MAXREFDES155#: DeepCover IoT Embedded Security Reference Design: Public Key Secure Data Path

The MAXREFDES155# is an internet-of-things (IoT) embedded-security reference design, built to authenticate and control a sensing node using elliptic-curve-based public-key cryptography with control and notification from a web server.

The hardware includes an ARM^® mbed™ shield and attached sensor endpoint. The shield contains a DS2476 DeepCover^® ECDSA/SHA-2 coprocessor, Wifi communication, LCD push-button controls, and status LEDs. The sensor endpoint is attached to the shield using a 300mm cable and contains a DS28C36 DeepCover ECDSA/SHA-2 authenticator, IR-thermal sensor, and aiming laser for the IR sensor. The MAXREFDES155# is equipped with a standard Arduino^® form-factor shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The combination of these two devices represent an IoT device. Communication to the web server is accomplished with the shield Wifi circuitry. Communication from the shield to the attached sensor module is accomplished over I²C. The sensor module represents an IoT endpoint that generates small data with a requirement for message authenticity/integrity and secure on/off operational control.

The design is hierarchical with each mbed platform and shield communicating data from the sensor node to a web server that maintains a centralized log and dispatches notifications as necessary. The simplicity of this design enables rapid integration into any star-topology IoT network to provide security with the low overhead and cost provided by the ECDSA-P256 asymmetric-key and SHA-256 symmetric-key algorithms.

NOTE: Operating the MAXREFDES155# requires a separate purchase of a MAX32600MBED# mbed platform.

Refer to the Details tab for more information. Design files including; schematic, PCB files and bill of materials (BOM) can be downloaded from the Design Resources tab. As with all Maxim reference designs, boards are available for purchase.

Features

• Public-key infrastructure to authenticate nodes and messages
• ECDSA-P256 public-key authentication
• SHA-256 HMAC secret-key authentication
• Securely controls on/off operation of IoT device endpoints
• Demonstrates secure download for remote update of an IoT device configuration file
• DeepCover secure key storage and protection
• Wifi interface for communication to a web server

Competitive Advantages

• Crypto-strong authentication
• No need for secure-key storage memory on processor
• Low-overhead performance for signed data between the web server and the mbed platform

Applications

• Authentication of Internet of Things (IoT) device nodes
• Securely updating IoT or network connected device configuration data
• Data authentication at all levels from sensor endpoint to web server
• Protect all types of network connected applications from counterfeiting
• Invalidate unauthorized sensor endpoints