《ATMEL加密芯片ATSHA204资料教程》由会员分享,可在线阅读,更多相关《ATMEL加密芯片ATSHA204资料教程(29页珍藏版)》请在金锄头文库上搜索。
1、Atmel Crypto AthenticationTMATSHA204,ATMEL 代理商 深圳,提供各方面的技术支持. 林先生 QQ :1085487223 邮箱:,V 1.0,什么是加密芯片 它本身具有十分安全的保密性,内部可以存储秘密数据,内置加密算法,通过安全的认证协议进行认证过程。 认证协议的作用 认证双方在不直接出示密钥的情况下,能够证明自己知道密钥。,散列函数Hash,Alan和Bell都是密码学教授,有一天,他们共同解决一个数学难题。在办公室里他们都没有想出来,却恰好在家里同时想出了答案。,Alan,Bell,你算出来是多少?,不,你先说。我怎么 又知道呢你算过呢?,你先说。
2、如果我说了,我 怎么知道是你算出来的。,散列函数Hash,我运算过后是 86206,恩,我已经知道你是 知道的。你不必说出 答案了。,把函数结果 告诉我吧。,散列函数Hash,SHA家族的五个算法,分别是SHA-1、SHA-224、SHA-256、SHA-384,和SHA-512,由美国国家安全局(NSA)所设计,并由美国国家标准与技术研究院(NIST)发布;是美国的政府标准。 后四者有时并称为SHA-2。,散列函数Hash,sha256算法,散列函数Hash,sha256算法,SHA256(apple): 3A7BD3E2360A3D29EEA436FCFB7E44C7 35D117C42D
3、1C1835420B6B9942DD4F1B SHA256(apple )(多了一个空格): E0F6F390C37556B5EB3292A63159AEA8 EC795A4A1D4F22A18ABB14AC7341508F SHA256(Linux): 4828E60247C1636F57B7446A314E7F599 C12B53D40061CC851A1442004354FED,散列函数Hash,Hash算法与加密算法 Hash算法是不可逆的,也就是不能通过输出文本转化回原文本。不同文本经过Hash算法后可能输出相同的结果。 而加密算法是可逆的,每个加密算法都会有相应的解密算法。原文与密
4、文一一对应。,HMAC 挑战响应,HMAC HMAC是密钥相关的哈希运算消息认证码(Hash-based Message Authentication Code),HMAC运算利用哈希算法,以一个密钥和一个消息为输入,生成一个消息摘要作为输出。 挑战响应 客户端发送一个消息作为挑战给服务器,服务器使用事先存储好的密钥求MAC,发回客户端,这是响应。客户端根据响应来认证。,HMAC 挑战响应,挑战响应,ATSHA204,What can ATSHA204 do? Authenticate an Accessory Authenticate Firmware Securely Exchange S
5、ession Keys Secret Storage,ATSHA204,AT88SC0104 vs ATSHA204,ATSHA204 Security Features,Robust Crypto Algorithm SHA256 MAC, HMAC Advanced Multi-Level HW Security Active shield over entire chip All memories internally encrypted Internal state consistency checking Security protocols hard coded Supply ta
6、mper protection Internal clock generation Secure test methods, no JTAG No debug probe points, no test pads Designed to Defend Against: Dumpster-diving attacks Microprobe attacks Timing attacks Protocol attacks Fault attacks Power cycling Just as Secure as Smart Cards!,ATMEL,ATSHA204,256 bits long. A
7、TSHA204利用这些key作为HASH消息源的一部分。用于MAC,CheckMac,HMAC, GenDig指令。 EEPROM的data zone的任意Slot可以存储Key。 (1) Diversified keys根据产品序列码生成key (2) Rolled Keys: 防止每次认证都使用相同的key (3) Created Keys:根据已知的key产生新的key (4) Single-use Keys 使用有次数限制 (5) Password Checking 密码检查 (6) Transport Keys:传输key,Key,Accessory Authentication,D
8、evice,AVR or ARM Microprocessor,Accessory,ATSHA204,Random Number Generator,Key Storage,Secure Key Storage,SHA-256 Hash Calculation,SHA-256 Hash Engine,Do They Match ?,No,Yes,Challenge,Response,Date / Time,Accessory Authentication Host Chip,Device,Challenge,Response,Accessory,ATSHA204,Secure Key Stor
9、age,SHA-256 Hash Engine,Random Number Generator,Secure Key Storage,SHA-256 Hash Engine,Do They Match ?,FIPS RNG,AVR or ARM Microprocessor,Stop,Continue,ATSHA204,Firmware Authentication,Customer Board,AVR or ARM Microprocessor,ATSHA204,Random Number Generator,Key Storage,Secure Key Storage,SHA-256 Ha
10、sh Calculation,SHA-256 Hash Engine,Do They Match ?,No,Yes,Challenge,Response,Date / Time,Secret Storage,Customer Board,AVR or ARM Microprocessor,ATSHA204,Key Storage,Secure Key Storage,SHA-256 Hash Calculation,SHA-256 Hash Engine,Write,Read,Random Number Generator,Clear Data to Write,Clear Data to R
11、ead,Clear Data,Clear Data,Cryto Data,Cryto Data,Session Key Exchange,Same secrets in both ATSHA204s RNG ensures key uniqueness ATSHA204 MAC produces AES Key,AES,High Quality RNG,AES Key,AES,AES Key,Mutual Authentication,Uniformity across entire product lines Tools authenticate batteries before allow
12、ing use Charger Authenticates batteries before charging Batteries authenticate charger before charging Only valid products can be used together,Managing Subcontractors,Chip Limits Subcontractor Actions Prevent unauthorized overbuilds OEM gives subcontractor limited qty of security devices Warranty T
13、racking Subcontractor logs mfr date, conditions, etc Personalize chip for use at one subcontractor only Match correct part with equipment/information at that subcon Control model numbers built by particular subcon Subcon only has authentication information for certain models Secure Programming Featu
14、re Protects secrets at third party subcontractors Atmel can securely program parts for high volume customers Customer: “We have more products sold under our name that are not produced by us than what we produce”,CryptoAuthentication Kits and Support,Multiple Demo/Eval/Kit Boards Modular for compatib
15、ility with STK/EVK boards Source Code Library Code Speed customer development cycle Extensive Documentation Quick Start and Hardware User Guides Application Notes Demonstration / Evaluation PC Software Atmel Crypto Evaluation Studio (ACES),ATSHA204 USB Dongle,Small and Simple for Quick Demos Full PC
16、 GUI (ACES) support for device evaluation & experimentation Low cost,AVR Studio 5 Integration,Source Code Library Online, no NDA Supports most AVR and ARM devices I2C or Single Wire Intfc SIO, UART or SW GPIO Integrated into ASF framework,Kits Integrated With Atmel Dev. Tools,STK600,SAM7,AT88CK101,Pluggable Adapters to STK/EK boards Soc
