Page 51

EETE NOV 2014

As with any system, it is only as strong as its weakest link. Whilst SHA-1 is almost unbreakable, human error plays a big part in completing the security circle. If authorisation keys are leaked or stolen, it may compromise the current circulation of authorised batteries. To date, battery technology has advanced slowly. Algorithmic security is the first viable weapon for the industry to clean up counterfeits. An improved awareness of the risks posed by fake batteries, along with an improved infrastructure and collaboration fighting chance at finishing the fakes. is fed into SHA-1, which begins to break down the decimal data into binary data. The hashing function of the algorithm then maps these bits of data to a standard length of 32-bits long. This is called a “word”. Each word is then assigned to its equivalent hexadecimal character. In this way, a message of any length, put into SHA-1, results in a standard 40 digit (160-bit) output message, called the ‘message digest’. The unique quality of using SHA-1 is that even a single character difference in the initial message will result in a completely different message digest. Due to the hashing nature of the algorithm, it is impossible to produce the same digest from two different messages and the process cannot be reversed to reveal the plaintext. So how is SHA-1 used in securing batteries? The battery manufacturer starts by randomly generating a 20 digit authorisation key. This is the message. During battery assembly, this key is written to the flash memory of the integrated on promoting algorithmic security, could give the industry a With you from start to finish. We understand that electronic product design is a journey with many challenges. As a leading manufacturer of power supplies, we are with you from start to finish, collaborating to ensure that your next project is a success. Let us be your power expert. Dc-Dc Converters www.cui.com/PowerExpert Novum® Advanced Power Ac-Dc Power Supplies circuit (IC) using SHA-1. The IC forms part of the battery’s fuel gauge. Once this part is sealed, it is no longer read/write accessible and so becomes permanently contained. OEM customers are given a copy of the authorisation key, which is held by the host device. Each time a battery is attached to the host device, the host sends a unique challenge to the battery to perform a calculation on the key stored within it, using the SHA-1 algorithm. Both the battery and the host proceed to perform the calculation within 100ms, logging the results in the system management bus (SMBus) of the battery. The host device then compares the two digests and reports on whether the battery is authorised or fake. Depending on the application, OEMs can choose what action to take when a fake battery is detected. The device could present a simple pop-up alert on screen, it could redirect to a website, report back to the OEM, or even be programmed to power-down if a fake battery is detected. The level of severity is for the OEM to decide; powering down may be appropriate for consumer devices, but may prove unethical for a life support ventilator in medical applications, where a fake battery is preferable to no battery at all. As well as eliminating counterfeit batteries, algorithmic security also has traceability benefits for OEMs and vendors. Batteries from each supplier can be assigned with different sets of keys. The host device can be programmed to work with only an authorised list of keys. By doing this, faulty batches can be identified easily and quality can be maintained. www.electronics-eetimes.com Electronic Engineering Times Europe November 2014 39


EETE NOV 2014
To see the actual publication please follow the link above