Why Authenticators SHOULD be THE Key to Your Smart Lock
July 11, 2019
| By: Michael Jackson
Principal Writer, Maxim Integrated
So, you’ve designed a smart lock that includes an authenticator. Great – that means an intruder cannot swap the lock for a fake one without the owner being aware of it and the lock can only be opened by the owner. Right? Hmmm…are you certain? Just to be on the safe side, let me answer some of your salient questions about this.
Figure 1. How smart is your smart lock application when it comes to defending against intruders?
What is Electronic Authentication?
Embedded electronic authentication ensures that sub-systems, accessories, and peripherals used with or within a piece of equipment are not counterfeit. Also, by using electronic authentication, manufacturers can more fully control the usage and performance of their products.
Give Me an Example of Where It Can Be Used
Sure. Consider the internet of things (IoT) remote lock open/close application in Figure 2. From your remote server, you want to send an “open” instruction to your network-connected, remote, ‘smart’ lock. (Obviously this must have a network-capable controller to make it ‘smart.’) To prevent an intruder from opening the lock, you need to make sure that the instructions coming from your server are verified by the lock as being authentic. You also need to make sure that the lock itself is authentic (so you know it has not been replaced by a counterfeit). You can do this by putting an electronic authentication device within the lock itself. The lock and your server then send challenges (questions) to one another. If they answer each other’s challenges correctly, they are both deemed authentic. Therefore, a “pass” signal can be sent to the controller, which then performs the desired action—namely, opening the lock. So far so good…
Figure 2. Remotely opening a smart lock.
So, What’s the Problem?
There is a weakness in this setup. Your controller is ultimately responsible for the action of opening and closing the lock. If it’s not secure, it’s vulnerable to attack from an intruder who could take control of it and configure it to ignore the pass/fail result from your authentication device. The intruder would then be able to open or close the lock at will.
That’s Not Good. How Can I Stop This from Happening?
Thankfully, it’s not that difficult. Instead of using an unsecured controller to open and close your lock, use your secure authentication device to do it instead.
Can I Get an Authenticator that Can Really Do That?
Up until now, no. But Maxim’s DS28C36 is the first electronic authentication device with secure general purpose I/O (GPIO) that makes this possible. It still performs the authentication function we talked about before, but it ALSO has two dedicated GPIO pins (with secure state control and state sensing) which ensure that all instructions from your remote server to the lock are processed using a strong cryptographic protocol. Let’s look at Figure 3 to see how it works.
Figure 3. Opening/closing a smart lock using the DS28C36.
Here, authentication takes place between your remote server and the DS28C36, which can then open or close the lock. However, if an intruder launches an attack, the DS28C36 can disable its GPIO pins, preventing loss of control of the locking mechanism. Not only is it the only electronic authentication device available with secure GPIO functionality, but the DS28C36 can also detect and prevent replay attacks by an intruder.
Can It Do Anything Else?
Ok, since you asked…
The DS28C36 includes a wide set of features, such as bidirectional secure authentication with both asymmetric ECDSA and symmetric SHA-256 based HMAC; optional secure protection of user-programmable memory with either ECDSA or SHA-256 authentication; secure storage of sensitive data with encrypted host-to-device and device-to-host transmission combined with ECDH-based key establishment; GPIO with state control and state sensing with optional secure authentication; and system secure boot/download verification with optional GPIO pass/fail indication.
…but you don’t need to know all this stuff unless it’s relevant to you!
Phew! Thankfully the Lock Example Was Easy to Understand. Nice Job!
Thanks. Pretty neat, eh? (Even if I say so myself.)
For more information on electronic authentication, read the design solution, “Operate General Purpose I/O with Strong Security.”