Upload
wsboldt
View
220
Download
0
Embed Size (px)
Citation preview
7/24/2019 Crypto Products Backgrounder R0
1/138
APPLICATION NOTE
Crypto Products Backgrounder
3RDQUARTER 2015
Introduction
Atmel CryptoAuthentication and Trusted Platform Module (TPM) crypto element devices withhardware-based key storage and cryptographic countermeasures prevent would-be attackers
from cloning, counterfeiting, or tampering with a product, the consumables it uses, the firmwareit runs, the accessories that support it, and the network nodes to which it connects. Keepingproducts authentic helps maintain an OEM revenue flow by ensuring that only legitimateproducts can work in the host system, and by keeping would-be hackers from using thembeyond their expiration date. Atmels crypto element devices can fight off even the mostaggressive attacks. Attackers cannot attack because they cannot see the secret keys stored inprotected hardware. That is why protected hardware-based key storage is the strongest thereis.
Atmel CryptoAuthenticationcrypto element devices support modern cryptographic standardssuch as SHA-256, ECDSA, ECDH and others. They work with any microcontroller, are costeffective, require only one GPIO, and use very little power. Additionally, they operate over awide voltage range and come in a range of small packages. Standalone crypto elements can
be used in a wide spectrum of applications, many of which are described in this document.
Atmel TPM crypto elements integrate MCU, EEPROM, and crypto engines with ultra-securehardware-based key storage on a single chip. TPMs implement public key (RSA) security.TPMs are ideal security solutions for PCs, tablets and the expanding platform of OperatingSystem (OS) based embedded systems that require and/or can benefit from TrustedComputing Group (TCG) specification compliance.
Cryptography involves many standards, algorithms, processes, definitions, and methods; and,as such, it is mathematically complex and highly detailed. Fortunately, Atmel does the moredifficult cryptographic engineering and has built that right into the crypto element devices.Therefore, users need not be crypto experts and can easily add robust security to digital
systems.
This document provides some cryptography basics, describes important uses of cryptoelements and their features, outlines the Atmel family of crypto element devices, and coversmany other things. This is intended to be an introduction and desk reference. More in-depthmaterials such as app notes, training manuals, and code examples are available on the Atmelweb site
http://www.atmel.com/products/security-ics/default.aspx
Delete this instruction and edit date inside these brackets 07/07/2012Delete this instruction and edit date inside these brackets 07/07/2012
7/24/2019 Crypto Products Backgrounder R0
2/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
2 A C
Table of Contents
1. Introduction : CRYPTO ELEMENTS HARDEN SECURIY................................ 6
Crypto Element Uses.................................................................................... 10
2. Uses of Crypto Elements...................................................................... 11
3. Crypto Element Uses: Accessory Authentication ...................................... 13
4. Crypto Element Uses:Medical Device Authentication................................ 14
5. Crypto Element Uses:Firmware Anti-Cloning .......................................... 15
6. Crypto Element Uses: Industrial Network Security .................................. 16
7. Crypto Element Uses:Consumable Authentication ................................... 17
8. Crypto Element Uses:Automotive Authentication .................................... 18
Crypto Basics 19
9. Crypto Basics: The Three fundamental elements of security (CIA) .......... 20
10. Crypto Basics : Symmetric and Asymmetric Authentication ...................... 21
11. Crypto Basics :Hash Function ............................................................... 22
12. Crypto Basics:Encryption/Decryption .................................................... 23
Coding and decoding information using a secret key ......................................... 23
13. Crypto Basics : REAL.EASY Crypto Glossary ........................................... 24
Crypto Operations................................................................................. 27
14. Crypto Operations: Why use Crypto Elements?........................................ 28
Because connected things need strong authenticationand more. ...................... 28
Why use crypto elements? (Continued) ........................................................... 29
15. Crypto Operations: Symmetric Authentication with secrets stored on the host
using Random Challenge-Response. ....................................................... 30
16. Crypto Operations: Symmetric Authentication without secret storage on the
host using a Fixed Challenge ................................................................. 31
17. Crypto Operations: Symmetric Authentication without secret storage on the
host using Fixed Challenge and intermediate key..................................... 32
18. Crypto Operations: Asymmetric Authentication Using Digital Signatures
(ECDSA) 33
19. Crypto Operations: Asymmetric Authentication...................................... 34
Making the ECDSA certificates ....................................................................... 34
20. Crypto Operations: Asymmetric Authentication...................................... 35
7/24/2019 Crypto Products Backgrounder R0
3/138
7/24/2019 Crypto Products Backgrounder R0
4/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
4 A C
42. Crypto Operations: Hardening Transport Layer Security (TLS) ................... 63
43. Crypto Operations: Applications Layer Security is Needed for IoT Nodes ..... 66
44. Crypto Operations: Applications Layer Security Using the ATECC508A ........ 6745. Crypto Operations: Atmel Multi-Layer Security Solutions .......................... 68
46. Crypto Operations: MCU-Wireless Security Module .................................. 69
47. Atmel Microcontrollers.......................................................................... 70
48. Atmel SmartConnect Wireless............................................................... 71
49. Atmel @ the heart of the connected world.............................................. 72
50. Crypto Element Features: Why use CryptoAuthentication? ...................... 74
51. Crypto Element Features: Defense Mechanisms ....................................... 75
52. Crypto Element Features: Consumption Tracking .................................... 76
53. Crypto Element Features: Secure Provisioning ........................................ 77
54. Crypto Element Features: Atmel Secure Provisioning Services ................... 78
55. Crypto Element Features: ECC Device Provisioning Description ................. 80
56. Cypto Element Features: ECC Device Provisioning Steps .......................... 81
57. Crypto Element Features: Intrusion Detection using ATECC108A & ATECC508A
82
58. CryptoAuthentication Devices............................................................ 84
59. CryptoAuthentication Devices: ATECC108A ........................................ 85
60. CryptoAuthentication Devices: ATSHA204A ......................................... 87
61. CryptoAuthentication Devices: ATSHA204A Features/Benefits ............... 89
62. CryptoAuthentication Devices: ATAES132A ........................................ 90
63. CryptoAuthentication Devices: ATECC508A ........................................ 92
64. Crypto Element Features: Atmel ECC Crypto Element Device Summary ..... 93
65. CryptoAuthentication Devices: Selector Guide ........................................ 95
66. CryptoAuthentication Device Ordering Guide: ATECC108A ........................ 99
67. CryptoAuthentication Device Ordering Guide: ATSHA204A ....................... 10068. CryptoAuthentication Device Ordering Guide: ATAES132A ....................... 101
69. CryptoAuthentication Device Ordering Guide: ATECC508A ....................... 102
70. CryptoAuthentication Devices: Tools for every stage .......................... 103
71. CryptoAuthentication Devices: AT88CK490 and AT88CK590 Evaluation Kits
104
72. CryptoAuthentication Devices: AT88CK101 Development Board ........... 105
73. CryptoAuthentication Devices: CryptoAuthXplained Pro Development Kit106
74. CryptoAuthentication Devices: AT88CK9000 Programmer ................... 107
7/24/2019 Crypto Products Backgrounder R0
5/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
5 A C
75. CryptoAuthentication Devices: .......................................................... 108
ACES (Atmel Crypto Evaluation Studio) Software .......................................... 108
76. CryptoAuthentication Kit Ordering Guide .............................................. 10977. Trusted Platform Module (TPM) ............................................................ 113
78. TPM: LPC Interface ............................................................................. 114
79. TPM: I2C Interface ............................................................................. 115
80. TPM: SPI Interface ............................................................................. 116
81. TPM: Operations ................................................................................. 117
TPM: Operations (Continued) ....................................................................... 118
82. TPM Uses: Authentication .................................................................... 119
83. TPM Uses: Access Points / Gateways ..................................................... 120
84. TPM Uses: Secure Boot ....................................................................... 121
85. TPM:Device Selector Guide ................................................................. 122
86. TPM:Device Ordering Guide ................................................................ 125
87. TPM: Device Ordering Guide ............................................................... 126
88. TPM: Kits
127
89. TPM: Kit Selector Guide ....................................................................... 128
90. Atmel Crypto Contacts ........................................................................ 129
91. Crypto FAQs
131
7/24/2019 Crypto Products Backgrounder R0
6/138
7/24/2019 Crypto Products Backgrounder R0
7/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
7 A C
SECURITY MATTERS
Even with the explosion of data breaches, security is surprisingly still
treated as an afterthought. Security should, in fact, be the prerequisite
of any system design. Engineers, executives, investors, and
researchers alike have been whistling past the graveyard hoping that
their digital interests will not be attacked too badly, but that is
irrational because targets to attack are easy to find now.
FINDING UNPROTECTED NODES IS EASY...AND THAT MEANS
TROUBLE
Traffic lights, security cameras, home automation devices, appliances,
heating systems, industrial networksyou name it are now super
easy to find because of Shodan, which is the Google of embedded
systems.
Shodan searches the Internets back channels 24/7 looking for servers,
webcams, printers, routers and all the other stuff connected to the
Internet. Shodan alone proves that robust security for connected
devices is needed badly because if it is connected, it is vulnerable.
IF IT IS CONNECTED, IT IS VULNERABLE
Hackers steal passwords, digital IDs, IP, and financialdata because software is used to protect system software.
But, all software is vulnerable because all software has
bugs. So dont store important things like secret keys in
software.
7/24/2019 Crypto Products Backgrounder R0
8/138
8
He totally gets it.
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r1
HARDWARE IS BETTERBU
PROTECTED
Hardware is better, but integr
probed to read what is on the
Also, power analysis can extra
the case.
So, a more
secure approach
is needed.
SECURE HARDWARE IS THE
Hardware-based key storage wi
cryptographic countermeasures
most aggressive attacks. Onc
protected hardware, attackers can
attack.
PROTECTED HARDWARE BEATS
STORAGE...EVERY TIME
A leading industrial networking co
said that storing your cryptographi
unprotected hardware is like storin
bag. You need protected hardwar
hat about you?
2
A C
IT MUST BE
ted circuits can be
ircuit.
t secrets without opening
EST APPROACH
th physical barriers and
can fight off even the
e keys are locked away in
ot see them and cannot
SOFTWARE KEY
pany technical executive
c key in software or
g a key in a wet paper
-based key storage.
7/24/2019 Crypto Products Backgrounder R0
9/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
9 A C
CRYPTO ELEMENTS MAKE SECURITY EASY
CryptoAuthentication and Atmel Trusted Platform
Module (TPM) crypto elements are easy to design-in,
turn-key solutions. That is because Atmel does the
hard cryptographic engineering and puts it inside a
tiny crypto element device. So you dont need to be acrypto expert.
ATMEL PROVIDES INTELLIGENCE, SECURLYCONNECTED
Atmels portfolio of WiFi, Bluetooth, Bluetooth Low
Energy (BLE), and Personal Area Network (PAN)
solutions combines easily with hardware-based crypto
elements and Atmels industry leading MCU ecosystem
to enable unlimited possibilities for state of the art,
secure, and intelligent connectivity.
7/24/2019 Crypto Products Backgrounder R0
10/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
10 A C
Uses of CryptoElements
7/24/2019 Crypto Products Backgrounder R0
11/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
11 A C
2. Uses of Crypto Elements
Use Case Description
Secure BootAuthenticate code stored in flash memory at boot time to detect unauthorized
modifications
Secure Down load Validate code updates &support encryption (broadcast or per-system basis)
Feature
ManagementStore, update and verify optional feature restrictions.
Ecosystem ControlEnsure only authorized nodes and accessories work. Identification for
warranty purposes.
Anti-Counterfeiting
Authenticate a removable, replaceable, or consumable client (such as systemaccessories, electronic daughter cards, or other spare parts).
Consumption
LoggingGuarantee quality of device, maintenance schedule, etc. by tracking usage.
Anti-cloningPrevent building with identical BOM and stolen code. (Anti-piracy or firmware
protection.)
Standards-based
CommunicationsSecurity
Provide key storage & management plus asymmetric acceleration for standardcommunications protocols such as TLS, IPSEC, etc.
User defined
communicationchannel protection
Security for customer-designed connections (e.g. application layer security)
Protect Data atRest (Files)
Security for data stored in standard nonvolatile memory in an embeddeddevice
Storing SecretsDirectly store small quantities of data for configuration, calibration, ePurse
value, etc.
User PasswordManagement
Validate user-entered passwords without letting the expected value become
known.Map memorable passwords to a random number, etc.
Random NumberGenerator
For cryptographic and other system purposes.
Tamper Detection Cryptographically manage external tamper switches, wires, etc.
Cloud Provider
RequirementsSecurity according to cloud providers specifications.
7/24/2019 Crypto Products Backgrounder R0
12/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
12 A C
Crypto Elements harden security for connected andstandalone products across all segments
7/24/2019 Crypto Products Backgrounder R0
13/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
13 A C
3. Crypto Element Uses: Accessory AuthenticationOne of todays main authentication use cases are accessories. There is a wide spectrum of
accessories, already in the market with new ones being introduced all the time. Examples are wired
and wireless battery chargers, docking stations, speakers, wearables, wireless camera lenses, smartcovers, advanced earphones, headphones, and medical diagnostic sensors
Constellations of accessories surround mobile phones, tablets, computers, GPS units, digital
cameras, in-car entertainment equipment, and other platforms. This represents a very large market.According to market research, by 2017 mobile phone and tablet accessory revenues could reach over
$75 billion. Such a sizeable forecast is generating huge incentives for both bona fide competitors
and illegitimate suppliers to jump in. Hardware authentication is the obvious solution to protectmarket share. Safety is another critical issue. There are many recent instances of batteries
exploding or catching fire in mobile and other products. A bad accessory experience like a firereflects not only on the accessory maker but the main platform brand even more so. Authentication
makes certain that only safe batteries can be used, which is great for consumers and the legitimate
suppliers.
The desirability of authentic, uniquely marketed accessories has gained popularity in recent years.Sometimes these are called closed ecosystems. Consumers made weary by cloned products not
performing to their expectations are becoming more and more willing to pay the extra cost of a well-designed accessory. CryptoAuthentication is ideally suited for this market, and is enabling
manufactures to support customer trends while providing an exceptional tool to manage their own
product lines. In short: Authentication enhances revenue, brand equity, and safety. And that makes
a real difference in the real world.
Benefits
Protects revenue stream
Protects brand image
Allows manufacturers to control third party licenses
Better control of the supply channel
Enhanced product safety
7/24/2019 Crypto Products Backgrounder R0
14/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
14 A C
4. Crypto Element Uses:Medical Device Authentication
Authentication of medical devices is a growing market and it has started to be driven by
government agencies. Governments have become the main drivers of medical policies and are
clearly shaping the future of medical care. New policies will have enormous impact on the design,
distribution, financing, and use of medical equipment of all kinds. Looking at where the US
government, for example, wants medicine to go we can see two clearly emerging vectors; namely
electronic records and telemedicine. Both of these vectors point in the direction of authentication.
Handset/tablet based telemedicine using an array of wired and wireless diagnostic sensors will help
extend healthcare services to underserved and remote populations. Implantable sensors and
devices are already being programmed wirelessly such as pacemakers and defibrillators, and the
FDA has expressed concern that such products could be interfered with or hacked with mal-intent.
So, in mid-2013 the FDA issued guidelines for authentication of wireless medical appliances in order
to promote safety. Without a doubt, the last thing a patient with a pacemaker wants to have to
worry about is someone hacking their heartbeat.
Authentication is also a way to ensure privacy of electronic medical records, which is required by
laws such as HIPAA. The mandate for electronic records went into effect in January 2014. The need
for authentication of electronic records will only grow as the systems continue to roll out and evolve.
Benefits
Secures ecosystems
Improves quality
Tracks charges
Reduces medical liability exposure
7/24/2019 Crypto Products Backgrounder R0
15/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
15 A C
5. Crypto Element Uses:Firmware Anti-Cloning
Firmware in every type of product is vulnerable to cloning. Using CryptoAuthentication
devices can ensure that only the authorized firmware is loaded at boot time. There is a
growing trend in many industries where Intellectual Property (IP), particularly firmware is
being copied, and the benefits of expensive R&D investments end up being forfeited by the
legitimate owners. CryptoAuthentication is a simple and effective way to guard against
firmware and product cloning.
Placing a CryptoAuthentication device onboard a micro-controlled system provides a simple
solution that can match the secret stored in the security IC to the operating firmware. How
that can be accomplished depicted in the secure boot diagrams (shown later) showing stepone where the application code is signed in the factory and step two where it is verified by the
Crypto device before launching the application.
Benefits
Prevents cloning
Protects investments in firmware
7/24/2019 Crypto Products Backgrounder R0
16/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
16 A C
6. Crypto Element Uses: Industrial Network Security
Authentication in the industrial space is very much like the consumer accessories and
consumables segment. An embedded system in an industrial setting will also have various
things that it connects to and uses.
Examples are sensors, firmware, chucks, tooling, counters, actuators, motors, fittings, control
panels, power sources, batteries, spare parts, bits, dies, blades, materials, safety items,
chemicals, authorized users, access points, I/O blocks, conveyors, valves, illuminationwell,
you get the picture.
The point is that industrial applications are not only very technical but widely variable, which
means that there are 4numerous opportunities for adding authentication devices in industrialsettings. Doing so enhances safety, tracks items, fights cloning, protects firmware, and
ensures the source of spare parts, among other things.
Benefits
Prevents cloning
Protects investments in firmware
Enhances safety
Tracks items
7/24/2019 Crypto Products Backgrounder R0
17/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
17 A C
7. Crypto Element Uses:Consumable Authentication
Consumables are like accessories that are used for a while and then discarded. They are often
referred to as disposables, for obvious reasons. One of the most classic examples of a disposable
product is a printer ink cartridge. To reduce the possibility of refilling and reusing an ink cartridge,
crypto elements can be soldered into or glued to the package of the cartridge. In the latter case a
specific type of contact package is used. When a consumable product gets inserted into the host
system, such as a printer, refrigerator, medical device, or any number of products, the host can then
check for authenticity. It does the checking by sending a numerical challenge to the consumable
product and waits for a calculated response. As with the case of accessory authentication a crypto
element can be used on both the host and client sides and a random challenge can be used. There is
an additional methodology that can eliminate the need for a crypto element on the host side. This is
called Fixed Challenge-response, and it is very cost effective because it not only eliminates the need
for the host side crypt element but also reduces the processing power needed by the hosts MCU, so a
less expensive MCU product can be used.
Benefits
Prevents cloning
Protects investments in firmware
Enhances safety
Protects revenue stream
Protects brand image
Better control of the supply channel
7/24/2019 Crypto Products Backgrounder R0
18/138
18
8. Crypto Eleme
With Vehicle-to-Vehicleand listen to one anot
direction, road conditio
driver of V2V is signali
countermeasures.
While it may seem rev
IoT and V2V as equati
IoT = (MCU + Senso
V2V = IoT + Car
Equation two states th
devices presents a hug
interfering with V2V co
and security are closel
cars. The US Departme
Administration (NHTSA
collaborate on technol
V2V can transform the
opens the door for hac
becomes the final piec
possible to be widely a
based key storage.
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r1
nt Uses:Automotive Authentica
(V2V) and Vehicle to Internet (V2I) comm er automatically. They will share infor
ns, and sense other cars, motorcycles, and
g impending collisions so that the cars ca
lutionary, V2V is really a branch of Intern
ns, they could be expressed in the followin
r + Security + Wireless) Low Power
t V2V is really the IoT on wheels. Howev
e challenge, which is safety. Safety can be
mmunications and hacking into automotive
related. Clearly there needs to be strong
nt and Transportation (DoT) and National
) are partnering with research institutions
gy development and interoperability of V2
automotive experience. The danger is that
ers who want to intercept, spoof, and mis
of the picture, and arguably the element
opted. Of course the strongest form of se
2
A C
tion
unications cars will talkation like proximity, speed,
pedestrians. The chief
automatically take
t of Things (IoT). Describing
g way:
er, this spread of electronic
compromised by hackers
control systems. Safety
security on ALL systems in
ighway Traffic Safety
nd auto companies to
to promote traffic safety.
remote communication
se data. So, strong security
hat makes IoT/V2V even
urity comes from hardware-
7/24/2019 Crypto Products Backgrounder R0
19/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
19 A C
Crypto Basics
7/24/2019 Crypto Products Backgrounder R0
20/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
20 A C
9. Crypto Basics: The Three fundamental elements of security (CIA)
To provide the full set of security you will need all three of the foundational pillars of security:
Confidentiality, Integrity (of data), and Authentication. These can be remembered as CIA:
ConfidentialityThis is ensuring that no one can read the message except the intended receiver. This is
typically accomplished with encryption and decryption which hides the message from all
parties except the sender and receiver. A secret cryptographic key (that is the same) is
input to the encryption and decryption algorithm on each side.
IntegrityThis is also called data integrity and is assuring that the received message was not
altered. This is done using cryptographic functions. For symmetric this is typically
done by hashing the data with a secret key and sending the resulting MAC with the
data to the other side which does the same functions to create the MAC and compare.
Sign-verify is the way that asymmetric mechanisms ensure integrity.
Authentication
This is verification that the sender of a message is who they say they are (i.e. arereal). In symmetric authentication mechanisms this is usually done with a challenge
(often a random number) that is sent to the other side that is hashed with a secret key
to create a MAC response which then gets sent back to run the same calculations and
then compare the response MACs from both sides.
Sometimes people add non-repudiationto the list of pillars which is preventing the
sender from later denying that they sent the message in the first place.
7/24/2019 Crypto Products Backgrounder R0
21/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
21 A C
10. Crypto Basics : Symmetric and Asymmetric AuthenticationAuthentication can be accomplished in two main ways: Symmetric and Asymmetric. The
main difference between the two is related to the use of keys. If the same secret key is used
on the client and also on the host then the application is symmetric, just like the name
indicates. Remember if the keys are equal then the system is symmetric. Alternatively, if
there is a mathematically related private and public key pair being used then the application
is asymmetric. If the keys are not the same on each side then it is asymmetric. Atmel has
devices for both types.
Asymmetric, asymmetric is also called public-key infrastructure or PKI and it is very well
suited for real-world use. In fact, the internet is a big user of PKI. Note that Public Keys
indicate that the system will be Asymmetric. Like is sounds, a public key is available to
anyone. Think of a phone book filled with keys when envisioning the public key. Anyone
having the public key can send encrypted messages to the owner of the private key. When a
receiver gets an asymmetric message, he or she will decrypt it with their private key. In
contrast, because symmetric cryptography uses the exact same key for both encryption and
decryption, only the senders and receivers with that specific private key can communicate to
each other. In addition to such differences in who can send and receive, other trade-offs
between symmetric and asymmetric apply. For example, for symmetric at least twice the
number of keys must be protected, increasing security risk. On the other hand, Asymmetric
algorithms require more processing and thus are slower than symmetric. So, sometimes a
combination of both symmetric and asymmetric is used to apply the relative advantages of
each: the speed of symmetric and the security of asymmetric.
Benefits
Verifies the identity of the sender and the integrity of the data
Symmetric authentication can be fast
Asymmetric authentication does not need secret storage in the host
7/24/2019 Crypto Products Backgrounder R0
22/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
22 A C
11. Crypto Basics :Hash Function
One of the basic tools used in authentication is a mathematical operation called a hash
function.
A hash functionis defined as a group of characters that is mathematically mapped to a value of aspecified length (called a hash value, hash, compression, fingerprint, message digest, or simply digest).
For example SHA256 hash values are 256 bits (32bytes).
The hash valueis representative of the original string of characters, but is normally smaller than theoriginal. Any change to the input will change the hash value.
A Message Authentication Code (MAC) is a hash of a message with a key
Hashing functions have been used by computers for a long time and they are fundamental to
cryptography. The hash value is representative of the original string of characters, but is normallysmaller than the original. A hash is a one-way operation. The one-wayness of a hash function is
its most important feature for cryptography because it is mathematically infeasible to reverse the
hashing process to obtain the original message. A way to look at is that once the message is
compressed it is impossible to uncompress it. Sort of like Humpty-Dumpty, you cant put it backtogether again. Also, a feature of a hash function is that any change to the input changes the
digest, so hashes are great to create digital signatures that identify and authenticate the sender and
message. Hashes are also used for secure password storage, file identification, messageauthentication coding (MAC), and asymmetric sign verify operations. SHA (Secure Hash Algorithm) is aset of cryptographic hash functions approved by the National Institute of Standards and Technology (NIST). TheFederal Information Processing Standard FIPS180-3 specifies five hash algorithms:
SHA-1 for which security flaws were identified in 2005 and is no longer recommended.
SHA-2 consisting of SHA-224, SHA-256, SHA-384 and SHA-512 SHA-256 is recommended in the NSA's Suite B set of algorithms for use in protecting information beyond year 2030.
Benefits
Hash algorithms cannot be reversed (i.e. are one-way so the original value cannot be derived)
Hashes are useful for checking the identity of the sender and the integrity of the data
7/24/2019 Crypto Products Backgrounder R0
23/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
23 A C
12. Crypto Basics:Encryption/DecryptionCoding and decoding information using a secret key for confidentiality
Encryption is a different process from hashing and has a completely separate purpose. Withencryption, data is scrambled and unscrambled in such a way that the input and output mapping is
always one-to-one for a given encryption key and is unintelligible to anyone other than a receiver
who has the key to unscramble it (i.e. decryption key). Since encryption/decryption algorithms
are generally public (e.g. AES, DES, RSA, ECC), security is maintained by using a cryptographic
key of sufficient length and keeping that key secret.
Encryption is always reversible (by definition), so
encryption is used whenever there is the need to get the
input data back out. However, the identity of the sender
and the integrity of the message (meaning if it has been
altered or not) are not guaranteed by encryption only. In
contrast, hashing algorithms are one-way by definition andare usually SHA but AES can be used as a hash algorithm.
Hashes are used for identity purposes (authentication) and
data integrity.
7/24/2019 Crypto Products Backgrounder R0
24/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
24 A C
13. Crypto Basics : Crypto GlossaryEncryptionis encoding and decoding of a message for confidentiality. It is always
reversible. Encryption does not authenticate.
Authenticationis used to check the identity and of the sender and the integrity of themessage. The message is not necessarily encrypted.
Symmetric authenticationuses an identical key on the host and client sides, and both ofthose keys must be protected (this is very important). Symmetric authentication tendsto be relatively fast.
Asymmetric authenticationuses a public / private key pair. The private key must besecurely stored on the client. Secure key storage on the host is not needed. The keysare mathematically related, but the private key cannot be obtained from simply having
the public key. More computation is required with asymmetric authentication thansymmetric.
Key Storageis one of the most important determinants of the strength of security in asystem. Hardware key storage is much stronger than software-based solutions becausehardware storage methods are much more difficult to attack. (CryptoAuthentication ICsare hardware key storage devices.)
Hash functionsare a group of characters that is mathematically mapped to a value of acertain length and is representative of the original string of characters, but is normallysmaller than the original. Hash functions are commonly used in authentication and
encryption operations. They are one way functions which means that the original valuecannot be recreated from the hashed value (i.e. digest).
Challenge-Responseisan operation where a challenge (usually a random number) is sentto a client to elicit a response in order to test the authenticity of a client. The responseis often a hash value of that number another number such as a cryptographic key. Theresponse is then compared to a parallel calculation done on the originating device tosee if they match.
MAC (Message Authentication Code)is the result of a hash operation with a secret keyand a message. That result (called the MAC) can be used to ensure the data has notbeen modified or corrupted by running the MAC on received data and comparing theMAC of the message that was sent with it. If the MAC received with the message andthe MAC calculated on the receive side on the received message match then thereceived data was unchanged.
Sign/Verifyis an authentication operation that creates a hash digest of data, which is thenencrypted using a private key to make a signature. To verify, the receiver hashes thereceived data and then decrypts the received signature of that data with the senderspublic key. If the signature received from the sender matches the hash that thereceiver generated with the public key, then the signature is considered valid.
ECDSA(Elliptic Curve Digital Signature Algorithm) an elegant and standardized method to
provide asymmetric authentication using a sign-verify process using Elliptic Curve (ECC)
7/24/2019 Crypto Products Backgrounder R0
25/138
7/24/2019 Crypto Products Backgrounder R0
26/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
26 A C
with (has integrity). Securityat both the transport and application layers isrecommended for wireless applications.
CIAConfidentiality, integrity (of the data), and authenticity. All three are necessary fora truly secure application.
Hardware Security Module (HSM)is a physical computing device that safeguards andmanages digital keys for strong authentication and provides cryptographic processing.
These modules traditionally come in the form of a plug-in card or an external device
that attaches directly to a computer or network server.
Trusted Platform Module (TPM)is an international standard for a secure cryptographicprocessor designed to secure hardware with protected cryptographic keys. The
specification is devined by the Trusted Computing Group (TCG). ISO and IEC
standardized the specification as ISO/IEC 11889 in 2009. TCG published revision 116
version 1.2 on March 3, 2011. Trusted Platform Module Library Specification Revision
01.16 was released October 2014 and is the most current TPM 2.0 release
7/24/2019 Crypto Products Backgrounder R0
27/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
27 A C
Crypto
Operations
7/24/2019 Crypto Products Backgrounder R0
28/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
28 A C
14. Crypto Operations: Why use Crypto Elements?Because connected things need strong authenticationand more.
It seems that every day new and increasingly dangerous viruses are infecting digitalsystems. Viruses with names such as Heartbleed, Shellshock, Poodle, and Bad USB have put
innocent people at risk in 2014 alone. Russian Cyber gangs (a.k.a. CyberVor) have exposed
over a billion passwords. The scary thing is that the attacks are targeted at the very security
mechanisms that are meant to provide protection. Because the digital protection mechanisms
themselves have become targets, they must be hardened. This is especially important now
that the digital universe is going through a type of Big Bang with the explosion of the IoT.
That is sending billions of little sensing and communicating processors all over the earth, like
dust. Growth in processing, communicating, and sensing semiconductors (which are exactly
what the IoT is made from) will grow at a rate of over 36% in 2015 according to Gartner,
dwarfing the overall semiconductor market growth of 5.7%. Big Bang. Big Growth.
As for security, the IoT will multiply the number of points for infection that hackerscan attack by many orders of magnitude.
It is not hard to see that trust in the data communicated via an ubiquitous (and nosey) IoT
will be necessary for the IoT to be widely adopted. Without trust, the IoT will fail to launch.
There is hardly any doubt there. In fact, the recognized inventor of the Internet, Vint Cerf,
completely agrees, saying that strong authentication is important for the IoT, and we need to
make sure they are talking to the devices they are supposed to talk to. Those are very clear
statements, but for fun lets translate Dr. Cerfs admonition into pop culture parlance: No
security? No IoT for you.
There is much more to the story behind why the IoT needs strong security. Because the
world has become hyper-connected, financial and other sensitive transactions have become
almost exclusively electronic. Money now is simply electronic data, so everyone and every
company are at risk of financial losses stemming directly from data breaches. See?
Databanks are where the money is kept and data is what criminals attack. While breaches
are in fact being publicized, there has not been much open talk about their leading to
significant corporate financial liability. That liability, however, is real and growing. So, CEOs
should not be the least bit surprised when they start to be challenged by significant
shareholder and class action lawsuits stemming from security breaches.
Although inadvertent, companies are in fact exposing identities and sensitive financial
information of millions of customers, and they may not always be taking all the measures that
they can to ensure the security and safety of their products, data, and systems. Both
exposure of personal data and risk of product cloning can translate to financial damages.
Damages translate to legal action. The logic of tort and securities lawyers is that if proven
methods to secure against hacking and cloning already exist, then it is the fiduciary duty of
the leaders of corporations (i.e. the C-Suite occupants) to embrace such
protection mechanisms (such as hardware-based key storage), and not doing so could
possibly be argued as being negligent. Agree or not, that line of argumentation is logical and
perhaps likely.
A few CEOs have already started to equip their systems and products with strong hardware-
based security devices...but they are doing it quietly and not telling their competitors. This
gives them an edge.
7/24/2019 Crypto Products Backgrounder R0
29/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
29 A C
Why use crypto elements? (Continued)
Software, Hardware, and Hackers. Why is it that hackers are able to penetrate systems
and steal passwords, digital IDs, intellectual property, financial data, and other secrets? It is
because until now only software has been used to protect software from hackers. Hackers
love software. Breaking into software is what they live for.
The problem is that rogue software can see into system memory, so it is not a great place to
store important things such as passwords, digital IDs, security keys, and other valuable
things. The bottom line is that all software is vulnerable because software has bugs despite
the best efforts of developers to eliminate them. So what about storing important things in
hardware?
Hardware is better, but standard integrated circuits can be physically probed to read what
is on the circuit. Also, power analysis can quickly extract secrets from hardware. So, is
there anything that can be done? The answer fortunately is yes.
Three of four generations of hardware key storage devices have been designed to protect
keys with physical barriers and cryptographic countermeasures that ward off even the most
aggressive attacks. Once keys are securely locked away in protected hardware attackers
cannot see them and they cannot attack what they cannot see. Secure hardware key
storage devices like Atmel CryptoAuthentication employ both cryptographic algorithms and
a tamper-hardened hardware boundary to keep attackers from getting at the cryptographic
keys and other sensitive data.
Keeping secrets keys secret.The basic idea behind such protection is that cryptographic
security depends on how securely the cryptographic keys are stored. But of course it is of no
use if the keys are simply locked away. There needs to be a mechanism to use the keys
without exposing them. That is the other part of the CryptoAuthentication equation,
namely built-in crypto engines that run cryptographic processes and algorithms. A simple
example of accessing the secret key without exposing it is using challenges (usually random
numbers), secret keys, and cryptographic algorithms to create unique and irreversible
signatures that provide security without anyone seeing the secret key.
Crypto engines make running complex mathematical functions easy while at the same time keeping secret
keys secret inside robust, protected hardware. This hardware key storage/crypto engine combination is the
secret to keeping secrets and being easy to use, available, ultra-secure, tiny, and inexpensive
While the engineering that goes into
hardware-based security is sophisticated,
Atmel does all the crypto engineering so
there is no need to become a crypto
expert.
7/24/2019 Crypto Products Backgrounder R0
30/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
30 A C
15. Crypto Operations: Symmetric Authentication with secrets stored onthe host using Random Challenge-Response.
With Symmetric Authentication using secrets stored on the host using Challenge-Response, like you mightexpect from the name, the host sends a challenge and the client makes a response using cryptographic
magic (i.e. math) and then the host runs the same process in order to make a comparison to see if it gets
the same answer. It the answers on each side match then the client is real.
STEP 1: The process starts when the host sends a random number, which is generated by theATSHA204s random number generator to the client. It does this at the time that it wantsto verify if the client is real such as when an ink cartridge is inserted into a printer. Thisstep is called the Challenge.
STEP 2: The client receives the random number challenge and runs it thru a hash algorithm
(SHA256) using the secret key stored there. The result of the hashing function is called
the Response and also called Message Authentication Code (or MAC). The response
(MAC) is then sent to the host, and together these actions comprise step two.STEP 3: At step 3 the host internally runs the same challenge number (i.e. the random number) it
sent to the client thru a hash algorithm using the secret key stored on the host side. Then
the host compares the hash value calculated on the host side with the response hash
value sent from Client. If the two hash values match then the Client is verified as being
real.
Benefits
Symmetric authentication is fast
Crypto devices on both host and client sides ensures very secure secret storage
7/24/2019 Crypto Products Backgrounder R0
31/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
31 A C
16. Crypto Operations: Symmetric Authentication without secretstorage on the host using a Fixed Challenge
Symmetric authentication can also be accomplished without having a crypto device on the host side. Suchan arrangement is called a fixed challenge-response. That means that the host does not use a random number, but
instead uses a fixed number pair, or series of pairs, of specific challenge and response numbers that are
programmed into the hosts memory.
STEP 1:The challenge and corresponding response values are then loaded and stored on the host .
STEP 2:Once the product is deployed in the field and it is time for the authentication of the client (like a
consumable), the host sends its preloaded challenge to the client to check if the client is real or
not .
STEP 3:The crypto element on the client will run the hash algorithm on that challenge number and
generate a response and send that response back to the host.
STEP 4:The host compares the response from the client with the pre-loaded response value stored in itsmemory.
STEP 5:If the client is real then the response from the client (which is the hash value based on the secret
key and the challenge) will be the same as the response value that was preloaded in the host.
Since each host is loaded with a different challenge/response pair, each product the host is incorporated into is then
unique by definition. Cloning beyond only one copy is impossible. Thus this is a highly secure and very cost
effective technique because it can be easily implemented with very low cost MCUs.
Benefits
Symmetric authentication is fast
No secrets in the host
Can use low cost MCU of host because less computation is needed for a fixed challenge
7/24/2019 Crypto Products Backgrounder R0
32/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
32 A C
17. Crypto Operations: Symmetric Authentication without secretstorage on the host using Fixed Challenge and intermediate key.
Fixed challenge-response is a great methodology when low cost micros are desired; however, somesecurity is sacrificed since a logic analyzer can be employed to break the security in no other
countermeasures are employed. Fortunately, there is an easy way to add more security to fixed challenge-
response scenario, and that is by using an additional hashing stage with an intermediate key. An
intermediate key, just like it sounds, is an intermediate step in the process. A key is created by hashing the
stored secret key on the client with the challenge and then hashing that with some type of unique and
changing number, from the host side. That unique number is called a nonce. The clients response will
change with the changing nonce value. So, trying to analyze the responses with a logic analyzer will be
fruitless, which makes this methodology more secure than simple fixed challenge-response. The steps to
accomplish symmetric authentication with intermediate key are noted below:
STEP 1:The process starts with the fixed challenge that is compiled into the MCUs software in the factory.
STEP 2:That challenge is hashed with the secret key stored on the client, thus creating the intermediate
key.
STEP 3: A unique number such as a random number or the date-time-etc. is issued by the MCU and sent
to the client. That unique number is used just once and therefore it is called the NONCE, which
means number used once in cryptographic parlance.
STEP 3: The intermediate key created in Step 2 is hashed with the NONCE that was received from the
MCU.
STEP 4: The hash of the intermediate key and NONCE performed by the client becomes the clients
response, which is sent to the MCU on the host.
STEP 5: With fixed challenge-response, the challenge and response pair gets loaded into the MCU.
Similarly with this intermediate key variation, the fixed challenge and the corresponding intermediate
key pair are loaded into the MCU. Each challenge has a corresponding intermediate key that is
created by hashing the challenge with the secret key.
STEP 6: The same NONCE that was sent to the client is hashed with the intermediate key on the host to
create the MCU Digest. If the client is real then the MCU Digest on the host will match the clients
response that was sent to the host.
Benefits
Cannot be attacked witha logic analyzer
Increased security
7/24/2019 Crypto Products Backgrounder R0
33/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
33 A C
18. Crypto Operations: Asymmetric Authentication Using DigitalSignatures (ECDSA)
In the real world the Asymmetric Authentication process typically begins when a client device is insertedinto a host system or the host system wants to know what exactly is connected to it. Examples are a
printer ink cartridge being inserted into a printer, a thermostat control block wanting to talk to a remote
temperature sensor, a cell phone connecting to a wall charger, and many others.
Thebest way to understand how ECDSA performs authentication and how it ties that back to
the root of trust is to break it down into its individual steps. Admittedly, there are many
steps but each one does a very specific and simple thing, so it is easy to follow. To simplify
the process, it is useful to group the steps into sequential phases that perform distinct
objectives in the process. Fortunately, there is a clear break between two major objectives,
so we can break it into a phase one and phase two.
Phase ones goal is to use ECDSA calculation algorithms to verify the public key onthe client. Phase one has a second goal which is implied, and that is to verify the entire
certificate chain back to the root of trust (i.e. the certificate authority or issuer). One way
to look at it is that the host MCU must identify and confirm the entire history of who signedwhat. (In this example we will look at a two level signing history going from the issuer to thesigning module to the client device.)
To accomplish the verification of the public key in phase one it is necessary to verify all the
signatures in the certificate chain. In this example the signatures are stored in the client in
two distinct digital certificates. One is the clients certificate and the other is the signers
certificate. The certificates are the mechanism that allows the chain to reach back to the root
of trust (i.e. the issuer).
Phase twos goal is to use ECDSA calculations to verify that the private key on the
client is related to the previously verified public key.Verifying that the client has a valid
public-private key pair is the soul of symmetric authentication. If the ECDSA verify
calculation operations of both phases pass then the client is verified as real. And that is the
whole purpose.
Benefits
Increased security because asymmetric authentication does not need secure key storage onthe host (only the client)
No need to update the host with secrets in the field. (Can update the public key at any time.) ATECC108A and ATECC508A have ECDSA built in, making it super-easy to implement.
7/24/2019 Crypto Products Backgrounder R0
34/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
34 A C
19. Crypto Operations: Asymmetric AuthenticationMaking the ECDSA certificates
To understand the ECDSA process it is very helpful to first look at how the certificates are built and loaded into
the crypto device. This happens in the factory.
A certificate is made from two components:
1) The certificate data
2) The signature.
The client certificate creation process begins in the factory on the machine that tests the crypto device: in other
words, the tester. Attached to the tester is equipment called the signing module that contains its own secret
private key.
That private key is securely stored and never shared. The signing module is used to create the signature, just
as its name implies. Once the certificate is made it is loaded into the device.
7/24/2019 Crypto Products Backgrounder R0
35/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
35 A C
20. Crypto Operations: Asymmetric AuthenticationCreating the Clients Certificate
First, lets look at the creation of the certificate data.
The certificate data is made up of three items: 1) static data, 2) dynamic data, and 3) the
clients public key. You can look at the static data as a type of boilerplate that contains basicinformation such as the companys name, address, and other information that never changes. Incontrast, dynamic data from the tester are data that generally change with each part or group of
parts being tested. Dynamic data include things like the serial number, date, time, expiration date,
and so on. The clients public key is the third item that goes into the certificate data. Recall thatthe clients public key is paired to the private key of the client device. The private key is securely
stored in the ATECC508A and never shared (which makes it private). Now the process moves to
making the signature.
Recall that the certificate data comprises just half of a certificate. The other half is the
signature. What is a little tricky to understand at first is that the certificate data have two purposes
when it comes to building the certificate: (1) to become part of the certificate, and (2) to get hashedand then run through a signing algorithm to produce the signature. Both the certificate data and the
signature made from that certificate data make up the complete certificate, and that is a major pointto remember. You can see the two purposes of the certificate data clearly in the diagram, which
showshow the certificate data are assembled and stored in the certificate and then also digested and
input to the signing process on the signing module.
As for the details, the signature process begins with a copy of the certificate data being put througha hash algorithm to create a number called a hash value (or digest). ECDSA P-256 specifies a 32
byte digest length and SHA256 as the hashing algorithm. Once created, the digest is ready to besigned by the sign module in the factory.
The sign module is a piece
of equipment thatsecurely stores the
signers private key. Being
securely stored meansthat no one can getaccess to that key. The
sign module uses the ECCsign algorithm to sign thedigest of the certificate
data with the signers
private key. The result ofthat process becomes the
signature of the
certificate data that wentinto the singing moduleand signed with the
private key of the module.
The signature then joinsthe original (i.e.unhashed) certificate data
to complete
the certificate.
7/24/2019 Crypto Products Backgrounder R0
36/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
36 A C
21. Crypto Operations: Asymmetric AuthenticationCreating the Signers Certificate
Another certificate called the signers certificate is used to create the link to the certificateauthority (issuer). The signers certificate is made by the issuer creating a signature over the
signers certificate data that it receives from the tester. It signs the data using its (i.e. the
issuers) private key. Both the signers and clients certificates are stored in the ATECC508A
device. The signers certificate is made by the testersassembling the signers certificate data
and placing it into the certificate, and then hashing signer certificate data and sending that
digest to the certificate authority(issuer)to be signed with the issuers private key. Once
created, the signature is sent back to the tester to be inserted into the signers certificate
alongside the signers certificate data. That completes the singers certificate. The public key
of the issuer that corresponds to the issuers private key gets sent to the MCU to use later
during the actual authentication process. Both certificates are now finished and can be
securely installed into the crypto device by the
tester.
7/24/2019 Crypto Products Backgrounder R0
37/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
37 A C
22. Crypto Operations: Asymmetric AuthenticationECDSA is a two phased process (Phase 1, Part 1: Verify Clients Public Key)
ECDSA is a two phased process with phase one being to verify both the clients and signerspublic keys. Phase one links (i.e. chains) the clients and signers signatures back to the
issuers signature, which establishes the root of trust (i.e. ties to the anchor).
Phase twos purpose is to verify the clients private key. When each of the keys are verified itis proven that there is a valid client public and private key pair, and that they tie back to the
root of trust. In short, that means that the client is mathematically verified as being real (i.e.authenticated).
Phase 1starts with the host requesting information to be sent over by the client (accessory).
That information comes over to the host in the clients certificate and in the singers
certificate. When the host receives the certificates, it extracts the clients certificate data
(clients static data, clients dynamic data, and clients public key) and the signature made by
the signing module in the chip factory) from the clients certificate. It also extracts the
signers certificate data (including the signers public key) and the issuers signature that was
made by the certificate authority (the issuer) from the signers certificate. The host runs a
hashing process on the both sets of certificate data that it just received, creating two 32-byte
message digests(P-256 curve): 1) the clients digest, and 2) the signers digest.
The extracted signers public key from the signers certificate is input to the ECDSA verify
calculation together with the clients digest (number 1 above) and the clients signature from
the clients certificate. The purpose of this ECDSA calculation is to verifythe clients publickey.
7/24/2019 Crypto Products Backgrounder R0
38/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
38 A C
23. Crypto Operations: Asymmetric AuthenticationECDSA is a two phased process (Phase 1, Part 2: Verify Issuers Signature)
Before the ECDSA calculation of phase 1, part 1 can be accepted as complete, another ECDSA
calculation must be run to verify that the root of trust exists. That second calculation is called
phase 1, part 2. The root of trust is established by linking the signers signature to the
issuers signature. This is done by verifying via an ECDSA verify calculation the issuers
signature.
To do so, the issuers signature (extracted from the Signers certificate) is inputto the second
ECDSA calculation along with two other inputs:
1) The digest made by hashing the signers certificate data, and
2) The issuers public key that came over to the MCU at some earlier point (and was
stored in memory of the MCU).
If both ECDSA calculations pass then the clients public key is considered to be verified all theway back to the root of trust (i.e. the issuer).
7/24/2019 Crypto Products Backgrounder R0
39/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
39 A C
24. Crypto Operations: Asymmetric AuthenticationECDSA is a two phased process (Phase 2: Verify Private Key)
When both phase 1 ECDSA calculations pass, then phase 2 starts with the goal of verifying theclients private key. Recall that the whole point of this two-phased process is to verify mathematically
that the clients private key and public key are indeed a valid key pair and tie back to the root of
trust.
Phase 2: This phase begins with the host generating a random number challenge and sending it tothe client. The client device uses the ECDSA signature engine in the ATECC508A to create a new
signature using this random number and the clients (secret) private key securely stored there. That
new signature is then sent to back the host, which uses it along with the same random number usedto make the signature on the client and the clients public key (that was previously verified in phaseone) as the inputs to the Phase 2 ECDSA verify calculation. If that ECDSA calculation succeeds, then
the host has then proven that the accessory (client) is real (i.e. that the client contains a validprivate-public key pair). As you can see, the ATECC508A does all the heavy mathematical lifting.
In addition, Atmel provides the tools that Atmel provides make it easy to program the
microcontroller to do its part without having to securely store a secret. That is the whole reason for
asymmetric authentication: the secret only has to be secured on one side.
The engineering and mathematics behind authentication using sophisticated algorithms may not beeasy, but that does not matter to the user because Atmel makes it easy to implement cryptographywithout having to be a cryptography expert.
Benefits
ECDSA is a proven and secure authentication process
Uses the advantages of Elliptic Curve Cryptography (high security , short key, less computation) No need for secure key storage in the host
7/24/2019 Crypto Products Backgrounder R0
40/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
40 A C
25. Crypto Operations: Secure Boot Step 1. Signing the applicationcode in the factory.
Firmware in every type of product is vulnerable to cloning. Using CryptoAuthenticationdevices can ensure that only the authorized firmware is loaded at boot time. There is a
growing trend in many industries where Intellectual Property (IP), particularly firmware is
being copied, and the benefits of expensive R&D investments end up being forfeited by the
legitimate owners. CryptoAuthentication is a simple and effective way to guard against
firmware and product cloning. Placing a CryptoAuthentication device onboard a micro-
controlled system provides a simple solution that can match the secret stored in the security
IC to the operating firmware. How that can be accomplished depicted in the secure boot
diagrams. This is shown as a two-step process where step one is the signing of the
application code in the factory, and step two is where it is verified by the crypto element
device before launching the code in the application at boot time. Secure Boot Step 1 is the
signing of the application code in the factory. The code and the signature is sent to the
embedded system in the field and loaded into the system memory.
STEP 1.1is to hash the application code to prepare it to be signed by the signing module in
the factory.
STEP1.2: The signing module in the factory contains a secret key that is securely stored.
The secret key can (should) be stored in a crypto element device, which also can
run the signing algorithm. The result of singing the hash of the application code
with the secret key of the signing module is a hash value or Massage
Authentication Code (MAC).
STEP1.3is where the signature/MAC is sent to the embedded system that will authenticate
the code prior to booting it.
STEP1.4is the sending of the application code that will be authenticated and loaded at boot
time into the system. Typically the application code and MAC are sent together
Once the code and signature/MAC is sent into the field, Step 2 can be performed by the
embedded system.
7/24/2019 Crypto Products Backgrounder R0
41/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
41 A C
26. Crypto Operations: Secure Boot Step 2. Authenticating the device inthe field
Secure Boot Step 2 is the process of using the signature and the code itself at boot time to authenticate thecode (i.e. to check if it is real). The basic idea is to use the crypto element device to create a signature of
the code just like was done in the factory and then compare that new signature with the one from the
factory. If those two signatures match then the code is proven to be the same as the original code (i.e. not
altered or fake) and is considered real and thus can be loaded.
STEP 2.1 is the loading of the application code and the signature /MAC at boot time into the flash memory
of the embedded system.
STEP 2.2is the hashing of the application code in preparation for signing of the code.
STEP 2.3is the singing of the hash of the application code by the stored secret key in the ATSHA204A to
create a digest which is the signature/MAC.
STEP 2.4 is the comparison of the signature/MAC received from the factory with the signature/MAC justcreated by the ATSHA204A in the embedded system.
If the messages (i.e. the application code) and the secret keys in the factory and in the embedded system
are the same then the signing process will result in identical signatures/MACs. If the signatures/MACs
match then the code has not been corrupted and is authentic and can be loaded into the system
Benefits
Secure boot using a crypto device can protect IP and revenue streams
Easy to implement very strong security
Numerous applications
7/24/2019 Crypto Products Backgrounder R0
42/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
42 A C
27. Crypto Operations: Protecting Downloaded Firmware withSymmetric Keys; Step1: Encrypt and MAC application code
Software and firmware IP protection possibly provides the largest opportunity application target market.This segment includes anyone that has an embedded system or software solution. And, that is just about
anyone that has a processor in their system.
Most systems use nonvolatile memory to store programs to remotely add features and fix problems, but
they are vulnerable to hacking. That is because all software based systems can be hacked.
CryptoAuthentication crypto element devices protect downloaded firmware by preventing hackers from
getting software images and algorithms. This ensures that only unmodified OEM-authorized firmware gets
loaded in nonvolatile memory. The usage models are flexible. All downloads will be identical and the user
can post download on the web without concern of theft because the firmware will be encrypted. Two of the
fundamental cryptographic pillars are used in this case: encryption and authentication. Encryption allows
the software IP to be sent to target users without others being able to understand what it is and use it. It will
of course be decrypted on the other side. Authentication is used to ensure that the code that gets
decrypted is indeed the intended code and has not been altered, replaced, or corrupted.
This is a two step process with Step 1 being done by the developer on the sending side to encrypt the
original application code using an encryption key, and to create a Message Authentication Code (MAC) to
ensure authenticity. Step 2 is done on the receiving side by downloading the encrypted code and MAC in
order to decrypt and authenticate the code. Step 1: Encrypt and MAC application code happens as follows:
STEP 1.1: The code developer creates an encryption key in order to encrypt the code that will be
downloaded by the receiving side. This is done using an ATSHA204A that stores a secret key
for encryption. The ATSHA204A hashes a seed number with the secret key to create a digest
(Message Authentication Code (MAC)), which will be the encryption key that is input to the
encryption algorithm that is run on the MCU.
STEP 1.2: The MCU encrypts the code using an encryption algorithm (such as AES) using the encryption
key just created.
STEP 1.3:The encrypted code is put in a place to allow it to be downloaded by the target user. The seed
number used to create the encryption key will also be put in that same place. The seed and
encrypted code will be downloaded together.
STEP1.4: addresses the other pillar of security which is authentication. This is done by hashing (or
padding) the original application code to size it correctly to be hashed with the secret
authentication key, which is
a different key than used
earlier fro encryption. The
result of the hash of the
digested (or padded)
application code with the
authentication key is the
Authentication MAC.
STEP 1.5: That Authentication MAC
gets put into the same place
as the encrypted code and
seed number so that all of
those can be downloaded
by the receiving side.
7/24/2019 Crypto Products Backgrounder R0
43/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
43 A C
28. Crypto Operations: Protecting Downloaded Firmware with SymmetricKeys; Step2: Download, Decrypt, and Authenticate
The target user of protected firmware will download the encrypted code, seed number, and AuthenticationMAC.
STEP 2.1To decrypt the code the seed that was downloaded is hashed with the secret key stored in the
crypto element on the client embedded system. Being symmetric, this stored secret key has
the same value the key stored the on the transmitting (uploading) side. The result of the
hashing of the secret key with the seed number will be the decryption key, which of course
matches the encryption key if it has not been corrupted during transit.
STEP 2.2: The embedded systems MCU uses the decryption key just created as input to the encryption
algorithm (such as AES) to decrypt and recover the application code. The process then
moves to the authentication stage.
STEP 2.3: The newly decrypted code gets hashed (or padded) just like was done by the developer on
the transmitting side to prepare it for hashing with the secret Authentication key. That key is
exactly the same as the Authentication key the developer used since this is a symmetric
process. The result of that hash is the Clients Authentication MAC.
STEP 2.4: It will be compared (using the CheckMAC command) to the Authentication MAC that was
downloaded with the encrypted code and seed. It they match then the downloaded and
decrypted code is authenticated and can be loaded into the system.
Benefits
Special downloads for each customer by tying to authorized serial numbers. All downloads will be identical
Can post the download on the web because it will be encrypted
7/24/2019 Crypto Products Backgrounder R0
44/138
7/24/2019 Crypto Products Backgrounder R0
45/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
45 A C
essentially closes the trusted session. In other words, enough information no
longer exists to ever recover or replay that session as long as the random
number used was from a quality source like the crypto devices TRNG. By
controlling how often a session key is generated in the initiating system, thesystem integrator effectively controls the sessions lifetime determined by
number of secure transactions, i.e., transmission and recovery of sensitive
data.
Successful recovery of the session encryption key essentially proves the mutual authenticity of the initiating
and target systems. A non-authentic system will not be able to recover the session encryption key, and,
therefore, will not be able to gain access to the sensitive information. In other words, only mutually authentic
systems can securely communicate, and authentication effectively derives from the shared root secret
within the fortified confines of the crypto device.
Please Note: An alternative method for key exchange such as ECDH (Elliptic Curve Diffie-Hellman) can be
easily implemented using the Atmel ATECC508A device, and is described elsewhere. The methodology
described here uses symmetric techniques, and thus can be easily implemented in ATSHA204A devices,
which may be more attractive for certain systems. Please note that other CryptoAuthentication crypto
elements, namely the ATECC108A and ATECC508A, are supersets of the ATSHA204A and thus can also
perform the methodology described in this document.
Commands of Interest
Atmel crypto elements like the ATSHA204A come with a rich set of commands that offer system integrators
high flexibility in tackling various security challenges. Please note that after device personalization, only
three of these commands are necessary to accomplish the application described here; namely, ,
, and commands, which are described in the following table:
7/24/2019 Crypto Products Backgrounder R0
46/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
46 A C
CryptoAuthentication Commands of Interest
Command Description
Generates a random number for the creation of session encryption keys. Combines the random number with the embedded root secret to create or recover the session encryption key.
A precursor to the command whose function is to initialize the crypto device into an internal state of high
entropy. High entropy in this context is desirable because it eliminates the ease of guessing and mounting
replay attacks. This miniscule list of commands emphasizes the ease of implementation and minimal demand
on system resources like CPU bandwidth and code storage requirements.
Benefits
Changes key for each session so keys are not used for very long which increases security
Very simply yet secure methodology
Easily implemented with ATSHA204A devices
7/24/2019 Crypto Products Backgrounder R0
47/138
7/24/2019 Crypto Products Backgrounder R0
48/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
48 A C
31. Crypto Operations: Decrypting encrytped data at rest
Crypto elements with hardware key storage can be used together with an MCU to encrypt stored files.(This is often called protecting data at rest.) With a crypto element, the encryption-decryption key is
securely stored in protected hardware as opposed to being stored in software, which is less secure.
The encryption/decryption process in this example is AES (Advanced Encryption System). With such
encryption algorithms files are encrypted using a particular seed number that is hashed with the secret
encryption that is stored at the encryption site. The same secret key is stored securely at the decryption
site as well.
The steps to send and decrypt the encrypted files are as follows:
STEP 1: The encrypted code and seed received on the decrypting side is hashed with the secret
key and seed to create a Message Authentication code (MAC). That MAC is the
decryption key and gets sent to the MCU.STEP 2the MAC/decryption key is input to the MCU that will run the AES algorithm to decrypt the
encrypted files. The reason that works is that that very same seed number was hashed
at the encryption site with the exact same secret key. Therefore that hash (MAC) on the
encryption side and on the decryption side will be the same if the data did not get
corrupted or altered in transit.
STEP 3 The system MCU decrypts the encrypted file into clear text
STEP 4 The decrypted file can now be used in the system as desired.
Benefits
Highly secure decryption
Easy to implement
Very fast operation
7/24/2019 Crypto Products Backgrounder R0
49/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
49 A C
32. Crypto Operations: Data Integrity Checking using MessageAuthentication Code (MAC)
CryptoAuthentication crypto element devices can be used to authenticate a message by creating a
simple Message Authentication Code (MAC) and appending that MAC to the message packet. Thisis a data integrity mechanism. A MAC is a very fundamental cryptographic function. The basic
definition of a MAC is the result of a hash (compression) of a key and message.
Creating the authorized packet on the sending side:
STEP 1: is to begin the creation of the authorized packet. In this example the message is the
start time, end, time, and the authorized action. That message is first hashed by the
host to put it into the right size (which is 32 bytes for SHA256).STEP 2The result of the hash in step 1 (the message digest) is input together with the secret
key stored in the crypto element to create a message authentication code (MAC).STEP 3: Now that the MAC has been created it is appended to the original (un-hashed)
message packet.STEP 4: The message packet plus the MAC is sent to the other side where the integrity will be
validated.
Recall that the core mission of this application example is to execute the authorizedaction only if the current time is within the specified time range (i.e. between thestart and end times that are included in the message packet).
7/24/2019 Crypto Products Backgrounder R0
50/138
7/24/2019 Crypto Products Backgrounder R0
51/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
51 A C
33. Crypto Operations: Secure Password Protection
To ensure that a password that, for example, is typed into a system is not intercepted, an authentication process is
very useful. A random challenge-response is one way to accomplish that using a crypto element..
STEP 1: The ATSHA204A crypto element device sends a random challenge to the system MCU at the time the
password is being entered on the keyboard.
STEP 2: That random challenge then gets hashed with the password to create a response digest.
STEP 3: The response digest gets sent to the crypto device which also hashed the same random challenge and
the password with is stored in a key slot on the device.
STEP 4: The stored password and random challenge number are hashed to create a digest
STEP 5: The digest is then compared to the response digest made on the MCU,
STEP 6: If the digests match then the password is considered real (authentic).
7/24/2019 Crypto Products Backgrounder R0
52/138
7/24/2019 Crypto Products Backgrounder R0
53/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
53 A C
35. Crypto Operations: Node Data Integrity Using SymmetricIntermediate Keys
To provide node data integrity in a platform where it is not possible or desirable to securely store a secret key on
the host, a fixed challenge method using an intermediate key is recommended. A fixed challenge is a known
number that has previously been loaded into the hosts software (as opposed to a random challenge where the
challenge is a random number).
STEP 1:The challenge number is sent by the host to the remote node.
STEP 2:The challenge is hashed together with the secret key stored on the ATSHA204A on the client/node and
the result is a message authentication code (MAC) that acts as the intermediate key. The host side has
the same intermediate key that corresponds to the challenge compiled into its software. The intermediate
key on the host side was calculated in the same way by hashing the challenge number with the same key
in the node. That happens in the factory ahead of time. The challenge/intermediate key pair are loaded
into the software by the hosts designer.
STEP 3:The next step involves the data. An example of the data could be sensor data that is created on the node.
That data is sent to the ATSHA204A and to the host in the clear (i.e. not encrypted). Note that the data will
have to be in 32 byte format right from the source such as the sensor, or it has to be hashed or padded to
32 bytes for the next step.
STEP 4:The client hashes the 32 byte data (or hash or pad) with the intermediate key to create a response. The
response is a message authentication code (MAC) called the Response MAC in the diagram.
STEP 5:The data is also sent to the host and it will be padded or hashed if needed and the 32byte result will be
hashed with the
intermediate key stored in
the host to create amessage authentication
code (MAC) which is the
host MAC in the diagram.
STEP 6:The Host MAC and
Response MACs are
compared by the hosts
MCU to see if they match.
If they match then the data
received on both sides is
proven to be exactly the
same and thus has not
been corrupted ormodified. Thus, the
integrity of the data is
proven.
7/24/2019 Crypto Products Backgrounder R0
54/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
54 A C
36. Crypto Operations: Node AuthenticationUsing SymmetricIntermediate Keys
To provide node authentication in a platform where it is not possible or desirable to securely store a secretkey on the host, a method called fixed challenge-response using an intermediate key is recommended. Afixed challenge is a number that has previously been loaded into the hosts software.
The steps for authentication are noted below:
STEP 1: A fixed challenge number that was pre-loaded into the host is sent to the client/node by the host.Note that the fixed challenge number in the host was previously was hashed with the exact samesecret key stored in the client/node and the result of that hash was a message authentication code(MAC) that becomes the intermediate key. This happened in the factory and the fixed challenge andits corresponding MAC/intermediate key are both loaded into the software of the host.
STEP 2: The fixed challenge number sent in STEP 1 is received by the client gets hashed with the secretauthentication key stored securely in the ATSHA204A on the client/node. (Note that that this key isdifferent from the other secret keys stored on the ATSHA204A that get used for confidentiality anddata integrity.) The digest of that hashing process is a message authentication code (MAC), whichbecomes the intermediate authentication key of the client.
STEP 3: The host then sends a random number challenge to the node,
STEP 4: The ATSHA204A on the node hashes that random challenge with the intermediate key that wascalculated in Step 2. The result of that hash operation is a message authentication code (MAC)called the Response MAC in the diagram. The Response MAC is sent to the host.
STEP 5: The random number challenge that was sent to the client/node is hashed on the host side with theintermediate key stored in the host to create a message authentication code (MAC) called the HostMAC in the diagram.
STEP 6: The hosts MCU compares the Host MAC and Response MAC to see if they match. If they do thenthe client/node is proven to be real (authentic).
7/24/2019 Crypto Products Backgrounder R0
55/138
3Q2015 CRYPTO PRODUCTS BACKGROUNDR r12
55 A C
37. Crypto Operations: Using Diversified Keys to increase securityAn excellent way to increase security in a symmetric operation is to use something called diversified keys. This is also called a Key Derivation Function (or KDF). What that means is that the key that is in the host, called
the root key, is not shared as such with the clients. Instead each client gets a derivative of that root key based
upon a unique number assigned to that particular client, such as its serial number. That serial number is hashed
with the root key in