《ATMEL加密芯片ATSHA.ppt》由会员分享,可在线阅读,更多相关《ATMEL加密芯片ATSHA.ppt(29页珍藏版)》请在三一办公上搜索。
1、Atmel Crypto AthenticationTMATSHA204,ATMEL 代理商 深圳,提供各方面的技术支持.林先生 QQ:1085487223 邮箱:,V 1.0,什么是加密芯片 它本身具有十分安全的保密性,内部可以存储秘密数据,内置加密算法,通过安全的认证协议进行认证过程。认证协议的作用认证双方在不直接出示密钥的情况下,能够证明自己知道密钥。,散列函数Hash,Alan和Bell都是密码学教授,有一天,他们共同解决一个数学难题。在办公室里他们都没有想出来,却恰好在家里同时想出了答案。,Alan,Bell,你算出来是多少?,不,你先说。我怎么又知道呢你算过呢?,你先说。如果我说了
2、,我怎么知道是你算出来的。,散列函数Hash,不可逆的函数 知道函数F和c,很难反向运算得s。,例如,F是3的s次方后取前2到6的有效位数,共5位数为c。随便取一个值,s=286,则3的286次方是2.8620607630655430965855314425431e+136取前2到6的有效数字得,c=86206,散列函数Hash,我运算过后是86206,恩,我已经知道你是知道的。你不必说出答案了。,把函数结果告诉我吧。,散列函数Hash,SHA家族的五个算法,分别是SHA-1、SHA-224、SHA-256、SHA-384,和SHA-512,由美国国家安全局(NSA)所设计,并由美国国家标准与
3、技术研究院(NIST)发布;是美国的政府标准。后四者有时并称为SHA-2。,散列函数Hash,sha256算法,散列函数Hash,sha256算法,SHA256(apple):3A7BD3E2360A3D29EEA436FCFB7E44C735D117C42D1C1835420B6B9942DD4F1BSHA256(apple)(多了一个空格):E0F6F390C37556B5EB3292A63159AEA8EC795A4A1D4F22A18ABB14AC7341508FSHA256(Linux):4828E60247C1636F57B7446A314E7F599C12B53D40061CC8
4、51A1442004354FED,散列函数Hash,Hash算法与加密算法 Hash算法是不可逆的,也就是不能通过输出文本转化回原文本。不同文本经过Hash算法后可能输出相同的结果。而加密算法是可逆的,每个加密算法都会有相应的解密算法。原文与密文一一对应。,HMAC 挑战响应,HMAC HMAC是密钥相关的哈希运算消息认证码(Hash-based Message Authentication Code),HMAC运算利用哈希算法,以一个密钥和一个消息为输入,生成一个消息摘要作为输出。挑战响应 客户端发送一个消息作为挑战给服务器,服务器使用事先存储好的密钥求MAC,发回客户端,这是响应。客户端根
5、据响应来认证。,HMAC 挑战响应,挑战响应,ATSHA204,What can ATSHA204 do?Authenticate an AccessoryAuthenticate FirmwareSecurely Exchange Session KeysSecret Storage,ATSHA204,AT88SC0104 vs ATSHA204,ATSHA204 Security Features,Robust Crypto AlgorithmSHA256 MAC,HMACAdvanced Multi-Level HW SecurityActive shield over entire c
6、hipAll memories internally encryptedInternal state consistency checkingSecurity protocols hard codedSupply tamper protectionInternal clock generationSecure test methods,no JTAGNo debug probe points,no test padsDesigned to Defend Against:Dumpster-diving attacksMicroprobe attacksTiming attacksProtocol
7、 attacksFault attacksPower cyclingJust as Secure as Smart Cards!,ATMEL,ATSHA204,256 bits long.ATSHA204利用这些key作为HASH消息源的一部分。用于MAC,CheckMac,HMAC,GenDig指令。EEPROM的data zone的任意Slot可以存储Key。(1)Diversified keys根据产品序列码生成key(2)Rolled Keys:防止每次认证都使用相同的key(3)Created Keys:根据已知的key产生新的key(4)Single-use Keys 使用有次数限
8、制(5)Password Checking 密码检查(6)Transport Keys:传输key,Key,Accessory Authentication,Device,AVR or ARM Microprocessor,Accessory,ATSHA204,Random Number Generator,KeyStorage,SecureKeyStorage,SHA-256HashCalculation,SHA-256HashEngine,Do TheyMatch?,No,Yes,Challenge,Response,Date/Time,Accessory Authentication H
9、ost Chip,Device,Challenge,Response,Accessory,ATSHA204,SecureKeyStorage,SHA-256HashEngine,Random Number Generator,SecureKeyStorage,SHA-256HashEngine,Do TheyMatch?,FIPSRNG,AVR or ARM Microprocessor,Stop,Continue,ATSHA204,Firmware Authentication,Customer Board,AVR or ARM Microprocessor,ATSHA204,Random
10、Number Generator,KeyStorage,SecureKeyStorage,SHA-256HashCalculation,SHA-256HashEngine,Do TheyMatch?,No,Yes,Challenge,Response,Date/Time,Secret Storage,Customer Board,AVR or ARM Microprocessor,ATSHA204,KeyStorage,SecureKeyStorage,SHA-256HashCalculation,SHA-256HashEngine,Write,Read,Random Number Gener
11、ator,Clear Data to Write,Clear Data to Read,Clear Data,Clear Data,Cryto Data,Cryto Data,Session Key Exchange,Same secrets in both ATSHA204s RNG ensures key uniquenessATSHA204 MAC produces AES Key,AES,High Quality RNG,AES Key,AES,AES Key,Mutual Authentication,Uniformity across entire product linesToo
12、ls authenticate batteries before allowing useCharger Authenticates batteries before chargingBatteries authenticate charger before chargingOnly valid products can be used together,Managing Subcontractors,Chip Limits Subcontractor ActionsPrevent unauthorized overbuildsOEM gives subcontractor limited q
13、ty of security devicesWarranty TrackingSubcontractor logs mfr date,conditions,etcPersonalize chip for use at one subcontractor onlyMatch correct part with equipment/information at that subconControl model numbers built by particular subconSubcon only has authentication information for certain models
14、Secure Programming Feature Protects secrets at third party subcontractorsAtmel can securely program parts for high volume customersCustomer:“We have more products sold under our name that are not produced by us than what we produce”,CryptoAuthentication Kits and Support,Multiple Demo/Eval/Kit Boards
15、Modular for compatibility with STK/EVK boardsSource Code Library CodeSpeed customer development cycleExtensive DocumentationQuick Start and Hardware User GuidesApplication NotesDemonstration/Evaluation PC SoftwareAtmel Crypto Evaluation Studio(ACES),ATSHA204 USB Dongle,Small and Simple for Quick Dem
16、osFull PC GUI(ACES)support for device evaluation&experimentationLow cost,AVR Studio 5 Integration,Source Code LibraryOnline,no NDASupports most AVR and ARM devicesI2C or Single Wire IntfcSIO,UART or SW GPIOIntegrated into ASF framework,Kits Integrated With Atmel Dev.Tools,STK600,SAM7,AT88CK101,Plugg
17、able Adapters to STK/EK boards Sockets to simplify lab prototypingAvailable for multiple package typesSingle or Dual chip for Host/Client developmentSource Code Library OnlineFully integrated into ASF framework,Xplained Top Board,Multiple CryptoAuthentication Chips Each at different I2C addressProgram/experiment,switch to next to experiment with different configurationsKit Project to run ACES GUIOnline download for AVR,Demonstrate,Evaluate&Configure,ACES PC Software Tool,Contact Us,ATMEL 代理商 广东,提供各方面的技术支持.林先生 QQ:1085487223 邮箱:,
