Start Hardware Interface

USB Adapter Disconnected
Hardware Connection Not Ready

DS28C36

Secure Authenticator

Provides Affordable Elliptic-Curve Public-Key Authentication Security to Protect Your Development Investment

Introduction

The DS28C36 (Figure 1) is a ECDSA (elliptic curve digital signature algorithm) and SHA-256 (secure hash algorithm, 256 bit) authenticator, which is operated over I²C interface. The three ECDSA private and public key pairs for signature generation and verification can be computed by the device or installed by the user and optionally locked. Separate memory space may be used to store and lock a public-key certificate. The 8kb of secured EEPROM provides a 4kb user partition that is organized as 16 pages of 256 bits and can be left unprotected or irreversibly write-protected, read-protected, authentication-protected, encrypted, or set up for EEPROM emulation mode. The DS28C36 also features a FIPS-grade TRNG (true random number generator), and a one-time settable, non volatile, 17-bit decrement-only counter, which can be used to electronically control the lifetime of the object with which the DS28C36 is associated. Each device has its own guaranteed unique 64-bit ROM ID, factory programmed into the chip. This ROM ID is an input parameter for cryptographic operations.

Figure 1. DS28C36 Block Diagram

Product Details

Parametric specs for Secure Authenticators

Crypto Engine	Asymmetric
	Symmetric
Applications	IP Protection
	Medical Consumable ID
	Medical Sensor Authentication and Calibration
	Medical PCB ID and Authentication
	Print Cartridge Authentication

Simplified Block Diagram

DS28C36: Typical Application Circuit

Asymmetric & Symmetric functions for core set of crypto tools
- FIPS186 ECDSA P256 signature and verification
- FIPS180 SHA-256 for HMAC
- ECDH key establishment function to support encrypted I/O of sensitive data
- configurable ECDSA or HMAC authenticated R/W memory
NIST SP 800-90B TRNG with command to output RND
Multiple configurable key options
- 3x Pu/Pr key pairs for ECC
- 2x Secrets for SHA-256

GPIO pins: 4mA/0.4V
- Optional ECDSA or SHA-256 authentication ON/OFF and state read
- Optional ECDSA to set ON/OFF after multi-block Hash for Secure Boot
Decrement-only counter with authenticated read
8kb EEPROM
Unique factory programmed read-only serial number (ROM ID)
Strong protection against invasive and non-invasive security attacks
3.3V; -40C to +85C, 3x3 TDFN

Challenge & Response Authentication Using Symmetric SHA-256

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

MAN ID ROM ID

Host Computed Destination Secret
Computed Secret

Select Page
Page Data

Press next to establish connection to DS28C36 and load device info

Challenge & Response Authentication Using Asymmetric ECDSA

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

MAN ID ROM ID

Verify Peripheral is Authentic within the System
Message Digest

Certificate R

Certificate S

Modify Message Digest Click Checkbox to test what happens when incorrect Message Data is used

Press Next to Start USB Adapter Connection

Authenticated SHA-256 Write

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

MAN ID ROM ID

Host Computed Destination Secret
Computed Secret

Peripheral Page 0
Old Data

New Data

Auth HMAC

Press Compute HMAC (Required for Computation)

New Page Data
Page 0 Data

Press next to load device info

Authenticated ECDSA Write

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

MAN ID ROM ID

Peripheral Authenticate Host's Public Key for Writes
Write Host's Public Key SX

Write Host's Public Key SY

Customization

Press Generate Certificate (Required for Computation)

Certificate R

Certificate S

Peripheral Page 1
Old Data

New Data

Press Generate Signature (Required for Computation)

Signature R

Signature S

Modify any of the signed data or signature values above to test when incorrect data is used.

Authenticate New Page Data
Page Data

Challenge

Device Public Key X

Device Public Key Y

Authentication Result

Signature R: Signature S:

Press next to load device info

ECDH Key Establishment and Encrypted IO

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

MAN ID ROM ID

Host Verify the Peripheral is Authentic within the System
Message Digest

Certificate R

Certificate S

Compute Peripheral Session Key
Host Public Key X

Host Public Key Y

Customization

ECDH Customization

Press Generate Signature (Required for Computation)

Signature R

Signature S

Compute Host Session Key
Device Public Key X

Device Public Key Y

ECDH Customization

Session Key

Press Compute Session Key (Required for Computation)

Host Reads and Decrypts Encrypted Page 2 Data
Encrypted Page Data

DS28C36 RND

Decrypted Page Data

Page 2 of the DS28C36 was programmed to all 00's and protected with Encrypted Read/Write (ECH).

Press Next to Start USB Adapter Connection

Secure Download

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

MAN ID ROM ID

Verify Peripheral is Authentic within the System
Message Digest

Certificate R

Certificate S

Host Sign Download Data
Vulnerabilities to attacks in critical systems are driving growing awareness for the need for improved security methods. Although the industry has relied largely on software-based cybersecurity methods, hardware-based methods are quickly gaining recognition as uniquely capable of delivering strong protection and providing a basis of trust well worth their incremental cost. The emergence of cost-effective silicon solutions enables designers to harden designs—dramatically reducing the risk of unauthorized access to embedded devices, peripherals, and systems, with minimal impact on overall cost.

Feel free to modify data and click Sign Data to continue.

Visit "Preserving Integrity using Symmetric Key Algorithms" Learning Tab under Cryptography Fundamentals

Modify Data after signing to test what will occur when incorrect data is used with generated signature

Signature R

Signature S

Press Next to Start USB Adapter Connection

Secure Encrypted GPIO

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

MAN ID ROM ID

Host Computed Destination Secret
Computed Secret

GPIO Page
Encrypted Old Data

Decrypted Old Data

New Data

New Encrypted Data

Modify data after computing HMAC to test what will occur when incorrect data is used.

See description below for detail on the GPIO control byte PIOBC

Write Auth HMAC

Press Compute HMAC (Required for Computation)>

Check Board to see GPIO Update through LED change

Press Next to Start USB Adapter Connection

True Random Generator

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

MAN ID ROM ID

Select Number of RNG Bytes
Number of Bytes (1-64)
RNG Bytes Received

Press Next to Start USB Adapter Connection

Secure Counting

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

MAN ID ROM ID

Secure Counting
Current Counter Value

Press Next to Start USB Adapter Connection

DS28E38

Secure ECDSA Authenticator with ChipDNA PUF Protection

Protect your design using Crypto-Strong Authentication Secured with a Physically Unclonable Function

Introduction

The DS28E38 (Figure 1) is an ECDSA public-key based secure authenticator that incorporates Analog's patented ChipDNA^™ feature, a physically unclonable function (PUF) to provide a cost-effective solution with the ultimate protection against security attacks. The DS28E38 security guide describes the command sequences to use ChipDNA with the cryptographically secure device data, and to operate the ECDSA engine, the decrement-only counter, and the unique 64-bit ROM identification number (ROM ID). After a 1-Wire^® Reset/Presence cycle and ROM function command sequence is successful, a DS28E38 is ready to accept the device function command sequence. Common to all device function commands is a command start issued first followed by a length byte, the device function command, and the parameter byte(s). The controller receives a 16-bit CRC as confirmation of the device function command sequence to verify that it was received properly. Then the release byte can be issued followed by a delay with strong pullup (i.e., a low impedance bypass to supply high current demands during command processing). When the delay is complete, the controller transmits a dummy byte and receives the length byte and result byte from DS28E38. Depending on the length byte received, subsequent result data may or may not be sent after the result byte. Finally, the controller receives another 16-bit CRC as confirmation of the data DS28E38 sent after the dummy byte.

Figure 1. DS28E38 Block Diagram

Product Details

Parametric specs for Secure Authenticators

Crypto Engine	Asymmetric
Applications	IP Protection
	Medical Consumable ID
	Medical Sensor Authentication and Calibration
	Medical PCB ID and Authentication
	Print Cartridge Authentication

Simplified Block Diagram

DS28E38: Typical Application Circuit

Protected with Physically Unclonable Function (PUF)
ECDSA-based Challenge/Response Authenticator
- FIPS186 ECDSA Engine
- FIPS180 SHA-256 Engine
NIST SP 800-90B TRNG with command to output RND
2kb E2 Array for User Memory and Public-Key Certificate

Decrement-only counter with authenticated read
Unique factory programmed read-only serial number (ROM ID)
Strong protection against invasive and non-invasive security attacks
3.3V; -40C to +85C, 3x3 TDFN

Challenge & Response Authentication Using Asymmetric ECDSA

Connectivity Between Host and Device

DS28E38

USB Adapter Connected MAXAUTHDEMO2 DS28E38 Device Not Connected

MAN ID ROM ID

Verify Peripheral is Authentic within the System
Message Digest

Certificate R

Certificate S

Modify Message Digest Click Checkbox to test what happens when incorrect Message Data is used

Press next to load device info

True Random Generator

Connectivity Between Host and Device

DS28E38

USB Adapter Connected MAXAUTHDEMO2 DS28E38 Device Not Connected

MAN ID ROM ID

Select Number of RNG Bytes
Number of Bytes (1-64)
RNG Bytes Received

Press Next to Start USB Adapter Connection

Secure Counting

Connectivity Between Host and Device

DS28E38

USB Adapter Connected MAXAUTHDEMO2 DS28E38 Device Not Connected

MAN ID ROM ID

Secure Counting
Current Counter Value

Press Next to Start USB Adapter Connection

Running the Lab

DS28C36

Secure Authenticator

Introduction

Product Details

Parametric specs for Secure Authenticators

Simplified Block Diagram

DS28C36: Typical Application Circuit

Challenge & Response Authentication Using Symmetric SHA-256

Help Connectivity Between Host and Device DS28C36 USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Host Computed Destination Secret Info Computed Secret

Info Select Page Page 0 Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page Data

Authentication Result Challenge Challenge: A 256-bit random number generated and provided to the Peripheral by the Host. This should be a random number every time to prevent a replay attack. Host auto generates a new challenge each time for demo.

Challenge & Response Authentication Using Asymmetric ECDSA

Help Connectivity Between Host and Device DS28C36 USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Verify Peripheral is Authentic within the System Info Message Digest Certificate R Certificate S Modify Message Digest Click Checkbox to test what happens when incorrect Message Data is used

Info Select Page Page 0 Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page Data Public Key X Public Key Y Challenge

Authenticated SHA-256 Write

Help Connectivity Between Host and Device DS28C36 USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Info Host Computed Destination Secret Computed Secret

Info Peripheral Page 0 Old Data New Data Auth HMAC Compute HMAC Press Compute HMAC (Required for Computation)

New Page Data Page 0 Data

Info Authenticate New Page Data Challenge Generate Challenge Press Generate Challenge (Required for Computation) Challenge: A 256-bit random number generated and provided to the Peripheral by the Host. This should be a random number every time to prevent a replay attack.

Authenticated ECDSA Write

Help Connectivity Between Host and Device DS28C36 USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Peripheral Authenticate Host's Public Key for Writes Info Write Host's Public Key SX Write Host's Public Key SY Customization Generate Signature Press Generate Certificate (Required for Computation) Certificate R Certificate S

Info Peripheral Page 1 Old Data New Data Generate Write Signature Press Generate Signature (Required for Computation) Signature R Signature S Modify any of the signed data or signature values above to test when incorrect data is used.

Info Authenticate New Page Data Page Data Challenge Device Public Key X Device Public Key Y

Authentication Result Signature R: Signature S:

ECDH Key Establishment and Encrypted IO

Help Connectivity Between Host and Device DS28C36 USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Host Verify the Peripheral is Authentic within the System Info Message Digest Certificate R Certificate S

Compute Peripheral Session Key Info Host Public Key X Host Public Key Y Customization ECDH Customization Generate Signature Press Generate Signature (Required for Computation) Signature R Signature S

Compute Host Session Key Info Device Public Key X Device Public Key Y ECDH Customization Session Key Compute Session Key Press Compute Session Key (Required for Computation)

Host Reads and Decrypts Encrypted Page 2 Data Info Encrypted Page Data DS28C36 RND Decrypted Page Data Page 2 of the DS28C36 was programmed to all 00's and protected with Encrypted Read/Write (ECH).

Secure Download

Help Connectivity Between Host and Device DS28C36 USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Verify Peripheral is Authentic within the System Info Message Digest Certificate R Certificate S

Secure Encrypted GPIO

Help Connectivity Between Host and Device DS28C36 USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Info Host Computed Destination Secret Computed Secret

True Random Generator

Help Connectivity Between Host and Device DS28C36 USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Select Number of RNG Bytes Number of Bytes (1-64) RNG Bytes Received

Secure Counting

Help Connectivity Between Host and Device DS28C36 USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Secure Counting Info Current Counter Value

DS28E38

Secure ECDSA Authenticator with ChipDNA PUF Protection

Introduction

Product Details

Parametric specs for Secure Authenticators

Simplified Block Diagram

DS28E38: Typical Application Circuit

Challenge & Response Authentication Using Asymmetric ECDSA

Help Connectivity Between Host and Device DS28E38 USB Adapter Connected MAXAUTHDEMO2 DS28E38 Device Not Connected

Verify Peripheral is Authentic within the System Info Message Digest Certificate R Certificate S Modify Message Digest Click Checkbox to test what happens when incorrect Message Data is used

Info Select Page Page 0 Page 1 Page 2 Page 3 Page 4 Page 5 Page Data Public Key X Public Key Y Challenge

True Random Generator

Help Connectivity Between Host and Device DS28E38 USB Adapter Connected MAXAUTHDEMO2 DS28E38 Device Not Connected

Select Number of RNG Bytes Number of Bytes (1-64) RNG Bytes Received

Secure Counting

Help Connectivity Between Host and Device DS28E38 USB Adapter Connected MAXAUTHDEMO2 DS28E38 Device Not Connected

Secure Counting Info Current Counter Value

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Host Computed Destination Secret
Computed Secret

Select Page
Page Data

Authentication Result
Challenge
Challenge: A 256-bit random number generated and provided to the Peripheral by the Host.
This should be a random number every time to prevent a replay attack.
Host auto generates a new challenge each time for demo.

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Verify Peripheral is Authentic within the System
Message Digest

Certificate R

Certificate S

Modify Message Digest Click Checkbox to test what happens when incorrect Message Data is used

Select Page
Page Data

Public Key X

Public Key Y

Challenge

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Host Computed Destination Secret
Computed Secret

Peripheral Page 0
Old Data

New Data

Auth HMAC

Press Compute HMAC (Required for Computation)

New Page Data
Page 0 Data

Authenticate New Page Data
Challenge

Press Generate Challenge (Required for Computation)

Challenge: A 256-bit random number generated and provided to the Peripheral by the Host. This should be a random number every time to prevent a replay attack.

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Peripheral Authenticate Host's Public Key for Writes
Write Host's Public Key SX

Write Host's Public Key SY

Customization

Press Generate Certificate (Required for Computation)

Certificate R

Certificate S

Peripheral Page 1
Old Data

New Data

Press Generate Signature (Required for Computation)

Signature R

Signature S

Modify any of the signed data or signature values above to test when incorrect data is used.

Authenticate New Page Data
Page Data

Challenge

Device Public Key X

Device Public Key Y

Authentication Result

Signature R: Signature S:

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Host Verify the Peripheral is Authentic within the System
Message Digest

Certificate R

Certificate S

Compute Peripheral Session Key
Host Public Key X

Host Public Key Y

Customization

ECDH Customization

Press Generate Signature (Required for Computation)

Signature R

Signature S

Compute Host Session Key
Device Public Key X

Device Public Key Y

ECDH Customization

Session Key

Press Compute Session Key (Required for Computation)

Host Reads and Decrypts Encrypted Page 2 Data
Encrypted Page Data

DS28C36 RND

Decrypted Page Data

Page 2 of the DS28C36 was programmed to all 00's and protected with Encrypted Read/Write (ECH).

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Verify Peripheral is Authentic within the System
Message Digest

Certificate R

Certificate S

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Host Computed Destination Secret
Computed Secret

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Select Number of RNG Bytes
Number of Bytes (1-64)
RNG Bytes Received

Connectivity Between Host and Device

DS28C36

USB Adapter Connected MAXAUTHDEMO1 DS28C36 Device Not Connected

Secure Counting
Current Counter Value

Connectivity Between Host and Device

DS28E38

USB Adapter Connected MAXAUTHDEMO2 DS28E38 Device Not Connected

Verify Peripheral is Authentic within the System
Message Digest

Certificate R

Certificate S

Modify Message Digest Click Checkbox to test what happens when incorrect Message Data is used

Select Page
Page Data

Public Key X

Public Key Y

Challenge

Connectivity Between Host and Device

DS28E38

USB Adapter Connected MAXAUTHDEMO2 DS28E38 Device Not Connected

Select Number of RNG Bytes
Number of Bytes (1-64)
RNG Bytes Received

Connectivity Between Host and Device

DS28E38

USB Adapter Connected MAXAUTHDEMO2 DS28E38 Device Not Connected

Secure Counting
Current Counter Value