Sec1 20220627V1

22070 SEC1
Cryptography Primer
Modified by Alejandro Gomez
© 2018 Microchip Technology Incorporated. All Rights Reserved. 22070 SEC1 Slide 1
SEC1 Class Objectives
• After this class, you will be able to explain:
• Why Embedded Security is needed now
• Why Microchip for Embedded Security
• Authentication, Integrity, and Confidentiality
• Hashing and its functions in cryptography
• “Secret key” - Symmetric Cryptography
• “Public key” - Asymmetric Cryptography
• Ways of spawning session keys
• Both symmetrically and asymmetrically
• The Chain of Trust – Certificates

• ECC608 Datasheet
Agenda
• Why we need Security now
• Why Microchip for Security?
• Confidentiality, Integrity, & Authentication
• Hashing
• Secret Key (Symmetric) cryptography
• Public Key (Asymmetric) cryptography
• Chain of Trust
Incredible increase in ALL
attacks Why we need security now
60000
50000
40000
30000
20000
10000
*Symantec 2018 Internet Security Threat Report
0
IoT Attacks
2016 2017
Agenda
• Hashing
• Chain of Trust
Identification ≠ Authentication ≠ Authorization
Three terms often confused with each other
• Identification – A claim to be something or someone

• For embedded devices, this could be a unique serial number
• For websites this could be a user name
• Authentication – The act of proving an identity claim

• For embedded devices this could take the form of a random challenge
and appropriate response
• For website access this could be providing a secret password
• Authorization – Once identified and authenticated, the device or

person is authorized to access system and/or data
Analogy: A friend identifies themselves at your door. You authenticate

by asking them a test question only they would know. It they satisfy
your test, you authorize by opening the door, inviting them in.
A closer look at Authentication
• Authentication
• Assures something is what it is declared to be
• Terms associated with Authentication:

• Non-repudiation
• Assures a specific origin and/or sender’s identity
• Attestation / Secure Boot / Secure DFU

• Provides reliable evidence the existing code is genuine
• Local and/or Remote Attestation is possible
The Priority of Cryptographic
Functions
“CIA” is often cited, but “AI and sometimes C” is the reality
• Cryptographic functions, in order of priority, are…

• Authenticate – establish the other communicator is genuine
• Assure the Integrity of data and messages to / from that communicator
• Make Confidential – obfuscate the information so eavesdroppers can’t
read it
• “Security” is often achieved by Authentication & Integrity alone
• Confidentiality (encryption) is optional

• If you establish trust in the sender…
• If you are certain the message has not been altered…
• …Does the confidentiality of the actual message matter?
• Sometimes yes. Sometimes no.
• It depends on the value of the information. It’s optional.
Agenda
• Hashing
• Chain of Trust
A hash is a fundamental building
block of cryptography
• A crypto hash uses a strong, irreversible, math transform
• Characteristics of a strong crypto hash:
• Easy to compute the digest,
• Infeasible to regenerate the original message
• Infeasible to modify a message without changing the digest
• Infeasible to find different messages with the same digest
• Output is fixed length; SHA-256 outputs a 32 Byte digest no matter

the size of its input
1 Kilobyte file Crypto Hash 1 Megabyte file Crypto Hash

SHA256 SHA256
e.g. command e.g. upgrade file
32 Byte 32 Byte
Message Digest Message Digest
A hash is a fundamental building
block of cryptography
Crypto Hash
Hola Mundo! 1 SHA256
c5282bc8bf2aaed1dac678731f32d1d7a9e6a2cef7dfa462dfe1f636775d4620
Crypto Hash
Hola Mundo! 2 SHA256
093e392b5760c537b54a8167a02d2fc46729fa4ff9ba7ede0a92c4c71a2c4f93
Also used to authenticate messages
• When used to authenticate, the result is called a

• MAC = Message Authentication Code
• MIC = Message Integrity Code
• Tag
32Byte
Crypto
Message Hash or Cipher
Message Authentication Code
based (MAC)
authentication
function
Example of MAC Functions
• HMAC-SHA256
• Relies on a Hash Function
• ECC608 sup3r s3cr3t k3y
STOP THE CAR NOW a3e89d85a10a52176f8c3d851d30811b

HMAC-SHA256 372dbf12ce96b1f2e03762d483cdc715
(MAC - 32 bytes)
• AES-CMAC
• Relies on a Block Cipher
• LoRaWAN (MIC) sup3r s3cr3t k3y
STOP THE CAR NOW 2eb61b985fba6251

AES-CMAC 751910d99295b7f1
(MAC)
Notes of SHA256
• Advanced Cheksum
Agenda
• Hashing
• Chain of Trust
Symmetric Key Cryptography
• Other common terms for symmetric key:
• Secret-key, Shared-key, and Single-key
• Uses identical key(s) for both encryption and decryption
• Example: using identical keys to lock and unlock a lock-box
Identical Keys
Alice Bob
Secret keys must remain… Secret
• Secret (Shared) Key Exchange
• Alice and Bob know and trust each other
• Alice can give Bob a copy of her Secret Key and Bob is
assured it is genuine and trusted based on his
knowledge and trust in Alice
Alice Bob
Alice provides Bob a copy of the Secret Key

… in “relative security”
Secret keys must remain… Secret
• Weakness of secret key is the confidentiality of the key

• Are there copies of the keys Alice doesn’t know about?
• Was the key exchange to Bob secure?
• Does Bob value the key to the same degree as Alice?
• Is there someone Alice or Bob trusts with the key, but shouldn’t?
• Symmetric Key cryptography can be extremely secure,

but great care must be taken protecting the secret key
• Secret keys are “need to know” data
• The number of copies should be aggressively managed
Symmetric Identity Authentication
Alice wants to authenticate a connection with Bob
Alice and Bob know and trust each other and have copies of the secret key
Alice Bob
01100…111011
Alice generates a 01100…111011
random challenge
Crypto Hash Crypto Hash

Shared Key Shared Key
Is
Response
Correct?
Digest
How symmetric authentication would be
implemented in a real world system
Authenticating a Cartridge, for example
Provisioning of an accessory device
How the factory prepares devices
Parent Key
Manufacturing From HQ
Line Module
Ink Cartridge
Hardware
Security Crypto Element
Module
Unique SN#
Hash
Parent
Key
Unique
Derived Key
Printer
Crypto
Element
All hosts will

contain Parent
Parent Key Key
Authentication in the field
Printer
Ink Cartridge
Recreate the unique
Crypto Element
Crypto Element
derived key for
disposable
Parent
Key Unique SN#
HASH
Derived Key
Derived Key
Challenge the
disposable
HASH RANDOM HASH

CHALLENGE
Calculate genuine
Check
Response and
MAC
compare
That was “Identity Authentication”
Now let’s use hash for
“Message Authentication”
Symmetric Message Authentication
Bob wants authentication of a message from Alice
Alice and Bob know and trust each other and share a secret key
Alice Bob
01100…111011 Bob stores the
Message message
Alice generates a 01100…111011
message

Is
response
correct?
MAC
Hash for Symmetric Cryptography
to generate session keys
Symmetric Encryption
Now Alice wants to send Bob a secret message
Alice and Bob have previously shared an identical secret key
Alice Bob
01100…111011
Random challenge 01100…111011

Derived Key
Cipher Cipher
Plain Text Cipher Text Plain Text
(Encrypt) (Decrypt)
Advanced Encryption Standard (AES)
AES deserves a class to itself, so let’s just say each round of AES “replaces and
jumbles” things beyond the point of recognition
One “Round” of Encryption shown
Cipher key can be

128bit = 10 Rounds
192bit = 12 Rounds
256bit = 14 Rounds
Block size of data is

always 128bits
AES is offered in
different modes
Agenda
• Hashing
• Chain of Trust
Public Key Cryptography
AKA “Asymmetric” or “Public/Private Key” Cryptography
• Uses two mathematically related keys

• Imagine having two different keys to the same lock box
• If the first key locked it, only the second key can unlock it
• If the second key locked it, only the first key can unlock it
• Key distribution is easy

• One of these keys can be shared publicly and is called the “Public Key”
• The other is held very privately and is called the “Private Key”
• The security and privacy of the Private Key is critical

• Every element has its own public/private key pair
• Key pairs should never be shared
Public Key (Asymmetric) Cryptography
• Simple Public key exchange

• When Alice and Bob know and trust each other
• Bob provides his public key directly to Alice
• Alice knows Bob and knows this key is genuine and can be
trusted
Alice Bob
Bob Bob
Bob’s KPUB KPRIV
Public Key
Bob’s
Public and Private
Key Pair
Alice can provide Bob her public key in the same way
Asymmetric Authentication
Alice wants to authenticate she is connected to Bob
Alice and Bob know and trust each other and have their own public/private
key pairs
Alice Bob
01100…111011
Random Challenge 01100…111011
Digital
Verify Sign
Signature Bob
Bob’s KPRIV
Public Key
Bob’s
Private Key
What exactly is a Digital Signature?
• It is NOT an encrypted return of the challenge

• Signing is a complex mathematical function which takes the private key,
the random challenge, and a unique random number to create the result
• The resulting digital signature can only be verified using the signer's
public key
• …and the Verify is NOT a decryption

• A Verify is another complex mathematical function whose only goal is to
determine if the sender’s private key was used in creating the digital
signature
More accurately,
a digital signing looks like this:
Alice Bob
01100…111011
Random Challenge 01100…111011
Digital
Verify Sign
Signature Bob
Bob’s KPRIV
Public Key
Bob’s
Private Key
Random number
(never shared)
A “Known-Plaintext Attack” is an attempt to calculate secrets from output produced by a

sufficiently large bulk of known input.
Injecting randomness defeats this attack. Even if the same exact challenge is signed, a
completely different, yet verifiable, signature is calculated.
Agenda
• Hashing
• Chain of Trust
What if Alice and Bob don’t
know each other?
• Until now, we only considered Alice knows Bob
• We assumed Alice shared her public key with Bob and Bob knew,
without doubt, it belonged to Alice. And visa versa.
• Before strangers can trust each other they must

establish a common trust anchor or root of trust
• This root of trust will vouch for both Alice and Bob
• Signatures and/or Certificates are used to assure trust

• The trust anchor is usually the OEM or a Certificate Authority (CA)
How are certificates used to establish trust?
Cartoon example using Bob’s mom as the Root of Trust
• Alice knows and trusts Bob’s mom but never met Bob
Hi Alice, can you

please give my
son, Bob, a
message for me?
Bob doesn’t know

me. How will he
trust the message
is genuine?
No problem! Give him

this certificate of
message authenticity.
Bob’s Mom Alice
How are certificates used to establish trust?
Cartoon example using Bob’s mom as the Root of Trust
• Alice knows and trusts Bob’s mom but never met Bob
Thank you!
Hi Bob, I have a It’s good to
message from hear from
your mom. my mom!
Who the heck are

you and what
have you done
with my mom?!
Sorry! I’m Alice and here

is a certificate from your
mom so you can trust the
Alice message is genuine.
Bob
Structure of a Certificate
Accepted PKI standard X.509 v3 digital certificate is as follows:
• Certificate Contents
• Version & Serial Number
See the following link for details:
• Algorithm ID
https://tools.ietf.org/html/rfc5280
• Issuer
• Validity
• Not Before / Not After
• Subject
• Subject Public Key Info
• Public Key Algorithm
• Subject Public Key
• Issuer Unique Identifier (optional)
• Subject Unique Identifier (optional)
• Extensions (optional)
• ...
• Certificate Signature Algorithm
• Digital Signature
How Certificates (Digitally Signing) are
used in a real world system
Asymmetrically authenticating ink cartridges, for example
Ink cartridges will be made by both the OEM and

licensees of the OEM. How can both be authentic
and still keep out clones? A chain of trust is used
The Provisioning Process (Factory Setup)
1
ECDSA Root of Trust
SIGN OEM OEM (OEM HQ or CA)
KPRIV KPUB
Licensed Authority Module
supplier
Ink cartridge
Crypto
Element Crypto Element
OEM ECDSA Device Device

Certificate SIGN 2 KPUB KPRIV
LS
LS LS Certificate
KPUB KPRIV
LS
3
KPUB
OEM
certificate
The Authentication Process (Customer use)
Ink Cartridge
Printer
Crypto Element
Crypto Element
OEM
Public Key
Verify Mfg
LS
KPUB 1
ECDSA KPUB
VERIFY OEM
Certificate
?
Verify Device
Device Device
Public Key
2
ECDSA KPUB KPRIV
VERIFY
?
RANDOM LS
CHALLENGE Certificate
3
Challenge -
Response -
ECDSA
Verify
VERIFY
ECDSA
SIGN
Limited use counters
Limits the number of uses
• The very idea of a disposable implies

limited use
• The monotonic counter would

decrement every time the cartridge Ink cartridge
signs a challenge Crypto Element
• If no uses remain, decrementing the counter ECDSA
results in an authentication fault Sign
• The counter resides inside a trusted zone
• The counter is not resettable
• Ask how this can eliminate

overbuilding Counter - 1
Creating a Signed Message
Bob wants assurance the file came from Alice and was not altered
The message Alice is sending to Bob is plaintext, not encrypted
Alice starts off with:
Alice’s
Alice Private Key Sign
KPRIV Signature
Digital To Bob
Envelope
Plain Text Hash
Plain Text
Receiving a Signed Message
Bob wants assurance the file came from Alice and was not altered
The message Alice is sending to Bob is plaintext, not encrypted
Alice’s Public Alice

Key KPUB
Signature
From Verify
Alice Digital
Envelope
Plain Text Hash
Plain Text
Achieving confidentiality with
Public Key
Sending an encrypted message using
public key
Alice wants to send Bob a secure message
Bob needs assurance the message came from Alice and is unaltered
Alice’s Sign
Alice Private Key
KPRIV Signature
Digital
Plain Text Hash
Envelope
To Bob
Encrypt
Session Cipher Text
Key
Bob’s Encrypt
Bob Public Key Encrypted
KPUB Session Key
Receiving an encrypted message
using public key
Bob needs assurance this message came from Alice and is unaltered
Verify
Signature
HASH
Digital Alice’s Public

From Envelope Alice Key
KPUB
Alice
Plain Text
Cipher Text Decrypt
Decrypt
Encrypted Session Key
Session Key
Bob’s
Bob
KPRIV Private Key
Elliptic Curve Diffie–Hellman (ECDH)
anonymous key exchange
• ECDH
• Anonymous key agreement protocol allowing two parties, each with their
own public/private pairs, to establish a unique shared secret between them
• Alice and Bob have private/public pairs Pr/Pu and Pr/Pu

• The dot product of Alice’s private key and Bob’s public key
…is identical to…
• The dot product of Bob’s private key and Alice’s public key
Pr ▪ Pu = SS = Pr ▪ Pu
• Both produce the exact same Shared Secret (SS)

• In the context of SSL/TLS, this is known as the “Pre Master Secret”
Diffie-Hellman (1 of 4)
Alice calculates the ECDH shared secret she has with Bob
Alice’s Bob’s
Private Key Public Key
Alice’s SIGN
Alice Private Key Signature
KPRIV
Digital
HASH Envelope
To Bob
Plain Text
Encrypt
Cipher Text
SS
Bob calculates the ECDH shared secret he has with Alice
Bob’s Alice’s
Private Key Public Key
Verify
Signature
HASH
Digital Alice’s
Envelope Alice Public Key
From KPUB
Alice
Plain Text
Decrypt
Cipher Text
SS
With ECDH, “SS” is always the same
Shouldn’t we have different keys for every session?
• Using Diffie-Hellman for temporary session keys

• After identity authentication, each side spawns a brand new public/private
key pair
• These key pairs are used with the ECDH algorithm to create at brand new Shared Secret
• The brand new Shared Secret is used as the session key / working key
• ECDHE – Ephemeral (short lived) key generation
• After use, everything just created is destroyed – all of it
• The next time communications occurs, the above process is repeated
• Robust authentication must be done prior to this
• Accepting inadequate authentication could authorize an attacker
• This is often referred to as “Perfect Forward Secrecy”
• Not only is the session key for the transmission destroyed, so is its primary
keying material
With ECDH, “SS” is always the same
(Part two)
• A KDF (Key Derivation Function) could be used to

randomize the shared secret (SS)
• Several industry accepted methods available
• One method is using a deterministic pseudo-random number generator
whose output depends on an “initialization vector”
• Or a random number can be shared to be hashed with

the shared secret (SS)
• Same way we created a derivative key when we spoke of symmetric
cryptography
“Session Keys” used in communication
Alice Bob
Private Key Public Key Public Key Private Key
Public Key Exchange
Diffie-Hellman Computation Diffie-Hellman Computation

Shared Secret (SS)
(Pre-Master Secret)
Session Key Generation

(ECDHE, KDF,
SS Hash with Random)
Plain Text Cipher Cipher Text Cipher Plain Text
https:// and TLS 1.2
How to Achieve Strong Security
Three critical elements
• High Entropy Random Number Generator

• “Entropy” is a profound lack of order, the basis for randomness
• Robust Key Security – It’s a bad idea to have keys in

firmware or software
• Requires a Persistent Secure environment in which keys live and are used
• …with Anti-Tamper Protections
• A strong cryptographic methodology and robust Chain

of Trust
• This presentation is assuming elliptic curve cryptography (ECC), the current
standard
• ECC is replacing RSA due to the smaller key size for the same level of security
• ECC-256bit = RSA-3072bit
Microchip specific information
We offer the Requirements for Security
Crypto Level Hardware Accelerators Side Channel Attack Tamper

RNG ECC, SHA, AES Protections Protection
NIST SP 800-90B Faster, Lower Power Keys and functions do Similar protection
tests for the Protected inside a not share resources with as used on Trusted
validation of secure environment vulnerable entities Platform Modules
entropy sources
Various solutions are available from MCHP groups:

CPG, MCU, MPU, and SPG
Faster in Hardware
ATECC508A versus Cortex® M0+ running at 48MHz
H/W vs S/W benchmark

6000
5000
milliseconds
4000
3000
2000
1000
0
ECC256 Keny Gen ECDSA Sign ECDSA Verify ECDHE Key Agree
ATECC508A Cortex M0+ @ 48MHz
Hardware Security Features
Microchip
Active Shield
• Advanced Multi-Level HW
Security
• Active shield over entire chip
• All memories internally encrypted
• Information independent execution
• Internal state consistency checking
• Power supply tamper protection
Standard uC, logic & memory
• Temperature lockouts
• Internal clock generation
• Secure test methods
• No die features can be identified
• No package or die identification
• Designed to defend against a

multitude of attacks
Secure Element Block Diagram
Active Tamper-Hardened Hardware Boundary

Shield:
Attackers ECC/SHA/AES
SRAM
Isolates
cannot see Cryptographic
attack to
what’s Engine
72bit Unique a single
inside Serial Number device
EEPROM High Quality

Encrypted 16 Slots Random Number
Generator Required
& Key/Data
for every
Protected
Monotonic crypto
Logic /
Counters protocol
Intrusion Detect
Chip (ECC only)
Tracks number Configuration
of
authentications
Intrusion
detection or
Various GPIO
Single
anti-hack Multiple
GPIO functionality
Serial I/O
techniques Options
employed
ATSAMA5D2 Processor
• Cortex® A5 Core
• Up to 500MHz
• NEON + 128kB L2 Cache
• Large memory type support
• DDR2, LPDDR/2/3
• DDR3/DDR3L (DLL Off mode)
• QSPI / SDCard / Managed
NAND
• Media embedded features
• Audio sub-system
• 24-bit LCD
• 12-bit Raw Bayer camera
• Capacitive Touch
• Advanced Security features
• PCI Payment certification
• On-the-fly encryption/
decryption from DDR & QSPI
• ARM TrustZone®
• x8 tamper pins and Secure key
storage
• SW RSA and ECC
Microchip Devices to use
• Devices from varied groups supporting Security
• CPG – Secure Cortex® M4 devices
• CEC1x02 family
• MCU – Cortex M23 and M33 based devices

• ATSAML11
• MPU – Cortex A5 based devices

• ATSAMA5D2x family
• SPG – Secure Elements with H/W enforced persistent

security
• ATSHAx family
• ATECCx family
• Trust Anchor family
CEC1702
Enhanced Crypto MCU
CEC1702 • 48MHz Core
• DSP/FPU Extension
Up to 480KB
Cortex-M4F 32KHz Ext Osc • Embedded Trace Module
embedded SRAM
64KB
48 MHz
32 KHz Int Osc
Boot ROM
• Up to 480KByte SRAM
MCU DSP/FPU 48MHa PLL
128B Battery RAM
• 64KB Boot ROM
ETM
Quad SPI • Enhanced Security block
24ch-DMA AES (128-192-256)
• AES
controller
I2C Integrity Check • HASH
(SHA-1, SHA-2)
Secure boot • Public Key
150MHz Unique
TRNG ID
SPI • RSA & ECC
Matrix
PKI – RSA, ECC • Battery backed features
UART
• QuadSPI interface
1 QSPI 65 IOs
• Timers and PWM
LED
VBATT Pwr Planes Timers/PWMs
Registers
Fan control • Apple Home Kit example
5-ch 10-bit ADC
Tamper
• “Canned” solution
• Packages:
• WFBGA: 64, 84
ATSAML11 System Architecture AHB Masters
AHB Slaves
SAML11 Only
PORT PORT CRYA
Flash & ROM

PORT
SWD Single-cycle
OSCCTRL I/O port (IOBUS) ROM SRAM
RWW DMAC
SUPC Debug
0.4-32MHz
LDO / BUCK Cortex-M23 Flash Data Secure x 8ch
Xtal OSC
BOD
(DSU) 32 MHz IDAU Flash Boot
MTB IDAU
DFLLULP DAL 64 KB 2 KB 16 KB
RSTC
DAP TrustZone-M 32 KB 8 KB DMA
MBIST 16 KB Scrambling CRYA 8/4 KB
PM Drivers Data
MCKL GCLK CRC-32 AHB-Lite Interface 64B Cache
OSC32KCTRL
WDT
32 kHz
RC OSC RTC/TAMPER
32 kHz Xtal EIC AHB High Speed Bus Matrix

Freq. Meter
EVENT SYSTEM
AHB/APB AHB/APB AHB/APB

Bridge A Bridge C Bridge B
Trust
NVM SERCOM TC OPAMP ADC
RAM
CTRL x3 x3 x3 12-bit
256B
PAC DMAC DSU
DAC CCL EVSYS AC PTC
10-bit x2 8 ch x2 100ch
EVENT SYSTEM EVENT SYSTEM
Advanced Information - Microchip Confidential

ATSAMS7/E7
High Performance MCU
SAME70/S70 • 300MHz Core
• DSP/FPU Extension
Up to 2MB Cortex-M7 2 RC OSC, 2 xtal OSC, • Embedded Trace Module
embedded Flash 2 PLL, RTC, 2 Watchdog
300 MHz
384KB
Multi-port RAM
TCM
300MHz
ETM Backup SRAM – 1KB • Up to 2MByte Flash
Static Memory MPU DSP/FPU Voltage Regulator, POR • Security block
Controller
2x16KB L1 Cache • Configurable multi-port 384KB
SDRAM Controller with ECC SRAM
24ch-DMA • SDRAM interface
AES-256
1 HS USB Dev./Host
controller • High Speed USB + Phy
Integrity Check
w/ PHY Monitor (SHA)
Secure boot
• Camera interface
1 HS SDIO/SD/e.MMC
150MHz Unique
TRNG ID • Advanced Analog and PWM
Matrix
Memory Scrambling • Ethernet and Dual CAN-FD on
5 UART, 3 USART, SAM E70
2 SPI, 3 TWI
1 QSPI 114 IOs • Packages:

8x 16-bit PWM Camera Interface • BGA:100, 144
SAME70 only
2 CAN-FD
12x 16-bit Timers • QFP: 64, 100, 144
1x I2S / TDM
2x 12-ch 12-bit ADC
EMAC 10/100 2-ch 12-bit DAC
• Temp range -40/105°C
ATSAMD5/E5
Security - Features
• AES, ECC, SHA, RSA, DSA, TRNG for HW Encryption:
• True Random number Generator
• Higher security with 256bit AES
• 6 Different Mode of Operation
• Galois counter Mode (GCM)
• Electronic Code Book (ECB)
• .....
• Integrity check monitor
• Secure Hash Algorithm SHA1, SHA224 and SHA256
• RSA, DSA up to 5408bits
• ECC Elliptic Curves Cryptography up to 1504bits
• Deterministic Random Number Generation (DRNG ANSI X9.31) for DSA
• The Security bit:

• Lock chip from external access can only cleared through a debugger Chip
Erase command which will erase the Flash/SRAM
• Advantage:
• Code Security
• No debug/access to the Flash/SRAM
Last slides
How did we do with the Class
Objectives?
• Upon completion of this class, you will be
able to:
• Explain hashing and its function in cryptography
• Explain Symmetric and Asymmetric Cryptography
• Explain the “Chain of trust”
• Explain ways of creating unique session keys
• Did we accomplish that?
• Please be generous with high marks on the survey

Feedback sheets
• Please don’t forget to fill your

feedback sheets
Thank you!
A Secure System Needs “CIA”
• Confidentiality / Privacy
• Assures no unintended entities may read data at rest and/or
messages during transmission
• Integrity
• Assures a message was not altered in any way
• Authentication
• Assures something is what it is declared to be
• Non-repudiation
• Assures a specific origin and/or sender’s identity
• Attestation / Secure Boot / Secure DFU
• Provides reliable evidence the existing code is genuine
• Local and/or Remote Attestation is possible
“AIC” – the priority of security
• Cryptographic functions, in order of priority is “AIC”

• Authenticate – establish the other communicator is genuine
• Assure the Integrity of data and messages to / from that communicator
• Make Confidential – obfuscate the information
• “Security” is achieved by Authentication & Integrity
• Confidentiality (encryption) is actually optional

• If you establish trust in the sender…
• If you are certain the message has not been altered…
• …Does the confidentiality of the actual message matter?
• Sometimes yes. Sometimes no. It’s optional.
Choosing among the Devices
Use the ATSHA Use the ATAES
• Uses Symmetric (Secret) Key and Hashing • Uses Symmetric Key AES-CCM mode (CTR
with CBC-MAC) and Hashing
• Best when price is highest priority
• When compatibility with Serial EEPROM is
• Best for systems with two end points
desired
• Same secret on host and client • Up to 32 Kbits of data for fingerprints,
calibration data, firmware blocks, etc…
Use the ATECC

• Uses Asymmetric (Public) Key – Elliptic Curve: ECDSA, ECDH, ECDHE
• Best when highest security is desired
• Best for systems with multiple nodes
• Best for reducing administration costs associated with field devices
• External Tamper pin
• In systems where host hardware cannot be easily changed
• Fully backward compatibly with SHA204A
Available
MCU32 Legacy
Product Portfolio In Development
General Purpose Connectivity Low Power Automotive 5V

Eth, CAN-
Eth,
HS USB USB, FD I2S/ PDM, Ethernet
CAN- I2S/ USB PTC, USB, CAN-FD Dual
Detail General Purpose FS USB Large Ethernet, HS USB, USB, LCD LCD , CAN-FD
FD,FS PDM AES I2S MediaLB CAN
SRAM CAN Large Flexcom MediaLB
USB
SRAM
2MB
SAM V70
SAM S70
SAM E70
SAM V71
1MB
SAM4N
SAM4E
SAM
SAME54
G55
G54
G53
SAMD51
SAM4S
SAM4L
SAM3X /A
512KB
SAM
G51
SAM L22
256KB
SAM L21
SAM C2x
SAM D21
SAM DA1
128KB
SAM D20
SAM3N
SAM3S
64KB
32KB
SAM D11
SAM D10
16KB
8KB
Crypto
<8KB
Mem 14- 32- 48- 14- 48- 48- 64- 100- 100- 64- 49- 48- 32- 48- 64- 64-
64 - 128 49-100 49-64 32-64 32-64
……Pin 20 64 100 64 100 128 144 144 144 144 100 100 64 100 144 144
Core CM0+ CM0+ CM3/4 CM0+ CM3/4 CM4F CM7 CM3 CM4F CM7 CM4F CM4F CM4F CM4F CM4 CM0+ CM0+ CM0+ CM7 CM7 CM0+
Freq.
48 48 80 48 120 120 300 84 120 300 120 48 48/96 120 48 48 32 48 300 300 48
MHz
LEGAL NOTICE
SOFTWARE:
You may use Microchip software exclusively with Microchip products. Further, use of Microchip software is subject to the copyright notices, disclaimers, and any license
terms accompanying such software, whether set forth at the install of each program or posted in a header or text file.
Notwithstanding the above, certain components of software offered by Microchip and 3rd parties may be covered by “open source” software licenses – which include
licenses that require that the distributor make the software available in source code format. To the extent required by such open source software licenses, the terms of
such license will govern.
NOTICE & DISCLAIMER:

These materials and accompanying information (including, for example, any software, and references to 3rd party companies and 3rd party websites) are for informational
purposes only and provided “AS IS.” Microchip assumes no responsibility for statements made by 3rd party companies, or materials or information that such 3rd parties
may provide.
MICROCHIP DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ANY IMPLIED WARRANTIES OF NONINFRINGEMENT,
MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY DIRECT OR INDIRECT, SPECIAL,
PUNITIVE, INCIDENTAL, OR CONSEQUENTIAL LOSS, DAMAGE, COST, OR EXPENSE OF ANY KIND RELATED TO THESE MATERIALS OR ACCOMPANYING
INFORMATION PROVIDED TO YOU BY MICROCHIP OR OTHER THIRD PARTIES, EVEN IF MICROCHIP HAS BEEN ADVISED OF THE POSSIBLITY OF SUCH
DAMAGES OR THE DAMAGES ARE FORESEEABLE. PLEASE BE AWARE THAT IMPLEMENTATION OF INTELLECTUAL PROPERTY PRESENTED HERE MAY
REQUIRE A LICENSE FROM THIRD PARTIES.
TRADEMARKS:
The Microchip name and logo, the Microchip logo, AnyRate, AVR, AVR logo, AVR Freaks, BitCloud, chipKIT, chipKIT logo, CryptoMemory, CryptoRF, dsPIC, FlashFlex,
flexPWR, Heldo, JukeBlox, KeeLoq, Kleer, LANCheck, LINK MD, maXStylus, maXTouch, MediaLB, megaAVR, MOST, MOST logo, MPLAB, OptoLyzer, PIC, picoPower,
PICSTART, PIC32 logo, Prochip Designer, QTouch, SAM-BA, SpyNIC, SST, SST Logo, SuperFlash, tinyAVR, UNI/O, and XMEGA are registered trademarks of Microchip
Technology Incorporated in the U.S.A. and other countries.
ClockWorks, The Embedded Control Solutions Company, EtherSynch, Hyper Speed Control, HyperLight Load, IntelliMOS, mTouch, Precision Edge, and Quiet-Wire are
registered trademarks of Microchip Technology Incorporated in the U.S.A.
Adjacent Key Suppression, AKS, Analog-for-the-Digital Age, Any Capacitor, AnyIn, AnyOut, BodyCom, CodeGuard, CryptoAuthentication, CryptoAutomotive,
CryptoCompanion, CryptoController, dsPICDEM, dsPICDEM.net, Dynamic Average Matching, DAM, ECAN, EtherGREEN, In-Circuit Serial Programming, ICSP, INICnet,
Inter-Chip Connectivity, JitterBlocker, KleerNet, KleerNet logo, memBrain, Mindi, MiWi, motorBench, MPASM, MPF, MPLAB Certified logo, MPLIB, MPLINK, MultiTRAK,
NetDetach, Omniscient Code Generation, PICDEM, PICDEM.net, PICkit, PICtail, PowerSmart, PureSilicon, QMatrix, REAL ICE, Ripple Blocker, SAM-ICE, Serial Quad I/O,
SMART-I.S., SQI, SuperSwitcher, SuperSwitcher II, Total Endurance, TSHARC, USBCheck, VariSense, ViewSpan, WiperLock, Wireless DNA, and ZENA are trademarks
of Microchip Technology Incorporated in the U.S.A. and other countries.
SQTP is a service mark of Microchip Technology Incorporated in the U.S.A.
Silicon Storage Technology is a registered trademark of Microchip Technology Inc. in other countries.
GestIC is a registered trademark of Microchip Technology Germany II GmbH & Co. KG, a subsidiary of Microchip Technology Inc., in other countries.
All other trademarks mentioned herein are property of their respective companies.
© 2018, Microchip Technology Incorporated, All Rights Reserved.

Sec1 20220627V1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sec1 20220627V1

Uploaded by

Copyright:

Available Formats

22070 SEC1

Modified by Alejandro Gomez

• The Chain of Trust – Certificates

• Identification – A claim to be something or someone

• Authentication – The act of proving an identity claim

• Authorization – Once identified and authenticated, the device or

Analogy: A friend identifies themselves at your door. You authenticate

• Terms associated with Authentication:

• Attestation / Secure Boot / Secure DFU

• Cryptographic functions, in order of priority, are…

• “Security” is often achieved by Authentication & Integrity alone

• Confidentiality (encryption) is optional

• Output is fixed length; SHA-256 outputs a 32 Byte digest no matter

1 Kilobyte file Crypto Hash 1 Megabyte file Crypto Hash

• When used to authenticate, the result is called a

STOP THE CAR NOW a3e89d85a10a52176f8c3d851d30811b

STOP THE CAR NOW 2eb61b985fba6251

Alice provides Bob a copy of the Secret Key

• Weakness of secret key is the confidentiality of the key

• Symmetric Key cryptography can be extremely secure,

Crypto Hash Crypto Hash

All hosts will

HASH RANDOM HASH

Crypto Hash Crypto Hash

Crypto Hash Crypto Hash

One “Round” of Encryption shown

Cipher key can be

Block size of data is

• Uses two mathematically related keys

• Key distribution is easy

• The security and privacy of the Private Key is critical

• Simple Public key exchange

• It is NOT an encrypted return of the challenge

• …and the Verify is NOT a decryption

A “Known-Plaintext Attack” is an attempt to calculate secrets from output produced by a

• Before strangers can trust each other they must

• Signatures and/or Certificates are used to assure trust

Hi Alice, can you

Bob doesn’t know

No problem! Give him

Who the heck are

Sorry! I’m Alice and here

Ink cartridges will be made by both the OEM and

OEM ECDSA Device Device

• The very idea of a disposable implies

• The monotonic counter would

• Ask how this can eliminate

Alice starts off with:

Alice’s Public Alice

Plain Text Hash

Digital Alice’s Public

Cipher Text Decrypt

• Alice and Bob have private/public pairs Pr/Pu and Pr/Pu

• Both produce the exact same Shared Secret (SS)

Bob calculates the ECDH shared secret he has with Alice

• Using Diffie-Hellman for temporary session keys

• A KDF (Key Derivation Function) could be used to

• Or a random number can be shared to be hashed with

Private Key Public Key Public Key Private Key

Public Key Exchange

Diffie-Hellman Computation Diffie-Hellman Computation

Session Key Generation

Plain Text Cipher Cipher Text Cipher Plain Text