Keywords: challenge-response, challenge, random challenge, response, SHA, SHA-1, MAC, coprocessor, user, access control, authentication, ecash, web access, random number generator, DS1963S, DS1961S, DS2432, software piracy
Challenge and Response with 1-Wire® SHA Devices
Abstract: Challenge-response can be a secure way of protecting access to any privileged material if implemented correctly. In this document, many options for challenge-response access control are discussed but the most secure method given is presenting a different random challenge on each access attempt and having a response that only the host can interpret without giving out any secrets. This document shows why Maxim’s SHA-1 iButtons® and 1-Wire devices are ideal choices when implementing this kind of challenge-response system.
Challenge-and-response is a common authentication technique whereby some private information is
verified due to a response from a given challenge. Most secure systems rely on some form of challenge-response. A simple example of a challenge-response scenario is "What is the password?" The person must supply the correct password or "response" to this challenge. The problem with that challenge-response method is someone could over hear the private information. So more advanced methods are needed. One such method is the ID card, which has specific information to pass. This method can be defeated by duplicating the information on the ID card. Another method supplies a password with the ID card. However if the person has to enter in a password then someone can observe them type it in.
The most secure method would have the challenger send a different challenge every time, preferably a random challenge. The random challenge is taken by the remote device and the response is computed. The host takes the random challenge and computes the correct response. The host response is compared to the response received. If both match then the remote device is valid. This form of challenge-response is more secure because the private information is never revealed and the response is different with each random challenge. See Figure 1 for a simple diagram of challenge and response.
Figure 1. Challenge-Response
The last method describes how the Maxim 1-Wire SHA devices' challenge-response algorithm functions. The host sends a challenge to the device. The device takes the challenge and computes its response. It sends back the response and unique information, which the host then verifies.
There are many applications where the challenge and response method could be used effectively:
- User authentication
- Software authorization (binding the software to a hardware token)
- Web access control
- Physical access control
Design Specification with SHA Devices
A coprocessor is used by the host. It creates a random challenge that is sent to the remote device for verification. The coprocessor computes the valid response (the response that it should receive) to verify the device.
A user is the remote device. It takes the random challenge and computes the response.
The coprocessor is a DS1963S initialized for verifying a user token as a member of the system.
Initializing the coprocessor consists of two steps:
The user token is a DS1963S, DS1961S, or a DS2432 that identifies a user to the system. Initializing the user token only consists of one step:
- Installing the system authentication secret, which is a secret installed for authentication user devices.
- Writing the system configuration data to the device.
- Installing the master authentication secret and binding it to the device so a unique secret is created for the user.
Challenge and Response Using SHA Devices
To authenticate a user SHA device, the host would ask the coprocessor to compute a random 3-byte challenge and send it to the user device. It also asks the coprocessor to compute a response, which is a 20-byte SHA-1 MAC. The user device takes the challenge, the account data, its own serial number, and its authentication secret to compute the response. The response is then read by the host for comparison to its own computation later. To verify the response, the host asks the coprocessor to first recompute the user's unique device authentication secret using the user device's serial number, and the system authentication secret. The host then asks the coprocessor to compute a response using the recomputed device authentication secret and the challenge code that it sent over to the user. This coprocessor-computed response is then compared with the response read from the user to determine whether the user device is valid. This two-step process is necessary because the host can't read the user device's secret
and because the user device authentication secret is different from the system authentication secret. Note that device authentication only requires the user device to carry the right authentication secret, it does not check the account data contents. Figure 2 shows this transfer challenge and response method for SHA devices.
Figure 2. User Authentication
The 'RemoteAuth' example provided in the 1-Wire API for Java™ kit demonstrates challenge-and-response across a network. The kit can be found on Maxim's iButton page.
See Figure 3 for the layout and example data flow for the 'RemoteAuth' example.
Figure 3. RemoteAuth.
Challenge-response is a secure way of protecting access to any privileged material. Many options for challenge-response access were given. The most secure method is having a response that only the host can interpret and is different each time with a new random challenge. The Maxim 1-Wire SHA devices prove to be excellent examples of devices to use for implementing challenge-response.
Links to Useful Datasheets and Application Notes
- DS1963S Datasheet
- DS2432 Datasheet
- DS1961S Datasheet
- Application note 114, "1-Wire File Structure"
- Application note 151, "Maxim Digital Monetary Certificates"
- Application note 156, "DS1963S SHA 1-Wire API Users Guide"
1-Wire is a registered trademark of Maxim Integrated Products, Inc.
iButton is a registered trademark of Maxim Integrated Products, Inc.
Java is a registered trademark and registered service mark of Oracle and/or its affiliates.
||iButton 1Kb EEPROM with SHA-1 Engine
||iButton Monetary Device with SHA-1 Function
||1Kb Protected 1-Wire EEPROM with SHA-1 Engine
The content on this webpage is protected by copyright laws of the United States and of foreign countries. For requests to copy this content, contact us.
|© Mar 12, 2002, Maxim Integrated Products, Inc.
APP 190: Mar 12, 2002
APPLICATION NOTE 190,