Authentication is the process of verifying identity and allowing or denying access based on the results of the authentication. Practical uses for embedded authentication within a product or system include: usage control; management of authorized vendors; enabling reference design licensees; and preventing the use of counterfeit peripherals, accessories, and consumables.
Product designers can use various forms of electronic authentication to secure their system against malicious attacks, to protect their reputation, and to ensure their products offer the performance and safety that they were designed to offer.
Strong electronic authentication uses a challenge and response mechanism as shown in the simplified diagram below. A host system controller sends a stream of bits (the challenge) to an authentication function in, for example, an accessory and obtains from the authenticator a digital stream (the response). The controller processes the response to determine validity. If the response is valid then the component is deemed authentic and usable within the system. If not the component is blocked from system interaction. Finally, the authentication function is designed in such a way that the response is unforgeable by an attacker.
An authentication sequence starts with the controller generating a random-valued challenge which is sent to the authenticator component. Upon receipt, the challenge is processed with the crypto-secure algorithm along with a key value to compute a response. This response is then returned to the controller where it is validated. If the validation step passes, the controller allows normal system operation. For a validation failure, the controller takes application specific action such as reduced system functionality or disallows system operation.
Electronic authentication methods provide varying degrees of security. In this context, security refers to the degree of difficulty of compromising and forging the authentication solution. For example, simple authentication systems might use passwords or open, unchanging challenge and response bit streams. These simple schemes are easily analyzed and replicated by an adversary for unauthorized use within a non-genuine design. The strongest forms of authentication employ standards based cryptographic algorithms such as SHA-1, SHA-256, and ECDSA along with keys/secrets.
For cryptographic based implementations it is critical that the key value stored in the authenticator as well as by the host controller, in certain cases, be protected from discovery by an adversary. If this key is discovered, a counterfeiter could design products that become authenticated by the system. So the most secure electronic authentication systems employ semiconductor devices that use special circuits and methods that are designed to keep the stored keys secret.
In general, cryptographic algorithms are classified into two categories: symmetric-key and asymmetric-key.
Symmetric-key algorithms are those with which entities performing a cryptographic exchange do so with the same key which is known as the "secret-key." For example in the diagram below, the host system controller and the secure authenticator use the same secret-key value to perform a challenge and response sequence. Due to the use of a common key value, it is critical that it be protected from discovery in both the host controller and secure authenticator. If discovered by an adversary, a class-level break of the system security can result.
In contrast, asymmetric-key algorithms use a key pair consisting of a public-key and private-key. The data values of these two keys are different but mathematically related based on the specific algorithm type. In the diagram below, the host system controller uses the public-key portion of the pair and the secure authenticator uses the private-key.
A benefit of this public/private-key implementation is that there is no security risk with the public-key being openly known. It is critical however that the private key-value stored in the secure authenticator be protected from discovery. Given the public-key can generally be communicated or stored without the need for discovery protection, there is often the perception that this attribute must result in some security risk. However, while mathematically related, the math is such that it is computationally infeasible to derive the private-key from the public-key.
Maxim's secure authentication products are designed to provide comprehensive and affordable cryptographic solutions. Maxim's DeepCover® products utilize SHA-256 for symmetric-key solutions and ECDSA for asymmetric-key. These crypto functionalities combined with 25 years of developing circuits and methods to protect against security attacks provide industries highest levels of secure authentication and tamper proof protection.
To view Maxim products that provide Secure Authentication, please visit the Maxim DeepCover page. For more technical information about secure authentication, please view the application notes listed in Technical Docs under the Related Resources heading at the top of this page.
In addition, if you are interested in learning more about the authentication algorithms used by Maxim, please visit the NIST Information Technology Laboratory, Security Standards page.
|Application Note||5779||Introduction to SHA-256 Master/Slave Authentication|
|Tutorial||5716||Hardware Security ICs Offer Large Security Returns at a Low Cost|
|Application Note||5696||Protect Your Designs from Malware with the DeepCover MAXQ1050 Secure Microcontroller|
|Application Note||5546||The Fundamentals of a SHA-256 Master/Slave Authentication System|
|Tutorial||5522||Industrial Systems Need the Added Protection of Security ICs|
|Tutorial||5518||Uptime Protects the Bottom Line|
|Application Note||5416||Ubiquity of NFC-Enabled Phones Leads to Strong Brand Protection|
|Application Note||4623||Smart Cable Aids Quality Control and Authentication|
|Application Note||3675||Protecting Your R&D Investment with Secure Authentication|