ATECC108 deep dive: Part 1

Earlier this summer, Atmel expanded its already formidable CryptoAuthentication portfolio with the ATECC108 solution, an elliptical curve cryptography (ECC) product. Today, we at Bits & Pieces will be taking you through our first ATECC108 deep dive.

As discussed in previous blog posts, the ATECC108 is the latest addition to Atmel’s CryptoAuthentication lineup of high-security hardware authentication devices. The ATECC108 boasts a flexible and versatile command set, allowing it to be used for numerous applications including:

• Protection for firmware or media – Validates code stored in flash memory at boot to prevent unauthorized modifications, encrypts downloaded program files as a common broadcast and uniquely encrypts code images to be usable on a single system.
• Anti-counterfeiting – Validates the authenticity of a removable, replaceable, or consumable client, such as system accessories and electronic daughter cards. This capability can also be used to validate a software/firmware module and memory storage element.
• Secure data storage – Stores secret keys for use by crypto accelerators in standard microprocessors.

As noted above, the ATECC108 can be used to house small quantities of data necessary for configuration, calibration and ePurse values – with programmable protection available using encrypted/authenticated reads and writes. Meanwhile, password checking validates user entered passwords without revealing the expected value, maps memorable passwords to random numbers and securely exchanges password values with remote systems.

“Atmel’s ATECC108 includes an EEPROM array that can be used for storage of up to 16 keys, miscellaneous read/write, read-only or secret data, consumption logging and security configuration. Plus, access to the various sections of memory can be restricted in a variety of ways and then the configuration locked to prevent changes,” an Atmel engineering rep told Bits & Pieces.

“The ATECC108 also features a wide array of defensive mechanisms specifically designed to prevent physical attacks on the device itself or logical attacks on the data transmitted between the device and the system. Hardware restrictions on the ways in which keys are used or generated provide further defense against certain styles of attack.”

According to the engineering rep, access to the device is facilitated through a standard I2C Interface at speeds up to 1Mb/sec. It is also compatible with standard Serial EEPROM I2C interface specifications, with the ATECC108 supporting a Single-Wire Interface to minimize the number of GPIOs required on the system processor and/or reduce the number of pins on connectors. Additionally, the ATECC108 supports an alternative single-wire interface compatible with other Single-Wire Devices. So if either SingleWire Interface is enabled, the remaining pin is available for use as a GPIO.

“Using either the I2 C or Single-Wire Interface, multiple ATECC108 devices can share the same bus which saves processor GPIO usage in system with multiple clients such as different color ink tanks or multiple spare parts. Each ATECC108 ships with a guaranteed unique 72-bit serial number,”  the engineering rep continued.

“Using the cryptographic protocols supported by the device, a host system or remote server can verify a signature to prove that the serial number is both authentic and not a copy. Remember, serial numbers are often stored in a standard serial EEPROM, but these can be easily copied, and there is no way for the host to know if the serial number is authentic or if it’s a clone.”

Plus, the ATECC108 can generate high-quality FIPS random numbers and employ them for any purpose, including usage as part of the device’s crypto protocols. Because each random number is guaranteed to be essentially unique from all numbers ever generated on this or any other device, their inclusion in the protocol calculation ensures that replay attacks (re-transmitting a previously successful transaction) always fails. And lastly, system integration is significantly eased with a wide supply voltage range (2.0V – 5.5V) and an ultra-low sleep current of <150nA.

Interested in learning more about Atmel’s versatile ATECC108? Stay tuned for part two of our deep dive in which Bits & Pieces details the device’s cryptographic operation.