1 / 5

SPI Bus

Desire to make this link logically secure, via encryption. Insecure RF Link. Terminal. Contactless Module. Broadcom processor. Atmel chip. Futurex Key Server. Internet. ethernet. SPI Bus. SPI Bus. Maxim. PN512.

dorit
Download Presentation

SPI Bus

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Desire to make this link logically secure, via encryption. Insecure RF Link Terminal Contactless Module Broadcom processor Atmel chip Futurex Key Server Internet ethernet SPI Bus SPI Bus Maxim PN512 Atmel Processor, Key Storage, etc. secured under a “Mesh” – Physical Security Logically Secure Physically secure – Broadcom processor, etc.

  2. (New) MCUupdate FPE Other Utilities Broadcom Software Contactless Library RKI Interface Marriage/Authentication Local Key Mgmt Message Encrypr/Decrypt Platform Firmware SPI driver SPI interface SPI interface Bootloader AppDispatcher/ Command Handler MCU Firmware Message Encryption/Decryption Marriage/Authentication Key Mgmt. & Tamper Handling Field Environment Legend Existing modules Maxim Interface Major new components

  3. (New) MCUupdate Keygen Happy Diag Broadcom Software Contactless Library RKI Interface Key Mgmt & Key Injection MCU Diag. fns Platform Firmware SPI driver SPI interface SPI interface Bootloader AppDispatcher/ Command Handler MCU Firmware Key Injection Diagnostic functions Factory Environment Legend Factory only Existing modules Maxim Interface Major new components

  4. Atmel Broadcom Maxim PN512 Activate 1. Generate _dek (random()) 2. Append (Activate Cmd, Encrypt (dek, KEK) 3. Append MAC(ActivateCmd, MAK) 5. Decrypt (ActivateCmd,DEK) 4. Encrypt (ActivateCmd, DEK)* 6. GetKeyFromMaxim (mak_Index, MAK) 7. Decrypt (MAK, KEK) 8. authMAC(ActivateCmd,MAK) 9. Decrypt (dek, KEK) -- save dek for this session 10. Activate 11.AppendMAC(ActivateRsp, MAK) 12. Encrypt (ActivateRsp, dek) 13.Decrypt (ActivateRsp, dek) 14.authMAC (ActivateRsp, MAK) Exchange 15. AppendMAC (Exchange, MAK) 16. Encrypt (Exchange, dek) 17. Decrypt (Exchange,dek) 18.AppendMAC(ExchangeRsp, MAK) 20.Decrypt (ExchangeRsp, dek) 19. Encrypt (ExchangeRsp, dek) 21.authMAC (ExchangeRsp, MAK) Repeat using this dek until RemovePICC, PowerOn, PowerOff, ResetField 22. erase (dek)

  5. Atmel Broadcom Query the contactless device for Serial # and FW Version to determine if it is SRED capable. If so, begin marrying process. Generate random A, random B AuthSessKey = TDES_CBC (random A cat random B) ProposeMarry (random A, encrypt (random B, DEK)) Decrypt (random B, DEK) AuthSessKey = TDES_CBC (random A cat random B) Decrypt (MarriageResponse, AuthSessKey) If Random B matches the original, then the challenge has succeeded, otherwise the challenge has failed. MarriageResponse (TDES (random A + random B, AuthSessKey) ) With an authentication session key, we could transfer sensitive information here if nec

More Related