Embedded security in IoT – reference design

July 11, 2016 // By Graham Prophet
Maxim Integrated has posted details of a reference design it terms DeepCover Embedded Security in IoT Authenticated Sensing and Notification: MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server.

The design’s hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary.


In this IoT-embedded world, security emerges as a paramount feature to protect industrial equipment from counterfeiting while tracking product lifetime with smart notifications. The reference design demonstrates an authenticated data chain from a protected sensor node to a web server. There are notifications to the user through the web server when intervention is required such as when it is time to change the consumable being monitored (i.e., the protected sensor node), a filter in this case, or if an unsafe consumable (i.e., counterfeit sensor node) is installed.

The operating sequence is;

- The Sensor Node measures temperature using the DS7505 and simulated filter life using the MAX44009, which measures light illuminating through the filter when requested from the mbed Platform.

- The mbed Platform uses the DS2465 to perform an Authenticated Write to filter life stored on the Sensor Node if necessary.

- The mbed Platform requests a challenge from the Web Server to prevent replay attacks.

- Use the DS2465 and the mbed Platform to formulate a MAC from the following components: formatted sensor data, a Transport Secret derived from the Master Secret, and received challenge from the Web Server.

- The mbed Platform sends sensor data and the newly formulated MAC to the Web Server using a Wi-Fi connection.

- The Web Server verifies MAC, adds authentic sensor data to the log, and distributes alerts if necessary.


The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire master function, an LCD, LEDs, and pushbuttons.