Cryptography offers robust protection against security threats, yet not every embedded designer is a cryptography expert. To provide product development engineers a quick path toward an understanding of the basics on the topic, we've created a Cryptography Handbook consisting of a series of tutorials that take an engineering rather than theoretical approach. In this blog post, I'll share highlights from each chapter and also show how secure authenticators and coprocessors can help simplify the process of integrating cryptography into your embedded design.
The first tutorial in the series, "Cryptography: How It Helps in Our Digital World," presented the four essential goals of any good cryptographic system: confidentiality, authenticity, integrity, and non-repudiation (Figure 1). A broad spectrum of secure authenticators and coprocessors, which can help a busy developer quickly implement a secure system, are currently available on the market. These coprocessors essentially unload the cryptographic computation and data-handling requirements from the host microcontroller and seamlessly integrate with the coupled secure authenticators that provide the main security functionalities.
Figure 1. Four essential goals of cryptography include confidentiality, authenticity, integrity, and non-repudiation.
Using a Symmetric Key Coprocessor
If you're working to implement a secure system in a unique gadget that you've developed, and the success of your business model relies on the sale of high-volume consumables or disposables, you'll want to ensure that the consumables are genuine. To do this, you'll need to make sure that the gadgets connected to your main system are authentic and identifiable by your system. This can easily be achieved using secure authenticators such as the DS28E50 DeepCover
secure SHA-3 authenticator with ChipDNA
and its companion DS2477 DeepCover secure SHA-3 coprocessor with ChipDNA physically unclonable function (PUF) protection. Figure 2 shows a simplified system architecture for such a cryptographically secured system.
Figure 2. A secure system architecture uses a symmetric key secure authenticator and coprocessor.
In this system, you attach your favorite microcontroller to the DS2477 and let it handle all the identification and authentication tasks. It also provides the proper electrical signal strengths and timing to drive the DS28E50s situated in each of the gadgets.
The DS2477 is designed to be very flexible and allows greater control. If you want to dig deep and control all aspects of the cryptographic authentication process, it has low-level commands that will let you do exactly that. But if you want it to handle the complexities for you, it has very high-level commands that allows more hands-off ability towards securing your gadget. Both the DS2477 and the DS28E50 have built-in ChipDNA PUF features to secure your data with a key that has not been saved physically in the device but is derived each time it is needed. This technology was covered in the tutorial, "Cryptography: Understanding the Benefits of the Physically Unclonable Function (PUF)."
As we learned from the tutorial, "Cryptography: Fundamentals on the Modern Approach," there are instances when the system requires the use of asymmetric keys for security. This is essential to achieve full cryptographic system integrity and non-repudiation. In this scenario, you need to secure your gadget while also using a public/private key combination to achieve your cryptographic goals. The DS2476 DeepCover secure coprocessor can serve as a cryptographic helper with a set of built-in tools to carry out asymmetric ECDSA as well as symmetric SHA-256 functions. Both ECDSA and SHA-256 algorithms were covered in a previous tutorial, "Cryptography: A Closer Look At the Algorithms."
A personalization/pre-programming service that is tailored for factory production presents the last piece of the puzzle to easily and quickly implement a cryptographically secure system using secure authenticators. Such a service personalizes or pre-programs your authenticators and coprocessors at the device manufacturer's facility with either your private or public data. Example data can be a symmetric key/secret or an asymmetric key certificate.
This personalization service helps offload the need to program the required data to the authenticators in the production settings. Maxim Integrated has provided this type of service for decades for a wide variety of customers to safeguard their data.
For greater detail on the topic, be sure to review the tutorials in our Cryptography Handbook, which begins with a general overview and goes into more detail about cryptographic concepts like encryption, cryptographic algorithms, and physically unclonable function (PUF) technology.