Tag Archives: authentication device

What is authentication and why should you care?

Authentication means making sure that something is real, just like it sounds.

In the real world, authentication has many uses. One of the most recognizable is anti-counterfeiting, which means validating the authenticity of a removable, replaceable, or consumable client. Examples include system accessories, electronic daughter cards and spare parts. Of course, authentication is also employed to validate software and firmware modules, along with memory storage elements.

Another important and growing role for authentication is protecting firmware or media by validating that code stored in flash memory at boot time is the real item – effectively helping to prevent the loading of unauthorized modifications. Authentication also encrypts downloaded program files that can only be loaded by an intended user, or uniquely encrypt code images that are accessible on a single, specific system. Simply put, authentication of firmware and software effectively makes control of code usage a reality, which is important for IP protection, brand equity maintenance and revenue enhancement.

Storing secure data, especially keys, for use by crypto accelerators in unsecured microprocessors is a fundamental method of providing real security in a system. Checking user passwords via authentication means validation – without allowing the expected value to become known, as the process maps memorable passwords to a random number and securely exchanges password values with remote systems. Authentication facilitates the easy and secure execution of these actions.

Examples of real-world benefits are quite numerous and include preserving revenue streams from consumables, protecting intellectual property (IP), keeping data secure and restricting unauthorized access.

But how does a manufacturer ensure that the authorization process is secure and protected from attack? With hardware key storage devices such as Atmel’s ATSHA204A, ATECC108A and ATAES132 – which are all designed to secure authentication by providing a hardware-based storage location with a range of proven physical defense mechanisms, as well as secure cryptographic algorithms and processes.

Hack 1

The bottom line? Hardware key storage beats software key storage every time – because the key to security is literally the cryptographic key. Locking these keys in protected hardware means no one can get to them. Put another way, a system is not secure if the key is not secure – and the best way to secure a key is in hardware. It is that simple.

Future Bits & Pieces posts will explore various methods of authentication such as asymmetric and symmetric, the ways in which Atmel’s key storage devices operate, specific authentication use models and other security related topics.

Securing Your Design with the Fixed Challenge Authentication Model

By: James Tomasetta

Fixed challenge authentication is an easy way to add security to your product without the added expense of additional hardware to the host or client, interactive testing, or extensive software development.

Fixed Challenge Response

Fixed Challenge Response

Fixed challenge authentication is the only authentication model that does not require a key or calculation on either the host or client.  With the fixed challenge model the host sends the same challenge every time authentication is needed and the client always responds with the same response.  By ensuring the same challenge and response are used both sides can have a pre-calculated version of the challenge response pair.

The major weakness in this model is that an attacker can monitor the bus and record the challenge/response pair and then use the recording to fool the system into validating a fake device.  This is known as a replay attack and is one of the easiest forms of attacks.  To counter this, the host can have a list of challenge/response pairs and randomly select from the list requiring the attacker to record multiple transactions on the bus prior to fooling the system.

Another key weakness in the system is that the challenge/response pairs need to be stored in memory, making them easy to extract from the host.  One solution to this is to add a hardware authentication device to the host.  Adding a hardware device like the Atmel ATSHA204 CryptoAuthentication IC allows the system to increase the level of security without the need to change any client device already in the field.