HARDWARE SECURITY

For any electronic system to be secure it not only need to  have secure software but also need to be secure at the  Hardware level and Hardware security is an emerging issue.lets understand the difference between a secure and insecure system with the help of an example
Lets say we have to implement a 3 input encoder that assigns a 2-bit code to each of the three different input combinations. Here X,Y,Z are the inputs to the system and a and b are the outputs

If we look at the table we have used only 3 combinations of  X Y Z but there are 2^3 = 8 combinations possible with these inputs. But here the rest of the inputs are don't care .
If you will solve this system using K-map you will find following logical expression

a=x'yz' +xy'z'=(x(XOR)y)z'
b=x'y'z+xy'z'=(x(XOR)y'

But if you will analyse the  table closely there is another possible expression which is as following

a=z'  b=y'

Now lets compare these two versions ,on the first sight you might feel that the second implementation i.e a=z' and b=y' is a better implementation . Since it will require lesser number of gates which in turn means lesser propagation delay and hence faster system,lesser hardware so cheaper system,lesser space consumption. So it will be a fantastic reduction Isn't it?

But if you would really broaden your perspective and if you will look from the perspective of security this lower implementation is more vulnerable and it is more easy for a potnential intruder to find a back door.

Lets look at the problem
Here we have defined 3 input combinations. for 1,0,0 as input the output is 1,1. But there is another input combination 0,0,0 which we have not defined the system for,but can give the same output . So this is a potential backdoor.
Secondly if we give 011 or 111 is input the system gives 00 as output and  if this output is fed into another part of the system which doesn't expect this input there may arise undesirable things. Such type of attack is called a fault injection attack.

So with this small example we can understand that there is a trade off between the performance and security. Most of the time while making the system secure we have to add some extra overhead.

On the software side there is  more awareness about the vulnerabilities and techniques to fix them.With the software you may run software to test for virus and trojan horse.But on the hardware layer the first thing which is the detection of a vulnerability is very difficult once the final hardware is in your hand. . A complete trust can be only obtained if you have control over the whole development life cycle and again having control over the complete design cycle is very difficult job.
Vulnerabilities may arise in the hardware from the microchip supply chain.Someone can place a back door during the fabrication. Often the fabrication is done off shore in the areas where it can happen cheaply but it makes it difficult to control the design process. The IP and CAD design tools that are used to implement the hardware must be from a trusted source Improper implementation of logic like we saw in the above example is another cause of vulnurability.

Arduino Tips & Tricks

Part1: Using buttons in a Reliable way.

Buttons are an integral part of any system. Although now we are more into touch panels and touch screens but still they are there in slightly older systems and may be their count will drop down considerably but they will remain part of newer systems too. So it is good to understand them.

There are two key issues that arise while dealing with buttons.
1. Switch debounce. This is a issue that arise when you press a switch to open it or close it. Spurious signals or sometimes termed as spikes arise when contacts are made or broken. This results in false detection of state.
2. Non usage of pull-ups or pull downs. This  also leads to a state which is un-deterministic.

So these are the problems that I am going to discuss and the measures you should take to eradicate these issues.If you couldn't understand some pieces of what i wrote just don’t worry keep reading and you will get it after you read the examples below.

Example 1:

In this example we will read the state of pin 5 on arduino and will toggle the state of LED on pin 13 according to the state of pin 5. The circuit diagram is as below.

 Here as you see a button is connected to pin 5 and there is a resistor of 20k. This resistor is technically called a pull down resistor. When the button is pressed circuit is completed and  there is a voltage drop across the 20k resistor and this voltage drop should be more than 2.5V. If it is so the state of pin 5 will be read as HIGH by the controller otherwise the state will be read as LOW and you can use this information to switch on or off any LED or anything else. If we donot use the 20k resistor then when the button is not pressed the state of pin 5 will be undeterministic  but as there is a resistance here which pulls down the state of pin 5 to ground when button is not pressed so the indeterministic state is avoided. 

Below is a code that turns the LED on and off based on the state of pin 5

const int ledPin = 13; // choose the pin for the LED     ///#D80E49
const int inputPin = 5; // choose the input pin (for a pushbutton)
void setup() {
pinMode(ledPin, OUTPUT); // declare LED as output
pinMode(inputPin, INPUT); // declare pushbutton as input
}
void loop(){
int val = digitalRead(inputPin); // read input value
if (val == HIGH) // check if the input is HIGH
{
digitalWrite(ledPin, HIGH); // turn LED on if switch is pressed
}
else
{
digitalWrite(ledPin, LOW); // turn LED off
}
}

Here you saw the that a pulldown resistor( or a pullup resistor which is connected to Vcc instead of gnd) is very necessary. Run the above code without this resistor and you can yourself see the difference it creates. 

USING INTERNAL PULL UPS

There are internal pull up resistors available inside the the microcontroller on any arduino board. They can be activated if you want to and in that case you will not have to add an external resistor. To activate it you have to make the state of pin set as input to HIGH in the setup function of arduino.

CODE:

Look at the line  6.

const int ledPin = 13; // output pin for the LED
const int inputPin = 5; // input pin for the switch
void setup() {
pinMode(ledPin, OUTPUT);
pinMode(inputPin, INPUT);
digitalWrite(inputPin,HIGH); // turn on internal pull-up on the inputPin
}
void loop(){
int val = digitalRead(inputPin); // read input value
if (val == HIGH) // check if the input is HIGH
{
digitalWrite(ledPin, HIGH); // turn LED OFF
}
else
{
digitalWrite(ledPin, LOW); // turn LED ON
}
}

so that solves for this time .

Arduino TIps & Tricks

How to bootload  atmega 328P  using Arduino Uno board as ISP?

 In situations when you accidently fry an atmega 328P chip on your arduino board you will have to replace it with a new chip. When you would search for this chip online you would find it selling as atmega328P and atmega 328P with optiboot. The one with the bootloader preinstalled is generally priced 50 to 100 INR more then the other one. If you choose to buy the one with optiboot , you can put it on your arduino board as soon as you receive it. But if you chose to go for the first option you will need to bootload it first. In this post I will share with you how to bootload an IC  by using an arduino board as an ISP (In system programmer). However this can be done by using a dedicated programmer like USB asp or any other programmer.

STEP-1: Preparing the IDE and Arduino

• Connect the arduino uno to the computer
• Check if the right Com is selected on the arduino IDE.Tools>SerialPort>ComX
• Check if the right board is selected by going to  Tools>Boards>ArduinoUno
• Go to the Arduino IDE >examples>ArduinoISP and upload it to your Arduino board.
• select arduino as ISP by going  to Tools>Programmer>Arduino as ISP.

STEP-2: Making the bare minimum circuit on a breadboard.

Place the IC to be bootloaded on a breadboard and make the connections as shown in the pictures below.

STEP-3:
Go to tools then click on burnbootloader. If you followed eveything correctly.You will see the following messages

So now you can use this IC on any arduino board and upload codes to it using the COM port on computer.

Arduino Tips & Tricks

What is a bootloader? why is it needed? 

what & why of Bootloader?

Bootloader is a small piece of code that lives in a reserved space on the atmega IC. It plays a very crucial role in giving  arduino board user the ease of programming the board over a USB connection.
Lets look at the arduino uno board to know about it in detail.

When an arduino board is programmed from the USB conncection  you program the atmega 328P chip. But there need to be someone in between the computer and atmega 328P which can do the conversion from USB to serial interface,so that the data can be programmed on atmega328P.A chip atmega 8u2  as depicted by a small square on the pictures handles the conversion from USB to serial interface.  So there needs to be  some software on the atmga328P to handle the communication with atmega8u2. This software or code is what we call the BOOTLOADER .

DOWNSIDES OF HAVING THE BOOTLOADER

The bootloader gives you the ease of programing the arduino board over the USB connection. But it has a few downsides which are written below.

1.  It consumes 512 bytes out of 32k of program memory on the arduino.
2.  Every time the Arduino board is powered on or it resets the bootloader waits for 0.5 sec to check if the computer is trying to upload any sketch,if  there is a sketch that needs to be uploaded it is uploaded otherwise the program counter starts working through the sketch that is already their in the atmega328P . So everytime you reset or power on or click on upload button  on the Arduino IDE  the board is first reset then then it waits for 0.5 sec. Hence the execution of your sketch doesn't start instantaneously due to bootloader.

Can we get rid of bootloader?

If the above two drawbacks pose to be  a hindrance for your application you can get rid of the bootloader. But once you get rid of it you will not be able to use USB connection for programming. Rather you would require a dedicated hardware like AVRISP MKII like shown below or  usbasp programmer or another Arduino board to program this board.

In such a case you will program using the ICSP header as shown in the figure.In such a case the communication with the micro-controller will be using SPI(Serial peripheral interface). Once you will program your atmega 328 using an AVRISP MKII o other dedicated programmer it will erace the bootloader from your IC.In my next post i will share about how to bootload an IC.

Arduino Tips & Tricks: 

 Simulate the functionality of Arduino boards on a simulation software PROTEOUS.

A simulator software gives you ability to test your code without actually running the code on the hardware. It virtually creates the environment of your target hardware. Proteous is one such simulator software. By default it supports simulation of code for 8051,PICand AVR controllers. But thanks to the hard work by developers who had made libraries that lets you even simulate an arduino code. All you need to do is download the files and paste them in the library folder of your Proteous software.In this post i will share with you the steps you need to follow.

Step 1: Download the library files from here.
Step 2: unzip the rar and you will find two files with extensions .IDX and .LIB. Copy them.
Step 3: Paste them in the library folder of your proteous. Depending upon the version of proteous you have the path will be either of the following.

C:\Labcenter Electronics\Proteus 7 Professional\LIBRARY

C:\Documents and Settings\All Users\Application Data\Labcenter Electronics\Proteus 8 Professional\LIBRARY

Step 4: If your proteous ISIS was already open close it and reopen it. Now you will be able to pic the arduino boards . Go to ISIS professional>component mode>pick from library.

similarly any other library can be added to the proteous.

Step 5: Now that we have got the libraries in place. Lets make a blinking program. write the following code in the Arduino IDE and hit the compile button. the sofware will generate  a hex file . If you donot know how to locate this file please visit my another post here

int led = 13;
void setup() 
{                
  pinMode(led, OUTPUT);     
}
void loop() 
{
  digitalWrite(led, HIGH);   // turn the LED on (HIGH is the voltage level)
  delay(1000);               // wait for a second
  digitalWrite(led, LOW);    // turn the LED off by making the voltage LOW
  delay(1000);               // wait for a second
}

Step 6: Make the connections and add the hex file.  After adding the hex file click on the play button in the left bottom of the software window.

If you followed everything correctly. Here is what you will see.

Arduino Tips & Tricks: 

Where is the main() function in the arduino codes?

While writing a code  on AVR studio or keil uvision every code should have a main function. And during the days when i started programing my teacher told me that every c /c++ code should have a main() function and there should be one and only one main in any program. While writing big programs the programmers tend to write different parts of program in different tabs for better readability and understanding and sometimes  write #include<abc > in the tab where main function is written to include those files 

But in an arduino environment you never find  something like below

void main()
{

}

well does that mean it does't have one. It seems so but it is not actually like that as basics never go out of fashion. It is just another way of arduino to make things simple by hiding the void main. Actually what happens behind the scene is something like below

int main(void)
{
    init();

    setup();

    for (;;) {
        loop();
    }

    return 0;
}

so the setup() and loop() are actually part of main. And the loop function is actually a function under infinite for loop. This also explains why the setup()  runs only once and loop() is executed again and again

Arduino Tips & Tricks:

 Where is the hex file in the Arduino environment?

The thing that made Arduino a big big success is its ability to hide all the complexities and yet give the user so much freedom to create new things. Working on 8051 or bare avr  after writing and compiling  a code in keil uvision or avr studio  a .hex is generated which is burnt into the micro-controller IC  by placing the IC in a zip socket on the burner or using an ISP(in system programmer). But in case of arduino ,the arduino environment takes care of everything and for a long time i even dint know if there is a hex file that is also here in a background.

The clever Arduino environment first checks the code to make sure it is in confirmation with the c /c++ . then the code is passed to a compiler called avr-gcc which converts the code from human readable to machine readable and the code is linked with standard  arduino libraries. and after all this a single hex file is created which contains all the information of your code and then through the com port  ,using an avr chip (this is an avr micro-controller apart from the main controller where you put your code )programmed to handle usb to serial conversion this file is uploaded to your chip's program memory and your arduino board executes the code.

Where is the .hex actually stored? 

To locate the hex file created by your arduino IDE. follow the following snapshots

1. Go to file>Preferences. And check the box next to compilation . 

2. Now compile or upload your program. As you will compile or upload after you check that box you will get a path to a folder where there are temperary files of your system like this C:\Users\HP-PC~1\AppData\Local\Temp\build8697542525264515009.tmp. Copy this path and paste it as shown,remove the name of hex  file. 

3. Once you will hit enter after pasting your path you will reach the place where your hex file is stored.

What is the advantage of knowing about the location of hex file?

There are some great advantages of knowing this information.

1.  If  you don't actually have a Arduino board, but you want to use the arduino libraries and the ease of coding  in Arduino environment or a code from big arduino community that you want to run .And all you have is  any AVR chip and an ISP programmer like mk-II  or a USB-ASP or some other varient you can compile the program using arduino IDE ,obtain the .hex file and can burn it using the software provided with your programmer. 
2. There is a software named Proteous which can simulate a microcontroller. You just put in a .hex file and it will simulate and execute the code just like on real hardware. The hex file obtained by the above method can be used to do that too.