Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Memory/Storage

Basics of SHA-256 authentication system

Posted: 03 Jul 2013     Print Version  Bookmark and Share

Keywords:SHA-1  bidirectional authentication  intellectual property  SHA-256  1-Wire 

For more than a decade, SHA-1 authentication has been utilised to effectively protect intellectual property from counterfeiting and illegal copying. As computer technology advances, customers are asking for an even higher level of security.

Today a new group of secure authenticators and a companion secure coprocessors implement SHA-256 authentication. This new system provides advanced physical security to deliver unsurpassed low-cost IP protection, clone prevention, and peripheral authentication. This article explains the general logistics of the SHA-256-based security system and introduces the bidirectional authentication functionality which the authentication system utilises.

A secure authentication system
Implementing a secure authentication system requires linking a host system with a sensor/peripheral module. The system presented in figure 1 consists of a 1-Wire SHA-256 secure authenticator plus a SHA-256 coprocessor with 1-Wire master function. Operating between the host and peripheral over a single pin of the 1-Wire interface reduces interconnect complexity, simplifies designs, and reduces cost.1

Figure 1: Secure authentication system implementation. This system features the DS2465 SHA-256 coprocessor and the DS28E25 SHA-256 authenticator.

SHA-256 authenticators
The SHA-256 secure authenticators in this system support a challenge size of 256 bits and use a 256bit secret. The secure authenticator in figure 1 is a 1-Wire slave with a unique 64bit ROM ID which serves as a fundamental data element for authentication computations. The system designer can partition the authenticator's user EEPROM into areas with open (unprotected) access and into areas where the master must authenticate itself for write access. The table shows the available protection modes and valid protection combinations.

Table: 1-Wire SHA-256 Authenticator Protection Options. The system default is no protection with RP, WP, EM, and AP not activated. Protection is cumulative.

SHA-256 coprocessor with 1-Wire master
The SHA-256 coprocessor in figure 1 is an IýC slave controlled by a host processor. From the host's IýC port the SHA-256 coprocessor appears as a 256B read/write memory with certain regions (data elements) assigned for special purposes.

Security logistics
SHA-based security relies on message authentication codes (MACs) computed from open data and a secret. To verify authenticity, both sides, i.e., the host or coprocessor and the 1-Wire authenticator, must know the secret which shall never be exposed. Moreover, for maximum security the secret in each 1-Wire authenticator must be unique. In this way the security of the entire system is not affected if the secret of a single authenticator is ever compromised.

At first glance, it may appear impossible to meet these requirements. There is, however, a simple solution: compute the secret from known "ingredients" and install it into the device in a trusted/controlled manufacturing environment. The ingredients for an authenticator secret are a master secret, the binding data, a partial secret, the authenticator's ROM ID, and padding/formatting ("other data"). Figure 2 illustrates the process. Although the ingredients are exposed at one point in time, for example, in a trusted manufacturing environment, the computed secret is never exposed and always remains hidden.

Figure 2: Creating a unique authenticator secret.

For security and storage space reasons, the unique secrets of all authenticators in a system cannot be stored in the coprocessor or host. Instead, the coprocessor stores only the master secret and the binding data in a protected memory section. The partial secret is a system constant that can be coded in the host processor's firmware and communicated openly. After having read an authenticator's ROM ID, the coprocessor can compute the authenticator's unique secret, as shown in figure 2. With both authenticator and coprocessor now sharing the unique authenticator secret, the system is ready to operate.

Challenge-and-response authentication
The primary purpose of an authenticator is to furnish proof that the object to which it is attached is genuine. Symmetric key-based authentication uses a secret key and the to-be-authenticated data ("message") as input to compute a MAC. The host performs the same computation using the expected secret and the same message data; it then compares its version of the MAC to the one received from the authenticator. If both MAC results are identical, the authenticator is part of the system.

1 • 2 Next Page Last Page

Comment on "Basics of SHA-256 authentication sys..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top