Advanced and Low-Complexity Authentication

Advanced and Low-Complexity AuthenticationBenedikt Driessen

Product counterfeiting inflicts billionsof dollars in damages to businesses

February 2015 Copyright © Infineon Technologies AG 2015. All rights reserved.

IACC (int'l anti-counterfeiting coalition) Daily more news

It is estimated that counterfeiting is a $600 billion a year problem

It's a problem that has grown over 10,000 percent in the past two decades

~5% to 7% of the world tradeis in counterfeit goods

Why device authentication?


Docking station

RELIABILITY

Toner & printer cartridges

BUSINESS

Projector

QUALITY

CompanyBrand

IMAGE

AC adapter

LIABILITY

Medical devices

SAFETY

Example of a Printer Manufacturer


Change of revenue model

Subsidize printer price

Offset costs by sellingpremium ink cartridges

Authentication helps to protect

Revenue stream

Business model

Warranty issues

Cryptography is needed

Cryptography for Authentication


Which authentication mechanism?1

Which algorithms?2

Storage and programming of keys?3

Symmetric Authentication


Keys in printer and cartridge similar, must be protected in both

Complicated key management to avoid "break one, own all" scenario

DECENC

Drawbacks

Asymmetric Authentication


Protection of secret key only in cartridge

Keys are unique per cartridge

DECENC

Advantages



Which authentication mechanism?1

Which algorithms?2


Asymmetric cryptography

Rivest-Shamir-Adleman (RSA)


Long keys (e.g. 384 byte, 1920 byte)

Prohibitive performance on embedded devices

Drawbacks

c ≡ me mod N

Elliptic Curve Cryptography (ECC)


Short keys (e.g. 32 byte, 65 byte)

Much better performance on embedded devices

Advantages



Choose cryptographic authentication mechanism1

Which algorithms?2


Asymmetric Cryptography

Elliptic Curve Cryptography

Implementation Challenges


Common pitfalls

Implementations need to guard against side channel attacks

Protect against fault injection

Countermeasures against physical key extraction

Source: Dr. David Oswald

Bootstrapping Trust


PersonalizationDicing Packaging

Secure Facility

Secure manufacturing enables security in the field

Programming keys must happen in a highly secured environment

Challenges due to training, equipment and certification

Impossible if manufacturing is not under control



Choose cryptographic authentication mechanism1

Implement suitable set of algorithms securely2


Asymmetric Cryptography

Elliptic Curve Cryptography

Secure hardware in secure environment

OPTIGA™ Trust

Advanced and Low-Complexity Authentication


Host side Documentation

Product Evaluation kit

C-library for host side support

Download from myinfineon.com

Databook

Application notes on ECC authentication, NVM usage, SWI interface

Windows based GUI

USB format

Unique key pair per device

163 bit ECC

3.5 kBit user NVM

SWI interface

Easy Integration


Integration of the OPTIGATM Trust

Keys pre-programmed in secure environment

Single-wire interface

Very compact package (USON-3, 2mm x 3mm)

Software support (C-library) for host side

OPTIGA™ Trust Evaluation Board


For demo

USB: Simulated Host

Windows based GUI

For evaluation

Based on IFX XMC4500

Built-in JTAG interface for debugging

IDE with free license (HiTOP)

The possible applications are endless


Electronic accessory authentication(e.g. MP3 players)

ICT Infrastructure authentication

(e.g. routers)

Gaming authentication(e.g. slot machines)

Industrial

Printer cartridge authentication

Medical equipment authentication

Cloud computing authentication

Software/ IP authentication

Internet of Things Connected Home

M2M Communication

Interested in more information?


Visit Infineon at Hall 5, booth 360

Contact

Timo GrassmannProduct Marketing Manager

[email protected]

Morewww.infineon.com

mailto:[email protected]

http://www.infineon.com/

Advanced and Low-Complexity Authentication

Technology

Transcript of Advanced and Low-Complexity Authentication