ATAES132-SH-EQ-T Atmel, ATAES132-SH-EQ-T Datasheet - Page 13

ATAES132-SH-EQ-T

Manufacturer Part Number

ATAES132-SH-EQ-T

Description

EEPROM AES 32Kbit EE SPI

Manufacturer

Atmel

Datasheet

1.ATAES132-SH-EQ.pdf (166 pages)

Specifications of ATAES132-SH-EQ-T

Rohs

yes

Maximum Clock Frequency

10 MHz

Operating Supply Voltage

6 V

Maximum Operating Temperature

- 40 C to + 85 C

Mounting Style

SMD/SMT

Package / Case

SOIC-8

Interface Type

SPI

Factory Pack Quantity

4000

Current page: 13 of 166
Download datasheet (2Mb)

3.1.

3.1.1.

3.1.2.

3.2.

3.2.1.

3.3.

Security Features

All ATAES132 security features are optional. Each feature is enabled or disabled by programming configuration bits in the

EEPROM configuration memory. Each user zone, key, and counter is separately and independently configured.

This section describes the ATAES132 security features and cryptographic capabilities. The functionality associated with each

portion of the memory is described in Section 2.

Architecture

The ATAES132 contains all circuitry for performing authentication, encryption and decryption using keys stored securely in the

internal EEPROM. Since the secrets are stored securely in the ATAES132, they do not have to be exchanged prior to

executing cryptographic operations.

The ATAES132 has fixed cryptographic functionality; it is not a microcontroller and cannot accept customer firmware. The

ATAES132 contains a hardware AES cryptographic engine and has a fixed command set. Although the functionality is fixed, it

is also flexible because each feature is enabled or disabled by the customer by programming registers in the EEPROM

configuration memory. After personalization is complete, fuses lock the configuration so that it cannot be changed.

AES

The ATAES132 cryptographic functions are implemented with a hardware cryptographic engine using AES in CCM mode with

a 128 bit key. AES-CCM mode provides both confidentiality and integrity checking with a single key. The integrity MAC

includes both the encrypted data and additional authenticate-only data bytes as described in each command definition. Each

MAC is unique due to inclusion of a nonce and an incrementing MacCount register in the MAC calculation.

See Appendix I for information about how the AES computations are performed. Hyperlinks to the AES standard are provided

in Appendix A.

Hardware Security Features

The ATAES132 chip contains physical security features to prevent an attacker from determining the internal secrets. The

ATAES132 includes tamper detectors for voltage, temperature, frequency, and light as well as an active metal shield over the

circuitry, internal memory encryption, and other various features. The ATAES132 physical design and cryptographic protocol

are designed to prevent or significantly complicate most algorithmic, timing, and side channel attacks.

Authentication

The authentication commands utilize AES-CCM to generate or validate a MAC value computed using an internally stored key.

The command set supports both one way and mutual authentication. One ATAES132 device can generate packets for

authentication of a second ATAES132 device containing the same key. The internal authentication status register remembers

only the most recent authentication attempt. A user zone can be configured to require prior authentication of a designated key

before access to the user zone is permitted.

Key Authentication

Individual keys can be configured to require a successful authentication prior to use. This requirement can be used to prevent

some kinds of exhaustive attacks on the keys. The authentication requirement can be chained to require authentication of

several keys prior to allowing a particular operation. The internal authentication status registers remember only the most

recent authentication attempt.

Encrypted Memory Read/Write

A user zone can be configured to require an AES-CCM encryption for the EEPROM read or write operations. If encryption is

required for write access, then the MAC is validated before the received (encrypted) data is written to the EEPROM. If

encryption is required for read access, then the ATAES132 encrypts data when it is read from the internal EEPROM and

generates an associated integrity MAC.

Atmel ATAES132 Preliminary Datasheet

8760A−CRYPTO−5/11

ATAES132-SH-EQ-T Atmel, ATAES132-SH-EQ-T Datasheet - Page 13

ATAES132-SH-EQ-T

Specifications of ATAES132-SH-EQ-T

Related parts for ATAES132-SH-EQ-T