Rainbow Electronics ATVaultIC200 User Manual

General Features

The ATVaultIC200 is an ASSP designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as anti-cloning, access control or hardware protection.

Cryptographic Services Cryptographic Algorithms

• Digital Signature

• Encryption / Decryption

• Message Digest

• Key Wrapping / Unwrapping

• HOTP One-Time Password Generation

• True Random Number Generation

Software Features Memory

• FIPS 140-2 Identity-based authentication using password, Secure Channel Protocol (SCP02 / SCP03)

• Rights Management (Administrator, Approved User, Non-approved User...)

• Embedded Dynamic FAT12 File System

• DES / 3DES

• AES 128/192/256 bits

• EEPROM 4 Kbytes (for user)

• Write Endurance 100 Kcycles

• Data Retention 10 Years

• 2ms Program + 2ms Erase

VaultICTM Family

ATVaultIC200 Technical Datasheet

Communication Packages

• Hi gh Speed Slave SPI Serial Interface, ATMEL Proprietary Protocol

• I²C (Two Wire Interface), ATMEL Proprietary Protocol

• ISO7816 UART using T=0 or T=1 Protocols

Hardware Platform Certifications

• SecureAVR

• Hardware Random Number Generator

• Hardware 3DES Crypto Accelerator (112bits keys)

For more details about the algorithms supported please refer to Table 2-1, “Supported

Algorithms table”, on page 8.

8-/16-bit RISC CPU

• 8-DFN (RoHS compliant)

•8-SOIC (RoHS compliant)

• EAL4+ Certification

• FIPS 140-2 Security Level 3

TPR0460AX–SMS–02/10

Preliminary

This document is the complement to the “AT98SO/VaultIC Generic Datasheet” [1](TPR0395X- Available under Non-Disclosure Agreement only) for the ATVaultIC200. It only documents the values and set of features specific to this product.

ATVaultIC200

TPR0460AX–SMS–02/10

1. Overview

1.1 Tampering resistance

The proven technology used in ATVaultIC200 security modules is already widespread and used in national ID/health cards, e-passports, bank cards (storing user Personal Identification Number, account numbers and authentication keys among others), pay-TV access control and cell phone SIM cards (allowing the storage of subscribers’ unique ID, PIN code, and authentication to the network), where cloning must definitely be prevented. More than one billion of Secure Microcontrollers addressing all these applications have been already sold by Atmel and successfully implemented in many secure systems.

Atmel’s security modules will advantageously replace complex and expensive proprietary antitampering protection system. Their advantages include low cost, ease of integration, higher security and proven technology.

They are designed to keep contents secure and avoid leaking information during code execution. While on regular microcontrollers, measuring current consumption, radio emissions and other side channels attacks may give precious information on the processed data or allow the manipulation of the data. Atmel’s secure microcontrollers’ security features include voltage, frequency and temperature detectors, illegal code execution prevention, tampering monitors and protection against side channel attacks and probing. The chips can detect tampering attempts and destroy sensitive data on such events, thus avoiding data confidentiality being compromised.

ATVaultIC200

These features make cryptographic computations secure in comparison with regular microcontrollers whose memories can be easily duplicated. It is much safer to delegate cryptographic operations and storage of secret data (keys, identifiers, etc.) to an Atmel secure microcontroller.

1.2 Authentication capability

The methods to authenticate humans are generally classified into three cases: physical attribute (e.g. fingerprint, retinal pattern, facial scan, etc.), security device (e.g. ID card, security token, software token or cell phone) and something the user knows (e.g. a password/passphrase or a personal identification number).

To fight against identity theft, the multi-factor authentication is a stronger alternative to the classical login/password authentication (called weak authentication). It combines two or more authentication methods (often a password combined with a security token). Two-factor systems greatly reduce the likelihood of fraud by requiring the presence of a physical device used together with a password. If the physical device is lost or the password is compromised, security is still intact. NIST’s authentication guideline [2] can be referred to for further details.

Multi-factor authentication requires a strong authentication. Anticloning is safely implemented through one-way or mutual strong authentication. Various authentication protocols exist (as

specified in ISO9798-2 [3] or FIPS196 [4]), but the main method is the challenge response authentication:

1. The authenticator sends a challenge (e.g. a random number) to the equipment that must be authenticated (“the claimant”).

2. The claimant computes a digital signature of the combination of this challenge with an optional identifier, using a private or secret key. The requested signature is then returned to the authenticator.

TPR0460AX–SMS–02/10

1.3 Secure stor age

1.4 Flexibility

3. The authenticator checks the signature using either the same secret key or the public key associated to the claimant’s private key and decides whether the claimant is authorized or not based on the signature verification result.

This strong authentication method requires storing secret data. Pure software multi-factor solutions are thus not reliable.

If sensitive data is stored in files on a hard disk, even if those files are encrypted, the files can be stolen, cloned and subjected to various kinds of attacks (e.g. brute force or dictionary attack on passwords). Therefore secure microcontrollers-based hardware tokens are a must. Placing secrets outside the computer avoids risking exposure to malicious software, security breaches in web browsers, files stealing, etc.

The ATVaultIC200 product features:

• Various communication interfaces including SPI (Serial Protocol Interface), I

Integrated Circuit Bus) and ISO7816 SmartCard interface.

• Low pin count (Reset, Vcc, GND, and communication interface specific pins) making

integration into an existing board simple. ATVaultIC200 modules are available in small packages (SOIC8 or DFN8) to fit into the most size-constrained devices.

• Low power consumption, in order to extend battery life in portable devices and low-power

systems. ATVaultIC200 devices consume less than 200μA in standby mode, and only 10 mA during CPU-intensive operations depending on the required action.

• Embedded firmware that provides advanced functions:

– Secure storage: a fully user-defined non-volatile storage of sensitive or secret data. – Identity-based authentication with user, administrator and manufacturer roles

supported.

– Administration mode to manage user authentication data and security features – Manufacturer mode to initialize the file system content and module parameters. – Cryptographic command set to perform cryptographic operations using keys and

data from the file system including: authentication, digital signature, encryption/decryption, hash, one-time password generation and random generation.

– Public domain cryptographic algorithms such as DES, 3DES, AES, MAC using DES,

3DES or AES

– Cryptographic protocols such as secret-key unilateral or mutual authentication [3]. – Secure Channel Protocol using 3DES or AES. – Robust communication protocol stacked over the physical communication

interfaces.

–Starter Kit.

Atmel’s application note [5] presents examples of efficient and cost effective IP protection applications utilizing secure chips in various embedded systems.

C (Inter

ATVaultIC200

TPR0460AX–SMS–02/10

1.5 Typical application

Authentication

Printer

Ink cartridges

The ATVaultIC200 is a turnkey solution that combines powerful cryptographic capabilities and secure data storage. Ink Cartridge, Access Control or Smart meters are some examples of use of the ATVaultIC200.

Below is described an example of an ATVaultIC200 product used in a typical application : Ink Cartridge anti-cloning.

Figure 1-1. Ink Cartridge anti-cloning application scheme

ATVaultIC200

For more details about the architecture, please refer to the Application Note ”How to protect Intellectual Properties using VaultIC Security Modules”[5].

1.6 Ordering Information

1.6.1 Legal

A Non-Disclosure Agreement must be signed with ATMEL. An Export License for cryptographic hardware/software must be granted.

1.6.2 Quotation and Volume

For the minimum order of quantity and the annual volume, please contact your local ATMEL sales office.

TPR0460AX–SMS–02/10

1.6.3 Part Number

Reference Description

ATVaultIC200-xxx-P xxx : Chip Personalization Number*

P = Z : DFN8 Package

R : SOIC8 Package

ATVAULTIC-STK02-200R Starter Kit for ATVaultIC200 in SOIC8 package - SPI/I2C configuration

1.6.4 Starter Kit

ATVAULTIC-STK12-200R

ATVAULTIC-STK02-200Z Starter Kit for

ATVAULTIC-STK12-200Z

ATVAULTIC-STK03-200R Starter Kit for ATVaultIC200 in SOIC8 package - ISO7816 configuration

ATVAULTIC-STK03-200Z Starter Kit for

Starter Kit for (no SPI/I2C adapter inside)

ATVaultIC200 in SOIC8 package - SPI/I2C configuration

ATVaultIC200 in DFN8 package - SPI/I2C configuration

ATVaultIC200 in DFN8 package - ISO7816 configuration

* For more details about the Chip Personalization Number, please contact your local ATMEL sales office.

The ATVaultIC Starter Kit provides an easy path to master the cryptographic and secure data storage features of the ATVaultIC secure modules. The content is :

• ATVaultIC200 samples with 1 dedicated test socket

• 1 generic USB to SPI / I²C / ISO7816 adapter

• 1 CD-ROM containing a support documentation set (getting started, application notes, reference design), some demo applications to get an insight into the ATVaultIC features, the ”VaultIC Manager” tool to design the file system and to personalize samples, a hardware independent cryptographic API with source code.

1.6.5 Demo Kit

ATVaultIC200

TBD

TPR0460AX–SMS–02/10

1.7 Software and Hardware Architecture

Crypto

services

( MAC,Signature,…)

Application

management

Data storage

Administration

services

CRYPTO

APPLICATION

ADMINISTRATION

APPLICATION

TDES

EEProm

RAM

SPI

Device

Crypto Library

CRC

(File System) (Keymanagement)

Memory

Management

Comm unication

Stack

SPI / I2C / ISO7816

VaultIC200 Hardware

I2C

secureAVR

CORE

Power

Hardware Security

Management

T=0 T=1

(AES...)

The ATVaultIC200 software architecture is as exposed on the diagram below.

Figure 1-2. Software and Hardware Architecture

ATVaultIC200

TPR0460AX–SMS–02/10

2. Detailed Features

2.1 Communication Interfaces

The ATVaultIC200 embeds the following communication interfaces:

• High Speed SPI : up to 16 Mbps

• I²C : up to 400 kbps

• ISO7816 : up to 625 kbps

2.2 Security Mech anisms

The table below summarizes the cryptographic algorithms, and their identifiers, supported by the ATVaultIC200.

Table 2-1. Supported Algorithms table

Cryptographic Services Supported Algorithms Algo Identifier

• Generic:

ISO/IEC 9798-2 / FIPS 196 unilateral authentication protocol

ISO/IEC 9798-2 mutual authentication protocol

Strong Authentication

• Password authentication

CMAC (Cipher-based Message

Authentication Codes)

HMAC (Hash-base d Message Authen-

tication Codes)

• Global Platform v2.2 Secure Channel 02 (SCP02) using 3DES

• Global Platform v2.2 Secure Channel 03 (SCP03) using AES

• ISO/IEC 9797-1 CBC-MAC algorithm 1 using 3DES with 112-bit keys

• ISO/IEC 9797-1 CBC-MAC algorithm 3 using DES with 56-bit keys

• NIST SP 800-38B AES CMAC

• FIPS 198 HMAC with SHA-1 or SHA-256 • ALG_HMAC

• ALG_MAC_ISO9797_ALG1_3DES_ EDE

• ALG_MAC_ISO9797_ALG3_DES

• ALG_CMAC_AES

ATVaultIC200

TPR0460AX–SMS–02/10

+ 18 hidden pages