Diversified Key with Random Challenge Response

By: Gunter Fuchs

Previously, in this space, we briefly discussed the four different authentication models that one can employ in an embedded design. Now, we’d like to take a deeper dive into the nuances of combining a diversified key model with the random challenge response model and the steps it takes in authenticating.

The following are the unique characteristics of this model:

  • Each client has a unique serial number and a diversified key that are related by some cryptographic function
  • A root key for the cryptographic function is stored on the host
  • The hash algorithm is implemented on both the host and client
  • A random number generator is required on the host

And the following outlines what is  going on inside the chips during the authentication process:

  • The host reads the unique serial number from the client
  • The host calculates the diversified key internally using the cryptographic function
  • The host generates a random number for use internally and also sends it to the client as the challenge
  • Both host and client perform the hash function using the diversified keys
  • Host requests the calculated MAC from the client

Host compares the two calculated MACs to authenticate the client. Although complexity of implementing this “hybrid” increases, the benefit that comes with it is the added level of security.  Please stay tuned on this blog to learn more about tips and tricks on how you can secure your design or check out these useful resources on security.

2 thoughts on “Diversified Key with Random Challenge Response

  1. mark

    It’s in point of fact a nice and useful piece of info. I’m satisfied that you shared this useful info with us. Please stay us informed like this. Thanks for sharing.

    Like

    Reply
  2. Ben Goodman

    I am having trouble locating documentation to help me use the ATSHA204.
    I have found plenty of marketing material, and Application Notes that tell me what the chip does, but none of them tell me what functions to call, and with what parameters to achieve any specific authentication model.
    The Datasheet doesn’t explain usage clearly, it just lists the modes and which bits to set, but doesn’t relate this back to the bigger picture.

    I know in some cases I need to combine Nonce, GenDig and CheckMac, but can’t find any decent example.

    Is there anyone I can talk to for more information?
    I am in Australia.

    Please help.

    Thanks,.
    Ben

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s