A crypto system should be secure even if everything about the system, except the key, is public knowledge – Kerckhoff’s law (from the 19th century).
There are two basic ways of security systems: symmetric and asymmetric. Both rely on Kerhoff’s law using secret keys to ensure security. Symmetric systems use the same key on host and client side and offer fast and high throughput as well as efficient security implementation. At the same time symmetric security comes with the trade-off that once a key becomes public the system is not safe any more. Therefore symmetric security hard- and software is best for applications which need to communicate with only a few other devices or where on the fly encryption is based on session keys.
Asymmetric security systems are usually more complex and need more calculation time. However they are the better choice for applications and networks in which a greater number of participants need to communicate with each other (e.g. in IoT devices) and where the main use case is authentication of nodes. Host and client have a private and a public key which are linked together; the public one can be looked up by everyone, the private key is kept secret. Based on these two keys it is possible to encrypt and decrypt information in two ways. Common asymmetric systems use the client private key for signing data on the client side and use the client public key for verification on the host side. If the verification is O.K., the data is authentic.
Diffie–Hellman key exchange can be used for secret communications while exchanging data over a public network. The basic principal is that two parties calculate a result out of their own secret number and an upfront shared second number and exchange these values. The result of the other party, computed with the own secret number gives the same result on both sides. This result can be used, for instance, as the session key for a symmetric cipher. Such systems are called hybrid crypto systems, as the communication after the session key is generated is executed analogue to symmetric systems.
In a symmetric crypto system where the algorithm is public knowledge, security can only be ensured if the key is kept private. As software is easier to hack it is better to choose crypto hardware solutions like the Atmel ATSHA204A. Such security chips do not require high expertise regarding crypto technology since all the crypto functions are already implemented in the hardware.
Let’s have a quick look on how symmetric authentication works at the example of the ATSHA204A. Basically the host sends a random number, which is generated by the ATSHA204A’s integrated random number generator to the client. This step is called the challenge. In a next step the client receives the random number and runs it through a hash algorithm (SHA256) using the secret key stored inside. The result of the hashing function, the response (also called Message Authentication Code or MAC) is sent back to the host. In a third step the host runs the same challenge number it sent to the client through a hash algorithm with its own secret key (same key) stored in the hardware. The authentication is successful if the value the host calculated matches the client’s response.
Symmetric encryption as used in the Atmel ATSHA204A
As the described symmetric verification is fast, the solution is perfect for hardware accessories such as battery packs, ink cartridges and medical disposables. For more support and help with the implementation of security hardware or advice which solution is best for your application feel free to shoot me an email using the address provided in my profile below. For more information see our Identification Segment page here.