Continue to Site

Welcome to EDAboard.com

Welcome to our site! EDAboard.com is an international Electronics Discussion Forum focused on EDA software, circuits, schematics, books, theory, papers, asic, pld, 8051, DSP, Network, RF, Analog Design, PCB, Service Manuals... and a whole lot more! To participate you need to register. Registration is free. Click here to register now.

Register Log in

Microcontroller with authenticatino abilities

Status
Not open for further replies.
I understand that, but consider that when you use HTTPS, that today still uses SHA-1. The hash is just one part of public/private key encryption however. In your case, you're implementing just the hash and random number procedure (i.e. HTTP Digest). You could use the best hash method possible but still have weak security if you have poor random number algorithm, or if the device on the other end is easily cracked. Still, you'll be the best authority on it, if you study authentication procedures. If you really want the absolute in security, you wouldn't be considering this method - you'd be looking at certificate based methods. However, you've reached the extent of my knowledge - I'm no expert, and only offering my opinion. Good luck!
 
  • Like
Reactions: levnu

    L

    levnu

    Points: 2
    Helpful Answer Positive Rating
Thanks,
The device on the end: Will be designed by me, so i can do it secure as requiered.

On the other side:
The random number algoretim will be desinged by me thus i want to define it secure "enought"
it is a sort of battery autentication ic but instead of haveing the IC
i want to implement it on MCu that also included in the battery HW. its for price reduction.
i try to specify the "good enought" for this mission MCu.
After all the posts here i still cann't specify (due to my ignorance)
- Feasible & secure enough MAC/HASH algoritem to protect battery HW: SHA-256? HTTP Digest?, SHA-1? etc
- My future MCu memory requriements:RNG memory requirements, RAM, etc

-
 

I don't know. If you stand to lose a million dollars if you don't secure it enough, then invest around $100k in developing your security, maybe hire a consultant, who may know how hard/easy it is for someone to break into your code. Don't assume your standard MCU cannot be cracked. If your PIC FLASH rom contents can be retreived, then SHA-256 is totally useless.
I think maybe 10% investment is a good rule of thumb. If you stand to lose $100k in sales, then invest proportionally, maybe $10k of effort, at which point maybe then only a digest method in software is appropriate.

I mean check this link, and it says (snippet below) the following. And the PIC12Fxx is in that list.:
The list of chips vulnerable to low-cost attacks is very long, here are just some of them: 68HC05xx, 68HC705xx, 68HC08xx, 68HC908xx, 68HC11xx, PIC12Cxx, PIC12Fxx, PIC16Cxx, PIC16Fxx, PIC17Cxx, PIC18Cxx, PIC18Fxx, PIC24HJxx, dsPIC30Fxx, dsPIC33FJxx, AT89Cxx, AT89Sxx, AT90Sxx, ATtinyxx, ATmegaxx, H8/3xx, D78xx, D78Fxx, XC95xx, XCR3xx, XC2Cxx, A500Kxx, A3Pxx, CY7C6xx, Z867xx, Z86Exx, DS2432, M306xx, EPM3xx, EPM7xx, EPM9xx, MSP430Fxx, N87Cxx, SXxx, ST62Txx, ST72Fxx, W921Exx, HT48Rxx, P87LPCxx, T89Cxx, SAB-Cxx, MX10xx, EL78Pxx, LPC3xx
Click to expand...
 
  • Like
Reactions: levnu

    L

    levnu

    Points: 2
    Helpful Answer Positive Rating
What do you think about asymetric encryption? such as RSA etc.
https://en.wikipedia.org/wiki/Public-key_cryptography
will it still be unsafe? for i.e. if you put the pablic key on the MCu and the privte for insteance on some server.
will it be safe?

- - - Updated - - -

if the answer be that it still unsafe i conclude that there is no way to use MCu for authentication functions
only specific auth.IC/HW can suite for keeping my data safe ...
am i right?
 

If someone can access the code (either your source code or the executable or the contents of the FLASH) then it can never be 100% secure, that is correct. Private/Public key procedures (as used in certificate based methods) is clearly better, but access to the FLASH is still a vulnerability.
 
  • Like
Reactions: levnu

    L

    levnu

    Points: 2
    Helpful Answer Positive Rating
excuse me for coming back to this question -
does such device (MCu) as linked below can do the authentication procedure and replace a dedicated authentication IC?
or its just for handeling Fuel gage and auth.ic elements
**broken link removed**
 

Two reservations for the SHA implementation have been discussed:
- processor resource requirements. As explained in the TI application note, MSP430F230 has sufficient RAM. The good point is that a full reference application is given.
- security considerations. If you store secret keys in protected flash, can you be sure that the protection can't be levered out. The problem applies to all common µCs without certificated security level.
 
  • Like
Reactions: levnu

    L

    levnu

    Points: 2
    Helpful Answer Positive Rating
Status
Not open for further replies.

Similar threads

Part and Inventory Search

Welcome to EDABoard.com

Sponsor

Back
Top