Squeeze FIPS-186 Authentication into Tiny Spaces with the DS28E30 1-Wire ECDSA Secure Authenticator

A secure microcontroller can provide significant benefits in terms of flexibility and capabilities, but extremely low-cost, resource-constrained applications like battery authentication, charge cycle tracking, accessory and peripheral authentication, and calibration don’t necessarily need all that a secure microcontroller can offer. Instead, these products may benefit from using a simple external secure authenticator like Analog Devices’ DS28E30 1-Wire elliptic curve digital signal algorithm (ECDSA) chip.

In this article, we will explore the capabilities and features of the DS28E30 and see how you can get up and running with it for your next embedded application.

What is the DS28E30 1-Wire ECDSA Secure Authenticator?

The DS28E30 is a 1-Wire ECDSA secure authenticator chip. Aside from its simple, low-power interface, the key feature of the DS28E30 is that it provides an authentication solution based on the FIPS-186 ECDSA standard. This approach combines challenge and response authentication with secure EEPROM for the storage of keys and user data and allows a resource-constrained embedded system to securely store keys and user data without needing a more costly secure microcontroller.

The DS28E30 includes elliptic curve cryptography (ECC) P-256 secure compute engine with a preprogrammed and write-protected key pair; an SP800-90B true random number generator (TRNG) that can be used for secure ECDSA nonces; a decrement-only counter; a 64-bit ROM ID; and 3 kilobits (Kbits) of secure EEPROM.

Secure Authenticator application design

Interfacing the DS28E30 with a microcontroller is relatively straightforward. The connection diagram can be seen in Figure 1. It comes in a simple four-pin wafer-level package (WLP) with a footprint of 1.36 x 1.17 millimeters (mm). As seen in Figure 1, the DS28E30 requires one pin for the 1-Wire interface, a ground pin, and two small 100 nanofarad (nF) capacitors. Designers can also optionally use a field effect transistor (FET) like the PMV65XP as a low-impedance bypass or use the PIOY pin on the microcontroller to drive the 1-Wire bus.

Figure 1: The DS28E30 has four pins, measures only 1.36 x 1.17 mm, and requires two small external capacitors. (Image source: Analog Devices)

Development boards to get started

To get familiar with the DS28E30, you can use the DS28E30EVKIT development board for evaluation and prototyping. The board has five DS28E30 devices and a USB-to-I2C/1-Wire interface adapter.

Figure 2: The DS28E30EVKIT comes with five DS28E30 devices, a 1-Wire adapter, and software to evaluate and demonstrate the DS28E30’s capabilities. (Image source: Analog Devices)

In addition to the hardware, the DS28E30EVKIT comes with the DeepCover Evaluation Kit software. DeepCover allows you to test out commands and use ECDSA functions and HMAC SHA-256. Figure 3 gives an example of how the evaluation software interface looks, along with some of its functionality.

Figure 3: The DS28E30EVKIT comes with DeepCover, a software package that interfaces to the chip to test its functionality. (Image source: Analog Devices)

Conclusion

Many low-cost, resource-constrained applications require security, but a microcontroller is often overkill. As shown, the DS28E30 1-Wire ECDSA secure authenticator chip performs key functions, yet comes in a tiny package that requires only two external capacitors. The development board also allows designers to evaluate and test it out quickly.