アプリケーションノート 5546

The Fundamentals of a SHA-256 Master/Slave Authentication System


要約: Maxim’s DeepCover® Secure Authenticators (DS2465, DS28E15, DS28E22, DS28E25) implement advanced physical security to provide the ultimate in low-cost IP protection, clone prevention, and peripheral authentication. This application note first introduces the authenticators and the coprocessor with their specific characteristics and commands. Then it explains the general logistics of the SHA-256-based security system. Finally, it illustrates the use of an authenticator and a coprocessor to perform mutual authentication of the master and the slave in a real application.


この文書は極めて特定的なアプリケーションに向けて書かれたものであり、独自技術に関する情報を含んでいるため、その開示は該当アプリケーションに直接関わっているお客様のみに限定させていただいております。この文書を請求される方は以下のフォームに必要事項を記入してください。適当と判断された場合は2営業日以内にご連絡いたします。

以下の情報はすべて英語で記入してください。

Introduction

For more than 10 years, Secure Hash Algorithm (SHA-1) authentication has been a very effective method to protect intellectual property from counterfeiting and illegal copying. As computer technology advances, customers are asking for an even higher level of security. Maxim’s answers are the DeepCover® Secure Authenticators (DS2465, DS28E15, DS28E22, DS28E25) with 1-Wire® SHA-256 and user EEPROM. This product group includes three 1-Wire authenticators with different user EEPROM configurations and a SHA-256 coprocessor with a 1-Wire master function.
This application note describes the DeepCover Secure Authenticator products in a secure authentication system implementation (Figure 1). A general introduction to mutual authentication is found in application note 3675, “Protecting the R&D Investment with Secure Authentication.”
Figure 1. Secure authentication system implementation.
Figure 1. Secure authentication system implementation.

SHA-256 vs. SHA-1

Both SHA-256 and SHA-1 are secure hash standards. They are defined by the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST), which is under the auspices of the U.S. Department of Commerce). Publication FIPS PUB 180-4 (PDF) provides full details of these and other secure hash standards. SHA-256 produces a 256-bit message digest (MAC or message authentication code) as opposed to SHA-1, which produces a 160-bit message digest.

1-Wire SHA-256 Authenticators

The common device characteristics and function commands are summarized in Table 1. The DeepCover Secure Authenticators support a challenge size of 256 bits (as opposed to a 24 to 96 bits device-dependent challenge size with SHA-1) and use a 256-bit secret (as opposed to a 64-bit secret with SHA-1). As 1-Wire slaves, each DeepCover Secure Authenticator has a unique 64-bit ROM ID, which serves as the node address in a 1-Wire network. The function commands include general memory read/write access as well as security functions for slave authentication to the master and for master authentication to the slave for write access. The memory is written in segments of 4 bytes, as opposed to 8 bytes with Maxim’s SHA-1 devices. As a new feature, the DeepCover Secure Authenticators allow the user to partition the memory in areas with open (i.e., unprotected) access and areas where the master must authenticate itself for EEPROM write access. Table 2 shows the available protection modes and valid protection combinations. The differences between the authenticators are the family code, the size of the user memory, and the block size for which a protection can be applied (Table 3).
Table 1. Common Characteristics of the DS28E15, the DS28E22, and the DS28E25
Category Description Data Elements Involved
1-Wire port VPUP = 3.3V ±10% (Note 1)
Overdrive speed only
Memory organization Page size = 32 bytes
Segment size = 4 bytes
Network commands Read ROM 64-bit ROM ID, RC-Flag
Match ROM 64-bit ROM ID, RC-Flag
Search ROM 64-bit ROM ID, RC-Flag
Skip ROM RC-Flag
Resume RC-Flag







Category Description Data Elements Involved
Memory function commands Write Memory User Memory
Read Memory User Memory
Write Block Protection Protection bits RP, WP, EM, AP (Status)
Read Status Protection bits RP, WP, EM, AP, personality bytes (Status)
Read/Write Scratchpad Scratchpad
Security function commands Load And Lock Secret Scratchpad, secret, secret lock bit SL (Status)
Compute And Lock Secret Secret, User Memory, Scratchpad, 64-bit ROM ID, personality bytes, secret lock bit SL (Status)
Compute And Read Page MAC Secret, User Memory page, Scratchpad, 64-bit ROM ID (Note 2), personality bytes (Status)
Authenticated Write Memory Secret, 64-bit ROM ID, memory page number, segment number, old segment data, new segment data, personality bytes (Status)
Authenticated Write Block Protection Secret, 64-bit ROM ID, memory block number, old protection data, new protection data, personality bytes (Status)
Protection modes Read Protection RP bits (Status)
Write Protection WP bits (Status)
EPROM Emulation Mode EM bits (Status)
Authentication Protection AP bits (Status)
Default protection Unprotected Block protection bits RP = WP = EM = AP = 0; secret lock bit SL = 0 (Status)
Note 1: Devices for 1.8V operation are the DS28EL15, the DS28EL22, and the DS28EL25.
Note 2: The page MAC can be computed in a device-independent manner, substituting a constant for the unique ROM ID. The write MAC is always device-dependent, using the 64-bit ROM ID.





Table 2. 1-Wire SHA-256 Authenticator Protection Options
RP Read Protection. If activated, the data is only accessible for device internal use, e.g., as a secret.
WP Write Protection. If activated, the data cannot be changed.
EM EPROM Emulation Mode. If activated, individual bits can only be changed from 1 to 0. Before using this mode, the memory needs to be written to all 1s (FFh).
AP Authentication Protection. If activated, write access to the memory requires master authentication. Master authentication is permissible even if the memory is not authentication protected.
The default is no protection with RP, WP, EM, and AP not activated. Protection is cumulative. For example, adding authentication protection to a block with EPROM emulation mode, bits can still be changed from 1 to 0. However, it must be done with an authenticated write. Similarly, adding write protection to a block that already has authentication protection will render the memory protected from writing using any method.
Table 3. 1-Wire SHA-256 Authenticator Differences
Feature DS28E25 DS28E22 DS28E15
User memory 16 pages of 32 bytes 8 pages of 32 bytes 2 pages of 32 bytes
Family code 47h 48h 17h
Protection block size 2 pages 2 pages One-half page

The DS2465 SHA-256 Coprocessor with a 1-Wire Master

The DS2465 is an I2C slave controlled by a host processor. As a 3.3V device, the DS2465 is designed to work with the 3.3V version of the authenticators. The DS24L65 is a 1.8V coprocessor for use with 1.8V authenticators.
From the I2C port, the SHA-256 coprocessor with a 1-Wire master appears as 256-byte read/write memory with certain regions (i.e., data elements) assigned for special purposes. Table 4 lists these data elements by name and describes their functions.












Table 4. The DS2465 I2C Direct Access Memory Areas
Access Mode Data Elements Purpose, Usage
Memory mapped write Scratchpad General purpose data buffer for master-internal use and communication with 1-Wire slaves
Command Register Instructing the device what function to execute next.
1-Wire Master Configuration Register Setting 1-Wire speed, power status, power delivery and rising edge accelerator
1-Wire Port Configuration Registers Fine tuning of 1-Wire timing, selecting 1-Wire pullup resistor
Memory mapped read Scratchpad General purpose data buffer for device-internal use and communication with 1-Wire slaves
1-Wire Master Status Register Reading bit level results from 1-Wire activity
1-Wire Read Data Register Obtaining the result from 1-Wire Read Byte command
MAC Readout Register Host access to Slave Write MAC as computed by SHA-256 engine.
Memory Protection Status Register (write access through Set Protection command) Host access to verify the protection settings of the user memory and the M-Secret
1-Wire Master Configuration Register Setting 1-Wire speed, power status, power delivery and rising edge accelerator
1-Wire Port Configuration Registers Fine tuning of 1-Wire timing, selecting 1-Wire pullup resistor
Factory byte (factory use)
Manufacturer ID Factory programmable, distinguishing between parts that are programmed at the factory (value ≠ 0000h) or a user’s facility (value = 0000h)
Personality byte (reserved for future use)
User memory (write access through Copy Scratchpad command) General purpose EEPROM, typically used as repository for data needed to compute an authenticator’s unique secret or the M-Secret
A single memory location functions as a Command register, to which the host processor writes commands that the DS2465 has to execute. There are three types of commands: 1-Wire function commands (reset, bit, triplet, byte, block; Table 5), auxiliary commands (internal data transfer for setup and protection; Table 6), and authentication commands (Table 7).
Table 5. The DS2465 1-Wire Master Commands
Command Name Data Elements Affected Usage
1-Wire Master Reset 1-Wire Master Status Register Device initialization after power-up
1-Wire Reset Pulse 1-Wire Master Status Register Preparing 1-Wire slaves for a new communication sequence
1-Wire Single Bit Command parameter byte, 1-Wire Master Status Register (Rarely needed)
1-Wire Write Byte Parameter byte Writing a command code, parameter byte, data byte or release byte to the 1-Wire bus
1-Wire Read Byte 1-Wire Read Data Register Reading a command success byte, CRC byte, data byte from the 1-Wire bus
1-Wire Triplet Command parameter byte, 1-Wire Master Status Register Performing a 1-Wire Search ROM sequence
1-Wire Transmit Block Scratchpad, MAC output Register Writing to an authenticator’s scratchpad, sending a write authentication MAC
1-Wire Receive Block Scratchpad Reading an authenticator’s user memory, status memory, scratchpad, or reading a page MAC
Table 6. The DS2465 Auxiliary Commands
Command Name Data Elements Affected Purpose, Usage
Copy Scratchpad User memory, M-Secret Writing to user memory, installing the M-Secret
Compute Next M-Secret Scratchpad, user memory, current M-Secret Installing a computed M-Secret (currently not used)
Set Protection Memory protection status of user memory, M-Secret Protecting the user memory (read and/or write), protecting the M-Secret (write, read-protected by design)





Table 7. The DS2465 Authentication Commands
Command Name Data Elements Involved Purpose, Related Authenticator Functions, Notes
Compute S-Secret Scratchpad, user memory (Note 1), M-Secret To compute an authenticator’s unique secret (=precondition for verifying authenticity and computing a MAC for writing to an authenticator.)
Compute and Lock Secret.
Before issuing this command, the host must first obtain the authenticator’s 64-bit ROM ID.
Compute Slave Authentication MAC S-Secret, scratchpad, user memory (Note 1) For host to verify the authenticator’s authenticity.
Compute and Read Page MAC.
Before issuing this command, the host must first obtain the public data elements used by the authenticator to compute the page MAC. The MAC must be read after the required delay with no extra I2C communication or the MAC becomes invalid.
Compute Slave Write MAC S-Secret, scratchpad For host to prove its authenticity to the authenticator. Authenticated Write Memory, Authenticated Write Block Protection.
Before issuing this command, the host must know what to write to the authenticator, what the existing data is, and where to write it (user memory page number, segment number, or block protection memory). The MAC must be read or transmitted with the transmit block command after the required delay with no extra I2C communication or the MAC becomes invalid.
Note 1: Depends on the parameter byte used with the command.

Legend to Figures

Figures 3 and higher in this application note illustrate the various activities needed to set up and use an authentication system. Boxes with solid lines represent data elements that have a physical home in the particular device (e.g., a register, secret, memory page, ROM ID). Boxes with dotted lines represent data elements before they have been transferred to their permanent home or data elements that only exist temporarily in the coprocessor or authenticator or in the host processor’s memory. Text in parentheses represents comments for the reader to better understand the action. Text in quotes represents device commands; if not underlined, these commands apply to the authenticator; if underlined, these commands apply to the coprocessor. Numbers in circles indicate the sequence of activities within a figure.

Security Logistics

SHA-based security relies on message authentication codes (MACs) computed from open data and a secret. To verify authenticity, both sides, i.e., the host or coprocessor and the 1-Wire authenticator, must know the secret, which shall never be exposed. In addition, the secret in each 1-Wire authenticator should be unique. This way, in case the secret of a single authenticator is compromised, the security of the entire system is not affected.
At first glance, it appears impossible to meet these requirements. There is, however, a simple solution: compute the secret from known ingredients at a trusted place. These ingredients are a master secret (32 bytes), the binding data (32 bytes), a partial secret (32 bytes), the authenticator’s ROM ID (8 bytes), and padding/formatting (“other data”). Figure 2 illustrates the process. Although the ingredients are exposed at one point in time, the computed secret is never exposed and remains hidden.
Figure 2. Computing a unique authenticator secret.
Figure 2. Computing a unique authenticator secret.
Since the memory space is limited, it is not feasible to store all unique authenticator secrets in the coprocessor or host. Instead, the coprocessor stores the master secret in a protected location called M-Secret. The binding data is usually stored in one of the user memory pages, which should afterwards be read-protected. The partial secret can be stored in the other user memory page or be coded in the host processor’s firmware. Now all the data the coprocessor needs to compute an authenticator’s unique secret are the authenticator’s ROM ID and a few bytes from the authenticator’s status memory plus padding/formatting (“other data”).

Coprocessor Setup

The coprocessor setup involves only communication between the host processor and the coprocessor. The master secret, binding data, and partial secret should be generated as random numbers. Once the values of these ingredients are defined, these values apply to the entire system. All coprocessors and authenticators to be recognized as authentic in the system must be set up using the same values. Figure 3 shows the host activity and coprocessor commands, the latter of which are underlined, involved in performing the setup. Tables 8 and 9 provide more details.
Figure 3. Setting up the coprocessor.
Figure 3. Setting up the coprocessor.
Table 8. Installation of the Master Secret
Host Activity Notes
Writes the 32-byte master secret to DS2465’s scratch-pad; sends command Copy Scratchpad to M-Secret. Standard I2C write starting at memory address 00h (scratchpad), then to address 60h (command register).
Table 9. Installation of the Binding Data in User Memory Page 0
Host Activity Notes
Writes the 32-byte binding data to DS2465’s scratch-pad; sends command Copy Scratchpad to user memory page 0, entire page Standard I2C write starting at memory address 00h (scratchpad), then to address 60h (command register).
Reads user memory page 0 to verify programming. Standard I2C read starting at memory address 80h. This optional step is advisable since the binding data should be kept secret. After read back, the user memory page 0 should be read-protected.
Set read-protection to page 0 using the Set Protection command. Standard I2C write to address 60h (command register). Hiding the binding data effectively doubles the size of the secret input to the unique secret computation.
Depending on the application, the M-Secret and the user memory should be write-protected to prevent unauthorized changes. If not used for the partial secret, user memory page 1 could store an alternate set of binding data, e.g., to be used with a different authenticator model (Table 10).







Table 10. Optional: Installation of the Partial Secret in User Memory Page 1
Host Activity Notes
Writes the 32-byte partial secret to DS2465’s scratch-pad; sends command Copy Scratchpad to user memory page 1, entire page Standard I2C write starting at memory address 00h (scratchpad) or address 60h (command register).
Reads user memory page 1 to verify programming. Standard I2C read starting at memory address A0h.

1-Wire Authenticator Setup

The setup of the authenticator is similar to that of the coprocessor. Figure 4 shows the sequence of steps and authenticator commands involved in performing the setup. After loading the master secret and binding data into the authenticator, the partial secret is written to the authenticator’s scratchpad. The Compute Secret command finally generates and installs the authenticator’s unique secret, overwriting the master secret. The term “other data” refers to the manufacturer ID, the page number of the binding data, one 00h byte, and padding/formatting.
Figure 4. Creating the unique secret in the authenticator.
Figure 4. Creating the unique secret in the authenticator.
Tables 11 to 13 provide more details. The host activity consists of I2C write and read access to the coprocessor’s memory and various registers, in particular to the Command register generating activity on the 1-Wire bus. The communication examples assume that the host has already obtained the authenticator’s ROM ID. If there is only one authenticator on the 1-Wire bus (“single drop”), the host can use a Read ROM sequence (i.e., the 1-Wire Write Byte command [33h] followed by the 1-Wire Receive Block command (8 bytes)). The ROM ID is then found in the DS2465’s scratchpad. With several authenticators on the bus, the host needs to use the Search ROM sequence, which requires the repeated use of the 1-Wire Triplet command.
Table 11. Installation of the Master Secret in the Authenticator
Host Activity Notes
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Writes 55h and slave’s ROM ID to DS2465’s scratch-pad; sends command 1-Wire Transmit Block (9 bytes) Authenticator is accessed with command Match ROM
Writes 0Fh, 20h to DS2465’s scratchpad; sends command 1-Wire Transmit Block (2 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives command Read/Write Scratchpad, write mode, responds with CRC
Writes the 32-byte master secret to DS2465’s scratchpad; sends command 1-Wire Transmit Block (32 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives the 32-byte master secret in its scratchpad, responds with CRC
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Sends command 1-Wire Write Byte “A5h” Authenticator is accessed with command Resume
Writes 33h, 00h to DS2465’s scratchpad; sends command 1-Wire Transmit Block (2 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives command Load and Lock Secret, no locking, responds with CRC
Sends command 1-Wire Write Byte “AAh”, sends command 1-Wire Read Byte Release byte triggers the copying from scratchpad to secret; Authenticator responds with command success byte.
Note: The SPU activation (strong pullup for power delivery) immediately after the release byte, the wait time (EEPROM programming), and the subsequent SPU deactivation are not shown.














Table 12. Installation of the Binding Data in User Memory Page 0
Host Activity Notes
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Writes 55h and slave’s ROM ID to DS2465’s scratch-pad; sends command 1-Wire Transmit Block (9 bytes) Authenticator is accessed with command Match ROM
Writes 55h, 00h to DS2465’s scratchpad; sends command 1-Wire Transmit Block (2 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives command Write Memory, page 0, segment 0, responds with CRC
Writes the first 4 bytes of the binding data to DS2465’s scratchpad; sends command 1-Wire Transmit Block (4 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives segment data, responds with CRC
Sends command 1-Wire Write Byte “AAh”, sends command 1-Wire Read Byte Release byte triggers the transfer of the segment data to EEPROM, Authenticator responds with command success byte. (The first segment is now programmed)
Writes the next 4 bytes of the binding data to DS2465’s scratchpad; sends command 1-Wire Transmit Block (4 bytes), sends command 1-Wire Receive Block (2 bytes) (This sequence is repeated seven times to write the remaining seven segments of the binding data to the memory page.)
Sends command 1-Wire Write Byte “AAh”, sends command 1-Wire Read Byte
Note: Since no protection has been set, the memory can be written without master authentication. The normal Write Memory command is used here. The SPU activation immediately after the release byte, the wait time (EEPROM programming), and the subsequent SPU deactivation are not shown.
















Table 13. Creation of the Authenticator’s Unique Secret
Host Activity Notes
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Writes 55h and slave’s ROM ID to DS2465’s scratch-pad; sends command 1-Wire Transmit Block (9 bytes) Authenticator is accessed with command Match ROM
Writes 0Fh, 20h to DS2465’s scratchpad; sends command 1-Wire Transmit Block (2 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives command Read/Write Scratchpad, write mode, responds with CRCS
Writes the 32-byte partial secret to DS2465’s scratchpad; sends command 1-Wire Transmit Block (32 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives the 32-byte partial secret in its scratchpad, responds with CRC
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Sends command 1-Wire Write Byte “A5h” Authenticator is accessed with command Resume
Writes 3Ch, 00h to DS2465’s scratchpad; sends command 1-Wire Transmit Block (2 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives command Compute and Lock Secret, use page 0, no locking, responds with CRC
Sends command 1-Wire Write Byte “AAh”, sends command 1-Wire Read Byte Release byte triggers the computation and installation of the computed secret; authenticator responds with command success byte.
Note: The SPU activation immediately after the release byte, the wait time (SHA computation, EEPROM programming), and the subsequent SPU deactivation are not shown.

Creating the Authenticator’s Unique Secret in the Coprocessor

Before the host can verify whether an authenticator belongs to the system, the authenticator’s unique secret must be recreated inside the coprocessor (S-Secret). From the setup, the coprocessor knows already the master secret, binding data, and partial secret. Additional data needed are the authenticator’s ROM ID and the manufacturer ID (“other data”). Figure 5 shows the sequence of steps and commands involved. With multiple authenticators on the 1-Wire bus, the Read ROM command is not applicable. Instead, the Search ROM sequence must be used, identifying one 1-Wire device at a time. The term “other data” refers to the authenticator’s manufacturer ID, the page number where the binding data was located in the authenticator, one 00h byte, and padding/formatting.
Figure 5. Creating the authenticator’s unique secret in the coprocessor.
Figure 5. Creating the authenticator’s unique secret in the coprocessor.
The communication in Table 14 shows all steps between host and coprocessor needed to identify one 1-Wire device. For a full description of the search algorithm, refer to application note 187, “1-Wire Search Algorithm.”
Table 14. Obtaining the Authenticator’s ROM ID (the Search ROM Approach)
Host Activity Notes
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Sends command 1-Wire Write Byte “F0h” 1-Wire slave(s) enter Search ROM sequence
Sends 64 times command 1-Wire Triplet and reads bit result 1-Wire slave(s) step through Search ROM sequence. At the end of the sequence the host knows one authenticator’s ROM ID.
Next, the host reads the authenticator’s manufacturer ID, which is part of the personality bytes in the status memory. Table 15 shows communication details.









Table 15. Obtaining the Authenticator’s Personality Data
Host Activity Notes
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Writes 55h and slave’s ROM ID to DS2465’s scratch-pad; sends command 1-Wire Transmit Block (9 bytes) Authenticator is accessed with command Match ROM
Writes AAh, E0h to DS2465’s scratchpad; sends command 1-Wire Transmit Block (2 bytes), sends command 1-Wire Receive Block (8 bytes) Authenticator receives command Read Status, personality bytes, responds with CRC, four personality bytes (these are PB1, PB2, manufacturer ID) and CRC
Finally, the host writes the necessary data to the coprocessor’s scratchpad and issues the Compute S-Secret command (Table 16). After the computation is completed, the coprocessor is ready to verify whether the authenticator belongs to the system and, if the verification is positive, to write to the authenticator’s memory.
Table 16. Computing the Authenticator’s Unique Secret
Host Activity Notes
Writes to DS2465’s scratchpad the partial secret (32 bytes), the authenticator’s ROM ID, Manufacturer ID, page number as used when installing the unique secret in the authenticator, 00h byte; sends command Compute S-Secret, swapping in entire user memory page 0 (binding data) Standard I2C write starting at memory address 20h, then writing to address 60h (command register). If the binding data is not swapped in from a user memory page, it must be written to the first 32 bytes of the DS2465’s scratchpad before issuing the command Compute S-Secret, no swapping.

Is the Authenticator Part of the System?

Figure 6 shows the sequence of steps and commands needed to verify an authenticator’s authenticity in a given system. First, the host needs to know the data of one of the authenticator’s memory pages. Then the authenticator receives a challenge from the host. Next, the authenticator is instructed to compute a page MAC and to send it to the host for verification. Once the host knows the page MAC, it instructs the coprocessor to compute a MAC using the same data. If both MAC results are identical, the S-Secret in the coprocessor matches the unique secret in the authenticator, confirming that the authenticator is part of the system. The term “other data” refers to the manufacturer ID, the page number used with the Compute and Read Page MAC command, one 00h byte, and padding/formatting. For communication details, see Tables 17 and 18.
Figure 6. Verifying the authenticator’s authenticity.
Figure 6. Verifying the authenticator’s authenticity.






















Table 17. Reading a Memory Page, Sending a Challenge, and Reading the Page MAC
Host Activity Notes
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Writes 55h and slave’s ROM ID to DS2465’s scratch-pad; sends command 1-Wire Transmit Block (9 bytes) Authenticator is accessed with command Match ROM
Writes F0h, 00h to DS2465’s scratchpad; sends command 1-Wire Transmit Block (2 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives command Read Memory, start at page 0, segment 0; responds with CRC.
Sends command 1-Wire Receive Block (34 bytes) Authenticator transmits memory page data, CRC
Reads the authenticator’s memory page data from DS2465 scratchpad. The memory page data is needed in the next step.
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Sends command 1-Wire Write Byte “A5h” Authenticator is accessed with command Resume
Writes 32 bytes to DS2465’s scratchpad; sends command 1-Wire Transmit Block (32 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives 32 bytes (the challenge) in scratchpad, responds with CRC
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Sends command 1-Wire Write Byte “A5h” Authenticator is accessed with command Resume
Writes A5h, 00h to DS2465’s scratchpad; sends command 1-Wire Transmit Block (2 bytes) Authenticator receives command Compute and read Page MAC using the ROM ID and page 0 data
Sends command 1-Wire Read Byte, activates strong pullup, sends command 1-Wire Read Byte, waits, deactivates strong pullup, sends command 1-Wire Read Byte Authenticator responds with CRC, computes page MAC, responds with command success byte.
Sends command 1-Wire Receive Block (34 bytes) Authenticator transmits page MAC, CRC.
Reads the authenticator’s page MAC from DS2465 scratchpad. This MAC is needed in the next step.




Table 18. Coprocessor Computes the Page MAC and Compares
Host Activity Notes
Writes to DS2465’s scratchpad the authenticator’s page 0 data, the challenge used with the Compute and Read Page MAC command, the authenticator’s ROM ID, Manufacturer ID, page number as used with Compute and Read Page MAC, 00h byte; sends command Compute Slave Authentication MAC, no swapping. Standard I2C write starting at memory address 00h, then writing to address 60h (command register). The MAC is read accessible through the MAC Readout register.
Reads the Slave Authentication MAC from the MAC Readout Register and compares it to the MAC received from the authenticator. If both MACs are identical, the authenticator is authentic to the system.

Writing to the Authenticator with Host Authentication (Authenticated Write)

If the 1-Wire authenticator is verified as part of the system, the host can write to the user memory using the Authenticated Write Memory command. Figure 7 shows the sequence of steps and commands needed to write one segment. As a precondition, the host needs to know the current memory page segment data (i.e., old segment data) before a segment can be updated (i.e., new segment data). The term “other data” refers to the manufacturer ID, the number of the page to be written to, the number of the segment to be written, and padding/formatting.
The Authenticated Write Memory command must be used if authentication protection has been set. However, the command is also accepted and properly executed if the memory is not authentication-protected. Table 19 shows all the communication needed to rewrite an entire memory page using the Authenticated Write Memory command.
Figure 7. Authenticated write memory.
Figure 7. Authenticated write memory.
Table 19. Authenticated Write Memory Example
Host Activity Notes
Sends command 1-Wire Reset Pulse, reads bit result 1-Wire slave(s) respond with presence pulse
Writes 55h and slave’s ROM ID to DS2465’s scratch-pad; sends command 1-Wire Transmit Block (9 bytes) Authenticator is accessed with command Match ROM
Writes 5Ah, 00h to DS2465’s scratchpad; sends command 1-Wire Transmit Block (2 bytes), sends command 1-Wire Receive Block (2 bytes) Authenticator receives command Authenticated Write Memory start at page 0, segment 0; responds with CRC.
Writes 4 bytes new segment data to DS2465’s scratchpad; sends command 1-Wire Transmit Block (4 bytes) Authenticator receives new segment data.
Host Activity Notes
Sends command 1-Wire Read Byte, activates strong pullup, sends command 1-Wire Read Byte, waits, deactivates strong pullup Authenticator responds with CRC, computes MAC needed for master authentication.
Writes to DS2465’s scratchpad the authenticator’s ROM ID, Manufacturer ID, page number as used with Authenticated Write Memory command, segment number; old segment data, new segment data; sends command Compute Slave Write MAC for user memory. Standard I2C write starting at memory address 00h (scratchpad), then to address 60h (command register). The MAC is read accessible through the MAC Readout register.
Sends command 1-Wire Transmit Block with MAC Readout Register as data source; sends command 1-Wire Receive Block (3 bytes). Authenticator receives the write authentication MAC, checks whether it matches and responds with CRC and command success byte.
Sends command 1-Wire Write Byte “AAh”, sends command 1-Wire Read Byte. Release byte triggers the transfer of the segment data to EEPROM, authenticator responds with command success byte. (The first segment is now programmed)
Writes 4 bytes new segment data to DS2465’s scratchpad; sends command 1-Wire Transmit Block (4 bytes) (This sequence is to be repeated seven times to write the remaining seven segments of the page.)
Sends command 1-Wire Read Byte, activates strong pullup, sends command 1-Wire Read Byte, waits, deactivates strong pullup
Writes to DS2465’s scratchpad the authenticator’s ROM ID, Manufacturer ID, page number as used with Authenticated Write Memory command, segment number; old segment data, new segment data; sends command Compute Slave Write MAC for user memory
Sends command 1-Wire Transmit Block with MAC Readout Register as data source; sends command 1-Wire Receive Block (3 bytes).
Sends command 1-Wire Write Byte “AAh”, sends command 1-Wire Read Byte.
Note: The SPU activation after the CRC of the new segment data is transmitted, the wait time for MAC computation, the SPU deactivation before the write MAC is transmitted, the SPU activation immediately after the release byte, the wait time (EEPROM programming), and the subsequent SPU deactivation are not shown.




Summary

SHA-256 with its 256-bit secret, challenge and MAC is a tremendous improvement over the older SHA-1 authentication. Maxim offers 1-Wire SHA-256 authenticators with different user memory sizes for 3.3V and 1.8V applications. The matching SHA-256 coprocessor with a 1-Wire master (the DS2465 for 3.3V applications and the DS24L65 for 1.8V applications) securely stores all the critical data elements needed to create a SHA-256 master/slave authentication system and relieves the host from the real-time aspects of 1-Wire communication. For these DeepCover Secure Authenticators, Maxim provides a preprogramming service to install the data and the secret. For details about this service, submit a tech support request. With our DeepCover Secure Authenticators and preprogramming service, SHA-256 security has never been easier.

アプリケーションノート 5546,AN5546, AN 5546, APP5546, Appnote5546, Appnote 5546