at 1mbps. Designed for a link budget of 102 dB, the radio ensures robust communication over long connection distances and includes support for an external Power Amplifier (PA).

STMicroelectronics | www.st.com

 

April Circuit Cellar: Sneak Preview

The April issue of Circuit Cellar magazine is out next week (March 20th)!. We’ve worked hard to cook up a tasty selection of in-depth embedded electronics articles just for you. We’ll be serving them up to in our 84-page magazine.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of April 2019 Circuit Cellar:

VIDEO AND DISPLAY TECHNOLOGIES IN ACTION

Video Technology in Drones
Because video is the main mission of the majority of commercial drones, video technology has become a center of gravity in today’s drone design decisions. The topic covers everything including single-chip video processing, 4k HD video capture, image stabilization, complex board-level video processing, drone-mounted cameras, hybrid IR/video camera and mesh-networks. In this article, Circuit Cellar’s Editor-in-Chief, Jeff Child, looks at the technology and trends in video technology for drones.

Building an All-in-One Serial Terminal
Many embedded systems require as least some sort of human interface. While Jeff Bachiochi was researching alternatives to mechanical keypads, he came across the touchscreen display products from 4D Systems. He chose their inexpensive, low-power 2.4-inch, resistive touch screen as the basis for his display subsystem project. He makes use of the display’s Espressif Systems ESP8266 processor and Arduino IDE support to turn the display module into a serial terminal with a serial TTL connection to other equipment.

MICROCONTROLLERS ARE EVERYWHERE

Product Focus: 32-Bit Microcontrollers
As the workhorse of today’s embedded systems, 32-bit microcontrollers serve a wide variety of embedded applications-including the IoT. MCU vendors continue to add more connectivity, security and I/O functionality to their 32-bit product families. This Product Focus section updates readers on these trends and provides a product album of representative 32-bit MCU products.

Build a PIC32-Based Recording Studio
In this project article, learn how Cornell students Radhika Chinni, Brandon Quinlan, Raymond Xu built a miniature recording studio using the Microchip PIC32. It can be used as an electric keyboard with the additional functionality of recording and playing back multiple layers of sounds. There is also a microphone that the user can use to make custom recordings.

WONDERFUL WORLD OF WIRELESS

Low-Power Wireless Comms
The growth in demand for IoT solutions has fueled the need for products and technology to do wireless communication from low-power edge devices. Using technologies including Bluetooth Low-Energy (BLE), wireless radio frequency technology (LoRa) and others, embedded system developers are searching for ways to get efficient IoT connectivity while drawing as little power as possible. Circuit Cellar Chief Editor Jeff Child explores the latest technology trends and product developments in low-power wireless communications.

Bluetooth Mesh (Part 2)
Continuing his article series on Bluetooth mesh, this month Bob Japenga looks at the provisioning process required to get a device onto a Bluetooth mesh network. Then he examines two application examples and evaluates the various options for each example.

Build a Prescription Reminder
Pharmaceuticals prescribed by physicians are important to patients both old and young. But these medications will only do their job if taken according to a proper schedule. In this article, Devlin Gualtieri describes his Raspberry-Rx Prescription Reminder project, a network-accessible, the Wi-Fi connected, Raspberry Pi-based device that alerts a person when a particular medication should be administered. It also keeps a log of the actual times when medications were administered.

ENGINEERING TIPS, TRICKS AND TECHNIQUES

The Art of Current Probing
In his February column, Robert Lacoste talked about oscilloscope probes—or more specifically, voltage measurement probes. He explained how selecting the correct probe for a given measurement, and using it as it properly, is as important as having a good scope. In this article, Robert continues the discussion with another common measurement task: Accurately measuring current using an oscilloscope.

Software Engineering
There’s no doubt that achieving high software quality is human-driven endeavor. No amount of automated code development can substitute for best practices. A great tool for such efforts is the IEEE Computer Society’s Guide to the Software Engineering Body of Knowledge. In this article, George Novacek discusses some highlights of this resource, and why he has frequently consulted this document when preparing development plans.

HV Differential Probe
A high-voltage differential probe is a critical piece of test equipment for anyone who wants to safely examine high voltage signals on a standard oscilloscope. In his article, Andrew Levido describes his design of a high-voltage differential probe with features similar to commercial devices, but at a considerably lower cost. It uses just three op amps in a classic instrumentation amplifier configuration and provides a great exercise in precision analog design.

Side-Channel Power Analysis

Easy Path to Proof

Side-channel power analysis is a method of breaking security on embedded systems, and something Colin has covered extensively in his column. This time Colin shows how you can prove some of the fundamental assumptions that underpin side-channel power analysis. He uses the open-source ChipWhisperer project with Jupyter notebooks for easy interactive evaluation.

By Colin O’Flynn

This month I thought I’d bring you an introduction to side-channel power analysis (again). I’ve covered this in past articles, but it’s been a few years and I know new readers are going to be picking up this issue of Circuit Cellar. But don’t worry—I’m doing more than just giving you a rehash of old material. My open-source ChipWhisperer project has recently had the Version 5.0 release, which uses a new interactive Python interface (using something called Jupyter notebooks). As part of this release, several new tutorials are available, and some of them cover aspects I haven’t previously shown you.

In particular, I’m going to show you how some of the fundamental assumptions around side-channel power analysis can be easily proven. It’s not something for which you have to take my word. It’s something you can test yourself, and experiment with the differences that show up for various firmware code you might be running.

Simple Power Analysis

My intro is going to push through all sorts of examples. The first thing we’ll talk about is simple power analysis (SPA). This form of power analysis commonly refers to the fact that you can see the flow of data through a system. This can be used to break code that has an execution path that depends on the secret data being processed. What sort of code might that be? We’ll take a look at a simple password check as shown in Listing 1. That might look straight-forward—but what if you could see the loop execution time? Power analysis lets us do exactly that, meaning that we could discover which character of our password was incorrect.

Listing 1
An example of a simple password check, where if one could figure out the loop count, one could recover the password byte-by-byte.

The code from Listing 1 also contains a trigger_high() and trigger_low() call. Those actually provide an added piece of instrumentation being used only for our demonstration. Using a resistor in the power pin, we could see how the power is varying, as in Figure 1. I’m doing that with my ChipWhisperer platform, but you could use an oscilloscope or other similar piece of gear. You can see in Figure 2 the loop has an obvious pattern, and we see four iterations through the loop.

Figure 1
Power consumption can be measured with a resistor in the VCC line of the device. Here I’ve also removed decoupling capacitors to improve the strength of the signal. We AC-couple the measurement to remove the high-DC bias, since we are looking at small variations only.

Figure 2 A power trace of the loop execution helps you understand how many iterations through the loop your code ran, which could break the password check in Listing 1.

How does that help us crack a password? We could monitor the power consumption of the device and send every possible first character of the password. When we see a change in the power trace, we know that suddenly another code path was taken. Most likely this “other code path” is in fact the loop going into the second iteration. We don’t need to be clever or look for a specific signature. We just look for “different.”

Listing 2
An example of a time-independent password check that could be broken by looking at power consumption of the device.

It’s hard to hide this difference. If we add a random delay afterward, we can still see the time at which the power traces changed. We can notice that at this point in time whether it seems to go into a busy-wait loop or continues processing data. If you don’t believe me, there is an exact example of this in the open-source ChipWhisperer Jupyter.
So, if you think you’re clever, you’ll implement the code as in Listing 2. This takes the same amount of time, no matter what code is executed. Let’s see how to break that.

Data Affects Power

What if I told you that the very data being processed affect the power consumption? The theory behind this is fairly simple. Internal to the device, a data bus consists of wires over a ground plane. Changing the voltage on this is equivalent to charging and discharging a capacitor. As a nice feature, most internal data-buses go to an intermediate state between valid data transmissions. These intermediate states mean that every time we send a value across the data-bus, we have to charge a certain number of data lines to the ‘1’ state. If we looked at the power consumed on the VCC rail, we would expect to see spikes related to the data being sent across a bus. If all the bits of the data-bus were going high, we would expect to see larger spikes than when only one or two lines went high. You can see our expected results in Figure 3.

Figure 3
Different numbers of bits being set to ‘1’ on the power trace result in different power consumption on each clock cycle.

But how could we test that? We could send some data to a chip, and try to find a location where, for example, we see a strong difference in the power being used that depends on the data. Since we expect our signal to be very weak, we might need to average a number of such traces over time.  …

Read the full article in the March 344 issue of Circuit Cellar
(Full article word count: 2133 words; Figure count: 7 Figures.)

Don’t miss out on upcoming issues of Circuit Cellar. Subscribe today!

Note: We’ve made the October 2017 issue of Circuit Cellar available as a free sample issue. In it, you’ll find a rich variety of the kinds of articles and information that exemplify a typical issue of the current magazine.

VDOO Offers Certified Security Engineer Program

The world we live in is rapidly becoming connected on every possible level, from cars to security cameras, from HVAC systems to doors. While connectivity provides multiple product benefits, it also introduces a great security challenge to product developers, engineers and managers.

Devising security for connected devices is a daunting task that can no longer be overlooked. Finding the subject matter experts or internally gaining the unique knowledge and skills needed to develop secure-by-design embedded systems is difficult and costly.

With all that in mind, VDOO, a provider of an end-to-end IoT security solutions, has launched the VDOO Certified Security Engineer (VCSE) program to share its knowledge and research across the IoT industry. The VCSE program is a formal, hands-on training that provides extensive insight into how to integrate security into the development of IoT devices within two days. By actively taking part in sessions on threats, security implementation and testing methodologies, including hands-on lab experience, attendees will gain the fundamental security knowledge necessary to develop secure IoT devices.

After successfully completing the program, attendees will gain security expertise recognition and join an exclusive global network of IoT security professionals. The certification will help the attendees to become the focal point for the embedded system’s security in their organizations. In addition, the organization will earn two free consulting hours with VDOO’s top embedded security experts, to allow effective and practical implementation of the program’s contents.

To qualify for the VCSE training, one must have at least one year of actual development work experience with embedded products. Additionally, this training is not for experienced security professionals but rather for those looking to learn the fundamental building blocks of IoT security.

The upcoming workshops will take place in EU, US and Japan.

For more details, reach out to training@vdoo.com or visit the program’s webpage: https://www.vdoo.com/certified-security-engineer/

VDOO | www.vdoo.com

March Circuit Cellar: Sneak Preview

The March issue of Circuit Cellar magazine is out next week!. We’ve rounded up an outstanding selection of in-depth embedded electronics articles just for you, and rustled them all into our 84-page magazine.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of March 2019 Circuit Cellar:

POWER MAKES IT POSSIBLE

Power Issues for Wearables
Wearable devices put extreme demands on the embedded electronics that make them work—and power is front and center among those demands. Devices spanning across the consumer, fitness and medical markets all need an advanced power source and power management technologies to perform as expected. Circuit Cellar Chief Editor Jeff Child examines how today’s microcontroller and power electronics are enabling today’s wearable products.

Power Supplies for Medical Systems
Over the past year, there’s been an increasing trend toward new products that have some sort of application or industry focus. That means supplies that include either certifications, special performance specs or tailored packaging intended for a specific application area such as medical. This Product Focus section updates readers on these technology trends and provides a product gallery of representative medical-focused power supplies.

DESIGN RESOURCES, ISSUES AND CHALLENGES

Flex PCB Design Services
While not exactly a brand-new technology, flexible printed circuit boards are a critical part of many of today’s challenging embedded system applications from wearable devices to mobile healthcare electronics. Circuit Cellar’s Editor-in-Chief, Jeff Child, explores the Flex PCB design capabilities available today and whose providing them.

Design Flow Ensures Automotive Safety
Fault analysis has been around for years, and many methods have been created to optimize evaluation of hundreds of concurrent faults in specialized simulators. However, there are many challenges in running a fault campaign. Mentor’s Doug Smith presents an improved formal verification flow that reduces the number of faults while simultaneously providing much higher quality of results.

Cooling Electronic Systems
Any good embedded system engineer knows that heat is the enemy of reliability. As new systems cram more functionality at higher speeds into ever smaller packages, it’s no wonder an increasing amount of engineering mindshare is focusing on cooling electronic systems. In this article, George Novacek reviews some of the essential math and science around cooling and looks are several cooling technologies—from cold pates to heat pipes.

MICROCONTROLLER PROJECTS WITH ALL THE DETAILS

MCU-Based Solution Links USB to Legacy PC I/O
In PCs, serial interfaces have now been just about completely replaced by USB. But many of those interfaces are still used in control and monitoring embedded systems. In this project article, Hossam Abdelbaki describes his ATSTAMP design. ATSTAMP is an MCS-51 (8051) compatible microcontroller chip that can be connected to the USB port of any PC via any USB-to-serial bridge currently available in the market.

Pet Collar Uses GPS and Wi-Fi
The PIC32 has proven effective for a myriad of applications, so why not a dog collar? Learn how Cornell graduates Vidya Ramesh and Vaidehi Garg built a GPS-enabled pet collar prototype. The article discusses the hardware peripherals used in the project, the setup, and the software. It also describes the motivation behind the project, and possibilities to expand the project in the future.

Guitar Video Game Uses PIC32
While music-playing video games are fun, their user interfaces tend leave a lot to be desired. Learn how Cornell students Jake Podell and Jonah Wexler designed and built a musical video game that’s interfaced with using a custom-built wireless guitar controller. The game is run on a Microchip PIC32 MCU and uses a TFT LCD display to show notes that move across the screen towards a strum region.

… AND MORE FROM OUR EXPERT COLUMNISTS

Non-Evasive Current Sensor
Gone are the days when you could do most of your own maintenance on your car’s engine. Today they’re sophisticated electronic systems. But there are some things you can do with the right tools. In his article, By Jeff Bachiochi talks about how using the timing light on his car engine introduced him to non-contact sensor technology. He talks about the types of probes available and how to use them to read the magnitude of alternating current (AC

Impedance Spectroscopy using the AD5933
Impedance spectroscopy is the measurement of a device’s impedance (or resistance) over a range of frequencies. Brian Millier has designed many voltammographs and conductivity meters over the years. But he recently came across the Analog Devices AD5933 chip made by which performs most all the functions needed to do impedance spectroscopy. In this article, explores the technology, circuit design and software that serve these efforts.

Side-Channel Power Analysis
Side-channel power analysis is a method of breaking security on embedded systems, and something Colin O’Flynn has covered extensively in his column. This time Colin shows how you can prove some of the fundamental assumptions that underpin side-channel power analysis. He uses the open-source ChipWhisperer project with Jupyter notebooks for easy interactive evaluation.

Firms Team Up to Provide End-to-End LoRa Security Solution

Microchip Technology, in partnership with The Things Industries, has announced the what it claims is industry’s first end-to-end security solution that adds secure, trusted and managed authentication to LoRaWAN devices at a global scale. The solution brings hardware-based security to the LoRa ecosystem, combining the MCU- and radio-agnostic ATECC608A-MAHTN-T CryptoAuthentication device with The Things Industries’ managed join servers and Microchip’s secure provisioning service.

The joint solution significantly simplifies provisioning LoRaWAN devices and addresses the inherent logistical challenges that come with managing LoRaWAN authentication keys from inception and throughout the life of a device. Traditionally, network and application server keys are unprotected in the edge node, and unmonitored, as LoRaWAN devices pass through various supply chain steps and are installed in the field.

The Common Criteria Joint Interpretation Library (JIL) “high”-rated ATECC608A comes pre-configured with secure key storage, keeping a device’s LoRaWAN secret keys isolated from the system so that sensitive keys are never exposed throughout the supply chain nor when the device is deployed. Microchip’s secure manufacturing facilities safely provision keys, eliminating the risk of exposure during manufacturing. Combined with The Things Industries’ agnostic secure join server service to the LoRaWAN network and application server providers, the solution decreases the risk of device identity corruption by establishing a trusted authentication when a device connects to a network.

Similar to how a prepaid data plan works for a mobile device, each purchase of an ATECC608A-MAHTN-T device comes with one year of managed LoRaWAN join server service through The Things Industries. Once a device identifies itself to join a LoRaWAN network, the network contacts The Things Industries join server to verify that the identity comes from a trusted device and not a fraudulent one. The temporary session keys are then sent securely to the network server and application server of choice. The Things Industries’ join server supports any LoRaWAN network, from commercially operated networks to private networks built on open-source components. After the one-year period, The Things Industries provides the option to extend the service.

Microchip and The Things Industries have also partnered to make the onboarding process of LoRaWAN devices seamless and secure. LoRaWAN device identities are claimed by The Things Industries’ join server with minimal intervention, relieving developers from needing expertise in security. Customers can not only choose any LoRaWAN network but can also migrate to any other LoRaWAN join server by rekeying the device. This means there is not a vendor lock-in and customers have full control over where and how the device keys are stored.

The ATECC608A is agnostic and can be paired with any MCU and LoRa radio. Developers can deploy secure LoRaWAN devices by combining the ATECC608A with the SAM L21 MCU, supported by the Arm Mbed OS LoRaWAN stack, or the recently-announced SAM R34 System-in-Package with Microchip’s LoRaWAN stack. For rapid prototyping, designers can use the CryptoAuthoXPRO socket board and The Things Industries provisioned parts in samples with the SAM L21 Xplained Pro (atsamd21-xpro) or SAM R34 Xplained Pro (DM320111).

The ATECC608A-MAHTN-T device for The Things Industries, including the initial year of prepaid TTN service, is available in volume production for $0.81 each in 10,000-unit quantities.

Microchip Technology | www.microchip.com

 

Free IoT Security Platform Runs on OpenWrt Routers and the Raspberry Pi

By Eric Brown

At the Consumer Electronics Show (CES) in Las Vegas, Minim announced a free spin-off of Minim, its cloud-managed Wi-Fi and security Software as a Service (SaaS) platform. Minim Labs is designed to work with a new open source software agent called Unum that runs on Raspbian and OpenWrt Linux devices. Optimized images are available for the OpenWrt-based Gli.Net GL-B1300 router and Raspberry Pi. The first 50 sign-ups will get the B1300 router for free (see below).


Minim Labs setup screen
(click image to enlarge)
The Minim Labs toolkit “secures and manages all connected devices in the home, such as the Google Home Hub, Sony Smart TV, and FreeRTOS devices,” providing “device fingerprinting, security scans, AI-powered recommendations, router management, analytics, and parental controls,” says Minim. By signing up to a Minim Labs account you receive a MAC address to register an Unum-enabled device.

The GitHub hosted Unum agent runs on the Linux router where it identifies connected devices and securely streams device telemetry to the Minim platform. Users can open a free Minim Labs account to register up to 10 Unum-enabled devices, offering access to Minim WiFi management apps and APIs. Alternately, you can use Unum with your own application server.

The GL-B1300 and Raspberry Pi builds are designed to walk “home network tinkerers” through the process of protecting devices with Unum and Minim Labs. More advanced developers can download a Unum SDK to modify the software for any OpenWrt-based router.

“By open sourcing our agent and giving technologists free access to our platform, we hope to build a global community that’ll contribute valuable product feedback and code,” stated Jeremy Hitchcock, Founder and CEO of Minim.

Gli.Net’s OpenWrt routers

Gli.Net’s GL-B1300 router runs OpenWrt on a quad-core, Cortex-A7 Qualcomm Atheros IPQ4028 SoC clocked to 717 MHz. The SoC is equipped with a DSP, 256MB RAM, 32 MB flash, and dual-band 802.11ac with 2×2 MIMO. The SoC and supports up to 5-port Ethernet routers abd provides Qualcomm TEE, Crypto Engine, and Secure Boot technologies.


 
GL-B1300 (left) and GL-AR750S
(click images to enlarge)
The GL-B1300 router has dual GbE ports, a WAN port, and a USB 3.0 port. The $89 price includes a 12V adapter and Ethernet cable.

The testimonial quote below says that the GL-AR750S Slate router, which is a CES 2019 Innovation Awards Honoree, will also support Unum and Minim Labs out of the box. The $70 GL-AR750S Slate runs on a MIPS-based, 775MHz Qualcomm QCA9563 processor and is equipped with 128MB RAM, 128MB NAND flash, and a microSD slot.

The Slate router provides 3x GbE ports and dual-band 802.11ac with dual external antennas. Other features include USB 2.0 and micro-USB power ports plus a UART and GPIO. The router supports WireGuard, OpenVPN, and Cloudflare DNS over TLS.


Gli.Net router comparison chart, including GL-B1300 and GL-AR750S
(click image to enlarge)
In addition to its routers, Gli.Net also sells the OpenWrt-on-Atheros/MIPS Domino Core computer-on-module. The Domino Core shipped in a Kickstarter launched Domino.IO IoT kit back in 2015.

“We are glad that Minim is going to launch open-source tools for DIY users and increase awareness of personal Internet security,” stated GL.iNet CTO Dr. Alfie Zhao. “This initiative shows shared value and vision with GL.iNet. We are happy to provide support for Minim tools on our GL-AR750S Slate router and GL-B1300 router, both of which have support to the latest OpenWrt.”

Further information

The free Minim Labs security platform is available for signup now, and the open source Unum agent is available for download. Minim is offering the first 50 Minim Labs signups with a free startup kit containing the GL-B1300 router. More information may be found at the Minim Labs product page.

This article originally appeared on LinuxGizmos.com on January 9.

Minim | www.minim.co

 

Building Automation LON-IP Standard Earns ANSI/CTA Approval

The Consumer Technology Association(CTA) and LonMark International have announced that the ANSI/CTA-709.7 LON IP is now approved as a new American National Standard (ANS) by the American National Standards Institute (ANSI). The new standard focuses on the interoperability of Internet of Things (IoT) devices and provides a complete model for implementing LON IP device-to-device and device-to-application communication interoperability.
This new standard will provide multiple parties – including users, developers, vendors, integrators and specifiers of open building control systems – a mechanism to develop and deliver a higher level of interoperability using native Ethernet/IP based devices. The new standard describes the complete set of requirements for vendors to develop LON devices with native IP communications, which offers higher speed and better IT integration flexibility. As more building control networks require more data and more IoT application interfaces, this new media type for LON control networks provides all of the benefits and functionality to meet this growing demand.

The ANSI/CTA-709.7 Implementation Guidelines define the application layer requirements for interoperable devices to communicate directly on Ethernet. It defines the addressing requirements for both IPv4 and IPv6. LonMark will offer full interoperability testing of any device utilizing the new channel type. The standard defines all of the timing parameters, configuration, and interface requirements to the full 709.1 protocol stack.

A few years prior the ANSI/CTA-709.6 Application Elements built upon the ANSI/CTA-709.5 Implementation Guidelines by providing a catalog of more than 100 common device profiles, with more than 380 specific implementation options. These profiles define the mandatory and optional design requirements for standard data variables, standard configuration properties, enumeration types and standard interface file requirements. This extensive library of device profiles includes definitions for a broad collection of devices for HVAC, indoor and outdoor (roadway) lighting, security, access, metering, energy management, fire and smoke control, gateways, commercial and industrial I/O, gas detection, generators, room automation, renewable energy, utility, automated food service, semiconductor fabrication, transportation, home appliances and others.

LonMark International | www.lonmark.org

 

Secure MCU Family Targets Low Power, Small Footprint Designs

STMicroelectronics has added the new STM32G0 microcontrollers (MCUs) to the STM32 family. The new G0 series targets entry-level applications that require greater energy efficiency, functionality, security, and value, in a smaller footprint. Extremely flexible packaging and memory options enable designers to do more within less space, and save cost. A new power-distribution architecture reduces external power and ground connections to just a single pair of pins, allowing more of the package pins—a precious resource in many embedded projects—to be allocated for user connectivity.

In addition, ST is making large memory densities available in small and economical low-pin-count packages. On top of this, the new generation features power-saving innovations that trim consumption close to that of specialized ultra-low-power devices.

To provide robust security for today’s connected devices, the STM32G0 series introduces a variety of hardware-based features including memory protection to support secure boot. Some devices in the series add to these features an AES-256 hardware cryptographic accelerator with a true random number generator (TRNG) to aid encryption.

Another valuable feature that anticipates a growing need is support for the latest USB Type-C specifications that allow easy, high-speed connectivity and battery charging, including Power Delivery version 3.0.

The STM32G0 series is based on the Arm Cortex-M0+ core, which is conceived to deliver sharp performance within a tight power budget. It targets fast-evolving products in the connected world, including smartphones, smart kitchen equipment, and appliances, air conditioning, consumer or industrial motor controls, advanced user interfaces, IoT devices, rechargeable connected devices, drones, lighting systems and more.

Package options are available from 8-pin, enabling developers to easily upgrade aging 8-bit MCU designs, to 100-pin. Flash from 16 KB to 512 KB, with 512 KB available in packages as small as 32-pin, enables more sophisticated applications on small, low-cost products.

The maximum CPU frequency of 64 MHz permits high execution speeds, compared to typical entry-level MCUs. On the other hand, extremely flexible clock configuration allows users to tailor performance within the available power budget. The internal clock is remarkably stable and comparable to high-end devices, being accurate to within ±1% from 0-85°C and ±2% over the wider range from -40°C to 125°C. This not only saves the board space and pins needed to connect a dedicated external timing device, but also can trim at least 10 cents from the bill of materials.

The STM32G0 series is extremely efficient, running at less than 100µA/MHz in run mode, and provides multiple reduced-power operating modes to save energy and extend battery runtimes. Devices draw as little as 3-8µA in stop mode with the real-time clock (RTC) running, and just 500 nA in standby with RTC (all at 3.0V, 25°C).

Moreover, peripherals are upgraded to enhance performance, speed, and accuracy. The devices feature a 12-bit 2.5 MSPS ADC, with hardware oversampling for 16-bit precision. There is also a 2-channel DAC, fast comparators, and high-accuracy timers with 7.8 ns resolution.

In addition to permitting extra user-assignable I/Os, the internal (ST-patented) power-distribution scheme also helps save BoM costs by reducing the number of external power-supply decoupling components.

Enhanced internal prevention of electromagnetic susceptibility (EMS) is yet another feature that saves board space and BoM costs. Protection against fast-transient bursts above 4.5kV, in accordance with IEC 61000-4-4, relaxes the demands for surrounding filtering components and eases board layout. For product-development teams, the ability to easily ensure good electromagnetic behavior facilitates EMC certifications for faster time to market.

ST is planning several STM32G0 lines, including the STM32G071 and similar STM32G081 with hardware cryptographic enhancement. There are also Value Line STM32G070 devices for mass-market applications. Pricing starts from $0.69 for the STM32G070CBT6 Value Line MCU in a 48-pin package, with 128 KB flash, for orders of 10,000 pieces.

STMicroelectronics | www.st.com

Internet of Things Security (Part 6)

Identifying Threats

In this final part of his Internet of Things Security article series, this time Bob returns to his efforts to craft a checklist to help us create more secure IoT devices. This time he looks at developing a checklist to evaluate the threats to an IoT device.

By Bob Japenga

A number of years ago (there were woolly mammoths around if I remember correctly), I attended a conference on the Ada programming language. Ada was created for the United States’ Department of Defense to replace the myriad of programming languages that were deployed by the DoD at that time. The language was named after the first programmer, Augusta Ada King Lovelace, a colorful character in her own right and the only legitimate daughter of the poet Lord Byron. Ada is credited with publishing the first algorithm for use on a computing machine: Charles Babbage’s famous analytical engine.

At the conference I attended a breakout session on algorithms. In the conference room next door, a popular speaker, whose name I don’t remember, held another breakout session. About ten minutes into the session, we heard a deafening chant coming from the conference room next door that repeated over and over: “I don’t care.” The speaker was making a point that, as software designers, we should not care about everything. There are legitimate things for which we need to say: “I don’t care.” We need to identify them as not relevant to the task at hand and emphatically say: “I don’t care.”
Although I remember nothing from the breakout session on algorithms, I have never forgotten this principle: “There are some things that we just don’t care to address when designing embedded systems.” Certainly, there is much to be said for thoroughness in design, but when we—with well thought through analysis—determine that some aspect of a design is a “don’t care” we need to let it go.

In designing secure IoT devices this is a very important principle. The threats are diverse and difficult to number. The assets are important and of differing value. This month we will continue to build our checklist for IoT security. Last time we created a checklist to help you identify the assets that you want to protect. This month we will add to that checklist with some questions to help you identify and quantify the threats.

Identifying the Threats

We need to start with definitions. A good working definition for a threat would be: “a person or thing likely to cause damage or danger.” Although this is a good definition, for the purpose of building our checklist, I want to expand upon it a little. Here’s why: In most cases “I don’t care” who the threat is, nor do I care what their capabilities are. Keep in mind that, if there is a threat with very little capabilities, that threat could get passed on. They can always sell either their knowledge or their access to the device to someone who has the capabilities to create a security breach with the device. Let me illustrate that. Imagine there are two threats: One is a disgruntled former employee with little or no capability of reverse engineering your design in order to find a security flaw. The second is an organization with deep pockets and highly skilled hackers. If any of the assets that we identified in the first part of the checklist are worth a significant chunk of change, the former employee can always sell what they have to this other organization. With all that in mind, in general “I don’t care” about who the threat is.

But I do care about the activities of these threat agents. This is in line with the way the OWASP Top Ten IoT Security Threats is laid out. The Open Web Application Security Project (OWASP) is a worldwide organization focused on improving the security of software. I introduced OWASP as a valuable resource in my August 2016 column (Circuit Cellar 313) when we discussed their list of the top ten security vulnerabilities. The list was updated in 2017 and worthwhile to review [1]. OWASP also provides what its calls the top ten threats to IoT devices. We will look at these a little later in this article. They agree with my assessment that we don’t care who it is or what their capability is. What we care about is the action that they can take.

Figure 1
Shown here are the five areas of threat I’ve identified for IoT devices.

When thinking about threats to the security of our IoT device, I would identify five areas of threat as shown in Figure 1: access to the physical device; access to the wireless services on the device; access to the network (LAN or WAN) the device is on; access to the cloud server used by the device; and access to the mobile app used by the device. Anyone who has access to one or more of these is a threat agent. So, the beginning of our checklist needs to analyze what harm could be done by such a threat agent who gained access to any of these five areas of threat. Not all of your IoT devices have all of these areas of threat but most have a majority of them. For each of the areas of threat we need to ask the question: What would be the potential cost if someone with a lot of time, highly skilled hackers and a lot of money got access to one of these areas of threat without permission?

This provides the first five elements of the Threat portion of the IoT Security Checklist. Let’s look at each of these.

Five Threat Elements

Physical access: Not all IoT device designers will consider physical access to the device an area of threat. For example, we are currently working with a client who has determined that there is very little risk of an unauthorized person having physical access to their device. For most cases this is true. The device is only touched by employees and is physically inaccessible to everyone else. But I have not pushed them to protect the assets accessible through physical access for other reasons. I have gone along with that assessment because the assets available inside the device are minimal. But if the assets were valued higher, I would push back more strongly primarily due to the potential of a disgruntled or greedy insider handing the unit off to a qualified hacker.

Figure 2
Shown here are the access areas of threat if physical access is a threat area for your device.

If physical access is a threat area for your device, then the following access areas portrayed in Figure 2 need to be protected: access to data storage; access to user interfaces; access to USB ports; access to console ports; access to side channel information; and access to debug ports.

Mobile app: Many of our IoT devices have a mobile app associated with it. Although not strictly part of the IoT, it is certainly something that needs to be considered when designing your IoT device. Certainly, one approach is to limit who can put your mobile app on their phone or tablet. This certainly provides a great physical barrier to access. But the integration of Google’s Play Store and Apple’s App Store with your phone and tablet makes for very easy deployment and is very tempting to us designers. Surely the next line of defense is to drastically limit what the mobile app can access. Again, this is the power of the mobile app interface and you hate to lose it. Requiring a username and strong password is your next line of defense. For now, our job is to identify what harm someone bent on destroying your business would do if they were given unlimited access to your mobile app. How your mobile app communicates to the device is another concern we’ll look at next.

Wireless access: Your IoT device may provide several wireless ways to connect to it: cellular, Wi-Fi, Zigbee, Thread, Bluetooth, IrDA and Near Field Communication (NFC) are some of the most common. At this point in our checklist we need to ask: What if an unauthorized person got on your device wirelessly? What harm could be done? What if someone could perform a man-in-the-middle attack? The most recent Bluetooth hacking technique [2] shows us that even secure transmissions can have holes in their implementations allowing for man-in-the-middle attacks. So, we cannot just rely on secure transmissions as our only source of protection. I think about this every time I connect over Bluetooth to my OBD2 (on-board diagnostics) interface in my car. What would happen if someone could get on that interface and muck with my on-board computer? There’s no doubt that providing good access control through usernames and passwords, encrypting and authenticating all traffic and limiting physical access are all in your arsenal of protection. For now, we are concentrating on evaluating the harm nefarious access over the wireless interfaces on your IoT device could do.

Cloud access: Like mobile access, your cloud access is not strictly part of the IoT device. But again, we must pursue the questions: What if an unauthorized person got on your cloud interface? What harm could be done? The cost of that harm will help you to evaluate the amount of security you need to provide to the cloud interface. Clearly, we don’t want to use unencrypted transmissions. HTTPS provides encryption for us. But we found that on one of our major projects the cell modem chip only supported HTTP. So, we needed to encrypt the transmissions ourselves. Secure user access is pretty standard for cloud interfaces. But again, don’t rely on these layers. Seriously address what harm a malicious hacker intent on destroying your company could do if they had full access to your IoT cloud interface.

IoT network: Some of our IoT devices still have an Ethernet interface and provide some form of local area networking (LAN) or wide area networking (WAN). But this could be any wired network interface. Again, we need to look hard at what someone could gain from watching the traffic on the network. Our company’s most serious security breach came because of a little used Ethernet port that provided unencrypted traffic to a Link Local address. A researcher sniffed it out and found a security flaw. …

Read the full article in the December 341 issue of Circuit Cellar

Bob’s IoT Checklist can be found here.

Don’t miss out on upcoming issues of Circuit Cellar. Subscribe today!

Note: We’ve made the October 2017 issue of Circuit Cellar available as a free sample issue. In it, you’ll find a rich variety of the kinds of articles and information that exemplify a typical issue of the current magazine.

January Circuit Cellar: Sneak Preview

Happy New Years! The January issue of Circuit Cellar magazine is coming soon. Don’t miss this 1st issue of Circuit Cellar 2019. Enjoy pages and pages of great, in-depth embedded electronics articles.

Not a Circuit Cellar subscriber?  Don’t be left out! Sign up today:

 

Here’s a sneak preview of January 2019 Circuit Cellar:

TRENDS & CHOICES IN EMBEDDED COMPUTING

Comms and Control for Drones
Consumer and commercial drones represent one of the most dynamic areas of embedded design today. Chip, board and system suppliers are offering improved ways for drones to do more processing on board the drone, while also providing solutions for implementing the control and communication subsystems in drones. This article by Circuit Cellar’s Editor-in-Chief Jeff Child looks at the technology and products available today that are advancing the capabilities of today’s drones.

Choosing an MPU/MCU for Industrial Design
By Microchip Technology’s Jacko Wilbrink
As MCU performance and functionality improve, the traditional boundaries between MCUs and microprocessor units (MPUs) have become less clear. In this article, Jacko examines the changing landscape in MPU vs. MCU capabilities, OS implications and the specifics of new SiP and SOM approaches for simplifying higher-performance computing requirements in industrial applications.

Product Focus: COM Express Boards
The COM Express architecture has found a solid and growing foothold in embedded systems. COM Express boards provide a complete computing core that can be upgraded when needed, leaving the application-specific I/O on the baseboard. This Product Focus section updates readers on this technology and provides a product album of representative COM Express products.

MICROCONTROLLERS ARE DOING EVERYTHING

Connecting USB to Simple MCUs
By Stuart Ball
Sometimes you want to connect a USB device such as a flash drive to a simple microcontroller. Problem is most MCUs cannot function as a USB host. In this article, Stuart steps through the technology and device choices that solve this challenge. He also puts the idea into action via a project that provides this functionality.

Vision System Enables Overlaid Images
By Daniel Edens and Elise Weir
In this project article, learn how these two Cornell students designed a system to overlay images from a visible light camera and an infrared camera. They use software running on a PIC32 MCU to interface the two types of cameras. The MCU does the computation to create the overlaid images, and displays them on an LCD screen.

DATA ACQUISITION AND MEASUREMENT

Data Acquisition Alternatives
By Jeff Child
While the fundamentals of data acquisition remain the same, its interfacing technology keeps evolving and changing. USB and PCI Express brought data acquisition off the rack, and onto the lab bench top. Today solutions are emerging that leverage Mini PCIe, Thunderbolt and remote web interfacing. Circuit Cellar’s Editor-in-Chief, Jeff Child, dives into the latest technology trends and product developments in data acquisition.

High-Side Current Sensing
By Jeff Bachiochi
Jeff says he likes being able to measure things—for example, being able to measure load current so he can predict how long a battery will last. With that in mind, he recently found a high-side current sensing device, Microchip’s EMC1701. In his article, Jeff takes you through the details of the device and how to make use of it in a battery-based system.

Power Analysis Capture with an MCU
By Colin O’Flynn
Low-cost microcontrollers integrate many powerful peripherals in them. You can even perform data capture directly to internal memory. In his article, Colin uses the ChipWhisperer-Nano as a case study in how you might use such features which would otherwise require external programmable logic.

TOOLS AND TECHNIQUES FOR EMBEDDED SYSTEM DESIGN

Easing into the IoT Cloud (Part 2)
By Brian Millier
In Part 1 of this article series Brian examined some of the technologies and services available today enabling you to ease into the IoT cloud. Now, in Part 2, he discusses the hardware features of the Particle IoT modules, as well as the circuitry and program code for the project. He also explores the integration of a Raspberry Pi solution with the Particle cloud infrastructure.

Hierarchical Menus for Touchscreens
By Aubrey Kagan
In his December article, Aubrey discussed his efforts to build a display subsystem and GUI for embedded use based on a Noritake touchscreen display. This time he shares how he created a menu system within the constraints of the Noritake graphical display system. He explains how he made good use of Microsoft Excel worksheets as a tool for developing the menu system.

Real Schematics (Part 2)
By George Novacek
The first part of this article series on the world of real schematics ended last month with wiring. At high frequencies PCBs suffer from the same parasitic effects as any other type of wiring. You can describe a transmission line as consisting of an infinite number of infinitesimal resistors, inductors and capacitors spread along its entire length. In this article George looks at real schematics from a transmission line perspective.

Cypress Semi Teams with Arm for Secure IoT MCU Solution

Cypress Semiconductor has expanded its collaboration with Arm to provide management of IoT edge nodes. The solution integrates the Arm Pelion IoT Platform with Cypress’ low power, dual-core PSoC 6 microcontrollers (MCUs) and CYW4343W Wi-Fi and Bluetooth combo radios. PSoC 6 provides Arm v7-M hardware-based security that adheres to the highest level of device protection defined by the Arm Platform Security Architecture (PSA).
Cypress and Arm demonstrated hardware-secured onboarding and communication through the integration of the dual-core PSoC 6 MCU and Pelion IoT Platform in the Arm booth at Arm TechCon last month. In the demo, the PSoC 6 was running Arm’s PSA-defined Secure Partition Manager to be supported in Arm Mbed OS version 5.11 open-source embedded operating system, which will be available this December. Embedded systems developers can leverage the private key storage and hardware-accelerated cryptography in the PSoC 6 MCU for cryptographically-secured lifecycle management functions, such as over-the-air firmware updates, mutual authentication and device attestation and revocation. According to the company, Cypress is making a strategic push to integrate security into its compute, connect and store portfolio for the IoT.

The PSoC 6 architecture is built on ultra-low-power 40-nm process technology, and the MCUs feature low-power design techniques to extend battery life up to a full week for wearables. The dual-core Arm Cortex-M4 and Cortex-M0+ architecture lets designers optimize for power and performance simultaneously. Using its dual cores combined with configurable memory and peripheral protection units, the PSoC 6 MCU delivers the highest level of protection defined by the Platform Security Architecture (PSA) from Arm.

Designers can use the MCU’s software-defined peripherals to create custom analog front-ends (AFEs) or digital interfaces for innovative system components such as electronic-ink displays. The PSoC 6 MCU features the latest generation of Cypress’ industry-leading CapSense capacitive-sensing technology, enabling modern touch and gesture-based interfaces that are robust and reliable.

Cypress Semiconductor | www.cypress.com