APPLICATION NOTE. Symmetric Session Encryption Key Exchange ATSHA204A. Introduction

Similar documents
APPLICATION NOTE. Secure Personalization with Transport Key Authentication. ATSHA204A, ATECC108A, and ATECC508A. Introduction.

APPLICATION NOTE. Authentication Counting. Atmel CryptoAuthentication. Features. Introduction

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

CryptoAuth Xplained Pro

AT88CK490 Evaluation Kit

Application Note. Atmel ATSHA204 Authentication Modes. Prerequisites. Overview. Introduction

APPLICATION NOTE. AT16268: JD Smart Cloud Based Smart Plug Getting. Started Guide ATSAMW25. Introduction. Features

AT88CK490 and AT88CK590

SMARTCARD XPRO. Preface. SMART ARM-based Microcontrollers USER GUIDE

AVR151: Setup and Use of the SPI. Introduction. Features. Atmel AVR 8-bit Microcontroller APPLICATION NOTE

AVR1318: Using the XMEGA built-in AES accelerator. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

AT11805: Capacitive Touch Long Slider Design with PTC. Introduction. Features. Touch Solutions APPLICATION NOTE

AVR106: C Functions for Reading and Writing to Flash Memory. Introduction. Features. AVR 8-bit Microcontrollers APPLICATION NOTE

APPLICATION NOTE. AT12405: Low Power Sensor Design with PTC. Atmel MCU Integrated Touch. Introduction

More Secure, Less Costly IoT Edge Node Security Provisioning

APPLICATION NOTE. AT07175: SAM-BA Bootloader for SAM D21. Atmel SAM D21. Introduction. Features

Atmel AVR4921: ASF - USB Device Stack Differences between ASF V1 and V2. 8-bit Atmel Microcontrollers. Application Note. Features.

APPLICATION NOTE. AT17284: Proximetry Cloud Based Smart Plug User Guide. SMART ARM-based Microcontrollers. Introduction. Features

How To Use An Atmel Atmel Avr32848 Demo For Android (32Bit) With A Microcontroller (32B) And An Android Accessory (32D) On A Microcontroller (32Gb) On An Android Phone Or

USER GUIDE EDBG. Description

Using RFID Technology to Stop Counterfeiting

AVR127: Understanding ADC Parameters. Introduction. Features. Atmel 8-bit and 32-bit Microcontrollers APPLICATION NOTE

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

USER GUIDE. ZigBit USB Stick User Guide. Introduction

APPLICATION NOTE. RF System Architecture Considerations ATAN0014. Description

AVR32701: AVR32AP7 USB Performance. 32-bit Microcontrollers. Application Note. Features. 1 Introduction

Atmel AVR4920: ASF - USB Device Stack - Compliance and Performance Figures. Atmel Microcontrollers. Application Note. Features.

APPLICATION NOTE. Atmel AVR134: Real Time Clock (RTC) Using the Asynchronous Timer. Atmel AVR 8-bit Microcontroller. Introduction.

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

32-bit AVR UC3 Microcontrollers. 32-bit AtmelAVR Application Note. AVR32769: How to Compile the standalone AVR32 Software Framework in AVR32 Studio V2

Using CryptoMemory in Full I 2 C Compliant Mode. Using CryptoMemory in Full I 2 C Compliant Mode AT88SC0104CA AT88SC0204CA AT88SC0404CA AT88SC0808CA

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

QT1 Xplained Pro. Preface. Atmel QTouch USER GUIDE

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

AVR1510: Xplain training - XMEGA USART. 8-bit Microcontrollers. Application Note. Prerequisites. 1 Introduction

Quest vworkspace Virtual Desktop Extensions for Linux

Atmel Crypto Elements Atmel Corporation

formerly Help Desk Authority Quest Free Network Tools User Manual

8-bit. Application Note. Microcontrollers. AVR282: USB Firmware Upgrade for AT90USB

AVR1900: Getting started with ATxmega128A1 on STK bit Microcontrollers. Application Note. 1 Introduction

Capacitive Touch Technology Opens the Door to a New Generation of Automotive User Interfaces

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Dell Statistica. Statistica Document Management System (SDMS) Requirements

APPLICATION NOTE. Atmel AT04389: Connecting SAMD20E to the AT86RF233 Transceiver. Atmel SAMD20. Description. Features

AVR115: Data Logging with Atmel File System on ATmega32U4. Microcontrollers. Application Note. 1 Introduction. Atmel

AVR1309: Using the XMEGA SPI. 8-bit Microcontrollers. Application Note. Features. 1 Introduction SCK MOSI MISO SS

AVR131: Using the AVR s High-speed PWM. Introduction. Features. AVR 8-bit Microcontrollers APPLICATION NOTE

Using the RS232 serial evaluation boards on a USB port

Dell InTrust Preparing for Auditing Cisco PIX Firewall

Application Note. 8-bit Microcontrollers. AVR270: USB Mouse Demonstration

AVR287: USB Host HID and Mass Storage Demonstration. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

How To Use Atmel'S Atmel Crypto Device For A Year On A Computer Or Cell Phone

AN AES encryption and decryption software on LPC microcontrollers. Document information

How To Design An Ism Band Antenna For 915Mhz/2.4Ghz Ism Bands On A Pbbb (Bcm) Board

Atmel AVR4903: ASF - USB Device HID Mouse Application. Atmel Microcontrollers. Application Note. Features. 1 Introduction

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

AT91SAM ARM-based Flash MCU. Application Note

AVR1922: Xplain Board Controller Firmware. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

APPLICATION NOTE. AT05558: Wireless Manufacturing Test Kit. Atmel ATmega256RFR2. Description. Features

AGREEMENT BETWEEN USER AND Caduceon Environmental Laboratories Customer Portal

Introduction to Version Control in

AVR32138: How to optimize the ADC usage on AT32UC3A0/1, AT32UC3A3 and AT32UC3B0/1 series. 32-bit Microcontrollers. Application Note.

Organized, Hybridized Network Monitoring

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

APPLICATION NOTE. Atmel AT02985: User s Guide for USB-CAN Demo on SAM4E-EK. Atmel AVR 32-bit Microcontroller. Features. Description.

AVR315: Using the TWI Module as I2C Master. Introduction. Features. AVR 8-bit Microcontrollers APPLICATION NOTE

NXP & Security Innovation Encryption for ARM MCUs

AT15007: Differences between ATmega328/P and ATmega328PB. Introduction. Features. Atmel AVR 8-bit Microcontrollers APPLICATION NOTE

APPLICATION NOTE. Atmel AVR443: Sensor-based Control of Three Phase Brushless DC Motor. Atmel AVR 8-bit Microcontrollers. Features.

AVR305: Half Duplex Compact Software UART. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

C. System Requirements. Apple Software is supported only on Apple-branded hardware that meets specified system requirements as indicated by Apple.

Spotlight Management Pack for SCOM

DEP Documentation DEP Customer's Host Programmers Guidelines

AVR353: Voltage Reference Calibration and Voltage ADC Usage. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

APPLICATION NOTE Atmel AT02509: In House Unit with Bluetooth Low Energy Module Hardware User Guide 8-bit Atmel Microcontroller Features Description

Overview. SSL Cryptography Overview CHAPTER 1

New Features and Enhancements

AT12181: ATWINC1500 Wi-Fi Network Controller - AP Provision Mode. Introduction. Features. Atmel SmartConnect APPLICATION NOTE

Partners in Care Welch Allyn Connex Software Development Kit License Agreement

APPLICATION NOTE. Atmel LF-RFID Kits Overview. Atmel LF-RFID Kit. LF-RFID Kit Introduction

Top 10 Most Popular Reports in Enterprise Reporter

Designing Feature-Rich User Interfaces for Home and Industrial Controllers

Achieve Deeper Network Security and Application Control

Security Guide. BES12 Cloud

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

IT Networks & Security CERT Luncheon Series: Cryptography

How to Deploy Models using Statistica SVB Nodes

Pervasive Software Inc. Pervasive PSQL v11 Insurance License Agreement

AVR2006: Design and characterization of the Radio Controller Board's 2.4GHz PCB Antenna. Application Note. Features.

Cryptography & Digital Signatures

Achieve Deeper Network Security

AVR311: Using the TWI Module as I2C Slave. Introduction. Features. AVR 8-bit Microcontrollers APPLICATION NOTE

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

MODFLEX MINI GATEWAY ETHERNET USER S GUIDE

Atmel SMART ARM Core-based Embedded Microprocessors

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Covered California. Terms and Conditions of Use

Transcription:

APPLICATION NOTE Symmetric Session Encryption Key Exchange ATSHA204A Introduction Many systems need to communicate sensitive information over open channels. Examples include traffic light controllers where firmware upgrades take place over the air, power distribution grids where consumption and/or billing information is transmitted over power lines, and telemetry where patient data is transmitted over mobile telephone networks. Secure communication of sensitive information requires the transmitting system to ascertain the identity of the recipient (authentication) and scramble the information from view by others (encryption). Cryptography allows both tasks to be accomplished. But while many systems are capable of performing the underlying cryptographic processes, they lack the ability to securely share the cryptographic keys needed to establish trusted communication channels. An alternative method for key exchange such as ECDH (Elliptic Curve Diffie-Hellman) can be easily implemented using the Atmel CryptoAuthentication ATECC508A crypto element device, and is described in a different application note. The methodology described here uses symmetric techniques and can be implemented in ATSHA204A devices, which may be more attractive for certain systems. Please note that other CryptoAuthentication crypto elements, namely the ATECC108A and ATECC508A, are supersets of the ATSHA204A and can also perform the methodology described in this document. This document explains how crypto element devices establish a root of trust from which systems can generate session encryption keys at one end and recover them at the other without actually transmitting the keys.

1 Establishing Root of Trust Root of trust is shared secret knowledge that can serve as the basis for trusted transactions. Trusted transactions include secure authentication and confidential communication of sensitive information. The shared secret knowledge is usually in the form of a root key from which secure transaction keys derive. The crypto device offers the ability to embed non-readable and non-modifiable root keys in a manner that establishes root of trust. The Atmel CryptoAuthentication devices are tamper-resistant security devices. In addition to having a True Random Number Generator (TRNG) and hardware protection against physical and environmental tampering, the crypto devices implement in secure hardware logic the SHA-256 algorithm, the most robust cryptographic algorithm endorsed by experts to date. Of the many features, the crypto devices ability to securely store secrets, generate true random numbers, and perform SHA-256 cryptographic hashes enables systems to securely communicate sensitive information over open channels. It does so by generating session encryption keys in one system and recovering the same keys in another without actually transmitting the keys. This completely eliminates the keys from the realm of attacks in the communication channel. 2 Session Encryption Key Generation, Recovery, and Secure Communication All that is required to generate and recover session encryption keys between two or more securely communicating systems without actually transmitting said keys is a crypto device in each system. Through a process called device personalization, the system integrator gets to embed custom shared secrets within each crypto device and use hardware security mechanisms offered by the device to permanently seal the secrets from observation and/or modification. Each shared secret offers a unique root of trust among the systems. Systems typically require only one root of trust, but having multiple ones can offer ability to differentiate between multiple services. For example, a system integrator may choose to use different root keys for communicating energy consumption and billing information over a power distribution network to accommodate the needs of respective servicing departments in a power distribution company. Once the devices are in the systems, it takes a number of steps to accomplish secure end-to-end communication between two or more systems. The following sections explain these steps in greater detail, and the following figure illustrates how they all fit together. 2

Figure 2-1. Session Key Exchange The ATSHA204A crypto element device can easily be used for secure session key exchange. The crypto element works together with an MCU that performs encryption/decryption with an algorithm such as AES. In order to create an encryption-decryption session, the MCU on each side will need an identical encryption-decryption key. To increase security, the key on each side should change with each session. That is why such keys are called session keys. The session key is securely exchanged from one side to the other. A random number is used to ensure that the keys will be different for each session. 3

Step 1 Secret Key Hashed with Random Number The process starts by hashing the secret key stored in the ATSHA204A device with a random number created by the ATSHA204A. Note that the system may inject the random number into the crypto device, but Atmel advises using the crypto device s internal TRNG for high-quality random numbers to achieve the most effective session encryption keys. Effective session encryption keys are ones that virtually never repeat, thereby obviating replay and statistical attacks. This device will also emit the random number for later use. Generation of the session encryption key essentially opens a trusted communication session. The combination of the crypto device TRNG and the entropy properties of the SHA-256 cryptographic algorithm guarantee the quality of the session keys. Step 2 Digest (MAC) Becomes AES Encryption Session Key The result of the hashing operation will be a 32 byte Message Authentication Code (MAC). 16 bytes of that 32 byte (256 bit) MAC from ATSHA204A will be the AES session key is sent to the MCU. Step 3 MCU Uses the Session Key and AES to Encrypt Data The MCU runs an encryption algorithm such as the AES Algorithm over the data to be encrypted. Step 4 Encrypted Data and Random Number Sent to the Other Side The newly encrypted data and the random number are sent over to the other side so the data can be decrypted. Step 5 Digest (MAC) Becomes the AES Decryption Session Key To decrypt the message, the same key used to encrypt it must be used in the decryption process. That is exactly why the random number is sent over, which is to recreate the session key from that random number and the key stored on the ATSHA204A on the decrypting side. That is done by the random number being input to the SHA-256 hashing algorithm together with the key stored on the ATSHA204A. Because this is a symmetric operation, the secret keys stored on the ATSHA204A devices on both sides are identical. When the same random number is hashed with the same secret key, then the resulting 32-byte digest will be the same on the receiver (decrypting) side and on the sender (encrypting) side. Step 6 Secret Key Hashed With Random Number From the Other Side Just like the encrypting side, 16 bytes of the digest (i.e. MAC) represent the encryption/decryption key and is inputted into the MCU. Step 7 MCU Uses Session Key and AES Algorithm to Decrypt Data The receiving side s MCU runs the decryption algorithm (such as AES) using the session key to decrypt the encrypted code that was sent over from the other side. Disposition of the session encryption keys together with the earlier disposition of the random numbers by both the initiating and receiving systems essentially closes the trusted session. In other words, enough information no longer exists to ever recover or replay that session as long as the random number used was from a quality source like the crypto device s TRNG. By controlling how often a session key is generated in the initiating system, the system integrator effectively controls the session s lifetime determined by number of secure transactions, i.e., transmission and recovery of sensitive data. 4

3 End-to-End Authentication The necessary requirements for securely communicating systems are the ability to authenticate recipients and encrypt sensitive information. The use of a crypto element device accomplishes both. While satisfaction of the encryption requirement is now evident, the same may not be apparent for authentication. Only an identically personalized crypto device can recover the session encryption key, and only authentic systems will be in possession of such personalized devices. Successful recovery of the session encryption key essentially proves the mutual authenticity of the initiating and target systems. A non-authentic system will not be able to recover the session encryption key, and, therefore, will not be able to gain access to the sensitive information. In other words, only mutually authentic systems can securely communicate, and authentication effectively derives from the shared root secret within the fortified confines of the crypto element device (i.e. in the secure key storage mechanisms). 4 Commands of Interest The Atmel crypto element devices come with a rich set of commands that offer system integrators high flexibility in tackling various security challenges. After device personalization, only three of these commands are necessary to accomplish the application described in this document. They are the Random, MAC, and Nonce command, which are described in the following table. Table 4-1. Command Random MAC Nonce CryptoAuthentication Commands of Interest Description Generates a random number for the creation of session encryption keys. Combines the random number with the embedded root secret to create or recover the session encryption key. A precursor to the MAC command whose function is to initialize the crypto device into an internal state of high entropy. High entropy in this context is desirable because it eliminates the ease of guessing and mounting replay attacks. This miniscule list of commands emphasizes the ease of implementation and minimal demand on system resources like CPU bandwidth and code storage requirements. 4 Conclusion Among its numerous features, the CryptoAuthentication product family offers a cost-effective approach for communicating systems to securely exchange session encryption keys over open channels without actually transmitting the keys themselves. It does so by establishing a root of trust between the communicating systems and enabling an initiating system to generate session encryption keys that are recoverable only by authentic receiving systems. The same device also establishes the mutual authenticity of the communicating systems. The devices offer ease of implementation with high-level commands, and demands very little in terms of system resources. 5 Revision History Doc Rev. Date Comments 8777B 11/2015 Updated the application note, template, and CryptoAuthentication devices. 8777A 06/2011 Initial document release. 5

6 Atmel Corporation 1600 Technology Drive, San Jose, CA 95110 USA T: (+1)(408) 441.0311 F: (+1)(408) 436.4200 www.atmel.com 2015 Atmel Corporation. / Rev.:. Atmel, Atmel logo and combinations thereof, Enabling Unlimited Possibilities, CryptoAuthentication, and others are registered trademarks or trademarks of Atmel Corporation in U.S. and other countries. Other terms and product names may be trademarks of others. DISCLAIMER: The information in this document is provided in connection with Atmel products. No license, express or implied, b y estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN THE ATMEL TERMS AND CONDITIONS OF SALES LOCATED ON THE ATMEL WEBSITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODU CTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAG ES FOR LOSS AND PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATM EL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and products descriptions at any time without notice. Atmel does not make any com mitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atme l products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life. SAFETY-CRITICAL, MILITARY, AND AUTOMOTIVE APPLICATIONS DISCLAIMER: Atmel products are not designed for and will not be used in conne ction with any applications where the failure of such products would reasonably be expected to result in significant personal injury or death ( Safety-Critical Applications ) without an Atmel officer's specific written consent. Safety-Critical Applications include, without limitation, life support devices and systems, equipment or systems for the operation o f nuclear facilities and weapons systems. Atmel products are not designed Symmetric nor intended Session for use in military Encryption or aerospace Key applications Exchange or environments [APPLICATION unless specifically designated NOTE] by Atmel as military-grade. Atmel products are not designed nor intended for use in automotive applications unless specifically designated by as automotive-grade.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information