AT88CK590

AT88CK490 and AT88CK590 Atmel® CryptoAuthentication™ USB Dongle Demo-Evaluation Kits For ATSHA204A, ATAES132A, ATECC108A, and ATECC508A HARDWARE USER GUIDE Atmel CryptoAuthentication USB Dongle Demo-Evaluation Kits Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 Introduction The Atmel® CryptoAuthentication™ USB Dongle Evaluation Kits are the ideal way to evaluate the performance and applicability of the Atmel Family of CryptoAuthentication devices. Each kit contains three devices:  AT88CK490 Kit (Blue PCB): ATAES132A, ATSHA204A, and ATECC108A  AT88CK590 Kit (Red PCB): ATAES132A, ATSHA204A, and ATECC508A. The kits are USB dongles that allows the interested evaluator to plug it into a PC and use the evaluation and development software package called Atmel CryptoAuthentication Evaluation Studio (“ACES”) that is easily downloadable from the Atmel website. Each kit includes an Atmel AT90USB1287 AVR® microcontroller which provides a convenient USB 2.0 Full Speed interface allowing users to understand and experiment with the CryptoAuthentication devices. Developers can use the provided 5-pin interface at the end of the board and can be used to monitor the I2C protocol. Atmel also offers a socketed board called the Atmel AT88CK101 for the purpose of firmware development, which allows the user to try differently configured devices on a target system. Typically, users will start with one of the USB Dongle kits for evaluation and part selection and then migrate to the AT88CK101 for the purpose of development. Both kits run the ACES configuration environment software package, which provides continuity from the evaluation to development stage. Complete support for this kit is available at www.atmel.com/cryptokits. Kit Contents  CryptoAuthentication USB Dongle Evaluation Kit CryptoAuthentication USB Dongle Kit Features 2  Atmel ATAES132A CryptoAuthentication IC: I2C Address (0xA0)  Atmel ATSHA204A CryptoAuthentication IC: I2C Address (0xC8)  Atmel ATECC108A CryptoAuthentication IC: I2C Address (0xC0) – AT88CK490 Only  Atmel ATECC508A CryptoAuthentication IC: I2C Address (0xC0) – AT88CK590 Only  Atmel AT90USB1287AVR – 128KB of In-system Programmable Flash – 4KB EEPROM – 8KB Internal SRAM  USB 2.0 Full Speed Device  Power LED (Red)  Three Status LEDs (Blue) CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] 2 Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 Table of Contents Board Overview .................................................................................................................... 4 CryptoAuthentication Device Family Overview .................................................................. 4 ATAES132A .....................................................................................................................................................5 ATSHA204A .....................................................................................................................................................5 ATECC108A.....................................................................................................................................................5 ATECC508A.....................................................................................................................................................6 Get Started ............................................................................................................................ 6 Step 1 Step 2 Step 3 Step 4 Step 5 Download ACES Software at www.atmel.com ...............................................................................6 Power-Up the USB Dongle Kit .......................................................................................................7 Select the Atmel CryptoAuthentication Device to Evaluate ............................................................ 7 Use ACES to Evaluate the Device .................................................................................................8 Optional: USB Dongle Kits Communication Protocol ...................................................................9 ACES Evaluation Example – Validate MAC Command ...................................................... 9 Step 1 Step 2 Step 3 Launch ACES and Select ATSHA204A .........................................................................................9 Launch the Validate Mac Window ..................................................................................................9 Execute the Validate Mac ............................................................................................................ 10 Schematics.......................................................................................................................... 11 Firmware Upgrade .............................................................................................................. 13 References and Further Information ................................................................................. 13 Additional Evaluation Kits ............................................................................................................................... 13 Start with a Demo-Evaluation Kit .......................................................................................................... 13 AT88CK101 or CryptoAuthXplained Development Kit .......................................................................... 13 AT88CK9000 Secure Personalization Kit Option .................................................................................. 13 Revision History ................................................................................................................. 14 CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 3 3 Board Overview Figure 1. Top Side Placement of Components (AT88CK590 Shown) CryptoAuthentication Device Family Overview Atmel offers the industry's widest portfolio of crypto elements with ultra-secure hardware-based key storage to provide confidentiality, integrity, and authentication. The Atmel crypto element devices included in each kit are noted below: Table 1. Atmel Crypto Element Devices Demo-Evaluation Kit 4 ATAES132A ATSHA204A ATECC108A AT88CK490    AT88CK590   CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] 4 Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 ATECC508A  ATAES132A The ATAES132A with hardware-based key storage is a very fast, high-security, Serial 32Kb EEPROM that enables authentication and confidential nonvolatile data storage. It is a direct drop-in for industry standard Serial EEPROMS and implements Advanced Encryption Standard (AES) cryptography. Access restrictions for the 16 user zones are independently configured and any key can be used with any zone. Keys can also be used for standalone authentication. The AES-128 crypto engine operates in AES-CCM mode to provide authentication, stored data encryption/decryption, and Message Authentication Codes (MACs). Data encryption/decryption can be performed for internally stored data or for small external data packets depending upon the configuration. Data encrypted by one ATAES132A device can be decrypted by another, and vice versa. The User Memory can be accessed directly with standard SPI or I2C commands. The device’s secure Serial EEPROM architecture and packages are compatible with standard SPI and I2C EEPROM footprints. This allows insertion into many existing Serial EEPROM applications. For additional information please go to: www.atmel.com/devices/ATAES132A.aspx ATSHA204A The cost-effective ATSHA204A with hardware-based key storage provides flexible user-configured security to enable a wide range of applications. With cryptographic algorithms built-in, it is easy to design in without having cryptographic expertise. The ATSHA204A integrates the 256-bit Secure Hash Algorithm (SHA-256) and contains 4.5Kb EEPROM for secure key and data storage. Features such as small outline plastic package and either an I2C or a Single-Wire Interface (SWI) make the ATSHA204A ideal for handheld electronic systems or any space-constrained embedded system. Implementing host-side security to provide a full symmetric authentication system solution is very easy. The ATSHA204A includes client and host security capabilities that offloads key storage and the execution algorithms from the microcontroller, which significantly reduces system cost and complexity. For additional information please go to: www.atmel.com/devices/atsha204a.aspx. ATECC108A The ATECC108A supports full 256-bit Elliptic Curve Cryptography (ECC) and has no need for secure storage in the host. The ATECC108A includes an EEPROM array for storage of up to 16 keys, miscellaneous read/write, read-only or secret data, consumption logging, and security configurations. Access to memory can be restricted in a variety of ways and the configuration can be locked to prevent changes. The ATECC108A features defense mechanisms to prevent physical attacks on the device or logical attacks on the data transmitted between the device and the system. Hardware restrictions on the keys generation or use provide further defenses. Access to the device is made through a standard I2C Interface at speeds of up to 1Mb/s. It supports a SWI, which can reduce the number of GPIOs required on the system MCU. Multiple ATECC108A devices can share the same bus, which saves processor GPIO usage in systems with multiple clients. For additional information please go to: www.atmel.com/devices/atecc108a.aspx. CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 5 5 ATECC508A The ATECC508A with secure hardware-based key storage supports full 256-bit ECC and is the first device to integrate ECDH (Elliptic Curve Diffie–Hellman) key agreement, which makes it easy to add confidentiality (encryption/decryption) to digital systems including Internet of Things (IoT) nodes used in home automation, industrial networking, accessory and consumable authentication, medical, mobile, and other applications. In addition to ECDH, the ATECC508A has ECDSA (Elliptic Curve Digital Signature Algorithm) sign-verify capabilities built-in to provide highly secure asymmetric authentication. The combination of ECDH and ECDSA makes the device an ideal way to provide all three pillars of security (confidentiality, data integrity, and authentication) when used with MCU or MPUs running encryption/decryption algorithms (e.g. AES) in software. Similar to all Atmel CryptoAuthentication products, the ATECC508A employs ultra-secure hardware-based cryptographic key storage and cryptographic countermeasures which are more secure than software-based key storage. Able to support asymmetric authentication, there is no need for secure storage in the host. An EEPROM array is included for storage of up to 16 keys, miscellaneous read/write, read-only or secret data, consumption logging, and security configurations. Access to memory can be restricted in a variety of ways and the configuration can be locked to prevent changes. Access is through a standard I2C Interface at speeds of up to 1Mb/s. It supports a SWI, which can reduce the number of GPIOs required on the system MCU. Multiple ATECC508A devices can share the same bus, which saves processor GPIO usage in systems with multiple clients. The ATECC508A can generate high-quality FIPS random numbers for any purpose ensuring that replay attacks (i.e. re-transmitting a previously successful transaction) always fail. System integration is easy due to a wide supply voltage range (2.0V to 5.5V) and an ultra-low sleep current ( All Programs > Atmel Crypto Solutions > ACES > ACES CE. When the kit is plugged into the USB port, ACES will automatically detect that the kit is attached and launch the Kit Detection dialogue box. 6 CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] 6 Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 Step 2 Power-Up the USB Dongle Kit The kit is powered through a USB Port. Simply insert the board into an open USB port and then the following sequence will occur: 1. The red power LED will illuminate. 2. The device will go through a self-test. 3. All three blue LEDs will illuminate. Figure 2. Kit Powered Through USB Port Step 3 Select the Atmel CryptoAuthentication Device to Evaluate Choose which device to evaluate by using the Kit Detection dialogue box that will appear as shown below. Once the device is selected, the blue LED corresponding to that device will flash and the other device status LEDs will be disabled. (Please note that the LED will also flash when traffic is going to and from that device.) For additional information regarding the use of ACES and on the devices when first power-up, check the Show Quick Start Guide checkbox. Figure 3. Kit Detection Dialogue Box AT88CK490 Dialogue Box AT88CK590 Dialogue Box CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 7 7 Step 4 Use ACES to Evaluate the Device Please refer to www.atmel.com/tools/ATMELCRYPTOEVALUATIONSTUDIO_ACES.aspx for detailed information about ACES. An example of the ACES configuration screen is shown below: Figure 4. ACES – Software Environment for Demo, Evaluation, and Design Device Navigator Generates, Stores, and Reloads Configuration Files. Tools Demos and Wizards Commands Help Datasheet Explained via Help Screens Configuration Zone Displays EEPROM Registers and Contents. Communication Log ● Teaches Command, Structure, and Encoding. ● Displays Actions and Results. 8 CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] 8 Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 Step 5 Optional: USB Dongle Kits Communication Protocol It is possible to obtain access to the communication protocol of the CryptoAuthentication USB Dongle kits which are designed to interface with either a Microsoft HID driver or the Atmel AVR CDC driver. Both interfaces use the same Atmel CryptoAuthentication Kit Protocol, which is an ASCII-based interface to the AT90USB1287 AVR microcontroller located on the kit. The protocol allows control of all devices on the I2C bus. Source code for the kit protocol is available for download at: www.atmel.com/cryptokits. ACES Evaluation Example – Validate MAC Command Step 1 Step 2 Launch ACES and Select ATSHA204A Launch the Validate Mac Window On the main menu, select Tools > Validate MAC. Figure 5. Validate MAC Tools Menu CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 9 9 Step 3 Execute the Validate Mac The Validate MAC window should now be displayed. 1. Click on the Execute Nonce button. 2. Click on the Execute MAC button. 3. Click on the Execute CheckMac button. The CheckMac Result line should indicate Matched. See Figure 6. Figure 6. Validate MAC Pane Congratulations, the Atmel USB Dongle Demonstration-Evaluation Kit is up and running. See ACES online help for additional information. Additional samples can be found at: http://www.atmel.com/forms/Samples.asp?family_id=699 10 CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] 1 Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 0 Schematics Figure 7. Microcontroller and Status Circuitry Schematics CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 11 1 1 Figure 8. 12 Crypto Device Circuitry Schematics CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] 1 Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 2 Firmware Upgrade For firmware upgrades, please refer to the application note, “Upgrading the Atmel CryptoAuthentication/Tempsensor Kit Firmware Using FLIP”, which is located at the following site: http://www.atmel.com/tools/AT88CK590.aspx?tab=documents. References and Further Information Schematics, Gerber files, Bill Of Materials (BOM), development, and demonstration software are conveniently downloadable from the Atmel website at www.atmel.com/cryptokits. Additional Evaluation Kits Atmel offers a range of kits to support the Atmel CryptoAuthentication device development all the way to small-run production. The Atmel kits run ACES software to configure the CryptoAuthentication devices. The combination of the user friendly hardware and software presents users with exactly what is needed through the process. For information on the latest and all of the available Atmel Crypto Kits please go to: http://www.atmel.com/CryptoKits/CryptoAuthentication_SelectorGuide.pdf Start with a Demo-Evaluation Kit The AT88CK590 and AT88CK490 demo-evaluation kits includes three devices each. Once the user gets a feel for the operation and performance of the devices, the next task is development. AT88CK101 or CryptoAuthXplained Development Kit The AT88CK101 development kit is a socketed kit that allows the developer to program the Atmle CryptoAuthentication devices and then install those devices in their system. Versions that support the various device package types are available. The CryptoAuthXplained and CryptoAuthXplained Pro (Coming Soon), which are standard 10/20-pin daughterboards instantly adds the Atmel CryptoAuthentication devices to the Xplained or XplainedPro development environment boards. AT88CK9000 Secure Personalization Kit Option The Atmel AT88CK9000 secure personalization kit allows programming of small batches of ATSHA204A devices quickly, easily, and cost-effectively. This option decreases the cycle times of prototype, pre-production, and lower-volume production, improving time to market. The AT88CK9000 securely programs up to 5 or 10 devices simultaneously depending on the package option. Running production is as easy as pressing a yellow button...literally. CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 13 1 3 ATMEL EVALUATION BOARD/KIT IMPORTANT NOTICE AND DISCLAIMER This evaluation board/kit is intended for user's internal development and evaluation purposes only. It is not a finished product and may not comply with technical or legal requirements that are applicable to finished products, including, without limitation, directives or regulations relating to electromagnetic compatibility, recycling (WEE), FCC, CE or UL. Atmel is providing this evaluation board/kit “AS IS” without any warranties or indemnities. The user assumes all responsibility and liability for handling and use of the evaluation board/kit including, without limitation, the responsibility to take any and all appropriate precautions with regard to electrostatic discharge and other technical issues. User indemnifies Atmel from any claim arising from user's handling or use of this evaluation board/kit. Except for the limited purpose of internal development and evaluation as specified above, no license, express or implied, by estoppel or otherwise, to any Atmel intellectual property right is granted hereunder. ATMEL SHALL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMGES RELATING TO USE OF THIS EVALUATION BOARD/KIT. ATMEL CORPORATION 1600 Technology Drive San Jose, CA 95110 USA Revision History 14 Doc Rev. Date 8941A 05/2015 Comments Initial document release. CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] 1 Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 4 Atmel Corporation 1600 Technology Drive, San Jose, CA 95110 USA T: (+1)(408) 441.0311 F: (+1)(408) 436.4200 │ www.atmel.com © 2015 Atmel Corporation. / Rev.:Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015. Atmel®, Atmel logo and combinations thereof, Enabling Unlimited Possibilities®, CryptoAuthentication™, and others are registered trademarks or trademarks of Atmel Corporation in U.S. and other countries. DISCLAIMER: The information in this document is provided in connection with Atmel products. No license, express or implied, b y estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN THE ATMEL TERMS AND COND ITIONS OF SALES LOCATED ON THE ATMEL WEBSITE, ATMEL ASSUMES NO LIABILITY W HATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON -INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS AND PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT , EVEN IF ATMEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accurac y or completeness of the contents of this document and reserves the right to make changes to specifications and products descrip tions at any time without notice. Atmel does not make any commitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, auto motive applications. Atmel products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life. SAFETY-CRITICAL, MILITARY, AND AUTOMOTIVE APPLICATIONS DISCLAIMER: Atmel products are not designed for and will not be used in conne ction with any applications where the failure of such products would reasonably be expected to result in significant personal injury or death (“Safety -Critical Applications”) without an Atmel officer's specific written consent. Safety-Critical Applications include, without limitation, life support devices and systems, equipment or systems for the operation of nuclear facilities and w eapons systems. Atmel products are not designed nor intended for use in military or aerospace applications or environments unless s pecifically designated by Atmel as military-grade. Atmel products are not designed nor intended for use in automotive applications unless specifically designated by Atmel as automotive -grade. Atmel-8945A-CryptoAuth-USB-Dongle-Demo-Eval-Kits-Hardware-UserGuide_052015 CryptoAuthentication USB Dongle Demo-Evaluation Kits [HARDWARE USER GUIDE] 15 1 5