Introduction to SHA-256 Master/Slave Authentication (2024)

Download PDF

Abstract

A new group of secure authenticators and a companion secure coprocessor/1-Wire^® master implement SHA-256 authentication. This application note explains the general logistics of this SHA-256-based security system and introduces the bidirectional authentication functionality that the authentication system uses.

A similar version of this article appeared in EE Times, June 19, 2013.

Introduction

For more than 10 years, SHA-1 authentication has been used to effectively protect intellectual property from counterfeiting and illegal copying. As computer technology advances, customers are asking for an even higher level of security.

Today a new group of secure authenticators and a companion secure coprocessor implement SHA-256 authentication. This new system provides advanced physical security to deliver unsurpassed low-cost IP protection, clone prevention, and peripheral authentication. This article explains the general logistics of the SHA-256-based security system and introduces the bidirectional authentication functionality which the authentication system utilizes.

A Secure Authentication System

Implementing a secure authentication system requires linking a host system with a sensor/peripheral module. The system presented in Figure 1 consists of a 1-Wire^® SHA-256 secure authenticator plus a SHA-256 coprocessor with 1-Wire master function. Operating between the host and peripheral over a single pin of the 1-Wire interface reduces interconnect complexity, simplifies designs, and reduces cost.¹

SHA-256 Authenticators

The SHA-256 secure authenticators in this system support a challenge size of 256 bits and use a 256-bit secret. The secure authenticator in Figure 1 is a 1-Wire slave with a unique 64-bit ROM ID that serves as a fundamental data element for authentication computations. The system designer can partition the authenticator's user EEPROM into areas with open (unprotected) access and into areas where the master must authenticate itself for write access. Table 1 shows the available protection modes and valid protection combinations.

Table 1. 1-Wire SHA-256 Authenticator Protection Options*
Protection Code	Description
RP	Read Protection. If activated, the data is only accessible for device internal use, e.g., like a secret.
WP	Write Protection. If activated, the data cannot be changed.
EM	EPROM Emulation Mode. If activated, individual bits can only be changed from 1 to 0.
AP	Authentication Protection. If activated, write access to the memory requires master authentication.
*The system default is no protection with RP, WP, EM, and AP not activated. Protection is cumulative.

SHA-256 Coprocessor with 1-Wire Master

The SHA-256 coprocessor in Figure 1 is an I²C slave controlled by a host processor. From the host's I²C port the SHA-256 coprocessor appears as a 256-byte read/write memory with certain regions (data elements) assigned for special purposes.

Security Logistics

SHA-based security relies on message authentication codes (MACs) computed from open data and a secret. To verify authenticity, both sides, i.e., the host or coprocessor and the 1-Wire authenticator, must know the secret, which shall never be exposed. Moreover, for maximum security the secret in each 1-Wire authenticator must be unique. In this way the security of the entire system is not affected if the secret of a single authenticator is ever compromised.

At first glance, it may appear impossible to meet these requirements. There is, however, a simple solution: compute the secret from known "ingredients" and install it into the device in a trusted/controlled manufacturing environment. The ingredients for an authenticator secret are a master secret, the binding data, a partial secret, the authenticator's ROM ID, and padding/formatting ("other data"). Figure 2 illustrates the process. Although the ingredients are exposed at one point in time, for example, in a trusted manufacturing environment, the computed secret is never exposed and always remains hidden.

For security and storage space reasons, the unique secrets of all authenticators in a system cannot be stored in the coprocessor or host. Instead, the coprocessor stores only the master secret and the binding data in a protected memory section. The partial secret is a system constant that can be coded in the host processor's firmware and communicated openly. After having read an authenticator's ROM ID, the coprocessor can compute the authenticator's unique secret, as shown in Figure 2. With both authenticator and coprocessor now sharing the unique authenticator secret, the system is ready to operate.

Challenge-and-Response Authentication

The primary purpose of an authenticator is to furnish proof that the object to which it is attached is genuine. Symmetric key-based authentication uses a secret key and the to-be-authenticated data ("message") as input to compute a MAC. The host performs the same computation using the expected secret and the same message data; it then compares its version of the MAC to the one received from the authenticator. If both MAC results are identical, the authenticator is part of the system.

In this SHA-256 authentication system, the message is a combination of host challenge and data elements stored in the authenticator. It is crucial that the challenge is based on random data. A never-changing challenge opens the door to replay attacks using a valid, static MAC that is recorded and replayed instead of a MAC that is instantly computed.

The authenticator computes a MAC from the challenge, the secret, memory data, and additional data that together constitute the message (Figure 3). If the authenticator can generate a valid MAC for any challenge, it is safe to assume that it knows the secret and, therefore, can be considered authentic.

Data Security (Authenticated Write)

Beyond proving authenticity, it is highly desirable to know that the data stored in the authenticator can be trusted. For this purpose, some or all of the EEPROM in a secure authenticator can be "authentication protected." With authentication protection activated, memory write access requires that the host presents proof of its authenticity by providing a host authentication MAC to the authenticator (Figure 4).

The host authentication MAC is computed from the new memory data, the existing memory data, the authenticator's unique secret plus ROM ID, and other data that together constitute the message. The authenticator computes a MAC in the same way, using its secret.

Secret Protection

The authenticator's secret and the coprocessor's master secret are read protected by hardware design. If desired, the secrets can be write protected, which prevents tampering with the authenticator's memory data by replacing unknown secrets with known secrets. After installation, the binding data, which is typically stored in the coprocessor's memory, should be read protected. This level of protection is effective as long as the coprocessor and authenticator are set up for the application at a trusted production site.

DeepCover

The deployment of DeepCover^® technologies provides the strongest affordable protection against any die-level attacks that attempt to discover the secret key. DeepCover technologies include numerous circuits to actively monitor for die-level tamper events, advanced die routing and layout techniques, and additional proprietary methods to counter the sophisticated capabilities of attackers.

Bidirectional Authentication

The secure authenticators in the example system here support both challenge-and-response authentication and authenticated writes (host authentication). The entire user memory can be used for challenge-and-response authentication. Bidirectional authentication applies to memory areas configured for secure data storage (authenticated write).

Summary

With 256 bits each for the secret, challenge, and MAC, SHA-256 is a significant improvement over older SHA-1 authentication. This article presented a modern, secure authentication system that matches a host system (a SHA-256 coprocessor with 1-Wire master) with a sensor/peripheral module (the 1-Wire SHA-256 authenticators). The coprocessor's built-in 1-Wire master relieves the host from performing 1-Wire communication in real time. DeepCover 1-Wire SHA-256 authenticators are available in three memory configurations for 3.3V and 1.8V operation.^{2, 3} Also available for 3.3V and 1.8V, the coprocessor/master^{4, 5} works with all three authenticators. SHA-256 security has never been easier.

References

¹ A general introduction to mutual authentication is found in Maxim Integrated application note 3675, "."

²Analog data sheets DS28E15, DS28E22, DS28E25 for 3.3V operation.

³Analog data sheets DS28EL15, DS28EL22, DS28EL25 for 1.8V operation.

⁴Analog data sheet DS2465 for use with DS28E15, DS28E22, DS28E25.

⁵Analog data sheet DS24L65 for use with DS28EL15, DS28EL22, DS28EL25.

As an expert in security systems and cryptographic protocols, I can confidently discuss the concepts and technologies mentioned in the provided article about SHA-256-based secure authenticators and coprocessors. I possess a comprehensive understanding of cryptographic algorithms, secure authentication mechanisms, and their practical implementations.

The article introduces a security system utilizing SHA-256 authentication, which significantly enhances security compared to the previous SHA-1 standard. SHA-256 is a cryptographic hash function that produces a 256-bit hash value. It's an improvement over SHA-1 in terms of security due to its larger hash size, making it more resistant to cryptographic attacks.

Key concepts and components discussed in the article include:

SHA-256 Authentication: SHA-256 is employed for message authentication in the system. It generates message authentication codes (MACs) from secret keys and data to verify authenticity.
Secure Authenticators and Coprocessors: The system comprises SHA-256-based secure authenticators and a companion secure coprocessor or 1-Wire master. These components facilitate bidirectional authentication and secure communication between a host system and peripheral modules.
1-Wire Interface: The system operates over a single pin of the 1-Wire interface, reducing complexity and cost while enabling secure communication between devices.
Secure Protection Modes: The SHA-256 authenticators support various protection modes like Read Protection (RP), Write Protection (WP), EPROM Emulation Mode (EM), and Authentication Protection (AP), offering different levels of data security and access control.
Secret Generation and Protection: The article details the process of generating and protecting secrets for authenticators. Unique secrets are computed from specific ingredients, including a master secret, binding data, partial secret, authenticator's ROM ID, and additional padding/formatting.
Challenge-and-Response Authentication: The system employs symmetric key-based authentication, where the host and authenticator exchange challenges and responses based on secret keys. This process ensures the authenticity of devices.
Data Security and Authenticated Writes: Besides authentication, ensuring the integrity of stored data is vital. Secure authenticators can authenticate write operations, allowing only authenticated hosts to modify data in EEPROM.
Secret Protection and DeepCover Technologies: Mechanisms are in place to protect secrets stored in hardware. DeepCover technologies provide enhanced protection against die-level attacks to safeguard secret keys.
Bidirectional Authentication: The secure authenticators support bidirectional authentication, enabling both challenge-and-response authentication and authenticated writes.
Summary and References: The article summarizes the advantages of SHA-256 authentication, the system's components, their compatibility, and references specific data sheets for further technical details.

The mentioned components, security measures, and cryptographic methods are crucial in developing robust and secure systems, especially in scenarios where IP protection, clone prevention, and peripheral authentication are essential.