Author: Ben Smith, Senior Engineer, Embedded Security Division, Maxim Integrated
DNA is a fascinating concept—it connects us to one another as humans while also making each of us unique. No two people have the same DNA, and that uniqueness is what makes us who we are.
In recent years, we've learned how to use this inherent uniqueness for absolute identification. For example, DNA evidence has helped exonerate innocent people wrongly convicted of crimes, and it has also been used to convict those responsible. Every cell in our body carries a unique fingerprint of identity—something that can't be replicated or forged.
This stands in sharp contrast to the world of technology. In the tech world, devices must be identical down to the smallest detail—same design, same functionality, same performance. This uniformity is often a good thing because it ensures a consistent user experience. However, it also creates a major security challenge: if all devices look and act the same, how do you know which one is real and which one is fake?
How can we ensure authenticity? If every device is the same, it's hard to verify whether a message claiming to come from a specific device is actually from that device. It could be coming from a counterfeit. Imagine a door actuator receiving a message from an access keypad with the correct password—the door should open. But how does the actuator know the message is genuine?
In face-to-face communication, this isn’t a problem. We recognize people based on physical traits like the shape of their chin, the size of their ears, or the sound of their voice. These are unique characteristics that make us who we are. If devices had similar unique traits, they could be identified just as reliably.
That’s why Maxim developed ChipDNA™ technology. Devices using ChipDNA contain unique elements that make them distinct, even if they perform the same function. Inside each device, there's a circuit that measures the chip's unique physical properties. These features remain stable over time but differ between devices. ChipDNA logic uses these variations to generate a value that stays the same for each calculation but is unique to the device itself. It’s like having a digital DNA that identifies the device just as your DNA identifies you.
To understand the importance of verifying a sender’s identity and ensuring message integrity, let’s consider a simple scenario. Suppose you have a remote sensor that sends a message saying something is wrong. How do you know the message is genuine? You have several options:
Option 1: Shared Key
You could set a secret key before deploying the sensor. When the sensor sends a message, it includes the key in a specific way. Upon receiving the message, you check if the key matches. If it does, you accept the message. The issue is that if the key is the same across all devices, an attacker could reverse-engineer the device and steal the key. Once stolen, the attacker could forge messages from any device. Even worse, if the key is sent unencrypted, the attacker doesn’t need to touch the device at all—they could just eavesdrop and capture the key. This makes shared keys a weak solution.
Option 2: Public Key Encryption
Another option is to use public key encryption. A private key is stored on the device, and the device digitally signs the message. The recipient then verifies the signature using the corresponding public key. This method is much more secure than shared keys. However, the private key still exists in the device’s memory, making it vulnerable to malware. If an attacker can inject malicious software, they might extract the private key and compromise the system. While better than shared keys, this approach still has risks.
Option 3: ChipDNA Technology
ChipDNA solves the problems of traditional public-key systems by ensuring that the private key never exists in the device until it's needed. The private key is generated in hardware only when the message is ready to be signed and is destroyed immediately after. It never appears in the microcontroller’s memory, making it impossible for malware to steal.
Here’s how it works: Before deployment, the ChipDNA hardware calculates a public key based on the device’s unique characteristics. The manufacturer then signs this public key with its own corporate private key, creating a certificate that is written to the device. This certificate proves that the public key belongs to the original device.
When the device sends a message, it recalculates the ChipDNA value and uses it as a private key to sign the message. The recipient can verify the message using the public key from the certificate. This process ensures authenticity, tamper resistance, and device-specific verification.
But with millions of IoT devices in the field, managing all those public keys is a challenge. Fortunately, the recipient can request the device’s certificate directly. They verify the certificate’s signature first, then use the public key inside the certificate to validate the message. This entire process takes less than a second and is highly secure.
How safe is the system? The private key doesn’t exist until it's needed, and once used, it's destroyed. It resides only in secure, isolated hardware and never appears in the device’s memory. Even if an attacker tries to probe the chip, the measurement process alters the device’s characteristics, making it impossible to recover the private key.
Beyond authentication, ChipDNA can also be used for firmware verification, device licensing, and other critical security functions. For any application requiring absolute confidence in a device’s identity, ChipDNA offers a powerful and reliable solution.
So, when designing the next product, don’t settle for weak security. Choose the strongest protection available—ChipDNA technology. Because you can’t steal a key that doesn’t exist!
48V Power Battery,Lithium Ev Battery,Power Lithium Battery,Customized Lithium Battery
Sichuan Liwang New Energy Technology Co. , https://www.myliwang.com