Re: Authentication on both sides
Date: 13 Nov 2005 15:20:46 -0800
Milan VXdgsvt wrote:
> How about this:
> A (the PC) and B (the device) share a secret key K, same for all the
> devices and for the lifetime...
> 1. A sends a random number R1 to B (the device).
> 2. B sends back C1=AES(K,R1), sends back a random number R2.
> 3. A checks that C1=AES(K,R1), sends back C2=AES(K,R2).
> 4. B checks that AES(K,R2)=C2.
> 5. Both A and B perform X:=(R1 xor R2) and use the X to initialize the
> counter for AES(K,.) in CTR mode.
> 6. Any further communication is performed through the CTR-AES tunnel.
Thanks. But this brings me to another question. With enough tools
and a little PC program and many reset signals to B(the device), we can
get many (R1, C1) pairs. And is that possible for attackers to get
information in acceptable time to break the cipher?
> > In order to have hardware (not user) authentication takes quite a bit
> > of work. It becomes necessary for you to attach a second tamper-proof
> > (actually tamper-resistent) IC
> Typical processors can be "locked" so that you cannot read the code.
> You can only erase it completely, then reprogram with your code.
I have found one article talking about this.
And then I have found other articles regarding to this too.
The lock bit the MCU offers seems to be insecure according
to this article. Maybe to achieve higher level of protection,
the careful design of IC is needed. However this is beyond
Thanks for your proposing method. :)