MAXREFDES155# IoT Embedded Security System Board - Review

Table of contents

RoadTest: MAXREFDES155# IoT Embedded Security System Board

Author: ss_shrenik

Creation date:

Evaluation Type: Evaluation Boards

Did you receive all parts the manufacturer stated would be included in the package?: True

What other parts do you consider comparable to this product?: Till date I did not come across any HW coprocessor which will add security functionality for IoT products.

What were the biggest problems encountered?: Demo was easy to setup and use. So did not come across any issues.

Detailed Review:

With today’s growing IoT devices and considering they all in some way or other talk to servers, security is concern if the communication between server and the IoT node.

If this path is not secure, hackers can mimic your communication and may take over the control of your devices. And this could be very serious situation that no one wants to get into.

 

With MAXREFDES155 board we would be able to make sure this path is secure. Without a security key, hackers will have difficulty in hacking these devices.

 

What is exactly Maxim’s solution

 

Heart of this solution is DS2476 DeepCover® ECDSA/SHA-2 secure coprocessor and DS28C36 Deepcover secure authenticator  , which authenticates data received from the cloud and generating signature to guarantee the authenticity of data it sends. The signature generated as described by ECDSA/SHA2 security algorithms which are very powerful.

 

In order to evaluate this, MAXREFDES155 is neatly designed and supported by popular ARM MBED platform.

 

In Box I received these parts

1. MAX32600MBED board

2. MAXREFDES155# System Board

 

 

MAXREFDES155 has arduino compatible pinout, and we just have to snap MAXREFDES155 on MAX32600MBED board.

 

 

MBED demo code

 

Architecture of Demo

 

Can find more info on https://www.maximintegrated.com/en/design/reference-design-center/system-board/6388.html/tb_tab1

 

Reference Design block diagram.

 

For this you have login to mbed.org and import the demo code into mbed cloud IDE

 

https://developer.mbed.org/teams/Maxim-Integrated/code/MAXREFDES155/

 

Then change the wifi SSID and Passward to match yours and then compile it.

In order to download the code on to the MAX326000MBED board, its similar to most of the MBED supported board. After plugging the board we will get mass storage device detected where we just have to copy the compiled binary.

 

Reset the board and then you will see below welcome screen on LCD.

 

 

Open maxim-security.com and then you will have login screen like this after selecting MAXREFDES155 platform from welcome screen. Insert the WEB ID displayed on LCD to login.

Next it will show Wifi SSID and Password that you have entered in Code.

 

Then you can go ahead and click on connect to WiFi. Which will then establish connection with the server.

 

     As can be seen in above image the board wil have a ROM ID which will be read from DS28C36.cpp and then used for identification of the specific board. Device Public Keys will be verified on Server as the per the authentication process.

     Following tests I tried on the setup once it was initialized.

  1. Test case scenario 1 - Read Object temp with Valid and invalid signature.

       Good thing about this demo that it provides OOB configuration on demo code to set valid and invalid signatures. As it can be seen below in left side picture, valid signature returns object temperature value and then setting invalid signature on device it provides error saying Data Not Authenticated.

 

 

And when set invalid signature we do see below

 

 

Controlling Laser from Web and Downloading data from server - shows capability of coprocessor verifying messages coming from server. This is very useful example to start with secure FW download, or Secure meta data download if any present in the product. Here also invalid data will not be authenticated on device side.

 

 

And Secure download is as below

 

 

Above steps and screenshots covers most of the demo part that Maxim has provided.

 

Now the last part I came across while closing the content is about memory it uses in order to use Deepcover security in any solution.

 

I found that including LCD, Sensors and WiFi it needs around 111.7Kb of Flash Size.  In fact I wanted to check out how much would flash/ ram size would it take if one is planning to integrate this solution in to their products. Considering IoT devices with small FLASH/RAM footprint and most often connectivity stacks such as WiFI, BLE. It would be interesting to see, how compact is this solution would be in terms of memory footprint. If anyone has already evaluated on this, I would be glad to know.

 

Conclusion:

1. With Demo example, you can pretty much cover all the aspects of Deepcover security.

2. Having HW based security would definitely can help in using less powerful MCU's in the products hence saving the cost.

3. Would be interesting to know the SW footprint of the solution if anyone needs to integrate into their product.

 

 

Regards,

Shrenik

Anonymous