Hashlet – an authentication device embedded on a mini-cape – is specifically designed to secure the BeagleBone Black (BBB). Powered by Atmel’s advanced ATSHA204, the mini-cape functions as an external hardware random number generator, performs the SHA-256 algorithm in hardware and is capable of storing up to 16 256-bit keys in write and read protected memory.
Manufactured by Cryptotronix, the device is packaged with free software (GPLv3) that provides an easy to use Command Line Interface (CLI).
“The Hashlet is assembled and tested by Cryptotronix prior to shipping,” the Cryptotronix crew explained in a recent product post. ”Simply slip the board on the top of the expansion header and the device is ready. The device uses /dev/i2c-1, which is enabled by default so there are no device-tree files that have to be installed.”
Random numbers (data) are easily generated with a single line command, while creating and verifying a MAC is similarly straightforward. According to the Cryptotronix crew, the Hashlet is both 3.3V and 5V friendly and can be used on any device capable of communicating with I²C. Meaning, the mini-cape is also compatible with a Raspberry Pi – if the I²Cs signals are split separately. The Hashlet can be purchased here for $12.
As we’ve previously discussed on Bits & Pieces, Atmel’s ATSHA204 boasts a number of defensive mechanisms specifically designed to prevent physical attacks on the silicon itself or logical attacks on the data transmitted between the chip and the system. Plus, each ATSHA204 ships with a unique 72-bit serial number.
By using the cryptographic protocols supported by the chip, a host system or remote server is able to prove the serial number is authentic and not a copy. In addition, the ATSHA204 is capable of generating high-quality random numbers and employing them for any purpose, including usage as part of the crypto protocols of the chip. Access to the silicon is granted via a standard I²C interface at speeds up to 1Mb/sec.
And last but certainly not least, it is compatible with most UART or serial IO controllers. So that’s the physical spec rundown, but what about specific attacks ATSHA204 is designed to shield against?
Well, the ATSHA204 is capable of helping to protect devices from a variety of nefarious threats, including algorithmic, protocol, microprobe, environmental, timing, bug, dumpster diving, emissions, fault and power cycling. Meanwhile, a secure boot system prevents unauthorized modification of host firmware and protects against unauthorized users enabling extra features without payment. Last, but certainly not least, the ATSHA204 helps thwart illicit system copies, piracy and code reverse engineering.