View detail for ATSHA204 Product Uses

View detail for ATSHA204 Product Uses
Application Note
Atmel CryptoAuthentication Product Uses
Atmel ATSHA204
Abstract
Companies are continuously searching for ways to protect property using various
security implementations; however, the cost of security implementation can drive
companies away from effective hardware solutions to less secure software solutions.
With the introduction of the Atmel® ATSHA204 CryptoAuthentication™ device,
affordable hardware security is readily available and provides exceptional protection.
Overview
ATSHA204 is an exceptional device that enables solutions to countless problems
across many industries. Outlined within this document are use cases which provide
brief descriptions of the possible ATSHA204 applications and how these applications
can be implemented.
8794A–CryptoAuth–12/2012
1.
Accessory Authentication
The below Fixed Challenge Response authentication process can be used for a multitude of use cases. For explanation
purposes, the Fixed Challenge Response is used in an accessory application.
ATSHA204 CryptoAuthentication can be used for authenticating an accessory. To do the authentication, ATSHA204
should be embedded on the accessory (Client).
The authentication process uses a challenge-response pair selected from a challenge-response pair pool. Before using
the accessory, a challenge is sent to ATSHA204 on the Client. The Client then calculates the response and sends the
response to the Host. Upon receiving the response, the Host compares it with the expected response. If the responses
matched, then the Client is said to be authentic.
By using this configuration, only authentic accessories can be used by the system. The accessory authentication process
is illustrated in Figure 1-1.
Figure 1-1. Fixed Challenge Response
1
Fixed Challenge
MCU
SHA204
Response
Client
2
Host
Possible applications are listed below:

Mobile devices — authenticating the battery

Medical equipment authentication

Device Accessories, such as earphones, speakers, docking station, chargers, etc.
Atmel ATSHA204 CryptoAuthentication Product Uses [APPLICATION NOTE]
8794A–CryptoAuth–12/2012
2
2.
Consumable Authentication
The below, Random Challenge Response authentication process can be used for a multitude of use cases. For
explanation purposes, the Random Challenge Response is used in a consumable application.
By embedding the ATSHA204 device into a consumable (Client) and sending a challenge from the system (Host),
companies can guarantee that only authentic consumables are used in their systems.
In this scheme, a random challenge is used to authenticate the consumable product. Before using the consumable, the
Host is sent a random challenge to the Client. The Client then calculates the response and sends the response to the
Host. Upon receiving the response, the Host compares it with the expected response.
ATSHA204 has a special feature for limiting the usage amount of the consumable attached in the system. ATSHA204
has a special key which can be used only for a limited usage. The usage amount of the key is decreased each time the
key is used for performing authentication. After a maximum of 128 uses, the key is permanently disabled. Any further
usage of this key will return an error. If higher than 128 counts are required, there is a method to chain slots together.
See application note, “Atmel ATSHA204 Chaining of Keys for Consumption”.
To increase the security level, a diversified-key scheme can be used. In this scheme, each ATSHA204 would have an
unique key which is diversified based on its serial number. If an accessory is compromised, then it would not affect other
accessory because each accessory has each unique key.
An additional level of security can be added to the system by using another ATSHA204 device in the Host. ATSHA204
maintains the secret keys in the hardware instead of embedding them into the Host microprocessor code. This makes the
keys irretrievable for hackers attempting to circumvent the system.
Figure 2-1 illustrates an example of the ATSHA204 device use to validate consumables.
Figure 2-1. Random Challenge Response
1
2
Random
Random
MCU
ATSHA204
Response
Response
4
3
ATSHA204
Consumable
Host
Using the serial number to implement a key diversification scheme is recommended in order to limit the adverse effects if
one of the keys is compromised by failed control processes or corporate espionage. When using a diversified key, the
source of compromise can be isolated, and a remedy can be implemented much more rapidly.
Possible applications for this configuration are:

Printers — authenticating the cartridge.

Air Purification — authenticating the filter.
Atmel ATSHA204 CryptoAuthentication Product Uses [APPLICATION NOTE]
8794A–CryptoAuth–12/2012
3
3.
System Anti-Cloning/Anti-Piracy
ATSHA204 CryptoAuthentication provides an exceptional method preventing third parties from creating board clones. To
implement, the board should be embedded with its own ATSHA204 device. The Integrated Development Environment
(IDE) would then be programmed to challenge the board prior to allowing the developer access to it. Counterfeiters will
not be able to replicate every possible occurrence of challenge and response that can be handled by a board containing
a legitimate CryptoAuthentication device; thereby, thwarting common cloning attempts. Providing a periodic method of
renewing challenge-response would increase security by removing any existing compromise as each incremental
application upgrade could replace the list of challenge-response pairs. Figure 3-1 illustrates the operation of this security
model.
Figure 3-1. Anti-Cloning / Anti-Piracy
Software
(IDE)
1
2
Fixed Challenge
Fixed Challenge
MCU
ATSHA204
Response
Response
4
3
Evaluation Board
Companies may also want to identify authentic boards prior to rendering technical support. An interface could be
implemented that would enable the user to enter any string of text that would in turn be fed to the ATSHA204 device on
the development board and the response displayed to the user. The help desk operator could verify the system by
providing the user a custom string and asking them for the generated response. The help desk operator would then be
able to verify the authenticity of the development board prior to rendering service to the customer.
Atmel ATSHA204 CryptoAuthentication Product Uses [APPLICATION NOTE]
8794A–CryptoAuth–12/2012
4
4.
Session-Key Exchange
ATSHA204 CryptoAuthentication can also be used for secure key exchange. In this scheme, ATSHA204 is used in
conjunction with a symmetric encryption algorithm such as AES or DES. ATSHA204 can facilitate this by using the
unique response produced by the device as a key to the symmetric encryption algorithm.
To guarantee the uniqueness of the encryption key, a random number is needed in the generation process. This random
number is used to generate unique session key. The random number can be a constant, something related to the current
system, or a random number obtained from ATSHA204.
The key exchange is done by sending a random challenge to Host ATSHA204, which generates a response that is used
as session-key for encrypting the message. The message and the random challenge are then sent to the client
ATSHA204. In the client side, the random challenge is fed into ATSHA204 to generate the response which is used as key
to decrypt the message. It should be noted that the key is the root key is the same on both the host and client.
Figure 4-1 illustrates how to encrypt and decrypt multiple files using key generated by ATSHA204.
Figure 4-1. Session Key Exchange Using ATSHA204
1
3
4
Random Number
Random Number
Random Number
Host
ATSHA204
Client
ATSHA204
Session-Key
Session-Key
2
5
Encrypt
Decrypt
Atmel ATSHA204 CryptoAuthentication Product Uses [APPLICATION NOTE]
8794A–CryptoAuth–12/2012
5
5.
Secure Boot
Modern systems are often built using a standard microprocessor with the operating program stored in flash memory.
Such architecture can permit the manufacturer to quickly take advantage of advances in processor performance and
memory cost while offering fast time to market. If the operating program is stored in an external Flash device, it's very
hard to prevent an adversary from obtaining its contents and modifying it to run a fraudulent program. By using
ATSHA204 in the system, the manufacturer can ensure that only authentic program can be run on the system.
To implement secure boot, a validating code or signature is stored in flash along with the operating program. As part of
the boot program execution at system startup, the security device verifies the signature to ensure that the program is
authentic. If the verification succeeds, the operating program is executed and the system operates in the normal way.
Any modification of the operating program, even a single bit, will require a new validating signature.
The secure boot scheme is illustrated in Figure 5-1.
Figure 5-1. Secure Boot
1
Digest and Signature
MCU
ATSHA204
Authentic or Not
2
Furthermore, the manufacturer is also able to ensure that only an authentic system can run the program by performing
mutual authentication. The mutual authentication is supported by ATSHA204 by using CheckMac copy operation.
Atmel ATSHA204 CryptoAuthentication Product Uses [APPLICATION NOTE]
8794A–CryptoAuth–12/2012
6
6.
Network Security
Wireless transmission devices have to verify each node prior to allowing access to the network. ATSHA204
CryptoAuthentication is a great option for offering a low-cost verification method. By installing ATSHA204 devices in the
radio nodes (Client), the transmitting node (Host) can verify that it is communicating with valid network nodes before
transmitting important commands or information. Additional security can be achieved by adding another ATSHA204
device in the Host so the customer's secrets would not have to be kept in the microprocessor code where developers and
subcontractors may have access to them. When using additional ATSHA204 on transmitting node, both ATSHA204 must
agree on the same keys value.
Figure 6-1 illustrates a configuration that utilizes two ATSHA204 devices in a radio network.
Figure 6-1. Wireless Node Authentication
1
2
3
Random
Random
Random
Software
ATSHA204
Software
ATSHA204
Response
Response
Response
6
5
4
Transmitter
Receiver
An additional level of security can be added for the data being transferred, i.e. encrypt the data or just verify the data
integrity. The encryption process can be applied exactly like the data encryption scheme shown above.
The integrity of the data being exchanged can also be verified. Before sending the data, the sender calculates the data
digest using SHA-256 algorithm. Then, ATSHA204 calculates the response by using the data digest as the challenge.
The calculated response is sent alongside with the data to the receiver side. Upon receive, the receiver calculates the
data digest, and the response then compares the received response with the calculated response. If the responses
match, it means that the data has not been tampered by any attacker.
Figure 6-2 illustrates a configuration that utilizes two ATSHA204 devices in a radio network.
Atmel ATSHA204 CryptoAuthentication Product Uses [APPLICATION NOTE]
8794A–CryptoAuth–12/2012
7
Figure 6-2. Data Integrity Verification
Multiple Files
Multiple Files
1
7
Data
Authentic
Data
2
4
5
Digest
Data and
Digest
Software
ATSHA204
Response
Software
ATSHA204
Response
Response
3
6
Sender
Receiver
This configuration can be applied to these applications:

Wireless node authentication

Data over power lines authentication
Atmel ATSHA204 CryptoAuthentication Product Uses [APPLICATION NOTE]
8794A–CryptoAuth–12/2012
8
7.
Rolling Keys
In some applications, using the same key over and over can be a security risk. For instance, garage door openers. The
ATSHA204 provides a feature for rolling keys. Normally, after a certain number of uses (perhaps as few as one), the
current key value is replaced with the SHA-256 digest of its current value combined with some offset. The offset can be a
constant, something related to the current system, or a random number.
One use for this capability is to permanently remove the original key from the device; replacing it with a key that is only
useful in a particular environment. After the key is rolled, there is no possible way to retrieve the old value, which
improves the security of the system.
There are two types of rolling key process:

Rolled Keys — Uses the value of the current key to generate a new key, the generated key is called Rolled Keys.

Created Keys — Uses the value of a parent key to generate a new key, the generated key is called Created Keys.
This operation can only be performed in a slot that permits the DeriveKey command. Proper configuration should be set
on the chosen slot. To perform the operation, Nonce must be executed first to fill the TempKey value, and then
DeriveKey command is executed by targeting the chosen slot. After the command execution, the target slot value will be
updated with the digest generated from DeriveKey command.
Atmel ATSHA204 CryptoAuthentication Product Uses [APPLICATION NOTE]
8794A–CryptoAuth–12/2012
9
8.
Summary
The multipurpose functionality of the ATSHA204 CryptoAuthentication device makes them an exceptional tool for
enabling hardware security. Nearly any application that requires authentication or individual identification of nodes can
use ATSHA204 as part of its security solution architecture. If your security requirements vary from those listed in this
document, or you are not sure that the ATSHA204 CryptoAuthentication devices fit your specific application, please
contact your local Atmel representative. Chances are, Atmel has a product that will fit your needs.
Atmel ATSHA204 CryptoAuthentication Product Uses [APPLICATION NOTE]
8794A–CryptoAuth–12/2012
10
Appendix A. Supporting Documents

CryptoAuthentication product uses for the Atmel AT88SA10HS and the Atmel AT88SA102S. Please visit,
http://www.atmel.com/Images/doc8663.pdf.
Appendix B. Revision History
Doc. Rev.
Date
8794A
12/2012
Comments
Initial document release.
Function
Atmel ATSHA204 CryptoAuthentication Product Uses [APPLICATION NOTE]
8794A–CryptoAuth–12/2012
11
Atmel Corporation
1600 Technology Drive
Atmel Asia Limited
Unit 01-5 & 16, 19F
Atmel Munich GmbH
Business Campus
Atmel Japan G.K.
16F Shin-Osaki Kangyo Bldg
San Jose, CA 95110
BEA Tower, Millennium City 5
Parkring 4
1-6-4 Osaki, Shinagawa-ku
USA
418 Kwun Tong Roa
D-85748 Garching b. Munich
Tokyo 141-0032
Tel: (+1) (408) 441-0311
Kwun Tong, Kowloon
GERMANY
JAPAN
Fax: (+1) (408) 487-2600
HONG KONG
Tel: (+49) 89-31970-0
Tel: (+81) (3) 6417-0300
www.atmel.com
Tel: (+852) 2245-6100
Fax: (+49) 89-3194621
Fax: (+81) (3) 6417-0370
Fax: (+852) 2722-1369
© 2012 Atmel Corporation. All rights reserved. / Rev.: 8794A–CryptoAuth–12/2012
Atmel®, Atmel logo and combinations thereof, Enabling Unlimited Possibilities®, CryptoAuthentication™, and others are registered trademarks or trademarks of
Atmel Corporation or its subsidiaries. Other terms and product names may be trademarks of others.
Disclaimer: The information in this document is provided in connection with Atmel products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this
document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN THE ATMEL TERMS AND CONDITIONS OF SALES LOCATED ON THE ATMEL WEBSITE, ATMEL ASSUMES
NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT,
CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS AND PROFITS, BUSINESS INTERRUPTION, OR LOSS OF
INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATMEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no
representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and products descriptions at any time
without notice. Atmel does not make any commitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in,
automotive applications. Atmel products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement