Developing an IoT Security solution

Posted on Posted in Security

Security in low powered IoT devices is something that sounds like its going to be difficult to implement with the limitations of flash, memory and processing power. This is now possible if you move the crypto processing to a dedicated chip such as the Atmel ATECC508A. The work being done here is based on the excellent work already done on the Cryptotronix Cryptoauth-arduino library, the Cryptotronix Hashlet and the Cryptotronix EClet. The Hashlet and EClet  are command line applications for the Raspberry Pi to communicate with the ATSHA204A and ATECC108A CryptoAuthentication chips. The ATECC108A is mostly compatible with the ATECC508A but as it is a recently introduced part, the current libraries and applications do not fully cater for it. The main differences being the addition of new commands and changes to the configuration area.

The hardware

The Atmel ATECC508A was chosen over the ATECC108A as it offered additional features for a very similar price. Whether these are actually used in practice is a different matter! Previously the Atmel ATSHA204A had been looked at and was found to work quite well, but the use of shared keys meant that all devices had to be pre-programmed with the correct keys in order to create and check MAC codes. The ATECCx08A chips removes the need for shared keys. The passing and verification of the public keys can then be done as part of the device deployment process.

The first thing to do with this chip is to decide how to actually connect it up to, for example an Arduino or a Raspberry Pi. The chip is an 8 pin SOIC, surface mount part and is not suitable for regular breadboards without a carrier or breakout PCB. What I decided to do was produce a simple carrier PCB that can be used on either a Raspberry Pi, Arduino or in a solderless breadboard for use with other development boards such as mbed.

cryptopcb1

Assembly requires, in addition to the ATECC508A, a decoupling capacitor, two resistors if use with the Arduino and the appropriate header pins or socket depending on which device this is to be plugged into. A completed module plugged into an Arduino is shown below.

cryptopcb3

The Arduino Library and example sketches

The Arduino library has been available for a while now but had not been updated recently. It also did not fully support the ATECC508A device. This was addressed by replacing the original Atmel source files supporting the ATSHA204A and ATECC108A with the most recent versions that also included the ATECC508A. With this the wrapper classes for the library were updated to use new features of the later device.

Currently the following operations are implemented for the ATECC508A:

  • Get Random number.
  • Personalise the device.
  • Get basic information such as serial number and area lock status.
  • Create a random ECC private key in a selected key slot.
  • Retrieve the public key for a ECC private key in selected key slot.
  • Lock individual key slots.
  • Produce digital signature for data message.
  • Verify a signature generated on another device.
  • MAC generation and verification (not included in demo sketch).
  • Basic SHA256 digest generation using chip rather than code.

There is still work to do on debugging some of these operations as they are not yet 100% debugged.

The updated Cryptoauth-Arduino library should be downloaded and extracted to your libraries directory/folder. The extracted name usually has -master appended by Github, this is the branch you selected and should be removed by renaming it. In the Examples menu optin of the Arduino IDE, look for the library CryptoAuth and the example Crypto_Examples. This is a simple menu driven sketch that can be used to test the functionality of the chip and the library. When compiled and uploaded to an Arduino UNO or similar, using the Serial monitor (115200 Baud and Line ending option to Both NL & CR) or another terminal emulator (Baud 115200, Receive CR, Transmit CR, No Local Echo) you should see:

Atmel ATECC508A Test Suite
==========================
1 - Chip Info
2 - Personalize
3 - Random Number
4 - Gen Private Key
5 - Get Public Key
6 - Lock key slot
7 - Hash Data
8 - Sign Data
9 - Verify Data
Choice [1 - 9]

The menu is only displayed the first time, or whenever a menu option 0 is selected.

Option 1, Chip Info is used to test the state of the chip, retrieve its serial number and show the state of the 16 keyslots.

Chip Info
Serial Number: 01235052D92CA571EE
Revision: 00005000
Config Zone is Locked
Data Zone is Locked
111111
0123456789012345
Type: EEEEEEEE---E---E
Lock: YYYYYYYY---Y---Y

In this case, the chip has already been personalized because both the Config and Data zones have been locked. A number of the keyslots have had private ECC keys created and locked to prevent any changes. The keyslot information is stored in memory for later use when determining the correct error response to display if needed as the same error code can be returned by different functions but has a different meaning.

Option 2, Personalize, is used to set the configuration and data zones of the chip so that it can be used. The data is currently configured within the sketch and any changes can be made after referring to the datasheet. The personalize option requires you to confirm that you wish to do this. The current configuration date is setup with 16 P256 NIST ECC key storage slots with each key defined as External Sig, Is Secret, Never write, GenKey can write random keys. This allows for quick testing of the public/private asymmetric digital signing of messages.

Personalize
Ready to personalise? [Y/N] Personalizing.....
Done

Option 3, Random Number
Random Number
Press a key to exit
3cf91d7a7b3bef716a1ad548ad753fb72f4751e3e2a3cff06093751a3f8274c9
f4caaa7e88297c7e2f35f32072f664dfc2b188b27b2dd35660f73599d39871b4
87bf5ecaf06978cc75898981fd4f5ec4e2c0f2368ad1f1bbc2435ccc759d439a
0c7461f08e0fd65d05f47c079f3636ca522068c192c7c2e6f5bf1a2b428295ea
47adb67b94716d61756699ad97fefd222b92e5fa6c30b2430c53fb74d700440d

Option 4, Gen Private Key will create a new random private key in the selected slot, providing it has not been locked. Using this option on the same key slot multiple times will set a new random key. To preserve the key the slot must be locked.

Generate Random Private ECC Key
Key Number [0-15]
Private Key 9
Fail genEccKey (Private) No Response

Note the library currently reports a No Response error but it has in fact created the key. This can be seen when using option 1:
Chip Info
Serial Number: 01235052D92CA571EE
Revision: 00005000
Config Zone is Locked
Data Zone is Locked
111111
0123456789012345
Type: EEEEEEEE-E-E---E
Lock: YYYYYYYY---Y---Y

If the slot is already in use and locked then you see Slot locked as shown below.

Generate Random Private ECC Key
Key Number [0-15]
Private Key 0
Fail genEccKey (Private) CMD Fail - Slot locked

Option 5, Get Public Key will retrieve and display the public key associated with a ECC private key in the selected slot or return an error if the slot has not had a private key generated.

Get Public ECC Key
Key Number [0-15]
Public Key 15
PubKey:26712508A3544575F38526FA3D6AAAF920728A3ABDF2421841243F1961222944AF116DDFB4AF797EA70FCD09C9FEBC490793C271165410FAF3672BE5FD8D1B5D

Option 6, Lock key slot will lock the specified keyslot to prevent further changes to the private key.
The slot is not locked:
111111
0123456789012345
Type: EEEEEEEE-E-E---E
Lock: YYYYYYYY---Y---Y

Lock the slot:
Lock Key Slot
Key Number [0-15]
Locking slot 9 Locked

Check the slot is locked:
111111
0123456789012345
Type: EEEEEEEE-E-E---E
Lock: YYYYYYYY-Y-Y---Y

Option 7, Hash Data will demonstrate the SHA256 has functionality of the chip. You can check the output by using an online SHA256 generator such as http://www.xorbin.com/tools/sha256-hash-calculator, remember that if you include newline characters, these are included in the online calculation, whereas the example sketch uses them as a line terminator and does not include them.

Hash Data
Enter Message to hash: Thing Innovations Crypto
Hash: 6710AB24724A9F1F4B98DCCBB555A98089793C6E977247DC6612D11172E0A00F

Option 8, Sign Data will first hash the message then use the selected keyslot to generate the digital signature for the data.
Sign Data
Enter Message to sign: Thing Innovations Crypto
Key Number [0-15] 0
Signature:5F20AA9ADEBBF77B9005FC3095E36E8650B75A0D4F7C296D097F7BCBA8A95E615DD1F4A8BE9B67AD4361F4241B686A5CCA990A8EF9DEEA2566ADE50B0B320204

Option 9, Verify Data will take the data, hash it, using the provided public key and signature will verify that the data has not been changed or that the key and signature all match. Even a single bit change will fail the verification. The first example fails because the signature was generated with a different private key and the wrong public key was presented. The second example shows the verification was OK. The third example was created with the same private key as example 2, but you can see the digital signature string is actually different. This is normal . When using EClet to generate digital signature strings, you need to omit the first 2 hex digits as these are normally 04.

Example 1
Verify Data
Enter Message to verify: Thing Innovations Crypto
Enter Public Key: 71F0772217CB873922BEE01E1B7AFCA08F665AB4A6E3DDB9A8617DE75A95EA60C73A19D3C604E3F6194454EF3A60660CF886F7518547EC22F846AA65FFC9C536
Enter Signature: 36E57FAA5F98EC1BA2BF69E3B37DEE2CE80C4D453CF2E8FC03F2366E576FB063953E144679985C6EC2A05A68F26B8D9668E1E744646F17C8D3633A2823A4B1CD
Failed Verify

Example 2
Verify Data
Enter Message to verify: Thing Innovations Crypto
Enter Public Key: 71F0772217CB873922BEE01E1B7AFCA08F665AB4A6E3DDB9A8617DE75A95EA60C73A19D3C604E3F6194454EF3A60660CF886F7518547EC22F846AA65FFC9C536
Enter Signature: 7C98326921AD4A795A44AB599B0230DE9B554D3842CB4AF26B12F4CC76C97F6BFB87A4DB03BFD19F28AE7B5EFF8FEC44DAD319E76D36E88B8729CDA2D583698B
Verify OK

Example 3
Verify Data
Enter Message to verify: Thing Innovations Crypto
Enter Public Key: 71F0772217CB873922BEE01E1B7AFCA08F665AB4A6E3DDB9A8617DE75A95EA60C73A19D3C604E3F6194454EF3A60660CF886F7518547EC22F846AA65FFC9C536
Enter Signature: 8A46ED95DC9232CA14CE0E83A8A45F53471A4FD998923414A1593B3FA641449FA6E3852F40756DF698FF6E9F6C2A41F611E3F0F8F74686E133285966A8062C98
Verify OK

The Raspberry Pi Software

The Raspberry Pi software is the Cryptotronix EClet and should be built as per the instructions in the Readme.md file. This has not yet been updated to be fully compatible with the ATECC508A yet and as such the personalize option may not fully configure the ATECC508A correctly. As a workaround for now, these can be personalized using the Arduino sketch before using them in the Raspberry Pi.

2015-06-26 17.29.52

The eclet command line tool will communicate with the ATECC508A as shown in the examples below.

pi@raspberrypi2B ~/crypto/EClet $ ./eclet state
Personalized
pi@raspberrypi2B ~/crypto/EClet $ ./eclet serial-num
01230E52D92CA571EE
pi@raspberrypi2B ~/crypto/EClet $ ./eclet random
F25F07C451FC53C80B28860C2F351377A67F9D5F4FD84688A27B23D4049F27CB
pi@raspberrypi2B ~/crypto/EClet $ ./eclet gen-key -k 0
046DAAAE69650D2B77ADC792C999FD09307413DB4067018DA4C315CCBF8E20743421330051699A859106E3C94486A4799C4074D04892C19CE37C842ABA4C6F5175

There is a current issue with the gen-key command, in that it will overwrite a previously generated key if the same key number is selected again. The command created a random ECC key in key slot 0 and returned the corresponding public key. To sign data or a file use the sign command. It produces the signature for the data.

echo -n "Thing Innovations crypto test" | ./eclet sign -k 0
25899774090368CBCF22ECB31F3E033CC6DB87F459F6EEF45A8F63B423E11B96F9B8742A8BF38F4A91056D704CC4E5B6286864F6EACF18E0410598201C404EE3

To verify the data has not been tampered with, the receiving host should then be able to verify the data has not been tampered with. Using the data, public key and the digital signature previously generated. The eclet command line tool returns an exit code of 0 for successful verification and a non-zero exit code, along with failure message for unsuccessful verification.

pi@raspberrypi2B ~/crypto/EClet $ echo -n "Thing Innovations crypto test" | ./eclet verify -k 0
--signature 25899774090368CBCF22ECB31F3E033CC6DB87F459F6EEF45A8F63B423E11B96F9B8742A8BF38F4A91056D704CC4E5B6286864F6EACF18E0410598201C404EE3
--public-key 046DAAAE69650D2B77ADC792C999FD09307413DB4067018DA4C315CCBF8E20743421330051699A859106E3C94486A4799C4074D04892C19CE37C842ABA4C6F5175

The unsuccessful response is shown below, where the same signature and public key have been used but the data has been changed by only a few bits.

pi@raspberrypi2B ~/crypto/EClet $ echo -n "Thing Innovations Crypto test" | ./eclet verify -k 0
--signature 25899774090368CBCF22ECB31F3E033CC6DB87F459F6EEF45A8F63B423E11B96F9B8742A8BF38F4A91056D704CC4E5B6286864F6EACF18E0410598201C404EE3
--public-key 046DAAAE69650D2B77ADC792C999FD09307413DB4067018DA4C315CCBF8E20743421330051699A859106E3C94486A4799C4074D04892C19CE37C842ABA4C6F5175
Verify Command failed.

There is an off-line mode that does not use the ATECC508A chip, instead it uses the crypto library so can be used to verify data where the crypto hardware chip is not available as shown in the example below. Again, this returns an exit code of 0 for successful verification.

pi@raspberrypi2B ~/crypto/EClet $ echo -n "Thing Innovations crypto test" | ./eclet offline-verify-sign
--signature 25899774090368CBCF22ECB31F3E033CC6DB87F459F6EEF45A8F63B423E11B96F9B8742A8BF38F4A91056D704CC4E5B6286864F6EACF18E0410598201C404EE3
--public-key 046DAAAE69650D2B77ADC792C999FD09307413DB4067018DA4C315CCBF8E20743421330051699A859106E3C94486A4799C4074D04892C19CE37C842ABA4C6F5175

Outstanding issues

Due to the complex nature of cryptography in general and these chips, there may be problems or unresloved issues in the code on both the Ardiuno library and the Raspberry Pi client application and library. Current list of known issues:

  1. Arduino Lib – Generating private ECC keys works, but returns a no response error.
  2. Arduino Lib – SHA256 function is limited to 62 byte input data.
  3. EClet – Does not appear to fully support the ATECC508A personalisation.
  4. EClet – building this can be tricky and doesn’t appear to use latest libcrypti2c.
Next steps

Once the basic functionality has been built, tested and debugged, it’s then a case of implementing the security features within future products and services. Adding the Crypto Authentication chips to a new device is a matter of including the appropriate device in the schematic and board layout along with pull-up resistors, if required, and a decoupling capacitor. The additional hardware cost is minimal compared to the overall design hardware costs. The complexity is then in the software and how you use the crypto authentication features to secure your Internet of Things devices.
If you use Node-RED on a Raspberry Pi or BeagleBone Black then you can integrate the security features provided by the ATECC508A and the Eclet application using a simple exec node. This would then create a powerful tool for developing Internet of Things applications.