HDfpga: DS28CN01 1Kbit I²C/SMBus EEPROM with SHA-1 Engine

The DS28CN01 combines 1024 bits of EEPROM with challenge-and-response authentication security implemented with the Federal Information Publications (FIPS) 180-1/180-2 and ISO/IEC 10118-3 Secure Hash Algorithm (SHA-1). The memory is organized as four pages of 32 bytes each. Data copy-protection and EPROM emulation features are supported for each memory page. Each DS28CN01 has a guaranteed unique factory-programmed 64-bit registration number. Communication with the DS28CN01 is accomplished through an industry standard I²C- and SMBus™-compatible interface. The SMBus timeout feature resets the device's interface if a bus-timeout fault condition is detected. It can be used to protect your board design against piracy.

The working Mechanism

With DS28CN01, the MAC computation incorporates a random challenge chosen by the MAC recipient. Figure 1 illustrates the general concept. The longer the challenge, the more difficult it is to record all possible responses for a potential replay.

Figure 1. The challenge-and-response authentication process proves the authenticity of a MAC originator.

To prove the authenticity of the MAC originator, the MAC recipient generates a random number and sends it as a challenge to the originator. The MAC originator must then compute a new MAC based on the secret key, the message, and the recipient's challenge. The originator then sends the computed result back to the recipient. If the originator proves capable of generating a valid MAC for any challenge, it is very certain that it knows the secret and, therefore, can be considered authentic. The technical term for this process is challenge-and-response authentication.