Tag Archives: ATSHA204 symmetric key

What is authentication and why should you care?

Authentication means making sure that something is real, just like it sounds.

In the real world, authentication has many uses. One of the most recognizable is anti-counterfeiting, which means validating the authenticity of a removable, replaceable, or consumable client. Examples include system accessories, electronic daughter cards and spare parts. Of course, authentication is also employed to validate software and firmware modules, along with memory storage elements.

Another important and growing role for authentication is protecting firmware or media by validating that code stored in flash memory at boot time is the real item – effectively helping to prevent the loading of unauthorized modifications. Authentication also encrypts downloaded program files that can only be loaded by an intended user, or uniquely encrypt code images that are accessible on a single, specific system. Simply put, authentication of firmware and software effectively makes control of code usage a reality, which is important for IP protection, brand equity maintenance and revenue enhancement.

Storing secure data, especially keys, for use by crypto accelerators in unsecured microprocessors is a fundamental method of providing real security in a system. Checking user passwords via authentication means validation – without allowing the expected value to become known, as the process maps memorable passwords to a random number and securely exchanges password values with remote systems. Authentication facilitates the easy and secure execution of these actions.

Examples of real-world benefits are quite numerous and include preserving revenue streams from consumables, protecting intellectual property (IP), keeping data secure and restricting unauthorized access.

But how does a manufacturer ensure that the authorization process is secure and protected from attack? With hardware key storage devices such as Atmel’s ATSHA204A, ATECC108A and ATAES132 – which are all designed to secure authentication by providing a hardware-based storage location with a range of proven physical defense mechanisms, as well as secure cryptographic algorithms and processes.

Hack 1

The bottom line? Hardware key storage beats software key storage every time – because the key to security is literally the cryptographic key. Locking these keys in protected hardware means no one can get to them. Put another way, a system is not secure if the key is not secure – and the best way to secure a key is in hardware. It is that simple.

Future Bits & Pieces posts will explore various methods of authentication such as asymmetric and symmetric, the ways in which Atmel’s key storage devices operate, specific authentication use models and other security related topics.

Atmel’s ATECC108 bolsters CryptoAuthentication security

Atmel has expanded its already formidable CryptoAuthentication portfolio with the ATECC108 – the company’s first Elliptical Curve asymmetric key authentication solution. According to Atmel engineer Steve Jarmusz, the ATECC108 features NIST standard P256, B283 and K283 Elliptic Curves, along with the FIPS 186-3 Elliptic Curve Digital Signature Algorithm.

elipticalcurve

“This combination of features – plus 8.5Kb EEPROM for storing up to 16 keys, unique 72-bit serial number and a FIPS standard based Random Number Generator – makes the ATECC108 ideal for a wide range of authentication applications,” Jarmusz told Bits & Pieces. “This includes consumer electronics, consumables, medical devices, industrial automation and IP licensing.”

The ATECC108 – which offers pin-to-pin compatibility with Atmel’s ATSHA204 symmetric key based authentication solution – consists of a SHA256 Hash Engine and is thus also functionally compatible with ATSHA204. The inclusion of both ECDSA and SHA256 will undoubtedly help engineers ease the migration from symmetric to asymmetric key authentication.

In addition, the ATECC108 utilizes 256- or 283-bit keys – both of which are more secure than a number of competing products weighing in at just 163 bits. Indeed, the NIST (Computer Security Research Center) recommends elliptic curves of 256/283-bit keys beyond the year 2030, while advising against key length less than 160 bit after 2010.

As expected, Atmel’s Elliptical Curve asymmetric key authentication solution offers comprehensive tamper protection, as it is built from the ground up to shield against a wide range of hardware attacks including micro-probing, timing, emission and power cycling.

“Perhaps most importantly, the ATECC108 offers a turnkey solution which is easy to use and does not require knowledge of cryptography,” Jarmusz added. “It is also supported by Atmel’s Studio 6 integrated development environment (IDE), facilitating an efficient design process and reducing time to market.”

Additional information about Atmel’s ATECC108 and extensive security portfolio can be found here.