- Semiconductor BusinessHOME
- Products and Services of Macnica,Inc.
-
technical information
-
Events and Seminars
- Handling Manufacturer
- Support
- Inquiry
- Click here to purchase products
- Semiconductor business e-mail magazine registration
Narrow down by specifying conditions
現在2153件がヒットしています。check
"Device-specific risks" that cannot be prevented by measures on the system side alone
Cloud and network security measures have been significantly strengthened in recent years. Authentication infrastructure, encrypted communications, access control, and other technologies have been put in place, and system-centered defenses are becoming more mature. However, in actual product development, there are many cases where the security of the device itself is not sufficiently considered.
For example, in embedded devices,
- Only simple checks are performed on the MCU side
・Device IDs and parameters are stored in plain text
・There is no system to check whether peripheral accessories are genuine.
Such situations are still common.
In this situation, no matter how robust the system is, the problem arises that the "weak device" can be an entry point for an attack. Even if the communication path is encrypted, if the device itself is fake, it may be possible to connect to the system via legitimate procedures. In other words, a gap has been created where system-level security alone is not enough to "guarantee authenticity." And much of this is due to the fact that, although efforts are being made to fill this gap with MCU software, the system itself has a structure that cannot be fully strengthened by software.
To compensate for these "device-specific weaknesses" and ensure that only the correct device is operational, it is necessary to use hardware to strengthen the parts that cannot be handled by software.
Security functions that can be strengthened with hardware in areas that cannot be fully satisfied by software
When trying to ensure the security of embedded devices, the following hardware-level protection features are essential:
・Secure storage (safely stores IDs, settings, and verification data)
- High-quality random number generator (a fundamental element that determines the security of authentication)
- Side channel attack resistance (protection against analysis using electrical power and electromagnetic waves)
- Tamper detection (a mechanism to detect physical intrusions and protect internal data)
- Encryption calculations are completed within the chip (structure that prevents data from leaking to the outside)
These are security features that were originally intended to be implemented in hardware, but in reality, many products are trying to replace them with MCU software alone.
- Keys and identification information are stored in the flash memory inside the MCU
・Implementing encryption processing as software
・The debug terminal is active
・Implementation that leaks information when power analysis is performed
As a result, we are faced with a situation where "despite the design costs, the device remains vulnerable to hardware attacks." This is not a fault of the software, but a structural problem that forces software to take on areas that it cannot handle. This is why we need an approach called a "secure authentication IC" that complements the software.
|
software |
Hardware Secure Element |
|
|
Implementation costs |
High, various security features need to be integrated and tested |
Easy to integrate with the provided software. Small footprint. |
|
Standards Conformance |
Low security level |
High security level |
|
Resistant to invasive attacks, firmware extraction |
Nothing |
Very high |
|
Side-channel / glitch-resistant encryption |
It can be mitigated, but it will affect business performance. It's difficult to evaluate. |
Very high |
|
secure boot |
MCU Dependency |
Yes |
|
TRNG (True Random Number Generator, essential for key generation and ECDSA) |
Usually PRNG (pseudo random number generator) |
High quality |
|
performance |
Low without HW accelerator |
high |
|
Secure Identity |
No, you need to inject a unique ID, and it's hard to make it immutable |
Yes: Immutable UID + digital signature |
|
Pre-programmed |
Possible, but requires a secure key injection process |
At the chip manufacturer: Very safe |
Comparing software and hardware security *From "What is 1-Wire, the single-wire communication interface with 280 trillion security IDs?"
The role of secure authentication ICs: A mechanism for proving "authenticity" using hardware
Embedded devices have security areas that cannot be strengthened by software alone. Secure authentication ICs are dedicated hardware designed to complement these "missing areas." The IC contains a mechanism to reliably prove that an embedded device is an "authentic device."
■ Authenticity check
Determines the authenticity of devices and accessories and prevents the use of counterfeit, counterfeit, or modified products.
■ Eliminate impersonation
It is possible to create a system that checks whether sensors and modules are genuine and prevents non-genuine ones from working even when connected.
■ Secure storage of configuration information and identification data
Identification data, function settings, and usage information, which can only be lightly protected within the MCU, are stored in a dedicated area that is difficult to read from outside.
■ Usage restriction management (usage count/license control)
You can safely manage licenses for printer ink cartridges, batteries, replacement parts, etc. based on the number of times they are used and their official authentication.
■ MCU load reduction by offloading authentication processing
Because the cryptographic calculations and verification processes can be completed within the hardware, the MCU only needs to "query the secure authentication IC," significantly reducing the costs of software implementation and verification.
Features of Analog Devices Secure Authentication ICs: Four Strengths and Over 35 Years of Experience
Analog Devices has been providing security ICs since 1987, shipping more than 4 billion units and boasting a world-leading track record. Based on this long-standing knowledge, the secure authentication IC incorporates the following four features:
Secure user functions (encryption/counter/tamper detection)
Analog Devices' secure authentication ICs are not just IDs, but also have features that reliably verify the authenticity of devices, such as encrypted communication, user memory, decrement counters, and tamper detection. This makes it possible to prevent copying and unauthorized use of consumables, accessories, and modules using hardware alone.
No software development required (authentication is completed with the hardware IC)
Since the authentication process is completed within the IC, the MCU simply needs to "query the IC" to complete the authentication.
・No need to implement encryption processing
- Less susceptible to debugging and analysis attacks
・Significantly reduces testing man-hours and development costs
A major advantage of extracting security functions into hardware is that it eliminates instability that can arise from software implementation.
Unstolen Keys: ChipDNA PUF Security Technology
ChipDNA is Analog Devices' proprietary implementation of a PUF (Physically Unclonable Function), featuring a tamper-resistant structure that does not store a fixed secret key.
・Key data is not stored externally
・Resistant to physical and analytical attacks
・Cannot be reproduced even if copied
Simply by implementing it, you can achieve a level of "key protection" that cannot be achieved through software implementation.
*For more information about ChipDNA, please visit the Analog Devices page below.
ChipDNA embedded security PUF technology
Diverse interfaces: Wiring reduction with 1-Wire
Analog Devices offers a unique "1-Wire" (proprietary single-wire communication) technology for secure authentication ICs.
・Communication with one signal line + GND
・No power supply required on the slave side (power superimposed on the signal line)
・Compatible with long-distance wiring
It is particularly suitable for consumables, accessories, and battery authentication, and its greatest strength is that it can be combined with other interfaces including I²C and SPI, allowing you to choose the optimal implementation depending on the application.
*For more information on 1-Wire, please visit the following pages of Analog Devices and Macnica.
1-Wre: Analog Devices page
What is 1-Wire, the single-wire communication interface with 280 trillion security IDs?: Macnica page
How to Choose an Analog Devices Secure Authenticator IC Based on Your Application
Analog Devices' secure authentication ICs are broadly used for the following applications:
- Authentication of consumables and accessories/counterfeit prevention
・Module, IoT node, and peripheral authentication
・Secure communication and secure boot for gateways and external devices
For each application, there is a lineup of ICs with private key/public key authentication methods and interfaces such as I²C/1-Wire/SPI. Below, we will introduce representative products for each main application.
Authentication of consumables and accessories / Counterfeit prevention
This is an application for consumables and accessories where "we want you to use only genuine products," such as battery packs, ink cartridges, probes, medical sensors, etc. Secure authentication ICs are used to prevent the intrusion of counterfeit or counterfeit products, and to prevent malfunctions, accidents, and brand damage.
■Private key type secure IC products
| model number | interface | Authentication method / algorithm |
Features |
| DS28C50 / DS28E50 | I²C / 1-Wire | HMAC-SHA3-256 | SHA3-256 two-way authentication, ChipDNA PUF protection, 2Kb user EEPROM |
| DS2477 | I²C (host side) | HMAC-SHA3-256 | SHA3 256 coprocessor for host MCU, securely stores master keys and offloads SHA3 operations |
| DS28E16 / DS28C16 | I²C / 1‑Wire | HMAC‑SHA3‑256 | SHA3-based authentication IC with small (256b) user EEPROM and decrement counter |
| DS28E25 | 1‑Wire | HMAC‑SHA256 | SHA-256 Two-Way Authentication IC with 4Kb User EEPROM |
| DS28C22 / DS28E22 / DS28EL22 | I²C / 1‑Wire | HMAC‑SHA256 | SHA-256 Bidirectional Authentication IC with 2-3Kb User EEPROM |
| DS28E15 / DS28EL15 | 1‑Wire | HMAC‑SHA256 | Small-Capacity SHA-256 Authentication IC with 512b User EEPROM |
| DS2465 | I²C (host side) | HMAC‑SHA256 | SHA-256 coprocessor for host MCU, securely stores master keys and offloads SHA2 operations |
■Public key type secure authentication IC products
| model number | interface | Authentication method / algorithm |
Features |
| DS28C39 / DS28E39 | I²C / 1-Wire | ECDSA-P256 | Public key authentication IC with ChipDNA protects 2Kb user EEPROM with PUF-derived key |
| DS28E38 | 1-Wire | ECDSA-P256 | ECDSA authentication IC with PUF-derived public/private keys, approximately 2Kb user EEPROM |
| DS28C36 / DS28E36 | I²C / 1-Wire | ECDSA‑P256+ECDH+HMAC‑SHA256 | Multi-function authentication IC (4Kb user EEPROM) that supports three systems: public key, private key, and shared key, and can also be used for secure boot and secure GPIO. |
| DS28E83 / DS28E84 | 1-Wire | ECDSA‑P256+ECDH+HMAC‑SHA256 | For radiation-hardened special applications, the DS28E83 has approximately 10Kb OTP, and the DS28E84 has an additional 15Kb FRAM |
| DS28C40 / DS28E40 | I²C / 1-Wire | ECDSA‑P256+ECDH+HMAC‑SHA256 |
Automotive-grade (AEC-Q100) public key authentication IC with approximately 3Kb user OTP memory |
| DS2476 | I²C (host side) | ECDSA‑P256+ECDH+HMAC‑SHA256 | Security coprocessor for host MCU, including secure storage of system keys and offload of ECDSA operations |
Secure communication/mutual authentication/certificate management for externally connected devices such as IoT devices
This is used when you want to use hardware to protect devices that serve as the "entrance" to the network, such as IoT gateways, industrial controllers, base stations, and monitoring devices.
Here, not only authentication,
- Secure communication such as TLS
・Key exchange (ECDH)
・AES encryption processing
Secure Boot
A multi-function security coprocessor is used, which includes functions such as:
| model number | interface | Authentication method / algorithm |
Features |
| MAXQ1065 | SPIs | ECDSA‑P256 / ECDH / AES‑128/256 / HMAC‑SHA256 | Host-facing security controller securely stores keys/certificates in flash with ChipDNA, providing advanced security features such as TLS and key exchange |
| DS28S60 | SPIs | ECDSA‑P256 / ECDH / AES‑128‑GCM / HMAC‑SHA256 | Multi-function security coprocessor with SPI connection, supporting secure boot, mutual authentication, approximately 8KB user flash, etc. |
Related Information
Inquiry
If you have any questions regarding this article, please contact us below.
Analog Devices Manufacturer Information Top
Analog Devices Manufacturer Information If you would like to return to the top page, please click below.