MAXREFDES143
Overview
Design Resources
Design & Integration File
- Schematic
- PCB Layout
- PCB Gerber
- BOM
- Firmware Files
Evaluation Hardware
Part Numbers with "Z" indicate RoHS Compliance. Boards checked are needed to evaluate this circuit.
- MAXREFDES143# DeepCover Embedded Security in IoT Authenticated Sensing and Notification
Description
The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.
NOTE: Operating the MAXREFDES143# requires a separate purchase of a MAX32600MBED# ARM® mbed™ platform.
Refer to the Details tab for more information. Design files including schematic, PCB files, and bill of materials (BOM) can be downloaded from the Design Resources tab.
Features & Benefits
Features
- SHA-256 authentication
- Unique secret for each node in the system
- DeepCover® secure key storage
- 1-Wire/I2C/Wi-Fi interfaces
- Example source code
- mbed shield equivalent to Arduino form factor pinout
- Pmod™-compatible protected sensor node
Competitive Advantages
- Crypto-strong authentication
- No need for secure key storage memory on processor
- Low overhead performance for signed data between the web server and the mbed platform
Details Section
Introduction
In this IoT-embedded world, security emerges as a paramount feature to protect industrial equipment from counterfeiting while tracking product lifetime with smart notifications. The MAXREFDES143# is a reference design that demonstrates an authenticated data chain from a protected sensor node to a web server. There are notifications to the user through the web server when intervention is required such as when it is time to change the consumable being monitored (i.e., the protected sensor node), a filter in this case, or if an unsafe consumable (i.e., counterfeit sensor node) is installed.
The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.
NOTE: Operating the MAXREFDES143# requires a separate purchase of a MAX32600MBED# ARM® mbed™ platform.
Detailed Description of Hardware
The system in Figure 2 shows the high-level implementation of the design. The reference design sequence is as follows:
The mbed Platform uses the DS2465 to authenticate the DS28E15 on the Sensor Node. For details, refer to application note 5546, "The Fundamentals of a SHA-256 Master/Slave Authentication System."
- The Sensor Node measures temperature using the DS7505 and simulated filter life using the MAX44009, which measures light illuminating through the filter when requested from the mbed Platform.
- The mbed Platform uses the DS2465 to perform an Authenticated Write to filter life stored on the Sensor Node if necessary.
- The mbed Platform requests a challenge from the Web Server to prevent replay attacks.
- Use the DS2465 and the mbed Platform to formulate a MAC from the following components: formatted sensor data, a Transport Secret derived from the Master Secret, and received challenge from the Web Server.
- The mbed Platform sends sensor data and the newly formulated MAC to the Web Server using a Wi-Fi connection.
- The Web Server verifies MAC, adds authentic sensor data to the log, and distributes alerts if necessary.
Figure 1. The MAXREFDES143# reference design block diagram.
Hardware Setup
- MAXREFDES143# kit including shield, Protected Sensor Node module, and ESP8266 Wi-Fi module (available for purchase)
- Available for immediate download on the Design Resources tab is the schematic, BOM, and PCB Gerber.
- MAX32600MBED# (ARM® mbed Enabled Development Platform for MAX32600—available for purchase separately) used as embedded microprocessor for the mbed Shield
- MAX32600MBED Product Folder
- USB A to USB Micro-B cable
Software Setup
- PHP example web application is available for immediate download on the Design Resources tab.
- Firmware files are available from the ARM mbed Developer Site found here:
Pinout
Figure 2 shows the shield pins (e.g., J3 to J6) that connect to the mbed Platform (e.g., MAX32600MBED#).
Figure 2. Shield compatible connections (actual connectors on the back).
Figure 3 shows the shield connections to the ESP8266 WiFi socket (J1), the Protected Sensor Node (J2), the three pushbuttons (i.e., SW1 to SW3), the RED LEDs (D1 and D2) and the LCD (part # NHD-C0220BiZ-FS(RGB)-FBW-3VM).
Figure 3. Peripheral and accessory connections.
Quick Start
Required equipment:
- Any PC or notebook computer with an internet browser and a free USB port
- MAXREFDES143# board
- MAX32600MBED# or equivalent mbed platform
- USB A to USB Micro-B cable
Download, read, and carefully follow each step in the appropriate MAXREFDES143# Quick Start Guide.
Documentation & Resources
-
MAXREFDES143 Design Files2/17/2021ZIP3 M
-
UG-6296: MAXREFDES143# Quick Start Guide7/6/2016PDF3M
Support & Training
Search our knowledge base for answers to your technical questions. Our dedicated team of Applications Engineers are also available to answer your technical questions.