应用与设计

MAXREFDES143#:DeepCover嵌入式安全在IOT安全认证检测和通知领域的应用


概述

MAXREFDES143#是一款物联网(IoT)嵌入式安全参考设计,通过安全认证及网络服务器通知保护工业检测节点。硬件包括外设模块和mbed平台:前者作为保护传感器节点,监测工作温度和产品的剩余寿命(通过环境光检测进行模拟);后者作为控制器节点,负责监测一个或多个传感器节点。设计采用层级式结构,每个控制器节点从连接的传感器节点采集数据,上传至网络服务器,服务器负责维护中央式记录以及必要的调度通知。mbed平台包含Wi-Fi模块、带1-Wire®主机功能的DS2465协处理器、LCD、LED以及按钮;保护传感器节点包含DS28E15安全认证器、DS7505温度传感器、MAX44009光传感器。mbed平台通过板载Wi-Fi模块与网络服务器通信,通过I2C和1-Wire接口与保护传感器节点通信。MAXREFDES143#配备有标准屏蔽连接器,可使用MAX32600MBED#等mbed电路板进行快速测试。设计的简单性确保可快速集成到任何要求SHA-256对称密钥算法以较低开销提供增强安全性的星型IoT网络。

更多信息请参考详细资料标签页。包括原理图、PCB文件及物料单(BOM)在内的设计文件可以从设计资源标签页下载。

注:MAXREFDES143#编程要求单独购买MAX32600MBED#开发平台或相当的Arduino规格平台。

特性

  • SHA-256安全认证
  • 系统中每个节点具有唯一的密钥
  • DeepCover®安全密钥存储
  • 1-Wire/I2C/Wi-Fi接口
  • 源代码示例
  • mbed平台的引脚排列兼容Arduino规格
  • PmodTM兼容保护传感器节点

竞争优势

  • 强加密安全认证
  • 处理器上无需安全密钥存储器
  • 网络服务器与mbed平台之间有符号数据的开销较低

应用

  • 物联网(IoT)设备节点安全认证
  • 从传感器节点到网络服务器之间所有级别的数据安全认证
  • 保护工业应用,防止假冒
  • 通过智能通知跟踪产品寿命
  • 拒绝不安全的工业传感器节点
MAXREFDES143#系统板 MAXREFDES143#系统板 放大+


MAXREFDES143#参考设计框图 MAXREFDES143#参考设计框图 放大+
详情介绍

Introduction

In this IoT-embedded world, security emerges as a paramount feature to protect industrial equipment from counterfeiting while tracking product lifetime with smart notifications. The MAXREFDES143# is a reference design that demonstrates an authenticated data chain from a protected sensor node to a web server. There are notifications to the user through the web server when intervention is required such as when it is time to change the consumable being monitored (i.e., the protected sensor node), a filter in this case, or if an unsafe consumable (i.e., counterfeit sensor node) is installed.

The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.

MAXREFDES143# System Board 放大+

Detailed Description of Hardware

The system in Figure 2 shows the high-level implementation of the design. The reference design sequence is as follows:

The mbed Platform uses the DS2465 to authenticate the DS28E15 on the Sensor Node. For details, refer to application note 5546, "The Fundamentals of a SHA-256 Master/Slave Authentication System."

  1. The Sensor Node measures temperature using the DS7505 and simulated filter life using the MAX44009, which measures light illuminating through the filter when requested from the mbed Platform.
  2. The mbed Platform uses the DS2465 to perform an Authenticated Write to filter life stored on the Sensor Node if necessary.
  3. The mbed Platform requests a challenge from the Web Server to prevent replay attacks.
  4. Use the DS2465 and the mbed Platform to formulate a MAC from the following components: formatted sensor data, a Transport Secret derived from the Master Secret, and received challenge from the Web Server.
  5. The mbed Platform sends sensor data and the newly formulated MAC to the Web Server using a Wi-Fi connection.
  6. The Web Server verifies MAC, adds authentic sensor data to the log, and distributes alerts if necessary.


Figure 1. The MAXREFDES143# reference design block diagram.

Hardware Setup

  • MAXREFDES143# kit including shield, Protected Sensor Node module, and ESP8266 Wi-Fi module (available for purchase)
    • Available for immediate download on the Design Resources tab is the schematic, BOM, and PCB Gerber.
  • MAX32600MBED# (ARM® mbed Enabled Development Platform for MAX32600—available for purchase separately) used as embedded microprocessor for the mbed Shield
  • USB A to USB Micro-B cable

Software Setup

Pinout
Figure 2 shows the shield pins (e.g., J3 to J6) that connect to the mbed Platform (e.g., MAX32600MBED#).

Shield Compatible Connections (Actual Connectors on the Back)
Figure 2. Shield compatible connections (actual connectors on the back).

Figure 3 shows the shield connections to the ESP8266 WiFi socket (J1), the Protected Sensor Node (J2), the three pushbuttons (i.e., SW1 to SW3), the RED LEDs (D1 and D2) and the LCD (part # NHD-C0220BiZ-FS(RGB)-FBW-3VM).

Peripheral and accessory connections.
Figure 3. Peripheral and accessory connections.

Quick Start

Required equipment:

  • Any PC or notebook computer with an internet browser and a free USB port
  • MAXREFDES143# board
  • MAX32600MBED# or equivalent mbed platform
  • USB A to USB Micro-B cable

Download, read, and carefully follow each step in the appropriate MAXREFDES143# Quick Start Guide.

ARM is a registered trademark and registered service mark of ARM Limited.
1-Wire and DeepCover are registered trademarks of Maxim Integrated Products, Inc.
Pmod is a trademark of Digilent Inc.