By: James Tomasetta
Fixed challenge authentication is an easy way to add security to your product without the added expense of additional hardware to the host or client, interactive testing, or extensive software development.
Fixed challenge authentication is the only authentication model that does not require a key or calculation on either the host or client. With the fixed challenge model the host sends the same challenge every time authentication is needed and the client always responds with the same response. By ensuring the same challenge and response are used both sides can have a pre-calculated version of the challenge response pair.
The major weakness in this model is that an attacker can monitor the bus and record the challenge/response pair and then use the recording to fool the system into validating a fake device. This is known as a replay attack and is one of the easiest forms of attacks. To counter this, the host can have a list of challenge/response pairs and randomly select from the list requiring the attacker to record multiple transactions on the bus prior to fooling the system.
Another key weakness in the system is that the challenge/response pairs need to be stored in memory, making them easy to extract from the host. One solution to this is to add a hardware authentication device to the host. Adding a hardware device like the Atmel ATSHA204 CryptoAuthentication IC allows the system to increase the level of security without the need to change any client device already in the field.