Atlantik Elektronik, provider of innovative memory solutions, presents the W74M Authentication flash memory family from Winbond Electronics Corporation. Winbond’s Authentication flash memory product family is ideal for system designs requiring Authentication and Integrity security properties such as mobile accessories, home automation, industrial control and home. W74M enables system designers to strengthen code/data storage as well as delivers increased security with multi-layered authenticity capability for the emerging IoT devices.
The flash memory vulnerability is a problem that Winbond has solved with the introduction of the W74M family. The basic method by which Winbond secures a memory’s identity is through symmetric encryption: both host and memory know the same secret, a ‘root key’. The root key is, however, never directly transmitted between host and memory (the ‘challenger’ and ‘responder’). Instead, an encrypted message (a Hash-based Message Authentication Code, or HMAC) is generated by a combination of the root key and a dynamic element such as a random number; this combination is then processed through an encryption algorithm, the SHA-256. SHA-256 stands for Secure Hash Algorithm with a digest size of 256 bits – a cryptographic hash function published by the US National Institute of Standards and Technology (NIST) as a Federal Information Processing Standard (FIPS). It is a cryptographic function used for processing financial transactions, and is generally considered to be unbreakable in practice.
To authenticate the W74M memory, the host controller compares the value of the memory’s HMAC against the value it computes by use of its root key and the same random number processed through SHA-256. If the values match, normal memory operations can proceed.
Because the HMAC is generated in part by a dynamic element, such as a random number, the value of the HMAC is different every time it is generated. This means that attacks which succeed against a Flash memory with a conventional, fixed UID, as described above, will fail when made against a W74M memory. And because the SHA-256 function is so secure, there is in practice no risk that an attacker will be able to decrypt the HMAC to reveal the value of the root key. The W74M’s cryptographic functions are extremely secure. In addition, the root keys are stored in OTP memory space which cannot be read by an external device.
The W74M family of authentication Flash devices is available in various densities from 32Mb to 1Gb. Secure device designs which incorporate a NOR/NAND Flash IC for code storage and an external authentication IC can replace these two chips with a single W74M package.
Atlantik Elektronik GmbH