Kretsföretaget Atmel har precis släppt en ny säkerhetsprodukt. Den här gången är det ett säkert minne kallat CryptoMemory. CryptoMemory är till för att säkert lagra information i olika produkter och dessutom skapa autenticiering med hjälp av Challenge/Response:
A CryptoMemory uses the authentication keys and a random number to generate a unique 56-bit highly encrypted identity, called a cryptogram, and a unique 64-bit session encryption key, every time a transaction occurs…Each crypto memory chip contains a unique serial number and the user can optionally assign one of four unique 64-bit encryption keys to each zone. The host knows how to generate these keys using the serial number and a special “secret†that it stores. During mutual authentication, the CryptoMemory sends its serial number and encrypted identity to the host. The host then computes a 64-bit number, called a “challengeâ€, based on a random number and its own encryption key. It sends the random number and the “challenge†to the device…
No Cryptography Expertise Required. Atmel offers a CryptoMemory design kit with a library of simple API calls that execute the most complex host operations, including building a software model of the host-side cryptographic engine, computing challenges, performing data encryption and decryption, computing encrypted passwords and message authentication codes, and keeping the host model of the cryptographic engine in synchrony with that in the device…
Atmel’s CryptoMemory devices are available now in memory densities of 1-kbit up to 256-kbits. They have standard memory interfaces to microcontrollers and off-the-shelf readers that include a two-wire interface (TWI), ISO 7816-3 interface in T=0 Mode for wired asynchronous communications. CryptoMemory devices can be used as drop-in replacements for non-secure EEPROMs to protect software IP.
Package options include 8-lead SOIC or PDIP plastic packages and modules for smartcard applications.
CryptoMemory devices cost about 10 cents more than conventional EEPROM-based security solutions – a negligible amount when compared to the $500 handbag or a $100 container of prescription medication they protect. Prices start under 30 cents for unit quantities of 10,000 units.
Priset på minneskretsarna pekar på att det är i konsumentprodukter som Atmel ser att CryptoMemory skall användas.
(Observera den fräcka Palm III:an!)
Det finns en finfin presentationsfilm från Atmel (ca 60 MByte) som beskriver en del tillämpningar för CryptoMemory. Bland annat tar filmen upp stöldskydd för airbags, autenticiering i glukosmätare och DRM-skydd för kabel-TV.
Men vilket krypto är det som används?
Presentationen pekar på att det skall komma ett datablad för CryptoMemory, och när det kommer får vi säkert reda på hur CryptoMemory fungerar. Men tills dess får vi leva med att det är ett krypto. Jag återkommer i frågan.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
We have analyzed all of the Atmel CryptoMemories. They were very easilly compromised.
Greets from San Diego, California!
Aloha!
FlyLogic:
Welcome to Kryptoblog, your comment is probably the first item here not in Swedish. But you seem capable to decipher the Swedish Chef-language quite well. 😉
Thanks for the info, very interesting information! Would you be able to elaborate on your analysis Atmels CryptoMemory chips? I don’t find any blogpost about it. Was there any protection mechanisms beside filler layers? In your estimate, how hard would it be to read out any data from the chips?
BTW: Thanks for a great blog. As an ASIC+security guy I find it real treat to read!
Hi,
I (owner of Flylogic) Chris Tarnovsky will be talking at Blackhat DC 2008. I will discuss the weakness of the CryptoMemory such as abuse of address fetch to read out Write7 password (master password) and ability to reset the “fuses” with UV light (but watch out for booby trap fuses).
Databus attacks are easy to do with 64 samples on the bus you know the write7 password. All contents of CryptoMemory are stored in the clear (no type of encryption at all inside the memory).
Databus on 350nm and 500nm is easy to touch with a needle ;-).
We will write up on I think AT88SC102 very soon. It seems “Lucy’s Laundramat” is using this smartcards in Los Angeles heheheheheheheh.
Keep in touch!
Aloha!
Chris, will you be publishing the presentation from Blackhat after the event. If you do I would love to post an entry with a link to it. You have a great site btw!
Yes I will Joachim! Once it’s over (Feb 21st). The title is, “Security Failures In Secure Devices”. I talk about smartcard IC’s, CryptoMemory, Keeloq, PolySi fuses, some MCU’s that offer USB used in dongles, and then a dongle I haven’t talked about yet on website ;).
Thanks!
Chris
If this post is out of line, please excuse.
We have just posted about a backdoor found in Atmel CryptoMemory parts AT88SC153 and AT88SC1608
http://www.flylogic.net/blog/?p=25
Aloha!
Actually it is very much in line and spot on! I’ll post about it directly.
Big thanks for posting the heads up!