Want to Avoid Counterfeiting? Choose the Right Secure Authentication Method for Your Design
January 12, 2017
| By: Christine Young
Blogger, Maxim Integrated
Any reputable company that cares about its customers, brand, and reputation wants to protect its products from being copied or cloned. Yet counterfeit electronic goods continue to persist, costing industries billions of dollars a year. There are, for example, estimates that the gray market gobbles up around eight percent of the total market revenue for electronics components.
Unfortunately, there isn’t one magic solution that provides long-lasting, impenetrable security. But while nefarious forces work to stay ahead of their deterrents, those on the good side of the law have authentication technologies in their own arsenals.
There are, of course, different levels of effective authentication. Take printer ink cartridges, for example. To validate that it’s genuine, a cartridge could send out a password. But the drawback to this approach is that someone in the middle could catch the password while it’s being transmitted and reuse it. Challenge-response authentication, where the cartridge could prove that it knows a secret without disclosing it, presents a better option.
There are two different crypto-algorithm types to consider: symmetric keys (or secret keys) and asymmetric keys (or public keys). Let’s take a closer look at each type.
Symmetric Keys for Two-Way Authentication
Symmetric keys have these characteristics:
- The host and slave must operate from the same secret key
- The secret must be protected from disclosure attack on both sides
- There’s support for bidirectional authentication
- For a comparable security level, there’s less algorithm complexity and shorter computation time
An example of symmetric key authentication can be realized using a message digest computed from input data together with a symmetric key and by utilizing the Secure Hash Algorithm (SHA-x). Designed by the National Security Agency (NSA), SHA-x cryptographic hash functions are computationally complex mathematical operations run on digital data. You can determine data integrity by comparing the computed hash to a known and expected hash value1. Cryptographic hash characteristics are non-reversible, making it computationally infeasible to determine the input corresponding to a message authentication code (MAC). They are also collision-resistant, so it’s impractical to find more than one input message that produces a given MAC. What’s more, they possess a high avalanche effect such that any change in input produces a significant change in the MAC result. As a result, SHA-x has proven to be highly effective for secure authentication and small digest encryption. Figure 1 provides an example of a symmetric-key cryptography solution that uses a FIPS 180-based SHA-256 authentication algorithm.
The message digest is computed on the slave side based on the shared secret and data coming from the host.
Figure 1: Maxim’s DS28C22 DeepCover Secure Authenticator protects embedded designs, peripherals, and sensors with bidirectional challenge-and-response SHA-256 authentication and encryption.
Asymmetric Keys Reduce Key Management Complexity
Asymmetric keys have these characteristics:
- The host operates with a public key, while the slave has a corresponding private key
- The private key must be protected, but there’s no requirement to protect the public key against disclosure
- There’s support for authentication of the slave only
- For a comparable security level, there’s increased algorithm complexity and longer computation time
An example of asymmetric key authentication can be realized using a digital signature computed with the Elliptic Curve Digital Signature Algorithm (ECDSA) (Digital Signature Algorithm (DSA) and RSA-DSA are other examples.) ECDSA uses elliptic curve cryptography, in which the bit size of the key is equivalent in terms of strength to twice the size of a symmetric cipher (256-bit ECDSA is as secure as a 128-bit AES). With ECDSA, the public key is only used for verifying; there’s no need to protect the public key from counterfeiters or hackers. It’s only critical to protect the private key. For systems where it’s difficult or even impossible to secure host keys, ECDSA asymmetric authentication provides very strong security. It can also be ideal if you’re using multiple contract manufacturers, or if you license your product to your customers. Figure 2 provides an example of a FIPS 186-based ECDSA engine that implements asymmetric cryptography.
Figure 2: Maxim’s DS28E35 DeepCover Secure Authenticator provides crypto-strong authentication security for a variety of applications, including medical sensors, industrial programmable logic controller (PLC) modules, and consumer devices.
Online Tool Helps You Select Authentication Solution
So how do you decide which authentication method to use for your design? Maxim offers a simple online authentication advisor tool that helps you select the right secure authentication solution based on your end application. Providing advanced physical security ranging from digital IDs to crypto-strong authentication, Maxim’s DeepCover Secure Authenticators provide low-cost IP protection, clone prevention, and peripheral authentication. Try the online tool today to find a solution to address your requirements or get new ideas for authentication applications.
1 Source: https://en.wikipedia.org/wiki/SHA-2