Tag Archives: IP

How to program your secrets into a chip with hardware-based security

2 Replies

Written by Nelson Lunsford

Implementing security into your design may seem somewhat daunting and time-/resource-intensive at first glance.  You may be thinking that you don’t have the luxury for it.  Fortunately, Atmel makes it easy when using the turnkey Atmel CryptoAuthentication IC.

At its most basic, the CryptoAuthetication device receives a challenge from a host system and a response is sent back to that host system. That challenge is combined with a secret key stored in the secure memory of the CryptoAuthetication using the MAC command. Then the result or response is sent back to the host system. If the response is correct as determined by the host system, then the operation can proceed.

How does that secret get into the CryptoAuthetication IC in the first place? Well, the CryptoAuthetication device requires that it be personalized or programmed with a known configuration for the application that it is intended to solve. Personalization of the device simply means configuring it to do what you want it to do.

The following methods can be used to place secure information into the CryptoAuthentication device:

  1. You can program the IC using the available communications interfaces provided by the IC, namely SWI or TWI.
  2. Atmel provides a software package and a hardware kit. This package is the Atmel CryptoAuthentication Evaluation Studio (ACES) and the AT88CK101STK8 or AT88CK109STK8 hardware.
  3. Atmel has produced a Secure Personalization or Programmer Kit (combination hardware and software) that can be purchased to program the CryptoAuthentication in greater quantities than the ACES tool.
  4. Atmel has approved several 3rd party programmers that can be purchased program the CryptoAuthentication before deployment.
  5. Atmel has also approved several 3rd party companies that will program the CryptoAuthentication once the secrets have been securely received.
  6. Atmel provides a service to their larger customers enabling the CryptoAuthentication to be personalized at final package test.
  7. This service is for programming larger numbers of ICs where it is not conducive for you to manage it yourself.

Any of the 6 methods mentioned above will work for placing your specific data into the CryptoAuthentication device in order to protect your IP.

Using the ATSHA204 for Firmware IP Protection

Leave a reply

By: Ronnie Thomas

Read almost any major newspaper and you will see companies world-wide that have lost money due to theft of their intellectual property in the form of proprietary software or embedded firmware. The Atmel ATSHA204 CryptoAuthentication device is a great product to protect intellectual property by providing an inexpensive solution to protect software. The ATSHA204 capabilities include challenge-response functionality, diversified key schemes, rolling keys, and other protections to thwart would-be thieves.

secure IP equal protecting your wallet - ensure multiple challenge-response pairs

Multiple challenge-response pairs

 

In addition, there are other counter-hacker techniques that could be leveraged with the ATSHA204 IC to provide more software theft protection, including:

When you use multiple challenge-response pairs, the system will choose a set of challenge/response pairs based on some algorithm in the system code. This could be a function call to the c library rand() or a fibonchi lfsr. The number of challenge/response pairs are limited by the amount of space that a given system has to store the support code and challenge/response pairs. In addition, this scenario could be made more complex by offsetting the where the challenge and its corresponding response or held in memory (i.e. the challenge could be held in array 5, while the response could be held in array 23.

  • Chaining challenge-responses

In the chaining Challenge Response Technique, each response from the ATSHA204 can be fed back out as the new challenge. At some point the response would be evaluated and checked that the authentication verified successfully. By not evaluating the response each time the system gets the response from the client, the chain could execute a specified number of rounds without triggering a negative effect. If a hacker were monitoring the bus and failed the authentication check, they would not know which challenge/response was invalid.

  • Code Misdirection

Code misdirection is the addition of code in the equation that obfuscates to some degree the code path that is being executed, thereby making it harder for would-be hackers to clone a device.  A function pointer is declared, a check is done with in a local function. Once the answer is received the function pointer is set to null. This makes it harder to de-compile the source code and clone a device. Code misdirection could also be used to point to code that causes severe penalties if the response to a given challenge is incorrect, such as pointing to a infinite loop or code that does something destructive.

  • Move the Challenge to TempKey

In this example technique, a challenge could be stored in a reserved 32-byte register. At some point much later, the MAC command could be ran on the stored challenge and the response then could be sent back to the system. In this way it is much harder to pair a given challenge to that response.

  • Rolled Key Mechanism

Instead of using a “static” key in the authentication calculation, the rolled key function in the ATSHA204 adds security by changing the key value used in the calculation by combining some offset values and creating a new key. The offset value could be something meaningful like the serial number, time stamp, random number, etc.  This new key would permanently remove the original key. After the key has been changed, there is no way to recover the original key. Instead of the challenge and response being the main source of protection, the keys themselves become that protection.

These are just a few examples of techniques that could be used. The examples could be used in combination with one another or with some other technique not mentioned. The end result should be the same when these measures fail by either:

  • Reducing functionality
  • Making a device inoperable
  • Sending error messages
  • Blacklisting the device
  • Having code do something unexpected or incorrect
  • Some other creative approach

If you are interested in learning more about using the ATSHA204 CryptoAuthentication device to protect against these counter-hacker techniques, please contact one of our security experts at crypto@atmel.com.