By: Gunter Fuchs
Previously, in this space, we briefly discussed the four different authentication models that one can employ in an embedded design. Now, we’d like to take a deeper dive into the nuances of combining a diversified key model with the random challenge response model and the steps it takes in authenticating.
The following are the unique characteristics of this model:
- Each client has a unique serial number and a diversified key that are related by some cryptographic function
- A root key for the cryptographic function is stored on the host
- The hash algorithm is implemented on both the host and client
- A random number generator is required on the host
And the following outlines what is going on inside the chips during the authentication process:
- The host reads the unique serial number from the client
- The host calculates the diversified key internally using the cryptographic function
- The host generates a random number for use internally and also sends it to the client as the challenge
- Both host and client perform the hash function using the diversified keys
- Host requests the calculated MAC from the client
Host compares the two calculated MACs to authenticate the client. Although complexity of implementing this “hybrid” increases, the benefit that comes with it is the added level of security. Please stay tuned on this blog to learn more about tips and tricks on how you can secure your design or check out these useful resources on security.
It’s in point of fact a nice and useful piece of info. I’m satisfied that you shared this useful info with us. Please stay us informed like this. Thanks for sharing.
I am having trouble locating documentation to help me use the ATSHA204.
I have found plenty of marketing material, and Application Notes that tell me what the chip does, but none of them tell me what functions to call, and with what parameters to achieve any specific authentication model.
The Datasheet doesn’t explain usage clearly, it just lists the modes and which bits to set, but doesn’t relate this back to the bigger picture.
I know in some cases I need to combine Nonce, GenDig and CheckMac, but can’t find any decent example.
Is there anyone I can talk to for more information?
I am in Australia.