Keeping consumables real

---

The most cost-effective and secure way to keep things real is through symmetric authentication without secret storage on the host using a fixed challenge.

---

With the ever present threat of counterfeiting, having a cost-effective and highly-secure way to ensure that a consumable product is real is a great idea. In fact, there is a proven industry standard approach to apply sophisticated cryptographic engineering and mathematics to fight counterfeiting; namely, crypto elements like the Atmel ATSHA204A device.

Crypto elements can attach to a consumable good, such as the classic example of an ink cartridge, even without being soldered in. The device can be glued directly outside of the product. When the ink or other consumable is inserted into the host system (where the MCU is), the crypto element makes contact and the host is able to communicate with the item to validate whether or not it is real. This is called authentication.

The most cost-effective yet secure way to authenticate is through symmetric authentication without secret storage on the host using a fixed challenge.

With symmetric authentication, a client and the host run the exact same calculation on each side, and if the client (the consumable) is real, then the results of those calculations (called the “responses”) will match. There is a way to go about using a very inexpensive MCU without running the crypto calculations within the host side’s MCU. That is where the concept of fixed challenge comes into play. The idea of a fixed challenge is that the calculation done for the host is conducted ahead of time, and the challenge/response pair from that calculation is loaded into the host.

The fixed challenge method is ideal when certain considerations are in play, such as the folowing:

1. Very limited processing power (e.g. low-cost MCU)
2. Abundance of available memory to easily store challenge-response pairs (e.g. in a smartphone)
3. Need to get something out quickly or temporarily (e.g. time to market)
4. Need a very low cost on the host (e.g. can’t afford adding a key storage device)
5. Desire to not store a secret key in the host

So, how does a fixed challenge work? Like with other challenge-response operations, the process starts with the host controller sending the client a numerical challenge to be used in a calculation to create a response, which then gets compared to a “response” number in the host. What makes this “fixed” is that, because there is no crypto device in the host to generate random numbers (or make digests using hashing algorithms), the challenge cannot be random. That means that the challenges and their corresponding responses must be pre-calculated using the client’s secret key and the challenge and response pair loaded into the memory of the host. This can be looked at as effectively time-shifting the calculations used for authentication.

Let’s look at an example using the ATSHA204A installed in the client.

Step 1: In the factory when the host manufactured challenges are loaded into the host MCU memory together with a response that is calculated by hashing the client’s secret with that challenge.

Step 2: When the consumable is inserted into the host machine out in the field, the host MCU will ask the client (consumable) to prove it is real by sending it the preloaded challenge.

Step 3: The client will then run the hash algorithm on that challenge number using its stored secret key to generate a response, which it sends back to the host.

Step 4: The host will compare the response from the clients with the preloaded response value stored in its memory.

Step 5: If the client is real, the response from the client (which is the hash value based on the secret key and the challenge) will be the same as the response value that was preloaded in the host.

Since each host is loaded with a different challenge/response pair, each product that the host is incorporated into is then unique by definition. Cloning beyond only one copy is impossible; thus, this is a highly-secure and very cost-effective technique as it can be easily implemented with very inexpensive MCUs.

This approach can be used for firmware protection and designs with no secrets in the host (as noted), as well as be implemented with very low-cost MCUs that do not have the processing power to run the hashing algorithms.

The many benefits of fixed challenge authentication:

• Symmetric authentication is fast
• No secrets in the host
• Can use low-cost MCU of host because less computation is needed for a fixed challenge
• Prevents cloning
• Protects investments in firmware
• Enhances safety
• Protects revenue stream
• Protects brand image
• Better control of the supply channel

Atmel crypto element devices — including ATSHA204A, ATECC108A, ATECC508A and ATAES132A — implement hardware-based key storage, which is much stronger than software based storage due to the defense mechanisms that only hardware can provide against attacks. Secure storage in hardware beats storage in software every time. Adding secure key storage is an inexpensive, easy, and ultra-secure way to protect firmware, software, and hardware products from cloning, counterfeiting, hacking, and other malicious threats.

Take a drive on the IoT with V2V

What platform has become the most sophisticated and intimate personal electronic environment ever? The car. To paraphrase a famous automotive company’s top executive, car companies are transforming the car into a powerful smartphone that allows drivers to carry around, customize, and interact with their digital world. Automotive electronics are currently centered around people (infotainment and communications) and the machine itself (to run the car and provide safety and convenience). Now a third element is emerging; namely, Vehicle-to-Vehicle (V2V) communications. 

Just like that sounds, cars will soon “talk and listen” to one another — automatically. They will share information like proximity, speed, direction, road conditions, as well as other things that have yet to been imagined. The chief driver of V2V is signaling impending collisions so that the cars can automatically take countermeasures. That, of course, means the V2V network will become a critical technology for self- and assisted-driving cars.

While it may seem revolutionary, V2V is really an evolutionary branch of Internet of Things (IoT) technologies, which are creating a world where smart, secure, and communicating, sensors will become ubiquitous in planes, trains, and automobiles; inside homes; inside commercial buildings; on highways; in cities and towns; in agriculture; in factories; in retail spaces; and worn by and implanted in humans and animals. The Internet of Things could eventually connect everything from cars to cats.

A term that is being used to describe the technologies making such a smart, sensor saturated world is “sensor dust,” which captures the Zeitgeist that super tiny, smart, communicating sensors will be everywhere — like dust.  Sensors, of course, are never just sensors. They are always connected to other things–mainly microcontrollers (MCUs). With the advent of ultra-low power and energy harvesting technology, the sensor-MCU combination has become an ideal, clear, and present foundation for widespread sensor roll out. Sensing often implies by its very nature detection and communication from a distance, and that is where wireless communication comes into play.

The dark side is that remote sensing and communication open the door very wide for bad actors who want to intercept, spoof, and misuse the data streaming freely through the air. So, security (encryption and/or authentication) becomes the final piece of the picture, and arguably the element that makes IoT even possible to be widely adopted. Huge amounts of information are already being collected every day about traffic flow from phone users worldwide (without their knowing it). Such storehouses of data can be mined real time and used to provide personal traffic reports to subscribers while driving. At least that is the story. As the car moves from one place to the other, social networking can be effectuated in real time to locate friends or certain activities and happenings (automotive flash-mob, anyone?). But, what consumers really want their whereabouts and other information out in the open in a completely uncontrolled way? No one. People are becoming extremely sensitive to data insecurity and there is a growing need to trust how the information that is being collected will be used. Without some type of trust, the IoT could be doomed. Maybe the term “Internet of Trust” should be coined to make that point obvious.

V2V & IoT

The evolution of V2V and IoT are intimately related because they both will be composed of the very same technological blocks. The overlap is easy to see.  The foundational components of each are miniaturized MCUs, sensors, wireless technology, and security devices that operate using ultra low power. Describing IoT and V2V as equations, they could be expressed in the following way:              

 IoT = (MCU + Sensor + Security + Wireless) ^{Low Power}              

V2V = IoT + Car

Equation one might imply that companies that can integrate the factors will lead in the build-out of the IoT market. Equation two effectively states that V2V is the IoT on wheels. In any case, there are certain basic blocks that must be integrated, and they must be integrated in the right way for the particular use-case. IoT and V2V design flexibility and time to market will matter, a lot.  (But that is a topic for another time.) The growth of the connected car platform is expected to be remarkable. That makes sense since the car is the one place that GPS/NAV systems, smart phones, tablets, DVDs, CDs, MP3s, Bluetooth, satellite radio, high power stereo amps, speakers, voice control, and the Internet can all come together and interact with each other.

Such convergence is making the car into an advanced personal hub. Market researchers have estimated that revenue for the connected car market will grow from $17 billion in 2012 to $54.5 billion in 2018 for hardware and services (telematics, telecom, and in-vehicle). Unit sales of embedded, tethered, and smartphone equipped cars are expected to grow from around 10 million units in 2012 to 67 million by 2018, with over 50% of that volume being embedded systems that are controlled by media and sensor control systems.

Media control systems are not only becoming a standard feature in new cars, but according to consumer electronics and auto industry researchers, a chief reason that people are selecting certain cars over others. Electronics are becoming a main forethought rather than a minor afterthought for car buyers. Sophisticated electronic systems are becoming mandatory, and this powerful dynamic will only accelerate as more electronics products, features, and services are sped to the market by the car makers, consumer electronics companies, smartphone makers, and software providers.

However, all this electronic stuff has presented a huge challenge, which is safety. Using products such as the cell phone in the car actually interferes badly with driving. Anyone who has placed a call, or even worse tried to text while driving (and who hasn’t), can testify to the fact that dial-driving is a bad idea. So, what can be done to get cars electronics, phones, and humans to play well together in a safe way? The solution has been summed up succinctly by the CEO of a major auto maker who refers to in-car control systems as being able to free the user from the tyrannies and dangers of messing with that little phone while you drive. Rather than a car and phone (and other electronics) being at odds with each other, the car is transforming into the newest electronic platform: one that is highly integrated, easy to use, and distinct from anything else to date. It is easy to see that the emerging alloyed car-plus-consumer platform is primed for cars to talk to one another without the need of human intervention.

The list of electronics functions in cars is evolving fast and will likely include multi-person gaming; GPS with location-based services such as real time traffic and road condition updates; vehicle monitoring for maintenance status, performance, and eco-friendliness; vehicle and personal security; connection to home control/security systems; social networking opportunities related to location, and especially safety. In fact, the US Deportment and Transportation (DoT) and National Highway Traffic Safety Administration (NHTSA) are partnering with research institutions and auto companies to collaborate on technology development and interoperability of V2V to promote traffic safety. V2V can transform the automotive experience more than anything since Henry Ford’s assembly line made cars available to the working class. The notion of a car driving itself still sounds like pure science fiction, but prototypes are already driving themselves. So, it is just a question of time before we have auto-automobiles. (auto²mobiles) where you simply have to tell your personal digital assistant where you want to go, then take a seat in your personal infotainment pod until you get there.

But, well before that happens we will see significant improvements in safety due to V2V. It is clear that the lucrative auto electronics platform is already right in the sights of all car makers, and they clearly plan to take it to the next level and the next level after that, with no end in sight.  As noted, electronic things sell cars, and more advanced electronics will show up in the more advanced cars. Then, last year’s advanced systems will naturally move down-market, so even more advanced systems will be needed for next year’s up-market cars. This endless cycle of innovation will drive automotive companies to create V2V and self-driving ecosystems sooner rather than later. As we move towards the self-driving omega-point we will see V2V and IoT showing up very early in the journey.

V2V (the IoT on wheels) will make it hard to tell where the car ends and the phone, tablet, computer, and sensors begin.

Interested in learning more about Atmel’s automotive portfolio? Check out our automotive-qualified category breakdown below:

• Microcontrollers (MCUs)
• 
Serial EEPROMs

• Touch (maXTouch)
• Broadcast radio
• 
CAN/VAN networking
• Car access
• Drivers/high temperature ICs
• 
Battery management
• LIN networking

Is this thing real? Symmetric authentication will tell you

The act of authentication is very straightforward. Essentially, it is making sure that something is real.

There are two parts to authentication:

1. Identification
2. Confirmation of identity

Authentication in the “crypto-verse” typically happens on a host and client basis where the host wants to ensure that a client is real. A typical use case occurs when a client device is inserted into a system, while the host asks (“challenges”) the client to confirm its identity. This can occur when an ink cartridge is inserted into a printer, or a water filter is put into a refrigerator. a battery is put into a phone, and numerous other applications.  Firmware and software can be authenticated too, but that is a topic for another article.

Think of the challenge as when the castle guard in an old movie asks, :Halt!  Who goes there?”.   The guard expects a suitable response to prove confirm the identity of the approacher.

 

Getting back to the real world, authentication is accomplished using a process focused on calculations involving cryptography keys, and that is true for both of the major types of authentication; namely, symmetric and asymmetric. We will focus on the symmetric process here.

With symmetric authentication, the host and client both have the exact same key, which is in fact how symmetric got its name. Note that is critical for both keys to be kept secret to ensure security. Keeping secret keys secret is the main touchstone of authentication and data security of any type. The best way to do that is  using a secure hardware key storage device.

The basic idea behind symmetric authentication is that if the client is real then it will have the exact same key as the host. Challenge-response is a prescribed methodology to prove it.

The host controller sends the client a numerical challenge to be used in a calculation to create a response, which is then compared to a similar calculation that is performed on the host.

To describe the process in more detail we can look at a typical symmetric authentication architecture using Atmel ATSHA204A devices on both the host and client and a microcontroller in the host.  (Another article will explain how this is done with the crypto device on the client only, which is the fixed challenge methodology).

 

Step 1:  The process kicks off when the host sends a random number to the client which is generated by the host’s ATSHA204’s random number generator.  This is the “Challenge” and is illustrated  above.

Step 2:  The client receives the random number challenge and runs it through a hash algorithm (i.e.SHA256) using the secret key stored there. The result of the hashing function is called the “Response” and it can also be called the “Message Authentication Code” (or MAC). A MAC is technically defined as the result of a hashing function involving a key and message. The response is sent to the host.

Step 3:   The host internally uses the same challenge (i.e. the random number) that it sent to the client as an input to its internal hash algorithm.  The other input to the internal hash is the secret key stored on the host side. Then the host compares the hash value (MAC) calculated on the host side with the response hash-value (MAC) sent from client.  If the two hash values (MACs) match – then the keys are indeed the same and the client is proven to be real.

Note that the secret keys are never sent outside the devices, as they always remain securely stored in protected hardware and invisible from attackers. Stated very simply: “You can’t attack what you can’t see.”

 

Benefits:

The benefits of a symmetric architecture with secure key storage crypto engine devices on both sides are:

• Symmetric authentication with crypto devices on both sides is quite fast.
• Secure hardware storage on both sides increases security.
• Ensures a very low processing burden on the microcontroller.

For more details on Atmel CryptoAuthentication™ products, please view the links above or the introduction page at CryptoAuthentication.

Other Bits & Pieces articles will detail how Asymmetric Authentication is executed.