RFID Labels: Encryption Helps Overcome Security Failures Of Conventional EEPROM-Based Electronic Labels

Atmel Corporation recently announced the world's first family of EEPROMs with a 64-bit embedded hardware encryption engine, four sets of non-readable, 64-bit "secret" seeds and four sets of non-readable, 64-bit session encryption keys. Called CryptoMemories , the new devices provide the only low-cost, truly secure means of preventing product counterfeiting and/or piracy.

Product counterfeiting is a $600B industry. EEPROM-based "electronic labels" are increasingly used to protect high-value products that include fashion accessories, athletic equipment and prescription drugs. However, product counterfeiters have become quite sophisticated at decoding and cloning EEPROM-based electronic labels and using them on fake products. Even the most secure EEPROMs can be copied easily using a sub-$100 EEPROM reader. The copied contents, including SHA-1 digests and encrypted passwords, can then be written to blank EEPROMs to create a seemingly valid electronic label. The host reader used to authenticate the product only wants the digest or password, encrypted or not. It has no way of knowing if the password is a copy, making this form of protection very easy to defeat.

Secure Dynamic Mutual Authentication. Atmel's CryptoMemories solve this problem by embedding a hardware cryptographic engine and inaccessible information in an EEPROM. A CryptoMemory uses the "secret" seeds and a random number to generate a unique 56-bit highly encrypted identity, called a cryptogram, and a unique 64-bit Session encryption key, /every time /a transaction occurs. The host reader reads an existing cryptogram from the CryptoMemory, combines it with a random number and then generates a new cryptogram and a new session encryption Key, which it keeps. The host then generates a second 64-bit number, called a "challenge", based on the old cryptogram. It sends the "challenge" and a random number to the CryptoMemory device. If the CryptoMemory can recreate the "challenge" using the random number, it accepts the host as authentic and generates a new cryptogram for itself.

The host then authenticates the device by comparing its new cryptogram to that of the device. If the host and device cryptograms match, the device is deemed to be authentic. The host and device may then use the session encryption key to encrypted subsequent communications after establishing a trusted session.

The key to the security is that the "secret" seeds and host encryption keys used to create the cryptograms never leave the CryptoMemory or its host. Only an authentic host can read information from CryptoMemory. The likelihood of a "fake" device creating the appropriate cryptogram is extremely low – about one in a quintillion.

The "secret" seeds are generated by the host in a secure location, and written to the CryptoMemory. Each CryptoMemory gets a unique set of secret seeds from the host, called diversified seeds. Because the seeds are diversified, a secret seed learned from one CryptoMemory will be useless with any other CryptoMemory. Once the secret seeds and other configuration information are written to the device, fuse bits in the CryptoMemory are blown to permanently lock the security information in the device, guaranteeing they can never be read. The "secret" seeds and session encryption keys remain private and cannot therefore be copied.

In the extremely unlikely event that the secrets from one device become known, they cannot be used with any other device.

Multiple Sectors With Configurable Access. CryptoMemories are available in densities from 1 Kbit to 256 Kbits of user memory to accommodate a wide range of information storage and cost requirements. The user memory itself may be divided into as many as 16 separate sections, each of which can be customized to allow different levels of read and write access. For example, a smart card that contains health records might keep the patient's ID and billing address in a portion that is accessible by the billing department and insurance company, while diagnostic information is stored in another area that is accessible only by the doctor, and prescription information is stored in yet another section that can be written to only by the doctor, but only read by the insurance company and the pharmacist.

No Cryptology Expertise Required. Atmel offers a CryptoMemory design kit with a library of simple API calls that execute the most complex host operations, including building a software model of the host-side cryptographic engine, computing challenges, performing data encryption and decryption, computing encrypted passwords and message authentication codes, and keeping the host model of the cryptographic engine in synchrony with that in the device. The development library is delivered as a highly decoupled binary cryptographic core, and a source code interface for easy integration. A two-wire interface connects the daughter board to any existing embedded development environment,

"Memory Densities and Packaging. Atmel's CryptoMemories are available now in memory densities of 1-kbit up to 256-kbits. They have standard memory interfaces to microcontrollers and off-the-shelf readers that include a two-wire interface (TWI), ISO 7816-3 interface in T=0 Mode for wired asynchronous communications, and ISO 14443-B RF Interface for wireless communications. CryptoMemories can be used as drop-in replacements for non-secure EEPROMs to protect software IP.

Package options include 8-lead SOIC or PDIP plastic packages, modules for smartcard applications, RFID tags and thinned wafers.

Pricing. *CryptoMemories cost about 10c more than conventional EEPROM-based security solutions – a negligible amount when compared to the $500 handbag or a $100 container of prescription medication they protect. Prices start under 30c for unit quantities of 10,000 units,

The AT88SC-DKI CryptoMemory Development Kit is available now for US $49.95 each.

About Atmel
Atmel is a worldwide leader in the design and manufacture of microcontrollers, advanced logic, mixed-signal, nonvolatile memory, and radio frequency ("RF") components. Leveraging on a broad intellectual property portfolio, Atmel is able to provide the electronics industry with complete system solutions focused on consumer, industrial, security, communications, computing and automotive markets. These complex system-on-a-chip solutions are manufactured using leading-edge process technologies that are capable of meeting low voltage or high voltage application requirements.

SOURCE: Atmel Corporation