ATMEL AT88SC018 User Manual

BDTIC www.BDTIC.com/ATMEL

Features

• Companion Chip to CryptoRF® and CryptoMemory® ⎯ Securely implements host algorithms

⎯ Securely stores host secrets ⎯ Verifies Host Firmware Digests

• High Security Features in Hardware ⎯ CryptoMemory and CryptoRF F2 Algorithm

⎯ SHA-1 Standard Cryptographic Algorithm ⎯ 64-bit Mutual Authentication Protocol (Under License of ELVA) ⎯ Permanently Coded Serial Numbers ⎯ High Quality Random Number Generator (RNG) ⎯ Metal Shield Over Memory ⎯ Data Scrambling in Nonvolatile Memory ⎯ Delay Penalties to prevent Systematic Attacks ⎯ Reset Locking to prevent Illegal Power Cycling ⎯ Voltage and Frequency Monitors

• Host-side Crypto Functions ⎯ Authentication Challenge Generation

⎯ Device Challenge Response ⎯ Message Authentication Codes (MAC) Generation ⎯ Data Encryption and Decryption ⎯ Secure Authentication Key Management

• Secure Storage and Key Management ⎯ Up to 16 sets of 64-bits Diversified Host Keys

⎯ Eight Sets of Two 24-bit Passwords ⎯ Secure and Custom Personalization ⎯ Up to 232-Byte Read/Write Configurable User Data Area

• Nonvolatile Up Counters ⎯ Four sets Unidirectional Counters

⎯ 64 Million Maximum Counts Per Counter

• Application Features ⎯ Low Voltage Supply: 2.7V – 3.6V

⎯ 2-Wire Serial Interface (TWI, 5V Compatible) ⎯ Standard 8-lead SOIC Plastic Package, Green compliant (exceeds RoHS)

• High Reliability ⎯ Endurance : 100,000 Cycles

⎯ Data Retention : 10 years ⎯ ESD Protection : 3,000 V min. HBM

CryptoCompanion Chip for CryptoMemory and CryptoRF

AT88SC018 Summary

™

5277CS–CryptoCompanion–2/09

1. Product Overview

The CryptoCompanion™ Chip is designed as the mate to Atmel’s CryptoRF and CryptoMemory chips, collectively referred to in the remainder of this document as CRF.

CryptoCompanion makes extensive use of the SHA-1 hash algorithm as specified in

http://www.itl.nist.gov/fipspubs/fip180-1.htm

to concatenate a, b & c in that order and then pad them to a block size of 64 bytes before computing the digest. CryptoCompanion generates SHA-1 digests of single round datasets at a time.

1.1. General Operation

The CRF chip contains secrets that must be known or derived by a host system in order to establish a trusted link between the two and permit communications to happen. Cryp toCompan ion stores these secrets in an obscured way in nonvolatile memory and contains all the circuitry necessary to perform the authentication, password and encryption/decryption functions specified in the CRF datasheet. In this manner, the secrets do not ever need to be revealed.

The general cryptographic strategy is as follows:

• Each CRF chip has a serial or identification number (ID) and authentication secret G freely readable while Gi can never be read and is unique for all tags.

• CryptoCompanion contains an EEPROM that holds a set of common secrets (F with ID and K ID, KID)

• G is further diversified by the inclusion of a number (K Typically, it will be the result of a cryptographic operat ion on the CRF ID va lue calculated using other data, secrets and/or algorithms external to CryptoCompanion. This permits scenarios that offer varying degrees of additional security.

• CryptoCompanion includes a general purpose cryptographic qualit y random number generator which is used to seed a mutual authentication process between CryptoCompanion and CRF. If the CRF confirms the CryptoCompanion challenge, and the CryptoCompanion confirms the CRF response, then the host system proceeds with CRF operations. In this way the host system may use the CRF without knowing the CRF's secrets directly.

to compute a value of G that is expected to match that in the CRF chip. Specifically, G = SHA-1(Fn,

and elsewhere. In this document, the nomenclature SHA-1(a, b, c) means

) generated by the host system in a manner of its choosing.

stored in EEPROM. ID is

). CryptoCompanion combines Fn

1.2. CryptoCompanion Benefits

The following is a partial list of the benefits of using this chip versus storing the algorithms and secrets in standard FLASH system memory.

• Keep confidential those core secrets that are used to authenticate with and communicate to/from CRF. (Store them in EEPROM, use them on-chip)

• Flexible system implementation – multiple secrets and policies for different CRF locations within the system. Multiple manufacturer setup options.

• Hardware encryption engines, avoids algorithm disclosure from reverse-compilation of system operating code.

• Full hardware security implementation makes it harder for an attacker (even with lab equipment) to get secrets

stored on CryptoCompanion.

• Global secrets are protected using strong security, standard algorithm (SHA-1).

• Robust random number generation avoids accidental replay for all cryptographic operations usin g the system, not

just with respect to CRF.

• Secure EEPROM storage for configuration i nformatio n, etc. Ma y permit reduction in the total BOM for the system.

• Easy to use – little programming required; no knowledge of security algorithms or protocols, fast time to market.

2 CryptoCompanion™ Chip

5277CS–CryptoCompanion–2/09

1.3. Package, Pin Definition & IO

1.3.1. Pin Definition

CryptoCompanion™ Chip

1.3.1.1. V

Power supply is 2.7 – 3.6V. Supply current less than 5 mA. CryptoCompanion will be available to accept commands 60 ms after the later of V

driven high if CryptoCompanion is in a security delay then this interval is significantly longer. During Power Up, V

level. During Power Down, V below the 2.5V boundary. CryptoCompanion does not support hot s wapping or hot plugging.

VCC must be bypassed with high quality surface mount capacitors that are properly located on the board. Atmel recommends two capacitors connected in parallel having a value of 1μF and 0.01μF. The capacitors should be

manufactured using X5R or X7R dielectric material. These capacitors shou ld be connected to CryptoCompanion using a total of no more than 1cm PC board traces. Atmel recommends the use of a ground plane and a trace length of less than 0.5cm between the capacitors and the V operation.

, Gnd

rising above 2.7V or Reset being

must exhibit a monotonic ramp at a minimum rate of 50 mV/mS until VCC has crossed the 2.7V

must exhibit a monotonic ramp at a minimum rate of 50 mV/mS once it has dropped

pin. Failure to follow these recommendations may result in improper

1.3.1.2. SDA

Two wire interface data pin, 5 V compatible. Minimum data setup time = 0.1 μs, and minimum data hold time = 0 μs min. The system board must include an external pull-up resistor.

1.3.1.3. SCL

Two wire interface clock pin, 5 V compatible. Maximum SCL rate is 400KHz, minimum T

= 0.6 μs. The system board must include an external pull-up resistor.

HIGH

= 1.2 μs, minimum

LOW

1.3.1.4. Reset (RST)

This active low input will reset all states within CryptoCompanion. Honored regardless of the state of PowerDown.

1.3.1.5. PowerDown (PDN)

When held low, the part operates normally. When held high the part will go to sleep and ign ore all transitions on SDA and SCL, power consumption will drop to less than 10 μA. There is a 50 ms delay between this pin falling and the first transition on SDA or SCL that will be accepted by the chip.

5277CS–CryptoCompanion–2/09

+ 6 hidden pages