Walkways toward many of America’s baseball stadiums are lined with merchants hawking team caps, T-shirts, and other “branded” gear. They’re available for a fraction of the cost that you’d pay for similar merchandise inside the gates. And, at least at quick glance, you can’t really tell they’re not authentic. Counterfeit products are everywhere and, in cases like sports apparel, they’re not particularly harmful to the buyers. But when the cloned product is something like a medical or industrial sensor, then there are dangerous risks to patient safety or factory operations.
“We want to ensure we have high-quality sensors and tools. Cryptography can be used to ensure we have genuine sensors and tools in those environments,” said Scott Jones, managing director of Embedded Security at Maxim, during his talk at this year’s Embedded Technologies Expo & Conference in San Jose, California. Jones’s presentation, “How SHA-3 Cryptographic Authentication Protects Against Substandard Sensor Clones,” covered some of the key use cases for cryptography:
- Detecting and preventing sensor counterfeits by ensuring that the sensors are genuine
- Ensuring integrity and authenticity of sensor messages by making sure that data is transmitted in its true form
- Providing secure use management of limited-life sensors
- Preventing modification of stored sensor operating parameters
SHA-3 cryptographic algorithms implemented in secure authentication ICs such as the DS28E50 can help protect sensors from cloning and counterfeiting.
Designers can choose from a few options to implement cryptography. Cryptographic algorithms can be implemented on a microcontroller, or MCU. However, non-secure MCUs are easy to compromise, Jones said, noting the many companies that exist for this very purpose. Secure MCUs are, by definition, safer, but they do come with a non-trivial software development effort and cost.
A better option, according to Jones, is a hardware-based approach, with an authenticator consisting of dedicated hardware designed to perform specific cryptographic operations. These devices have fixed-function command sets, so no software development is needed. They also provide secure storage of keys and data.
SHA-3: Robust Security, Efficient to Implement
Now that we’ve covered the hardware part of this equation, what about the algorithms? Cryptographic algorithms come in two flavors: symmetric (involving secret keys) and asymmetric (involving public keys). Secure Hash Algorithms (SHA-x), published by the National Institute of Standards and Technology (NIST), have evolved to provide very strong levels of cryptography-based security. SHA-3 is the latest iteration, and it is based on the KECCAK cryptographic function, which is considered strong based on its intricate, multi-round permutation ƒ (the function that transforms the state memory of the hashing algorithm). It is considered to be efficient to implement, requiring low software resources, Jones noted.
SHA-3 can protect sensors in various ways:
- Authentication before use
- Secure updates of the data in the sensor authenticator
- Authenticated read of sensor operating parameters
- Secure count of the number of sensor uses
- Expiration of additional sensor uses
Scott Jones discusses SHA-3 cryptographic authentication at this year’s Embedded Technologies Expo & Conference.
To illustrate how message authentication works with SHA-3, Jones brought up the famous “Alice and Bob” example. Alice wants to message Bob, but the two must first securely exchange a symmetric secret key. Before sending her message, Alice takes the message and key and puts them through a SHA-3 engine to generate a message authentication code (MAC). Then, Alice can send the message and the MAC to Bob. Bob then takes the message and puts it through his SHA-3 engine and, with their shared key, generates his own MAC. Bob can now compare both MACs and if they match, this means the authentication is successful.
While Jones feels that sensors are targets that need to be protected, he posed some questions that designers can ask themselves to determine whether a SHA-3 authentication model would be right for their design:
- Do you have an existing problem that could be solved with security?
- Could your system be a target for counterfeiting or improper use?
- For safety and quality, is it imperative that your sensors, tools, or modules be genuine?
If any of these questions can be answered with a yes, then it’s definitely worth considering standards-based cryptography such as SHA-3 for its proven effectiveness at a low cost, concluded Jones.
- Review documents, application notes, solution guides, and more from Maxim’s Secure Authentication and Counterfeit Protection Solutions page
- Learn how Admetsys authenticates the medication cartridges for its artificial pancreas using secure authenticators