Atmel AT88SA102S
Atmel CryptoAuthentication Product Authentication Chip
DATASHEET
Not Recommended for New Designs
Replaced by ATSHA204
Features
•
•
•
•
•
•
•
•
•
•
•
Secure authentication and key exchange
Superior SHA-256 hash algorithm
Best in class 256-bit key length
Guaranteed unique 48-bit serial number
High speed single wire interface
Supply voltage: 2.7V – 5.25V
1.8V – 5.25V communications
<150nA sleep current
Multi-level hardware security
Secure personalization
Green compliant (exceeds RoHS) 3-pin SOT-23 or 8-lead SOIC packages
Applications
•
•
•
•
•
•
•
•
•
Authentication of replaceable items
Software anti-piracy
Network and computer access control
Portable media player and GPS system
Key exchange for encrypted downloads
Prevention of clones for demo and evaluation boards
Authenticated communications for control networks
Anti-clone authentication for daughter cards
Physical access control (electronic lock and key)
8584H−CRYPTO−9/2012
Figure 1.
Pin name
SIGNAL
GND
VCC
Pin Configurations
Function
Serial data, single-wire clock and data
Ground
Power supply
8-lead SOIC
NC
NC
NC
GND
1
2
3
4
8
7
6
5
3-lead
VCC
NC
NC
SIGNAL
2
VCC
GND
3
1
SIGNAL
1.
Introduction
The Atmel AT88SA102S is a member of the Atmel CryptoAuthentication family of cost-effective authentication chips
designed to securely authenticate an item to which it is attached. It can also be used to exchange session keys with some
remote entity so that the system microprocessor can securely encrypt/decrypt data. Each AT88SA102S chip contains a pre-
programmed serial number which is guaranteed to be unique. In addition, it has been designed to permit secure
personalization so that third parties can build devices containing an OEM secret without concern for the theft of that secret.
It is the first small standard product to implement the SHA-256 hash algorithm, which is part of the latest set of recommended
algorithms by the US Government. The 256-bit key space renders any exhaustive attacks impossible.
The CryptoAuthentication family uses a standard challenge response protocol to simplify programming. The system generates
a random number challenge and sends it to the AT88SA102S chip. The chip hashes that with a 256-bit key using the SHA-256
algorithm to generate a keyed 256-bit response which is sent back to the system.
The chip includes 128-single bit one time programmable fuses that can be used for personalization, status or consumption
logging. Atmel programs 40 of these bits prior to the chip leaving the factory, leaving 88 for user purposes. See Section 1.3 for
more information.
Note:
The chip implements a failsafe internal watchdog timer that forces it into a very low power mode after a certain
time interval regardless of any command execution or IO transfers that may be happening at the time the timer
expires. System programming must take this into consideration. See Section 5.4 for more details
®
1.1
Usage
There are many different ways in which the AT88SA102S can add an authentication capability to a system. For more
information, see the “Atmel CryptoAuthentication Usage Examples” applications note.
In general, however, all these security models usually employ one of two general key management strategies:
•
Fixed challenge response number pair stored in the host. In this case, the host sends its particular challenge and
only an authentic AT88SA102S can generate the correct response. Since no secret is stored on the host, there is no
security cost on the host. Depending on the particulars of the system, each host may have a different challenge
response pair and/or each client may have the same key.
Host computes the response that should be provided for a particular client against a random challenge and/or
include the client ID number in the calculation. In this case, the host needs to have the capability to securely store
the secret from which diversified response will be computed. One way to do this is to use a CryptoAuthentication
host chip. Since each client is unique, the host can maintain a dynamic black list of clients that have been found to
be fraudulent.
•
Atmel AT88SA102S [DATASHEET]
8584H−CRYPTO−9/2012
2
1.2
Memory Resources
Fuse
Block of 128-fuse bits that can be written through the one wire interface. Fuse[1] and Fuse[87] have
special meanings, see Section 1.3 for more details. Fuse[88:95] are part of the manufacturing ID value
fixed by Atmel. Fuse[96:127] are part of the serial number programmed by Atmel which is guaranteed to
be unique. See Section 1.4 for more details on the Manufacturing ID and Serial Number.
Metal mask programmed memory. Unrestricted reads are permitted on the first 64-bits of this array. The
physical ROM will be larger and will contain other information that cannot be read.
2-bytes of ROM that specifies part of the manufacturing ID code. This value is assigned by Atmel and is
always the same for all chips of a particular model number. For the AT88SA102S, this value is 0x2301
(appears on the bus: 0x0123), ROM MfrID can be read by accessing ROM bytes 0 and 1 of Address 0.
2-bytes of ROM that can be used to identify chips among others on the wafer. These bits reduce the
number of fuses necessary to construct a unique serial number. The ROM SN is read by accessing
ROM bytes 2 and 3 of Address 0. ROM SN can always be read by the system and is optionally included
in the message digested by the MAC command.
4-bytes of ROM that are used by Atmel to identify the model mask and/or design revision of the
AT88SA102S chip. These bytes can be freely read as the four bytes returned ROM address one,
however system code should not depend on this value as it may change from time to time.
ROM
ROM MfrID
ROM SN
RevNum
1.3
Fuse Map
The AT88SA102S incorporates 128 one-time fuses within the chip. Once burned, there is no way to reset the value of a fuse.
Fuses, with the exception of the manufacturer ID and serial number bits initialized by Atmel have a value of one when shipped
from the Atmel factory and transition to a zero when they are burned. Bits 0-63 can never be read, while bits 64-128 can
always be read.
Table 1-1.
Fuse #
1
0 and 2
63
64
83
84
86
The 128 Fuses in the Atmel AT88SA102S Chip are Arranged in the Following Manner
Name
BurnFuse Enable
Secret Fuses
Status Fuses
Status Fuses
Description
If this fuse is one, then the BurnFuse command is enabled. If it is burned to zero, then
the BurnFuse command is disabled.
These fuses can be securely written by the BurnSecure command but can never be
read directly with the Read command.
These fuses can be written with the BurnSecure command and can always be read
with the Read command. They are totally user-defined.
These fuses can be written with the BurnSecure command and can always be read
with the Read command. They are user-defined, but have special significance for the
Pause Long command. See Section 6.6.
The MAC command ignores the values of Fuse[0-86] while this fuse is an one
Once it is burned to zero, the BurnSecure command is disabled.
See Section 1.4. Set by Atmel; cannot be modified in the field.
See Section 1.4. Set by Atmel; cannot be modified in the field.
87
88
95
96
127
Fuse Disable
Fuse MfrID
Fuse SN
BurnFuse Enable
This fuse is used to prevent operation of the BurnFuse command in the application. This fuse may only
be burned to 0 using the BurnSecure command.
Atmel AT88SA102S [DATASHEET]
8584H−CRYPTO−9/2012
3
Secret Fuses
These 63-fuses are used to augment the keys stored elsewhere in the chip. Knowledge of both the
internally stored keys and the values of the Secret Fuses are required to generate the correct response
to the Cryptographic command of the AT88SA102S. An arbitrary selection of these fuses is burned
during personalization via the BurnSecure command.
Within this document, “Secret Fuses” is used to refer to the entire array of 64-bits: Fuse[0-63], even
though the value of Fuse[1] is fixed for most applications and its value can be derived from the
operation of the chip.
Status Fuses
These 23-fuses can be used to store information which is not secret, as their value can always be
determined using the read command. They can be written at the same time as the secret fuses using
the BurnSecure command, or they can be individually burned at a later time with the BurnFuse
command. Two common usage models for these fuses are:
1.
Calibration or model number information. In this situation, the 23-bits are written at the factory. This
method can also be used for feature enabling. In this case, the BurnFuse command should not be
run in the field, and the BurnFuse Enable bit should be zero.
Consumption logging, i.e. burn one bit after every n uses, the host system keeps track of the
number of uses so far for this serial number. In this case, the BurnFuse command is necessary to
individually burn one of these 23-bits, and the BurnFuse enable bit should be a one.
2.
Within this document, “Status Fuses” is used to refer to the entire array of 24-bits: Fuse[64-87], even
though the value of Fuse[87] is fixed after personalization and cannot be modified in the field.
Fuse Disable
This fuse is used to disable/enable the ability of the MAC command to read the fuse values until the
BurnSecure command has completed properly. When it has a value of one (unburned), the bit values in
the message that would normally have been filled in with Fuse values are all set to a one. When
FuseDisable is burned, the MAC command fills in the message with the requested fuse values.
Additionally, this bit, when burned, disables the BurnSecure command to prevent modification of the
secret fuses and BurnFuse enable bit in the end customer application.
1.4
Chip Identification
The chip includes a total of 72-bits of information that can be used to distinguish between individual chips in a reliable manner.
The information is distributed between the ROM and fuse blocks in the following manner.
Serial Number
This 48-bit value is composed of ROM SN (16-bits) and Fuse SN (32-bits). Together they form a serial
number that is guaranteed to be unique for all devices ever manufactured within the Atmel
CryptoAuthentication family. This value is optionally included in the MAC calculation.
This 24-bit value is composed of ROM MfrID (16-bits) and Fuse MfrID (8-bits). Typically this value is
the same for all chips of a given type. It is always included in the cryptographic computations.
Manufacturing ID
1.5
Key Values
The values stored in the Atmel AT88SA102S internal key array are hardwired into the masking layers of the chip during wafer
manufacture. All chips have the same keys stored internally, though the value of a particular key cannot be determined
externally from the chip. For this reason, customers should ensure that they program a unique (and secret) number into the
64-secret fuses and they should store the Atmel provided key values securely.
Individual key values are made available to qualified customers upon request to Atmel and are always transmitted in a secure
manner.
When the serial number is included in the MAC calculation then the response is considered to be diversified and the host
needs to know the base secret in order to be able to verify the authenticity of the client. A diversified response can also be
obtained by including the serial number in the computation of the value written to the secret fuses. A CryptoAuthentication host
chip provides a secure hardware mechanism to validate responses to determine if they are authentic.
Atmel AT88SA102S [DATASHEET]
8584H−CRYPTO−9/2012
4
1.6
SHA-256 Computation
AT88SA102S performs only one cryptographic calculation – a keyed digest of an input challenge. It includes optionally various
other information stored on the chip within the digested message.
AT88SA102S computes the SHA-256 digest based on the algorithm documented here:
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
Throughout this document, the complete message processed by the AT88SA102S chip is documented. According to the
above specification, this always includes a single bit of ‘1’ pad after the message, followed by a 64-bit value representing the
total number of bits being hashed (less pad and length). If the length is less than 447 (512-64-1), then the necessary number
of ‘0’ bits are included between the ‘1’ pad and ‘length’ to stretch the last message block out to 512-bits.
When using standard libraries to calculate the SHA-256 digest, these pad and length bits should probably not be passed to the
library as most standard software implementations of the algorithm add them in automatically.
1.6.1
SHA Computation Example
In order to ensure that there is no ambiguity, the following example vector is provided in addition to the sample vectors in the
NIST document. In this example, all values are listed in hex format. For all but the key, bytes are listed in the order that they
appear on the bus – first on the bus is listed on the left side of the page. The key value below is listed in the same order as the
challenge, so the 01 at the left of the key string corresponds to the first byte in the SHA-256 document.
SHA Computation Example
Key
Challenge
Opcode
Mode
KeyID
Secret Fuses
Status Fuses
Fuse MfrID
Fuse SN
ROMMfrID
ROM SN
01030507090B0D0F11131517191B1D1F21232527292B2D2F31333537393B3D3F
020406080A0C0E10121416181A1C1E20222426282A2C2E30323436383A3C3E40
08
50 (all optional information included in message)
0000111122223333
445566
77
8899AABB
CCDD
EEFF
The 88-bytes over which the digest is calculated are:
0103…3D3F0204…3E400850FFFF00001111…EEFF
And the resulting digest is:
6CA7129C8DA9CE80EA6357DDCFB1DDCBBBD89ED373419A5A332D728B42642C62
1.7
Security Features
The AT88SA102S incorporates a number of physical security features designed to protect the keys from release. These
include an active shield over the entire surface of the part, internal memory encryption, internal clock generation, glitch
protection, voltage tamper detection and other physical design features.
Pre-programmed keys stored on the AT88SA102S are encrypted in such a way as to make retrieval of their values via outside
analysis very difficult.
Both the clock and logic supply voltage are internally generated, preventing any direct attack via the pins on these two signals.
Atmel AT88SA102S [DATASHEET]
8584H−CRYPTO−9/2012
5
京公网安备 11010802033920号
EEWORLD
