Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Memory/Storage

EEPROM secures products from cloning, counterfeiting

Posted: 04 Oct 2007 ?? ?Print Version ?Bookmark and Share

Keywords:EEPROMs? embedded hardware encryption? product counterfeiting? cloning?

Atmel Corp. says it has developed the world's first family of EEPROMs with a 64bit embedded hardware encryption engine, four sets of non-readable, 64bit authentication keys and four sets of non-readable, 64bit session encryption keys. Called CryptoMemory, the new devices provide the only low-cost, truly secure means of preventing product counterfeiting and/or piracy said Atmel.

At present, EEPROM-based "electronic labels" are increasingly used to protect high-value products. However, product counterfeiters have become quite sophisticated at decoding and cloning EEPROM-based electronic labels and using them on fake products. Even the most secure EEPROMs can be copied easily using a sub-$100 EEPROM reader. The copied contents, including SHA-1 digests and encrypted passwords, can then be written to blank EEPROMs to create a seemingly valid electronic label. The host reader will see these copies as authentic passwords or SHA-1 digests, even if they are encrypted. They have no way of knowing they are copies, making this form of protection very easy to defeat.

Dynamic authentication
Atmel's CryptoMemory devices solve this problem by embedding a hardware cryptographic engine, and storing "secret" information that is inaccessible to the external world in an EEPROM. A CryptoMemory uses the authentication keys and a random number to generate a unique 56bit highly encrypted identity, called a cryptogram, and a unique 64bit session encryption key, every time a transaction occurs.

Each crypto memory chip contains a unique serial number and the user can optionally assign one of four unique 64bit encryption keys to each zone. The host knows how to generate these keys using the serial number and a special "secret" that it stores.

During mutual authentication, the CryptoMemory sends its serial number and encrypted identity to the host. The host then computes a 64bit number, called a "challenge", based on a random number and its own encryption key. It sends the random number and the "challenge" to the device. The CryptoMemory device uses the random number and its own key to generate a 64bit number. If the 64bit number matches the "challenge", the CryptoMemory device accepts the host as authentic. The device then generates a new encrypted identity, which it sends to the host as a "challenge".

The host uses the original encrypted identity of the device, the same random number it sent, and the device's serial number to compute a new encrypted identity. If that number matches the "challenge", the CryptoMemory is deemed to be authentic. The key to the security is that the authentication keys and host encryption keys used to create the cryptograms never leave the CryptoMemory or its host. Only an authentic host can read information from CryptoMemory. The likelihood of a "fake" device creating the appropriate cryptogram is extremely low.

The authentication keys are generated by the host in a secure location. They are based on the CryptoMemory's serial number and the host's key. Only the authentication keys are written to the CryptoMemory. The host key, which is required to create the authentication keys, is not stored in the CryptoMemory; it resides only in the host. Thus, in the unlikely event that a CryptoMemory were "cracked," it does not contain enough information to create the right keys.

Each CryptoMemory gets a unique set of authentication keys from the host. Because the keys are diversified, an authentication key learned from one CryptoMemory would be useless with any other CryptoMemory.

Once the authentication keys and other configuration information are written to the device, fuse bits in the CryptoMemory are blown to permanently lock the security information in the device, guaranteeing they can never be read. The authentication keys and session encryption keys remain private and cannot therefore be copied.

Configurable, easy to use
CryptoMemory devices are available in densities from 1Kbit to 256Kbits of user memory to accommodate information storage and cost requirements. The user memory itself may be divided into as many as 16 separate sections, each of which can be customized to allow different levels of read and write access.

For example, a smart card that contains health records might keep the patient's ID and billing address in a portion that is accessible by the billing department and insurance company. Diagnostic information can be stored in another area that is accessible only by the doctor. Prescription information is stored in yet another section that can be written only by the doctor, but can be read by the insurance company and the pharmacist.

Atmel offers a CryptoMemory design kit with a library of simple API calls that execute the most complex host operations, including building a software model of the host-side cryptographic engine, computing challenges, performing data encryption and decryption, computing encrypted passwords and message authentication codes, and keeping the host model of the cryptographic engine in synchrony with that in the device. The development library is delivered as a highly decoupled binary cryptographic core, and a source code interface for easy integration. A two-wire interface connects the daughter board to any existing embedded development environment.

The CryptoMemory devices are available now in memory densities of 1Kbit up to 256Kbits. They have standard memory interfaces to MCUs and off-the-shelf readers that include a two-wire interface (TWI), ISO 7816-3 interface in T=0 Mode for wired asynchronous communications. CryptoMemory devices can be used as drop-in replacements for non-secure EEPROMs to protect software IP.

Package options include 8-lead SOIC or PDIP plastic packages and modules for smart card applications.

CryptoMemory devices cost under 30 cents for unit quantities of 10,000 units. The AT88SC-DKI CryptoMemory Development Kit is available now for $49.95 each.

Article Comments - EEPROM secures products from cloning...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top