Atmel | SMART Reference Design Smart Plug Technical Presentation MCU + Wireless + Security + Sensing
1
© 2015 Atmel Corporation
The three pillars of the IOT The fundamentals of an IOT Edge Node
Software 2
© 2015 Atmel Corporation
Connectivity
Intelligence
Security
IOT Node • • • • • • •
Low Power Connected Small Secure Scalable Inexpensive Robust
What Does it Take to Make IoT a Reality? Integrating IoT Technologies The core of any IoT design will incorporate an embedded processing device, potentially one or more sensors, connectivity that typically will be wireless-based, and finally, and possibly most importantly, device security.
The core component of the Software / Development Tools Ecosystem for IoT is Atmel START.
3
© 2015 Atmel Corporation
A Real IoT Application – Smart Plug Application scenarios
• •
4
Power plug with Wi-Fi, which enables power on/off control through Mobile App. A typical IoT device and can be integrated into all kinds of cloud based IoT platform
© 2015 Atmel Corporation
Introducing the Atmel Smart Plug Built on the three pillars of the IOT • • • • • • • • •
Turnkey system reference design CE/FCC & UL(CUL) certified US, EU and Chinese Outlet standards available AC Input from 90-265VAC @ 50Hz or 60Hz Maximum output of 10 Amps WiFi Connectivity Industry leading power measurement Touch User interface Cloud Connectivity
• (default) Cloudless, only with Android App • JingDong Smart Cloud (source code only) • Proximetry Cloud (source code only) •
Smart Phone provisioning and control
• Smart Plug Android App in Google Play • JD Weilian App (Android/iOS) 6
© 2015 Atmel Corporation
Smart Plug System Overview Block Diagram
ATSAMW25-MR510PB
7
© 2015 Atmel Corporation
Smart Plug Deliverables Orderable kits 1. Ordering Code
• ATSMARTPLUG-US • ATSMARTPLUG-EU • ATSMARTPLUG-CN
3. Atmel Store: http://www.atmel.com/tools/smart-plug-reference-design.aspx#buy
8
© 2015 Atmel Corporation
Smart Plug Deliverables Application notes/Hardware design files/Firmware 1. Application Notes
• • • • • •
Atmel AT15736: Atmel Smart Plug Getting Started Guide Atmel AT16225: Atmel Smart Plug Hardware User Guide Atmel AT15735: Atmel Smart Plug Firmware User Guide AT16268: JD Smart Cloud Based Smart Plug Getting Started Guide AT16267 - Firmware User Guide on JD Cloud Service Integration with Smart Plug AT17284 – Proximetry Cloud Based Smart Plug User Guide
2. Hardware design files released as .zip pack attached to AT16225 3. Default cloudless firmware on ASF3
• Used in certification, • Pre-programmed • Source and binary released as .zip pack attached to AT15735
9
© 2015 Atmel Corporation
Smart Plug Deliverables Firmware examples in Start 1. Three firmware examples in Atmel Start (available)
• Cloudless FW on ASF4 through Atmel START • JD Smart Cloud based firmware through Atmel START • Proximetry Cloud based firmware through Atmel START 2. Re-Programming is required to run these examples
10
© 2015 Atmel Corporation
Smart Plug Deliverables Mobile App 1. Mobile App available
• Smart Plug Android APP (v1.2.2) in Google Play •
Work with cloudless FW and Proximetry Cloud FW
•
https://play.google.com/store/apps/details?id=net.nanmu.atmel.smartplug
• JD WeiLian App (only in Chinese language) • Work with JD Smart Cloud based FW • http://smartcloud.jd.com/app
11
© 2015 Atmel Corporation
The Atmel Smart Plug
Hardware Design
13
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
• • • • • •
14
Three variants, each compliant with power outlet standards: US/EU/China Share the same circuit design and PCB layout Three PCB boards
• MCU board • Power board • Touch board Small and only cover the size of the wall-plug Safety protection CE/FCC and UL compliance
© 2015 Atmel Corporation
US
EU
China
Hardware Block Diagram Hardware Design
Output Socket
E N Input Plug
L
Relay
Fuse
ATM90E26 DC/DC 12V
WINC1500 3.3V SAMD21
LEDs
ECC508
Button
AC/DC
DataFlash
ATSAMW25
15
© 2015 Atmel Corporation
MCU Board Hardware Design
•
MCU Board
• • • •
16
SAMW25 32K crystal Data flash (Reserved) Programming Interface
© 2015 Atmel Corporation
MCU Board Hardware Design
•
17
Schematic For SAMW25
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
•
Interface Definition
• SWD interface • 1.27mm 10-pin
18
SWD header pin
Pin definition
ATSAMW25 pin
1
SWDCLK
25
2
GND
3
NC
4
VCC
5
SWDIO
26
6
RESET
24
7
NC
8
NC
9
NC
10
NC
© 2015 Atmel Corporation
Power Board Hardware Design
•
Power Board
• AC-DC (220VAC-12VDC) • DC-DC (12V-3.3V) • Power Measurement • •
19
(M90E26) Relay Plug and Socket
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
•
20
Schematic For Power Measurement Sample and Relay Control
© 2015 Atmel Corporation
Power Board Hardware Design
•
21
Schematic For AC-DC
© 2015 Atmel Corporation
Power Board Hardware Design
•
22
Schematic For Power Measurement
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
•
Power Measurement Design consideration
• AT90E26 is a professional single phase •
23
power metering IC. The parameter GL, Ugain, Igain and PLconstant come from the calculation, and can be modified in code.
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
•
Interface Definition
• Header to Power Board • Soldered
24
Power header pin
Pin definition
1
VCC
2
GND
3
Wi-Fi TXD (Reserved for Wi-Fi firmware upgrade on fixture)
2
4
Wi-Fi RXD (Reserved for Wi-Fi firmware upgrade on fixture)
3
5
Test RXD (Reserved for fixture)
19
6
Test TXD (Reserved for fixture)
18 41
7
Power Measurement RXD (Interface for MCU and power measurement device) Power Measurement TXD (Interface for MCU and power measurement device)
40
8 9
MCU Reset (Reserved for fixture)
24
10
Relay Control
22
11
MCU SWDIO (Reserved for fixture)
26
12
MCU SWDCLK (Reserved for fixture)
25
© 2015 Atmel Corporation
ATSAMW25 pin
Smart Plug Design Highlight Hardware Design
•
Touch Board
• Touch Pads • LEDs
•
25
Except the Touch Key which handles the ON/OFF/Reset function, another 2 touch sensors act as the touch guard. The touch guard sensors will prevent some scenarios from spurious triggering
© 2015 Atmel Corporation
Touch Board Hardware Design
•
26
Schematic For Touch Board
© 2015 Atmel Corporation
Touch Board Hardware Design
•
PCB Design For Touch Pads
• The square in the middle is the • •
27
ON/OFF touch pad. The 2 ‘L’ pads are the guard pad. They are designed as the selfcapacitance sensors.
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
•
Interface Definition
• Header to Touch Board • Plug-in, detachable
Touch header pin
28
Pin definition
ATSAMW25 pin
1
GND (External power input while the onboard power is not available)
2
VCC (External power input while the onboard power is not available)
3
Touch Guide Sensor 1
37
4
Power LED Green
28
5
Touch Key Sensor
36
6
Power LED Red
27
7
Touch Guide Sensor 2
35
8
Wi-Fi LED Red
14
9
Wi-Fi LED Yellow
16
10
Wi-Fi LED Green
15
© 2015 Atmel Corporation
PCB Stack Structure Hardware Design
•
PCB Stack Structure
• Power Board is the mother board • •
29
of the Kit. MCU board is soldered/mounted on the power board directly. Touch Board is assembled inner surface of top case. It connect the MCU board via connector.
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
•
31
Power consumption distribution
Status
Power consumption
Standby
0.4W max
Communicating
1.3W max
Communicating while Relay on
1.8W max
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
• •
CE/FCC, UL compliance UL consideration
• All components/materials are UL
• • •
32
compliance. The distance between the AC part and DC part should be bigger than 6mm The thickness of case is bigger than 2mm. etc.
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
•
Programming Tools
• JTAG with SWD interface which • •
33
supported by most of the Atmel Tools. 1.27mm, 10-pin header AVR programming port
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
•
Reprogramming Procedure
• Remove the Silica and screws • • •
34
in the case. Open the case Connect the external 3.3V to the touch header Connect the cable to the MCU board
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
•
Reprogramming the SAMW25
• Follow the regular programming process to re-program the SAMW25
35
© 2015 Atmel Corporation
Smart Plug Design Highlight Hardware Design
•
HW Limitation when reprogramming
• The user can not debug the touch code since the touch board is • •
36
removed. The Relay is not powered, so it will not work even the control signal is active. The external 3.3V only powers the SAMW25 but the AC part, the Power Measurement will not work.
© 2015 Atmel Corporation
The Atmel Smart Plug
Firmware Design (Cloudless Version)
37
© 2015 Atmel Corporation
Smart Plug Design Highlight Firmware Design - Functionality
• • • • • • • • • • •
On/Off control by phone APP Touch button control Programmable 7-day/week schedules (day/hour/minute) Output Energy/Voltage/Current/Power measurement Device temperature monitor and alarm Connection status indication (online/offline) Historic record of output energy/status etc. One-step Wi-Fi configuration to provision new smart plug Share Smart Plug to multiple users Smart Plug firmware OTAU Security
• Data Encryption/Decryption • Message Integration • Node Authentication
38
© 2015 Atmel Corporation
Smart Plug Design Highlight Firmware Design - FW Architecture
• •
The pre-programmed FW is based on ASF 3.x No RTOS Application
Initialization
UI - Touch Button, - LED
Wi-Fi Connectivity
Security Initialization
Protocol and Control Logical
Atmel Software Framework Services, Components, Drivers
39
© 2015 Atmel Corporation
Sensor -Energy Measurement -Temperature
Smart Plug Design Highlight Firmware Design – Atmel Start Configuration Page
• • •
40
Atmel Start version available. Based on ASF 4 Application layer is the same.
© 2015 Atmel Corporation
Smart Plug Design Highlight Firmware Design – MCU peripherals used
MCU ATSAMD21 Timer & Counter
GPIO
PTC
LED Indicator & Relay
41
RTC
Emulated EEPROM
© 2015 Atmel Corporation
EIC
ADC
Calendar mode
Temperature reference
SERCOM
SERCOM
SERCOM
SPI
I2C
UART
Wi-Fi
Security
Energy Measurement
ATWINC1500
ATECC508A
AT90E26
Touch Button
Smart Plug Design Highlight Firmware Design – Memory map & Flow chart 0x00040000
EEPROM 0x0003C000
Emulated EEPROM to store:
Wi-Fi SSID, PWD; User ID, keys; Application area info; Recent historic log, etc.
Application 2
Application area:
0x00020000
Divided into two areas; Only one application area is valid at a time; OTAU will update the other application area; All functions run from application area.
Application 1
Bootloader: 0x00004000
Bootloader 0x00000000
42
© 2015 Atmel Corporation
Check for valid application area by reading EEPROM; Boot from valid application area; No Wi-Fi and other application layer functions.
Smart Plug Design Highlight Firmware Design – Memory map & Flow chart 0x00040000
EEPROM
Power on reset
0x0003C000
No
Bootloader
Application 2
0x00020000
Application area found?
OTAU
Yes
Application firmware
Application 1 No OTAU triggered and completed? 0x00004000
Yes
Bootloader 0x00000000
43
© 2015 Atmel Corporation
Read Boot info from EEPROM
Warm reset
Smart Plug Design Highlight Firmware Design – Project folder structure
Protocol clusters and commands Plug node type function implementation SEGGER Real Time Transfer codes used for debug purpose
Atmel CryptoAuthentication support library Third party crypto library
MCU internal temperature sensor reading
QTouch button handler
Crypto functions based on ATECC508A LED indicator control Metering AFE initialization and control Main files
Wi-Fi application code
44
© 2015 Atmel Corporation
Smart Plug Design Highlight Firmware Design – Project folder structure (Atmel START)
CryptoAuthentication middleware Smart Plug application layer code (Similar to ASF3 based project) Qtouch library and EEPROM emulation are added separately as part of the application layer code.
Atmel START generated folders/files STDIO redirect middleware ATWINC1500 Wi-Fi middleware
Atmel START generated code.
45
© 2015 Atmel Corporation
Smart Plug Design Highlight Firmware Design – Touch Button
• • • •
46
ATSAMD21 PTC (Peripheral Touch Controller) is used for the touch button. Self-cap method. PTC QTouch Library is from ASF. Totally three sensors are used:
• One sensor for the button. • Two sensors as guard sensors to avoid false touch. As RTC is used in calendar mode, the timer for touch detection is from a separate TC.
© 2015 Atmel Corporation
Smart Plug Design Highlight Firmware Design – Wi-Fi Connectivity
• • • •
47
SERCOM is configured as SPI to work with ATWINC1500 inside ATSAMW25 module. Wi-Fi host driver is from ASF. By default, ATSAMW25 works in AP mode to allow Android app to provision the smart plug. After provisioned, smart plug will switch to STA mode and connects to Wi-Fi router for further communication with Android app.
© 2015 Atmel Corporation
Smart Plug Design Highlight Firmware Design – Wi-Fi Connectivity
• •
Adding New Device Working Session: node control, OTAU, node sharing etc.
Smart Provision
Node in AP mode WiFi Node Discovery WiFi Node Discovery Response APP
Add new node
Query attribute Report attribute
Query attribute Report attribute
Node in STA mode Data Exchange Control attribute
APP
48
© 2015 Atmel Corporation
Wi-Fi Router
Report attribute
Smart Plug Design Highlight Firmware Design – Wi-Fi Connectivity
• •
OTAU flow – Upgrade the host MCU firmware over the air Each time OTAU is done, the application area will be switched to new firmware. OTAU state cmd (OTA_HOST) OTAU state cmd response (OK) Smart plug switching to OTAU mode OTAU data frame 0 OTAU data frame response (OK) OTAU host MCU in progress
APP
Wi-Fi Router
OTAU data frame n OTAU data frame response (OK) OTAU state cmd (CRC_HOST) CRC check of host MCU in progress OTAU state cmd response (OK) OTAU state cmd (RUN_NEWF) OTAU state cmd response (OK)
49
© 2015 Atmel Corporation
Smart plug
Smart Plug Design Highlight Firmware Design – Protocol between plug and Android app
•
Two types of command frame formats
•
•
•
50
Non-encrypted:
Encrypted:
SOF
Data length
Seq. Num
CMD ID
Reserved
Command Payload
CRC32
Uint8
Uint16
Uint8
Uint8
Uint32
Variable
Uint32
0x5A
Packet length
SOF
Data length
Encrypted data
Initial Vector
ECDH Public Key
CRC32
Uint8
Uint16
N x 16 bytes
16 bytes
64 bytes
Uint32
0x5B
Packet length
Data to be encrypted: Nonencrypted command frame + MAC
Node public key used for ECDH
Include SOF
Defined commands
Supported commands
• • • • •
Network Entry Command Node Authentication Command Query Command Control Command Report Command
© 2015 Atmel Corporation
by
specific
Include SOF
Smart Plug Design Highlight Firmware Design – Energy Measurement
• •
• •
An external metering AFE (ATM90E26) is used for energy measurement. The following data is measured in smart plug:
• • • •
Current – instant RMS current Voltage – instant RMS voltage Power – instant active power Electrical energy – accumulated electrical energy
More parameters can be read from ATM90E26 if required. Refer to ATM90E26 datasheet for details. SERCOM is configured as UART to work with ATM90E26.
• 9600 • 1 stop bit • No parity
51
© 2015 Atmel Corporation
Smart Plug Design Highlight Firmware Design – Temperature Measurement
• • •
52
The ADC internal temperature reference is used for temperature measurement. The actual temperature is calculated based on method in chapter “Temperature Sensor Characteristics” of ATSAMD21 datasheet. The purpose of temperature measurement is to provide a rough and low cost temperature warning function.
© 2015 Atmel Corporation
Smart Plug Design Highlight Firmware Design – Memory footprint
•
Flash usage:
• 83244 bytes, 31.8% Full
Data 10 256
RTT 268
Crypto 9 676
ASF+gcc lib 23 580
Sensor 1 748
Protocol&Logic 10 656
•
SRAM usage:
Wi-Fi 16 072
Touch&LED 10 380
• 15632 bytes, 47.7% Full
RTT 1 160
ASF + gcc lib 556
Sensor 169 Wi-Fi 1 966 Touch&LED 1 290
Stack size 8 192 53
© 2015 Atmel Corporation
Crypto 894 Protocol&Logic 2 009
Smart Plug Design Highlight Security - Overview
•
Crypto Features
• Hardware-based Key Storage • High-Speed Public Key Algorithms • ECDSA: FIPS186-3 Elliptic Curve Digital Signature Algorithm • ECDH: FIPS SP800-56A Elliptic Curve Diffie-Hellman Algorithm
• • • •
54
AES-128 session key from ECDH key agreement algorithm Session key changes session by session. Message Integration by SHA-256 Node Authentication by ECDSA
© 2015 Atmel Corporation
Smart Plug Design Highlight Security - Prerequisites
•
For Node Authentication, two key/signature pairs are generated by/programmed into ECC508A in factory.
• Pub-d= Device Public Key • Priv-d= Device Private Key (Can never be read out) - To sign random
• • •
• • •
challenge from host. Sig-d= Device Signature by Signer (Priv-s) Pub-s= Signer Public Key Sig-s= Signer Signature by Root (Priv-root)
One public key is stored to phone APP.
• Pub-root= Root Public Key from Root Authority For ECDH, a key pair are generated by/preprogrammed in ECC508A in factory.
• Pub-x= ECDH eXchange Public Key • Priv-x= ECDH eXchange Private Key (Can never be read out) One key pair are generated on APP.
• Pub-host= Host Public Key from Android • Priv-host= Host Private Key from Android 55
© 2015 Atmel Corporation
Smart Plug Design Highlight Security - Adding node
•
Node Authentication – Verify smart plug 1) The Root Public Key (Pub-root) has been loaded onto the APP
APP
Smart Plug
New Smart Plug is started in AP mode 2) The APP has an ECC key pair (Priv-host & Pubhost)
APP selects one Smart Plug to connect to Request Device Authentication packet Device Authentication packet = Pub-d + Sig-d + Pub-s + Sig-s Verify Device Cert - ECDSA(sha2-Pub-d, Sig-d, Pub-s)
Not verified Show error Authenticity
Verify Signer Cert - ECDSA(sha2-Pub-s, Sig-s, Pub-root) Device verified Send Random Challenge: (randNum1) authSig = Sign(sha2-randomNum1, Priv-d) Random Challenge Response: authSig
Not verified Show error
Verify Device - ECDSA(sha2-randNum1, authSig, Pub-d) Send Android Public Key: (Pub-host) ACK
56
© 2015 Atmel Corporation
Smart Plug Design Highlight Security - Adding node Cont..
•
Encryption & Integrity
• Get device ID or
other device secret
APP
Smart Plug
Request DevInfoPacket Read Pub-x preMasterKey = ECDH(Priv-x, Pub-host) sessionKey = MAC(randNum1, preMasterKey) IV = Random() Collect data: DevInfo DevMac = MAC(DevInfo, preMasterKey)
Confidentiality DevInfoValid = DevInfo + DevMac DevInfoEnc = AES(DevInfoValid, sessionKey, IV) DevInfoPacket = DevInfoEnc + IV + Pub-x Reply with DevInfoPacket preMasterKey = ECDH(Priv-host, Pub-x) sessionKey = MAC(randNum1, preMasterKey) Decrypt = AES(DevInfoEnc, sessionKey, IV)
DevMacCalc != DevMac Show error Integrity 57
© 2015 Atmel Corporation
DevMacCalc = MAC(DevInfo, preMasterKey) DevMacCalc == DevMac
Smart Plug Design Highlight Security – Working session
•
Node Authentication – Verify user
The APP has an ECC key pair (Priv-host & Pubhost)
APP
Smart Plug
Both APP and Smart Plug connect to the same Router Wi-Fi Node Discovery Random Challenge with node MAC adddr: (randNum2) + MAC addr authSig = Sign(sha2-randNum2, Priv-host) Random Challenge Resp with host/user random: authSig + host/user random Authenticity Verify user - ECDSA(sha2-randNum2, authSig, Pub-host) User verified
58
© 2015 Atmel Corporation
Not verified Drop request
Smart Plug Design Highlight Security – Working session Cont..
•
Encryption & Integrity
APP
Smart Plug
• Data Exchange User verified Read Pub-x preMasterKey = ECDH(Priv-x, Pub-host) sessionKey = MAC(randNum2, preMasterKey) IV = Random() Collect data: DevData DevDataMac = MAC(DevData, preMasterKey) DevDataValid = DevData + DevDataMac DevDataEnc = AES(DevDataValid, sessionKey, IV) DevDataPacket = DevDataEnc + IV + Pub-x Reply with DevDataPacket preMasterKey = ECDH(Priv-host, Pub-x) Confidentiality
DevMacCalc != DevMac Show error
sessionKey = MAC(randNum2, preMasterKey) Decrypt = AES(DevDataEnc, sessionKey, IV) DevMacCalc = MAC(DevData, preMasterKey)
Integrity DevMacCalc == DevDataMac --- Show device in APP Session established
59
© 2015 Atmel Corporation
Encrypted Wi-Fi Node Discovery resp
Smart Plug Design Highlight Security - Node Sharing
•
•
60
Crypto Requirement
• • • •
Node Authentication – Verify Original User Node Authentication – Verify Shared User Get device ID or other device secret – Encryption and Integrity Only original user could delete shared user
Crypto flow is similar to the those mentioned during adding node and working session.
© 2015 Atmel Corporation
© 2015 Atmel Corporation. Atmel®, Atmel logo and combinations thereof, Enabling Unlimited Possibilities®, and others are registered trademarks or trademarks of Atmel Corporation or its subsidiaries. Other terms and product names may be trademarks of others. Disclaimer: The information in this document is provided in connection with Atmel products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN THE ATMEL TERMS AND CONDITIONS OF SALES LOCATED ON THE ATMEL WEBSITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS AND PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATMEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and products descriptions at any time without notice. Atmel does not make any commitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atmel products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life.
62
© 2015 Atmel Corporation