Issue link: https://resources.mouser.com/i/1442760
Each key exists as a precise analog characteristic of the chip, and it's repeatable over temperature, voltage, and chip-operating life conditions. This allows security coprocessors that incorporate ChipDNA authentication to generate cryptographic keys as a unique output value. Released by NIST on August 5, 2015, SHA-3 is based on the KECCAK cryptographic function, which consists of a structure that utilizes sponge construction. Sponge construction represents a class of algorithms that take (absorb) an input bit stream of any length to produce (squeeze) and output bit stream of any desired length. Sponge functions can be used to model or implement cryptographic hashes, message authentication codes, and other cryptographic primitives. SHA-3 is the first cryptographic hash algorithm that NIST has adopted using a public competition and vetting process. NIST selected the KECCAK algorithm as the foundation of the SHA-3 standard after a competition that assessed candidates on: • Performance level, regardless of implementation • Ability to withstand known attacks, while maintaining a large safety factor • Ability to be subjected to cryptanalysis • Code diversity An additional advantage of SHA-3 is its silicon implementation efficiency. This makes it cost-effective compared to other algorithms and optimal for securing embedded subsystems, sensors, consumer electronics, etc. For more information, see the Maxim white paper "Why Now is a Good Time to Secure Your Embedded Systems with SHA-3." ChipDNA Case Study Maxim's DS28E38 DeepCover ® authenticator employs ChipDNA technology to secure all device data, thus simplifying or even eliminating the need for secure key management. It incorporates a public key-based ECDSA authenticator that is built around ChipDNA PUF technology. The FIPS 186-compliant security coprocessor features ECDSA signature generation and verification to support asymmetric key authentication. The security coprocessors are accompanied with reference designs and evaluation kits that include example code, socket boards, and interface adapters. These "turnkey" design solutions demonstrate how hardware security frameworks built around authenticator chips operate. 14 | 14 | mbed SHIELD WEB SERVER PROTECTED SENSOR ENDPOINT I 2 C SIGNALS FROM mbed PLATFORM mbed PLATFORM MAX32600MBED DS28C36 DS2476 IR TEMP SENSOR LASER POINTER SENSOR NODE: 2 OBJECT TEMP: 41 AMBIENT TEMP: 23 PERIODIC UPDATES: 0 VALID SIGNATURE: 1 Figure 5: The MAXREFDES155 reference design that employs the DS28C36 secure authenticator to safeguard a sensor node and its Wi-Fi link to a web server, which is primarily for industrial applications such as factory automation and smart agriculture. This design uses the ECDSA asymmetric authentication mechanism to protect connected devices and data paths. The Figure 4 example of how ChipDNA and PUF technologies work together demonstrates how new levels of protection are being added to the hardware security realm that can meet the vital safety requirements of the embedded systems of tomorrow. The recent attacks on surveillance cameras, network routers, and even cars have shown two things. First, security is finally becoming a selling point in IoT product designs. Second, merely filling the security holes with software patches isn't enough. The focus on embedded systems security is gradually increasing, and authenticator chips provide a simplified path to rapidly implement security for a broad range of embedded designs. A new security paradigm is taking shape and security coprocessors are at the forefront of the efforts to raise security levels in embedded systems. And these security coprocessors are increasingly becoming a part of the turnkey solutions that encompass cryptographic best practices. Conclusion