In this blog post, we review the implementation of symmetric authentication and how it enables OEMs to protect against counterfeiting and defend user experience.
Business Problem and Revenue Protection
In today's competitive market, combating device counterfeiting has become increasingly prevalent for businesses. The vulnerability of code and device identities during the manufacturing process or within end-user devices exposes unique product features which can be replicated and sold at lower prices, severely undermining the ability of authentic devices to thrive in the market. To address this challenge, one effective solution for brands is to establish a controlled product ecosystem, enabling original equipment manufacturers (OEMs) to ensure proper user experience. This can be achieved through the implementation of authentication mechanisms.
When considering authentication methods, two primary options exist: symmetric and asymmetric. Asymmetric authentication is widely recommended due to its superior security capabilities. However, depending on the specific threat model of your product, symmetric authentication can provide sufficient security for your business. Symmetric authentication offers the advantages of being easier to comprehend, simpler to implement and faster to deploy, which is particularly beneficial for organizations facing tight deadlines. The symmetric option is common for business models supplying high value consumables that need to ensure quality or prevent counterfeits of the disposable component. Market applications such as fragrance delivery, brain sensors and medical breathing tubes are perfect examples where authentication can protect the product value.
Once you have determined that symmetric authentication aligns with your threat model, we recommend employing a combination of two among the following options: SHA104, SHA105 or SHA106. These devices can serve as either the host (primary) device (SHA105) or the client (connecting) device in the authentication process (SHA104 and SHA106).
When implementing symmetric authentication, three methods can be employed.
Challenge/Response Pairs Symmetric Authentication
Basic Symmetric Key Authentication
Diversified Key Symmetric Authentication
The most basic and cost-effective approach will leverage the implementation of a challenge-response pair programmed in the MCU but offers the least security of the methods we discuss in this blog post. It involves using a single secure authentication integrated circuit (IC) in the client device, along with a preloaded response and random number challenge residing in a Host MCU.
Alternatively, an implementation utilizing two identical keys placed in both the host and client devices protects both the host and client master keys, making the security more robust than challenge/response pair authentication. We will refer to it as basic symmetric authentication.
Lastly, the most highly recommended option, known as diversified key authentication, builds upon the setup of basic symmetric authentication but incorporates an additional layer of security. In this method, the symmetric key for the client device is hashed with the client serial number before being implemented into the client device.
By carefully selecting and implementing the appropriate authentication method depending on the threat model outcome, businesses can fortify their products against counterfeiting and safeguard their user experience effectively. Consequently, authentication practices help to protect revenue impacts and decrease the risk on the company’s brand reputation. In the following parts of this post, we detail the process of each authentication type and how you can get started implementing that secure authentication model into your product portfolio.
Challenge Response Pairs
Challenge-response (C/R) pair(s) implementation is a popular choice for implementing secure authentication. It offers a straightforward implementation and the advantage of utilizing affordable and compact MCUs, including down to 8-bit MCUs. Challenge-response authentication empowers each host device with a distinct identification through its unique challenge-response pair. This approach proves to be highly cost-effective, as it removes the need for a secure authentication IC in the host device. This also means the architects must accept the host could be counterfeited because the C/R pair is not protected within a CryptoAuthentication™ IC.
To understand the process of challenge/response symmetric authentication, refer to the transaction diagrams below. Customers are provided with two options for configuring the host device: they can either perform the provisioning of the MCU themselves or make use of Microchip's Programming Center. During the provisioning process at Microchip, the master symmetric key is securely inserted into the Hardware Security Module (HSM) after a secret exchange between the customer and Microchip. It undergoes a hashing procedure with a randomly generated number called a challenge, utilizing a robust cryptographic algorithm such as SHA256. Once the algorithm generates a digest known as the response, the response and the challenge used in the hashing process are combined as a challenge-response pair. This pair is then programmed into the host MCU. For the client device in Microchip factories, the master key is loaded into a secure authentication IC, such as the SHA104, specifically designed for client devices. During provisioning, customers also have the flexibility to load multiple challenge-response pairs into the host device by simply repeating the same process. Remember to protect the master key in your factory. It is the foundation of your entire security model. Microchip’s secure provisioning service is available to eliminate vulnerabilities in manufacturing and backdoors into your keys.
Once the host and client devices are successfully configured, upon connection, the host MCU initiates the transmission of the challenge from the C/R pair to the client device. In the SHA104, the challenge is securely hashed with the master key utilizing a SHA256 cryptographic algorithm, resulting in the generation of the client response (MAC). The response is subsequently transmitted back to the host device, where it undergoes a verification process. A comparison function is employed to compare the received response with the response stored in the C/R pair. This comparison serves to authenticate and ensure that the client device possesses authorized access. Once it is established that the client devices is genuine, then the devices become fully functional together.
To kickstart your development process, The Trust Platform Design Suite Software (TPDS) provides a comprehensive suite of software tools for testing use cases and incorporating code examples for the SHA104. This suite enables you to validate and fine-tune your implementation effectively by using the DM320118 development kit along with the SHA104 and SHA105 add-on kit. From a hardware viewpoint, several MCU core development kits are available with examples in TPSD to create your C-projects:
ARM Cortex-M0+ SAMD21: RYPTOAUTH TRUST PLATFORM DEVELOPMENT KIT
PIC18F57Q43 Curiosity Nano Evaluation Kit
AVR 8-bit microcontroller: AVR64EA
As you progress towards production, take advantage of our secure provisioning service, which seamlessly facilitates the provisioning process in conjunction with TPDS. This integration guarantees both convenience and security throughout the process. The TPDS configurator plays a pivotal role in streamlining and enhancing your development journey. Next, we discuss the fundamentals of basic symmetric authentication.
Basic Symmetric Authentication
Basic symmetric authentication is generally chosen by engineers due to its ease of implementation while maintaining an acceptable level of security. During provisioning in the factory, the cryptographic key, which is the device identity, is often loaded into the microcontroller (MCU). However, there is a problem with this approach because the key is exposed to all the systems and operators throughout the supply chain that access the MCU. If the key is compromised in one device, all other devices with the same master key are vulnerable to counterfeiting. The attacker will copy the firmware where the master key is and reproduce the embedded system. To protect the key, it is most secure to contain it in a hardware device to create isolation of the key form firmware and manufacturing called a secure authentication IC or CryptoAuthentication IC. With the key in the secure authentication IC, every interfacing system will be required to authenticate its identity to determine if it is accepted by the OEM and can access the host system.
To better understand the setup and process of basic symmetric authentication, let's refer to the transaction diagram below. Initially OEMs generate a master key that is provisioned inside the secure authentication IC by Microchip secure provisioning service in both the host and client devices. After the identical symmetric keys are integrated into their respective devices and the host SHA105 and client SHA104 devices are adequately connected to the microcontroller leveraging CryptoAuthLib library, the host MCU will initiate the authentication process with a random number challenge pulled out from the SHA105. A random number generator produces a large random number compliant with SP800-90 A/B/C that is sent to client SHA104. The random number challenge in combination with the client symmetric key is hashed by a cryptographic algorithm (SHA256) to produce a response otherwise known as a digest in both devices. The digest generated by the client is then sent back to the host SHA105 which compares the client response using a CheckMAC function inside the SHA105. If the response is the one expected, the host will authorize the client system to access the host device system, therefore completing the authentication process.
To get started with basic symmetric authentication, you can use the DM320118 development kit along with the SHA104 and SHA105 add-on kit. Download the TPDS and test the symmetric authentication use case. TPDS also provides C-code examples to help you understand the implementation. When moving towards production, leverage our secure provisioning service using the TPDS configurator.
Above we show the code example for the basic symmetric authentication use case which can also be found in TPDS. Lastly, we discuss our final and most secure method for implementing symmetric authentication in the following section.
Diversified Symmetric Authentication
Diversified symmetric authentication is the most recommended security architecture utilizing symmetric keys. It offers a unique identity for each client, providing an additional layer of security compared to basic and challenge-response pairs symmetric authentication. However, similar to the previous authentication methods, diversified key authentication is easy to implement and can also leverage small and inexpensive MCUs, including 8-bit MCUs.
During the initial setup phase at the factory, a distinct key is generated for each client to ensure that no two devices share the same key. This process consists of hashing the client device's serial number with the master symmetric key in the HSM, utilizing a key diversifying function (KDF) to generate a new key known as the diversified key. Subsequently, this diversified key is implemented into the client authentication IC, while the master key is also integrated into the host authentication IC.
In the operational field, when the host and client devices are connected, the client device initiates the authentication process by transmitting its serial number to the host. The host then applies a KDF to hash the received serial number with the master key. The resulting output is further hashed with a random number obtained from the random number generator, which is also shared with the client device. Meanwhile, the client device employs the diversified key, installed during provisioning, to hash the same random number. Once both the client and host generate their respective responses, the client sends its response back to the host. At this point, a compare (Check MAC) function is employed to compare both responses and determine whether the client device is an authorized connection.
To get started with diversified symmetric authentication, you can use the DM320118 development kit along with the SHA10x add-on kit. Additionally, download the TPDS and utilize it to test the use case. We provide a prototype with C-code examples to assist you in implementing this authentication method. When transitioning towards production, leverage our secure provisioning service using the TPDS configurator for a secure and streamlined process.
By understanding and implementing the appropriate symmetric authentication method based on your specific requirements and threat model, you can protect your products from counterfeiting and revenue loss. Whether you choose basic symmetric authentication, challenge-response pair(s) symmetric authentication or diversified symmetric authentication, Microchip's comprehensive development kits and secure provisioning services can support your journey towards a controlled ecosystem of accessories.
Remember, the choice of authentication method should align with your specific business needs and the level of security required for your products. Invest in securing your devices to safeguard your brand reputation, protect revenue and provide peace of mind to your customers.
Brette Mullenaux, Aug 22, 2023