Authentication means making sure that something is real, just like it sounds.
In the real world, authentication has many uses. One of the most recognizable is anti-counterfeiting, which means validating the authenticity of a removable, replaceable, or consumable client. Examples include system accessories, electronic daughter cards and spare parts. Of course, authentication is also employed to validate software and firmware modules, along with memory storage elements.
Another important and growing role for authentication is protecting firmware or media by validating that code stored in flash memory at boot time is the real item – effectively helping to prevent the loading of unauthorized modifications. Authentication also encrypts downloaded program files that can only be loaded by an intended user, or uniquely encrypt code images that are accessible on a single, specific system. Simply put, authentication of firmware and software effectively makes control of code usage a reality, which is important for IP protection, brand equity maintenance and revenue enhancement.
Storing secure data, especially keys, for use by crypto accelerators in unsecured microprocessors is a fundamental method of providing real security in a system. Checking user passwords via authentication means validation – without allowing the expected value to become known, as the process maps memorable passwords to a random number and securely exchanges password values with remote systems. Authentication facilitates the easy and secure execution of these actions.
Examples of real-world benefits are quite numerous and include preserving revenue streams from consumables, protecting intellectual property (IP), keeping data secure and restricting unauthorized access.
But how does a manufacturer ensure that the authorization process is secure and protected from attack? With hardware key storage devices such as Atmel’s ATSHA204A, ATECC108A and ATAES132 – which are all designed to secure authentication by providing a hardware-based storage location with a range of proven physical defense mechanisms, as well as secure cryptographic algorithms and processes.
The bottom line? Hardware key storage beats software key storage every time – because the key to security is literally the cryptographic key. Locking these keys in protected hardware means no one can get to them. Put another way, a system is not secure if the key is not secure – and the best way to secure a key is in hardware. It is that simple.
Future Bits & Pieces posts will explore various methods of authentication such as asymmetric and symmetric, the ways in which Atmel’s key storage devices operate, specific authentication use models and other security related topics.