Embedded Storage & Network Security » » Atmel Rhino+ USB Demonstration/Evaluation Kit for SHA-256 Cryptographic Authentication Chip

Atmel Rhino+ USB Demonstration/Evaluation Kit for SHA-256 Cryptographic Authentication Chip

$19.99 kit for to prevent counterfeiting of medical and electronic consumables, maintain authenticity of end-product firmware, and protect sensitive transmitted data.

San Jose, CA, May 19, 2009 – Atmel® Corporation (Nasdaq: ATML) announced today its Rhino+ AVR® -based development kit for its AT88SA102S CryptoAuthentication^TM IC. Atmel’s AT88SA102S device is the industry’s most secure authentication IC, with an embedded SHA-256 engine and 256-bit cryptographic key that make it virtually impossible to crack using brute force methods. The nearest competing authentication IC has a key size of only 128 bits. Priced at less than $1, the AT88SA102S CryptoAuthentication IC is more secure and costs 40% to 60% less than competing solutions.

The Rhino+ kit is a small USB PCB with an on-board AT88SA102S CryptoAuthentication IC that uses a SHA-256 algorithm. An AVR microcontroller on the board is preloaded with embedded software to implement the required single wire communication protocol. Demonstration and application development software may be down-loaded from www.atmel.com/Rhino.

Designers simply plug the Rhino+ key into a USB slot on their PC and download the software to evaluate the cryptographic capabilities of the device. The AT88SA102S CryptoAuthentication IC may be used to protect batteries, ink cartridges, test strips, blood bags, breathing tubes, and other electronic and medical consumables from cloning or counterfeiting. They can also be used to securely transmit data, such as satellite radio broadcasts or medical records, protect end-products from malicious firmware updates and validate software or media modules.

The Rhino+ kit may also be used as is for end-product deployment in PC-based applications, such as personnel identification or data/software authentication.

Authentication. The SHA-256 algorithm in the CryptoAuthentication device authenticates by using a “challenge/response” operation between the microcontroller or host device and client. The host could be a portable power tool, printer, medical test equipment, or even a satellite radio transmitter. The corresponding client could be the battery used in the power tool, an ink cartridge, a medical consumable, or a satellite radio.

The AT88SA102S client device in the Rhino+ kit has a unique serial number plus an embedded 265-bit key that is never exposed. A 62-bit customer secret is burned into fuses in the device once during manufacturing system configuration, which can never be read. An additional 23 bits of incremental blow fuses can be used as needed by the customer. At the beginning of an authentication process (e.g., unlocking a door or installing an ink cartridge), the AVR host microcontroller on the USB PCB reads the serial number from the AT88SA102S device. The AVR host performs a SHA-256 hash based on the AT88SA102S’s serial number, a random number generated by the host AVR, the 256-bit key and the customer secret from the AT88SA102S that is also stored in the host. The host then sends the random number to the client as a “challenge”. The AT88SA102S client performs its own SHA-256 hash, based on the same information. The resulting digest, or “response”, is sent back to the host. The host microcontroller compares this response with the SHA-256 digest from its earlier calculation. If they match, the client is deemed to be authentic. The output digest of the SHA-256 calculation is so sensitive to the original information that changing even a single bit of the challenge will result in a completely different value.

In the case of an ink cartridge or medical consumable, the microcontroller in the printer or medical device can prevent system operation if the “client” is not authentic, and allows system operation for authentic clients.

Session Key Exchange: In the case of protecting data transfer, such as a broadcast to a satellite radio, the transmitting system sends a random number to a SHA-256 algorithm along with the 256-bit key value stored in the AT88SA102S on the authorized receiving nodes. The response of the SHA-256 algorithm is then used as the encryption key to encrypt the transmission. The encrypted message is then transmitted along with the random number used as a challenge. On the receiving side the random challenge is fed into the onboard AT88SA102S and the response is used to decrypt the message. Only an authentic client-radio containing an AT88SA102S with the correct secret will be able to properly decrypt the transmission.

Since the AVR generates a new random number challenge for each transaction, intercepting the challenge/response pair that is sent back and forth over the bus is useless to an attacker because a new response, based on a different random number, is generated for every transaction. Client-products using the AT88SA102S devices can be configured with a single key for all units, or with unique keys for manufacturing lots, versions or for each individual unit. Since the key is unreadable and is never transmitted, it is always secure in the AT88SA102S CryptoAuthentication IC.

Such operation complements the AES accelerators in selected Atmel ARM^® and AVR microcontrollers perfectly. The AT88SA102S can be used for key generation and the AES accelerator can encrypt or decrypt the larger message quickly.

Ultra-low Power Consumption. Authentication ICs spend a small percentage of their time active, so sleep mode power consumption is the most important power consumption metric. With sleep mode power consumption of less than 100 nanoamps (nA), Atmel’s AT88SA102S CryptoAuthentication ICs should have virtually no impact on system battery life. Supply voltage for the AT88SA102S is 2.5V to 5.5V

Availability and Pricing. The Rhino+ CryptoAuthentication development kit is available now from Digikey for $19.99.

Atmel’s AT88SA102S102 CryptoAuthentication IC is available now in a SOT23 package and is priced at $0.66 in quantities of 100. Additional AT88SA family members will be introduced during 2009.

Contact Information

Atmel Corporation

2325 Orchard Parkway
San Jose, CA, 95131
USA

tele: 408.441.0311
fax: 408.487.2600
www.atmel.com/avr/

Share and Enjoy:

This entry was posted on Wednesday, May 20th, 2009 at 11:03 pm and is filed under News.

Comments

Advantech’s Secure & Unified Smart Interface

Advantech’s SUSI (Secure & Unified Smart Interface) provides a set of user-friendly, intelligent and integrated interfaces, which speeds development, enhances security and offers add-on value for Advantech platforms. SUSI plays the role of catalyst between developer and solution, and makes Advantech embedded platforms easier and simpler to adopt and operate with customers’ applications.

Advances in Radar Processing

With radar systems, as with many military applications, it is difficult to determine whether greater processing needs are driving development of more powerful hardware and software – or whether radar systems designers have just been quick to adopt more capable hardware and easier-to-use software. Whatever the case, today’s sophisticated radar processing is reliant on three key elements. Click on the white paper link to learn about these three key elements in today’s radar processing systems.

Open Specifications For Highly Available Mission-Critical Systems

When missions are at stake and live are on the line, operational availability of war-fighter systems is an absolute requirement. While the need to ensure availability of such systems has not changed, standards-based platforms that ensure service continuity, drive down costs and reduce schedule risks. Open specifications playing a key role in this transition are AdvancedTCA (ATCA) and those from the Service Availability Forum (SA Forum). In this session you will learn key concepts including and introduction to ATCA and SA Forum specifications, an overview of services key to ensuring continuous availability of your mission-critical application, and a look inside a real-world implementation.

Implementing ATCA Serving Gateways for LTE Networks

One key challenge of LTE is how core network components will keep up with massive increases in access link throughput (e.g., seven times HSPA data rates). How evolved core network equipment manufacturers rise to this challenge will be critical for determining subscriber satisfaction with their LTE service experiences. To focus on the challenge, this article discusses the “best practices” approach for building an ATCA Serving Gateway node, the very backbone of the LTE network user plane.

EE Catalog Tech Videos

The Cloud and Data Centre Architecture

Part 1 of a discussion about how developments such as Infrastructure as a Service (IaaS) and Dynamic and Shared Services are impacting the Architecture and the Security of the Data Centre.

Part 1 of an Interview with one of the Architects of MontaVista Linux 6, Joe Green

This is an interview with one of the architects of MontaVista Linux 6, Joe Green. Joe talks about our approach with MVL6, and the use of BitBake in the new MontaVista Integration Platform.

Overview on the 1201 and 1901 Intel Single Board Computers

Jason Smith, Product Marketing Manager for Curtiss-Wright Controls Embedded Computing's San Diego office, provides an overview of the 1201 and 1901 Intel Single Board Computers now available to ship to customers. For more information on the 1201 go to www.cwcembedded.com/1201, and for the 1901 go to www.cwcembedded.com/1901.

Storage / Security