New kind of micro controller developer environment

[TuomoK]

Hello all!

We have worked with developer board device project. Before we officially launch our project we would be happy to hear your opinions, questions and ideas about it.

Am I allowed to share more specifications in this forum with you?

Thank you for your help!

BR

Tuomo

[TuomoK]

Hi!

We have finally released our web page.

Go and check http://www.thingsee.com/

BR

Tuomo

[fcb]

Nice spec.  Just backed it, look forward to April 2015.

[TuomoK]

Hello fcb!

Thank you for backing! This is awesome!

Let's spread the word to make this happen!

-Tuomo

[TuomoK]

Hello All!

You can find more behind the scene material from our Kickstarter web page.

https://www.kickstarter.com/projects/haltian/thingsee-one-the-smart-developer-device-for-mobile

BR

Tuomo

[lapm]

Looks nice, but could not find a word about security on that site. Is that secured somehow, since easy to hack IoT are all over headlines these days...

[nctnico]

Looks nice, but could not find a word about security on that site. Is that secured somehow, since easy to hack IoT are all over headlines these days...

You are right. What is holding the IoT back is the inability of cheap microcontrollers to have proper security. IMHO you can get very rich if you come up with a cheap I2C and/or SPI crypto chip which you can use to secure communication to an IoT device.

[free_electron]

Looks nice, but could not find a word about security on that site. Is that secured somehow, since easy to hack IoT are all over headlines these days...

You are right. What is holding the IoT back is the inability of cheap microcontrollers to have proper security. IMHO you can get very rich if you come up with a cheap I2C and/or SPI crypto chip which you can use to secure communication to an IoT device.

that does exist. simple 6 pin package. i2c interface. contains key memory and crypto engine. But only available under NDA.

[marshallh]

There exist cheap security solutions like that but they only prevent hardware cloning, they won't fix the terrible software the nodes run. The first wave of deployed IoT crap will be just that; Internet of Targets.

[Marco]

32 bit micros can do SSL easily ... the problem is not the micros.

[Kjelt]

32 bit micros can do SSL easily ... the problem is not the micros.

Still pretty costly, the TLS stack will cost the same amount of ROM and RAM as the IP stack. Both together will set you back an easy 80kROM and 32kRAM not included the message buffers.

that does exist. simple 6 pin package. i2c interface. contains key memory and crypto engine. But only available under NDA.

totally useless unless you can make the ucontroller itself safe against firmware ripping.
What they should do is integrate these devices inside the microcontroller and then encrypt the entire firmware, just decrypting it just before execution that would be some gain in security.
Two years ago, pro-FPGA manufacturers that had this "encrypted" external startup memory were also hacked  .
The safest way of not being hacked is making something worthless and so boring no-one wants to hack it 

[Marco]

A little security by obscurity is nice as well, but I'd hope each device would have it's own key and no default login/pw (so reverse engineering one device wouldn't really get you much unless you found an exploitable bug).

No bloody backdoors either, we really need some companies to be sued into bankruptcy for putting in exploited backdoors ... it's the only way things are going to change. In an ideal world some personal liability cases as well, but unless people die because of it that's not going to happen.

[janoc]

that does exist. simple 6 pin package. i2c interface. contains key memory and crypto engine. But only available under NDA.

Maybe stupid idea, but why not use a smartcard as a "crypto engine"? But then you are back to a SIM card concept

[Marco]

Crypto an sich is not an issue even on a 8 bit micro ... SSL as a whole is the issue (because people want to approach these things with a browser).

[lapm]

Looks nice, but could not find a word about security on that site. Is that secured somehow, since easy to hack IoT are all over headlines these days...

You are right. What is holding the IoT back is the inability of cheap microcontrollers to have proper security. IMHO you can get very rich if you come up with a cheap I2C and/or SPI crypto chip which you can use to secure communication to an IoT device.

Well why not use higher end micro-controller for that? Seriously adding even simple encryption should be standard feature on any IoT system. Or better yet use powerful enough micro that can handle appliance code and crypto as well.

If you choose to use too powerless micro that design decision that will bite its bossible market share. Not to mention exposing customers to blackhat hacker attacks. Personally knowing how crappy most consumer appliance software is, i would not trust anything that has IoT features in it.

[janengelbrecht]

Looks nice, but could not find a word about security on that site. Is that secured somehow, since easy to hack IoT are all over headlines these days...

You are right. What is holding the IoT back is the inability of cheap microcontrollers to have proper security. IMHO you can get very rich if you come up with a cheap I2C and/or SPI crypto chip which you can use to secure communication to an IoT device.

Well why not use higher end micro-controller for that? Seriously adding even simple encryption should be standard feature on any IoT system. Or better yet use powerful enough micro that can handle appliance code and crypto as well.

If you choose to use too powerless micro that design decision that will bite its bossible market share. Not to mention exposing customers to blackhat hacker attacks. Personally knowing how crappy most consumer appliance software is, i would not trust anything that has IoT features in it.

Before we know it...health equipment to supervise and regulate our body functions has IoT in it....black hats can then kill by hacking

[TuomoK]

Hi again!

About that security thing...

During the Kicstarter we will provide https for data transmissions.

We have AES-128bit encryption support built-in our MCU available for developers.

Future security features are under developing. We understand that security features are important especially for enterprise solutions.

-Tuomo

[nctnico]

32 bit micros can do SSL easily ... the problem is not the micros.

No they don't. I've been down that road and even a beefy microcontroller (>100MHz) with lots of RAM (>128kB) is still too slow for any serious encryption and too expensive.

[Marco]

So MatrixSSL, SharkSSL, Cyassl are all full of it?

ARM is going to support a free (but not open source) TLS component for their mbed OS BTW (a commenter on theregister thought it might be based on axtls). Regardless of quality at least it will be better priced.

[nctnico]

So MatrixSSL, SharkSSL, Cyassl are all full of it?

Yes. Like I wrote before: My opinion is based on my own experience. The weak (insecure) encryption algorithms are within the processing capabalities but if you want to use 256bit AES then you are screwed. And I'm not starting on the RAM requirements even if you have a hardware AES crypto engine.