Slashdot Mirror

Dallas Semiconductor is the manufacturer/inventor of the 1-Wire network. Take a look at www.ibutton.com for a bunch of different devices. The iButtons are 1-Wire devices in a metal can, some can read temperatures and others can be used for access control. Dallas/Maxim has other 1-Wire devices that are not in a can, these are the ones that I use for my DigiTemp kits.

There are serial and parallel port adapters available (from iButton.com or from me in my Basic DigiTemp kit which uses the serial adapter), but the bus itself can be extended pretty far. Using cat-5 cable there are people with 300m runs I believe. The theoretical limit to the number of sensors on one 1-Wire lan is unlimited, they are digital device with a 64 bit unique serial number so that they can be individually addressed.

Brian

Yes, I agree it was grossly overcomplicated, and if I were doing the same thing today I'd probably have had the TINI post data to the app server instead, so as to cut the perl script out of the loop. But I didn't really trust the TINI as much more than a really smart 1-Wire interface, so in reality I'd probably design with the RS232-based 1-Wire interface card instead, or use a PIC to do all this. :-)

-jhp

[1] It was a bar fridge and the freezer frequently affected the thermostat due to their closeness. In line with programmer virtue #1, I wanted to wait to defrost until the temperature in the fridge put my food at risk.
[2] This was my first experience with surface-mount soldering. The new rev of the sockets board has a lot less cool stuff on it now -- the LCD interface is gone, for one.
[3]The TINI's Java environment wasn't hefty enough to handle PostgreSQL JDBC drivers so something else had to do this.
[4]It was 2001. I was trying to be nice to the electric grid and my own power bill, even though I was living in a district served by a municipal electric utility. Screw the "right to profit", every town should have one of these.
[5]RRDtool is for wimps and looks bad too. I had sub-pixel resolution, PNG output and anti-aliased fonts.

I can't reach the guy's site so I don't know if he's added custom drivers, but Dalls Semiconductor has Linux development kits and source code for their 1-Wire stuff here.

The most extreme, fun way is to use pyrometric cones - just wait for these cones to droop and move the joystick, and you'll find out the temperature! Here's how to use the cones when upgrading the wiring of your computer.

A much more practical way is to use the Dallas Semiconductor (now bought by Maxim, and not the magazine)

Dallas has a demo application you can use as an example - a weather station and some good application note examples. It uses the DS1820 or the DS18S20 and you can get up to 2 free samples of each. This device is digital, so no calibration is needed for the accuracy you need. They have a lot of other temperature sensors; some even have alarm outputs, so once you program it, reading only one bit will tell you if the temperature is out of limits. It has a well-written and complete datasheet. They've got software for win32, linux, beos, java, and 8051. If you write your own software or modifiy theirs, you don't really need a serial port adapter; just a wire on the parallel port will do (and it will power the device, too!!)

If anyone's interested, I can dig up some c-code that I used - it works with the parallel port under dos.

The most extreme, fun way is to use pyrometric cones - just wait for these cones to droop and move the joystick, and you'll find out the temperature! Here's how to use the cones when upgrading the wiring of your computer.

A much more practical way is to use the Dallas Semiconductor (now bought by Maxim, and not the magazine)

Dallas has a demo application you can use as an example - a weather station and some good application note examples. It uses the DS1820 or the DS18S20 and you can get up to 2 free samples of each. This device is digital, so no calibration is needed for the accuracy you need. They have a lot of other temperature sensors; some even have alarm outputs, so once you program it, reading only one bit will tell you if the temperature is out of limits. It has a well-written and complete datasheet. They've got software for win32, linux, beos, java, and 8051. If you write your own software or modifiy theirs, you don't really need a serial port adapter; just a wire on the parallel port will do (and it will power the device, too!!)

If anyone's interested, I can dig up some c-code that I used - it works with the parallel port under dos.

It runs java, has Ethernet, RS-232, and 1-wire interfaces built in, and it's small enough to look like a normal programmable thermostat.

http://www.ibutton.com/TINI/index.html

there is very little tamper protection on smartcards due to their flimsy construction. you cant make a rapid zeroization system on something that isn't rigid and tough enough to be driven over repeatedly by a car or take the huge amount of abuse the human carrier provides every day.

except... dallas semiconductor long ago created the ibutton that is more secure and better than any smartcard..

(I know I sound like a broken record, but ibuttons are way better and cooler than any smartcard, and you as a home hacker can use them!)

It immediatly destroys it's internal data when forced open.
Here's the link.

Here's a link to Dallas/Maxim's TINI info, and pricing info is available at their online store.

Here's a link to Dallas/Maxim's TINI info, and pricing info is available at their online store.

Have you seen the mp3elf? It's completely open source, including the hardware design. It uses the TINI from Dallas / Maxim to handle the ethernet / TCP/IP side of things. I've ordered a couple of TINIs since they seem really cool and cheap, too - as soon as mine comes in I'm going to put a mp3elf together.

Reader expense is a small part of the expense of a total solution. If you look at this page you will see that the buttons themselves are more expensive than the readers. Also the buttons are much more expensive than comparable smart cards. I can buy Java Card Open Platform cards for $2.86 and there are 16 kbyte (not kbits as the iButton measures things) MFC cards for less than $1. If you are doing a deployment the cost of the cards will dwarf the cost of readers.

(I prefer my ring)

What do you use it for? Do you wear it all the time?

Disclaimer: I work for IBM so I might be biased.

and the Dallas Semiconductor iButton solves all these troubles. holding 64K of internal storage plus a unique serial number can hold your photo and signature, and whatever other info you want. Plus it's more durable than the speedpass, cannot be read without direct contact and you can get them on fossil watches or any other watch on the planet with the watch-band holder. (I prefer my ring)

The coolest part of the iButton is that the reader costs $15.00 at the most expensive and $1.00 in bulk for OEM's. a speedpass reader is more expensive than a smartcard reader.

if Dallas Semiconductors would just push the iButton as hard as their competition pushes the junk products like the speedpass it would take off fast.

www.ibutton.com

Use perl to read from serial/write to network, some more perl to set up a daemon. Everyone gets a button (with guaranteed unique serial number), and blue dots get installed on networked nodes. The buttons are pretty cheap, and the readers are also pretty cheap. You could get 100 people and 100 workstations all running this stuff with hardware costs well below your budget, and have some cashleft over to write the daemons (which would be really simple). You could use the rest of the budget to pay me to write the stuff for you - I'm pretty cheap. :)

Take a look into http://www.ibutton.com/weather/index.html.

Dallas Semi makes the TINI, a Java implementation in hardware packaged as a 72-pin SIMM stick. I have one and it's cheap and fun to program. Built-in ethernet, general purpose IO pins, etc.

Go here for more info.

Try the iButton. It's a Java-based little button that can be placed on a keychain (or ring, or watch, or wallet). I imagine they're probably simple enough to program with, and probably difficult to hack. I believe they all come with a unique identifier that can be accessed which cannot be overwritten, unlike with a mag-card which can easily be copied and forged.

Should be relatively trivial to write a program to interface with a database every time it's touched to your terminal, depending on what sort of transaction you wish to take place.

Have a look at OpenCard and e.g. iButtons

Well it would work if the data was encrypted as well as being spanned across the devices. Retrieving the bits and pieces from one of the devices would be meaningless.

Probably not all that practical, and there are better ways, but a cool idea none-the-less... :)

One better way would be to have the private key spanned across the two devices, then there could be as much data to retrieve as you like on the disk, but you'd need both devices to unlock it.

All funky stuff - then again, if I was going that route, then I'd rather have something even smaller, such as iButton or something. :)

-- Pete.

If you're going with smart cards, why not go a step further and use ibuttons (http://www.ibutton.com/)? They're fairly cheap (64K button for $1.44 each in 100 lots) and can do way more (there are counter buttons for a similar price, for example). There are readers for under $10. I'm personally looking at replacing all of my key locks with ibutton-powered locks. That'll be cool.

Nah, it's nothing more than an iButton. Might even be nothing more than a serial number iButton, but it may actually be one of the Java buttons.

However, I think the IBM solution is more practical and widely usable... For instance, it has higher memory densities, and USB is all over the place.

Again, though, the ibutton has a bunch of built-in security features and is pretty cheap.

I guess, like so many things, it depends on the application.

you mean like TINI

pair that with an 802.11 and you're g2g.

fun project eh?

You can find it at http://www.ibutton.com/.

Or just get an iButton TINI instead.

ibutton - memory, jvm, crypto, etc.

crime isn't prevented by positive identification

we already have many forms of ID
Passport, Social Security Number, Driving Licence etc. etc.

There's not much more security for anyone by introducing another sort but it does introduce an excuse for cops to run you in or generally hassle you for "ID please" as no doubt you'll be obliged to carry it at all times. Imagine that. An object you have to carry everywhere on penalty of criminal punishment.

One step away from chip implants or an iButton welded to you at birth.

Specific intrusions that result in zeroization include:

• Opening the case
  
• Removing the chip's metallurgically bonded substrate barricade
  
• Micro-probing the chip
  
• Subjecting the chip to temperature extremes

Perhaps what's needed is a USB dongle, with an external switch that fries the flash RAM inside, rendering it unusable, and unreadable even to people trained in data recovery.

Well, there's the Dallas Semiconductor iButton. It includes tamper-resistant features that will zero its RAM under certain conditions (e.g. over-temperature), although it doesn't have an actual "erase" switch.

it really is too much fun to play around with those.. all the 1-Wire devices hook up to it as well as the iButton stuff (crypto on your pinky ring?)
and you can program everything in java..

the up-to-speed time is minimal if you have basic electronics understanding and C or Java know-how...

it really is too much fun to play around with those.. all the 1-Wire devices hook up to it as well as the iButton stuff (crypto on your pinky ring?)
and you can program everything in java..

the up-to-speed time is minimal if you have basic electronics understanding and C or Java know-how...

An ssh-agent which supports physical tokens like the Dallas semiconductors iButton (decoder rings are cool!)

Using ssh-agent to access cfs encrypted directories.

Using ssh-agent to unlock GnuPG keys.

All of the above, tunnelled through ssh-agent forwarding.

Using the same physical token to log in locally.

World peace.

Its not easy but it can be done. If enough folks order them, however, it'll make economic sense for them to get them made in a fab facility.

And I'm sure its not a fake. Embedded devices have gotten very powerful. You can fit an entire ethernet capable Java computer with its own embedded JVM, filesystem, etc on a SIMM size card. An MP3 player that just reads a socket stream, decodes the MP3 and outputs audio is not super complex. Its not childs play but its certainly something an embedded system could do. Can't wait to get mine - gonna be fun to finally hook up my stereo to my RAID5 MP3 array :)

Never say never when Micro$oft is concerned. I've been involved in the Home Automation industry and the established vendors got real nervous when Micro$oft started getting the biggest booth they could at HA shows. But all they really seemed to demo was home networking. Home Automation is more about centralized control of the systems in your house. Climate control, A/V, security, etc. For years it has been heavily run by embedded systems using RTOS setups. There are also systems that run on PCs, but they often lack easy to find and use I/O (Digital, Analog, RS-485, etc) Its out there but not for mainstream stuff. Right now, one of the more popular PC based setups is Mr House which is perl based.

So yes, Microsoft really thinks this is an area they can dominate. Yes, some of the high dollar systems (think 10-20% of the cost of your new home) run windows. But for 'everyday' Home Automation, embedded setups are king. Linux is just starting to get buzz for the next generation stuff, but primarily, Home Automation is run on 8-bit systems from PIC microcontrollers up to high end embedded CPUs. The reason? Cost. When you can buy a small system for Considering you can get complete RTOS systems like uC-OS/II (Rabbit C) or Java (Dallas TINI) with a compiler with built in Internet libraries for HTTP, FTP, SMTP, etc, etc including servers for $300, its hard to justify paying royalties for anythign Micro$oft might come out with. Especially when the actual HW cores can be had for $30-$100 including ethernet!

Check out this Java Powered Secret Decoder Ring...

Go ahead...Pull my Finger!

my favorite idea would be a USB dongle-type device (or "token") that could be worn or carried on a keychain

Dallas Semiconductor have (IMHO) the best of such devices, as part of their iButton product range. It's a USB fob for iButtons. Hang it on your keyring and it's an iButton fob. Plug it into a laptop for a moment and it's a USB-connected authentication device (capable of running robust JavaCards). Plug it permanently into a desktop and it's a cheap iButton interface for static machines.

my favorite idea would be a USB dongle-type device (or "token") that could be worn or carried on a keychain

Dallas Semiconductor have (IMHO) the best of such devices, as part of their iButton product range. It's a USB fob for iButtons. Hang it on your keyring and it's an iButton fob. Plug it into a laptop for a moment and it's a USB-connected authentication device (capable of running robust JavaCards). Plug it permanently into a desktop and it's a cheap iButton interface for static machines.

This is a great technology, anyone know about the iButton. Have not used one, but they look neat.

The whole problem with what you are proposing, I think, is that it still relies on a centralized server to hold the encrypted data. If you just hold the data on an iButton type thing, and send it in when a site requests and you allow, that seems like the same idea, but cutting out the middleman.

We now have the technology to aggregate bills into one unit, like we can with smartcards, credit cards, ibuttons, and other fobs. In the past it was necessary to have individual bills because there was no way to authenticate things without permanently marking them. Now things are much more flexible, so continuing to authenticate individual bills is no step forward.

What this does do is give the ability to track the huge black market of cash that supposedly flows unchecked in the background, and is believed to be very important in shoring up the regular economies. I'm not sure that tracking this is the best thing, since it is "gravy" in a way and people will begin to rely on it as a constant once it is quantified.

Surely these people would know that we have to move away from the paper bills and go towards things like the wearable Crypto Ibuttons which would be easier to track and harder to lose.

The Cube is a cute little box, however I can't help thinking $379 is a tad on the expensive side, true, it does have a 206mhz ARM chip and a nice case. Seems like an iPaq with ethernet.

However, iButton produce a java-based embedded computer called TINI that sells for $50, including Ethernet, RS232, 1-wire & can buses. A new version is due later this year which has a 10x speed increase, it also integrates all the functions of the device into a single chip, excluding flash.

The Cube is a cute little box, however I can't help thinking $379 is a tad on the expensive side, true, it does have a 206mhz ARM chip and a nice case. Seems like an iPaq with ethernet.

However, iButton produce a java-based embedded computer called TINI that sells for $50, including Ethernet, RS232, 1-wire & can buses. A new version is due later this year which has a 10x speed increase, it also integrates all the functions of the device into a single chip, excluding flash.

SuperID
Free Database Hosting for Developers

Here's a very nice hardware token implementation.

Should be easier to sell to corporate as a combined physical security and network security solution. (Replacing keycards and network passwords.)

The counter arguement (which prevails at most companies) is that frequent password changes increase security. I've never seen any imperical data to support this claim. The logic is that if someone gains access via a stolen/guessed password, then forcing users to change passwords will close the intruder's door. Yeah, after 90 days! Meanwhile, they've had full access and could have created countless new accounts for themselves.

I've never seen a situation where this policy was coupled with required strong passwords, for the simple reason that (as you said) people who must frequently change strong passwords tend to forget them or, worse, write them down. That doesn't mean some places don't do this, just that I haven't seen it. I'd hate to work at a place like that.

Passwords alone are not enough. Sure, strong passwords are better than letting Bob's father pick "Bobby" or "R0b3r7" as a password, but how secure is a system where an intruder can roam undetected until their stolen password is changed? If you argue that frequent password changes are necessary, then you're admiting that you can't detect an intruder.

If you're paranoid about security and willing to consider other options, you should look into a physical system, such as the iButton. There are others, but this is a link I can quickly find :-)

Yeah, running a wire between them for a moment when it's first installed is *so* hard...

Sure. First it costs money to put the wire there. Then it costs money if people screw it up, or think they did and call the 800 number. You need long term storage to hold the key (FLASH, NVRAM, whatever), and if it is battery backed you will need that cable again in a few years, or there is another 800 call.

Check out TINI

It is the size of a DIMM (Actually it IS a DIMM)
It features 2 serial ports (rs232, but it is very easy to make a 232 to rs422 converter, I have schematics laying around somewhere),
and also a 10BaseT network interface, plus 1-Wire Net, CAN, General purpose IO, and expansion bus.

It is a neat embedded architecture. It is not running Linux, but has an embedded Java VM
--

Is there a way to do this in such a way that only the people who really should have your information can get to it?

I know it sounds impossible, hell, it may be. Just making it so phenomenally difficult that you have to have, say, three or four of the smartest people in the nation (The five percent nation of Casiotone, of course) to actually make it happen might be enough. Hell, that way we could make a movie about it, sort of like Sneakers, and use that cash to finance any infrastructure needs we have. I'm not sure who to trust to run them - Probably two bastions of the Tech community who hate each other. They'll keep each other honest. RMS and Bill Gates come to mind. Think about it.

Anyway, where was I? We need a system that has seperate entities entirely for each stage of the system. Data is stored by one firm, carried by another (preferrably completely government-controlled, believe it or not) and then licensed by whoever. Only certain people should have access to certain types of information. I (sadly) don't know enough about encryption to design a scheme without unnecessary steps, but it seems to me that you could do it with the current system of cryptologically signed certificates, and public key encryption. Data would be stored encrypted, would require some sort of key and passphrase for decryption (I like physical devices for the key, something like the iButton for example) and would then be signed using the recipient's public key.

The catch is, the public key has to be signed by a third party, like (yuck) Verisign. You could always sign your own, but if it's known that you sign your keys with your own provider, most people will not choose to trust you with anything but the most insignificant data. Again, all of this should be possible with the basic software we already use today, with a few minor modifications. Why not just implement our own?

Here's the deal: Allow creation of arbitrary categories. Then allow creation of arbitrary rules. The rules will check arbitrary properties. If someone says they want a certain kind of data, then they have to meet certain criteria. Maybe the forward and reverse DNS have to match, and they have to have a certain signature; Maybe you only allow someone who encrypts their request to you, using their private key, et cetera. Some pieces of information you will want to be as closely restricted as all of those at once; That's the restriction on your medical records, maybe, and perhaps to allow someone to grab your resume, they just have to have matching A and PTRs.

Anyway, don't let microsoft do this to us! We already know that we, the internet community, can do a better job than Microsoft at damn near anything except Feeding FUD - And we're a damn close second there. We rock! And we definitely rock more than Microsoft. And tell me, do you want this shit to use SOAP? Please, stop the insanity!

--
ALL YOUR KARMA ARE BELONG TO US

I hope to build a fast, portable remote-UI system to use on such systems. It will run on DOS, Linux and Macintosh at least; maybe the Palm too. If I get it done some day, there will probably be a link to it here.

Speaking of Palms... they are a better alternative to the GameBoy someone else mentioned, IMO. Old ones can be cheap on ebay; and they have a real touchscreen.

Of course, use an iButton to securely store login credentials.

The best place to store your keys are in a Java Ibutton from Dallas Semiconductor, IMHO. You can get accessories/holders for it on your watch or your actual keychain (you know, the physical one which encrypts your house and your car to you)... there's even a thread on Slashdot from some time ago on it.

The best place to store your keys are in a Java Ibutton from Dallas Semiconductor, IMHO. You can get accessories/holders for it on your watch or your actual keychain (you know, the physical one which encrypts your house and your car to you)... there's even a thread on Slashdot from some time ago on it.