A Turnkey Security Solution for Accessories Authentication = $$$ in Your Pocket

By: Steve Jarmusz

An accessory could be really anything that works with a host or base system.  It could be a power charger, pair of speakers, cable, or as I mentioned, anything.   There are number of reasons why you would want to authenticate your accessories, to guard them against cloning and counterfeiting.  You may want to protect your brand or company’s reputation.  Apple does this with the “MFI” policy that they have initiated.  You might want to protect  customer safety.  Having a cloned surgical instrument or medical device that does not possess the same quality as the authentic product could be risky.   There have been a number of cases publicized  where the cloned product does not perform as well as the original.  A battery in cell phones and portable devices is one that comes to mind.  You can get really cheap knockoffs on E-Bay, but they may not last or have the storage capability as the OEM versions.  There are a number of authentication schemes that could be used to perform the accessory authentication sequence.  The most popular method that we have found is the Random Challenge Response method.

Atmel CryptoAuthentication

By adding an Atmel ATSHA204 CryptoAuthentication device to the host, the system is able to generate a Random Challenge for the client on the fly. In addition, by generating the challenge internally with the host’s ATSHA204 device, the response is unknown to the system, allowing the use of an unsecured processor without the threat that an attacker will be able to learn the system secrets. This dramatically limits the ability of an unauthorized device from producing the correct response.  You could also do this without a hardware device on the host, but the downside is less security.  Security is also very critical in many other applications. To learn more, check out this white paper on the technology and various use cases.

---

Diversified Key with Random Challenge Response

By: Gunter Fuchs

Previously, in this space, we briefly discussed the four different authentication models that one can employ in an embedded design. Now, we’d like to take a deeper dive into the nuances of combining a diversified key model with the random challenge response model and the steps it takes in authenticating.

The following are the unique characteristics of this model:

• Each client has a unique serial number and a diversified key that are related by some cryptographic function
• A root key for the cryptographic function is stored on the host
• The hash algorithm is implemented on both the host and client
• A random number generator is required on the host

And the following outlines what is  going on inside the chips during the authentication process:

• The host reads the unique serial number from the client
• The host calculates the diversified key internally using the cryptographic function
• The host generates a random number for use internally and also sends it to the client as the challenge
• Both host and client perform the hash function using the diversified keys
• Host requests the calculated MAC from the client

Host compares the two calculated MACs to authenticate the client. Although complexity of implementing this “hybrid” increases, the benefit that comes with it is the added level of security.  Please stay tuned on this blog to learn more about tips and tricks on how you can secure your design or check out these useful resources on security.