DS1991L multi-key iButton alternative

DS1991L multi-key iButton alternative

Abstract: The DS1991L multi-key iButton is produced by Maxim ’s 6-inch fab. The fab ’s production process is outdated and no longer used. The password protection provided by DS1991L is no longer a new technology in the field of data security. Maxim has developed a lower cost alternative to the DS1991L with a higher security level. Therefore, in order to reduce the development cost when upgrading old equipment to a new production process, Maxim launched the last purchase process of DS1991L and encouraged all DS1991L users to migrate the product to a newer, safer iButton before the existing inventory was used up Device. This application note discusses three options for replacing existing DS1991L applications. Each alternative has better performance.

DS1991L overview and background data password protection no longer belong to advanced technology. The biggest flaw of the system based on password protection is that the password can be deciphered by eavesdropping on the communication.

Since DS1991L does not provide any write protection function, a malicious attacker can easily tamper with the key information (identification, password, data), causing the device to fail in the application. Devices with challenge-response authentication and application data encryption have become more secure and cost-effective alternatives.

In the DS1991L application, the 1-Wire® host must know how to identify the relevant key and must know the corresponding password. Before using DS1991L, the identification code, password and key data must be installed. After this, the device can be operated on site, and it is often necessary to read the key data and replace the key. One of the advantages of the device is the NV SRAM technology with built-in battery. Even if the host (reader and reader) is powered off, it can ensure that the copy process from the temporary memory to the encrypted data area is not affected.

DS1991L Alternatives Three iButtons can be used to replace DS1991L. The three devices are DS1977, DS1961S and DS1963S. Table 1 lists these three devices and DS1991L and their characteristics comparison.

DS1977 is similar to DS1991L, with a password protection function, the characteristics of the two are very close. DS1961S and DS1963S use SHA-1 based authentication scheme, that is, encryption measures. Without encryption, application data is public and can be read. DS1961S and DS1977 use EEPROM technology, DS1963S uses NV SRAM technology.

Table 1. Device comparison
Device model
characteristic DS1991L DS1977 DS1961S DS1963S
User memory 3 x 48 bytes, called the key 32K bytes 128 bytes 8 x 2 pages, 32 bytes per page (512 bytes in total)
safety Three independent 8-byte passwords (each password corresponds to a key), the same password for read and write operations Two 8-byte passwords (one for read operations and one for full access) An 8-byte key for secure write operations Eight 8-byte keys
Data management Three 8-byte key marking areas (one key for each area) Recommended 1-Wire file system Recommended 1-Wire file system Recommended 1-Wire file system
Data buffer for intermediate storage and data verification 64-byte scratchpad 64-byte scratchpad 8-byte scratchpad 32-byte scratchpad
Certification — — 3-byte challenge code; 20-byte MAC code response 3-byte challenge code; 20-byte MAC code response
Write operation counter 0 0 0 16 (8 for memory pages, 8 for keys)
Craftsmanship NV SRAM EEPROM EEPROM NV SRAM
power supply Built-in battery Host parasitic power supply Host parasitic power supply Built-in battery
1-Wire rate Standard rate Standard rate and high speed mode Standard rate and high speed mode Standard rate and high speed mode
Relative cost¹ — Higher than DS1991L Well below DS1991L Slightly higher than DS1991L
temperature range -40 ° C to + 70 ° C -40 ° C to + 85 ° C -40 ° C to + 85 ° C -40 ° C to + 85 ° C
other functions When the passwords do not match, the pseudo-random number generator generates false data Can work without password protection Memory and key with write protection; EPROM emulation mode Pseudo-random number generator; can be used as a SHA-1 coprocessor
¹For actual product prices, please refer to the ordering information and the pricing information on the Maxim website.

Compared with DS1991L, DS1977 password-protected 32KB EEPROM iButton has larger memory capacity (32KB), supports 1-Wire high-speed mode and uses two passwords, one for read operation and the other for full access operation. The password protection function of DS1977 can be prohibited, so that it can be used for devices that do not require security protection. Although the cost is higher than DS1991L, from the perspective of single-byte cost, DS1977 has the lowest cost among all alternative models and DS1991L.

Because of the use of EEPROM, the 1-Wire master in the DS1977 application must be able to achieve a strong pull-up to provide power for read and write operations. In a contact operating environment, it may cause errors in read operations, and additional protective measures are required during write operations. If password protection is enabled, the 1-Wire master must know at least one password (read operation or full access). For any system based on password protection, the password can be finally deciphered by eavesdropping on the communication.

Before using DS1977 for password protection, you must install a password and enable the password protection function. In order to optimize the use of mass storage, it is recommended to format and use the storage according to the 1-Wire file system (refer to Application Note 114: "1-Wire File Structure"). Then write the application file (or data) to DS1977. After the write operation is complete, the device is ready for storage area operations, that is, it can access the memory data and change the data.

In order to upgrade the current DS1991L application to DS1977, the corresponding application program needs to be changed to identify the new device, device command, and put in a strong pull-up state at the correct time to power the device. Generally, it is recommended to disable the password protection function before changing the password. When installing the password, you must ensure that all 8 bytes of the password have been defined. Before sending the Copy Scratchpad command, you need to verify the contents of the scratchpad. After the new password is successfully copied from the scratchpad to the corresponding storage area, the contents of the scratchpad should be overwritten with different data in order to erase the password reserved in the "open space". In order to operate reliably in a contact operating environment, it is strongly recommended to design in accordance with the measures to ensure data integrity in Application Note 159: "Realizing Reliable 1-Wire Communication by Software Methods in iButton Applications."

DS1961S with SHA-1 engine 1K bit protection EEPROM iButton DS1961S is much more secure than DS1991L. DS1961S uses EEPROM and supports 1-Wire high-speed communication mode. Unlike password-based systems, the device's security functions are based on the installed key, and it is never transferred between storage areas (exposing information). The key can be device-specific information, such as: using the host key, memory data, registration code, and constants to calculate the key according to the SHA-1 algorithm. Except for the key, all data stored in DS1961S is open for reading. However, you need to know the key when writing. Data encryption is required to prevent the public from accessing the data stored by the device. These three alternative models, including the DS1991L, have the lowest cost of the DS1961S. Due to the use of EEPROM, DS1961S can obtain power supply from the 1-Wire master. In the contact operating environment, the write operation of the device is slightly higher than the NV SRAM device, and the risk of data corruption is slightly higher.

In an environment with a 5V power supply and a pull-up resistance of 2.2kΩ or less, the 1-Wire master in the DS1961S application does not require any special power supply measures. If the pull-up voltage is lower than 5V, the pull-up resistance should be reduced (for the most convenient method, see Application Note 4255: "Powering the Extended Functions of 1-Wire Devices"), or use a strong pull-up to provide write operations and device operation Extra power required by the SHA-1 engine. The DS1961S host must know or be able to calculate the required key in order to verify that the DS1961S is a legitimate user of the system, so that the EEPROM data can be changed. Instead of calculating its own SHA-1 MAC code (information authentication code), the host can use the DS2460 SHA-1 coprocessor with EEPROM.

Before using DS1961S, the device key must be defined and installed. The calculated key is more secure than a fixed key (constant) similar to the loaded password. Second, the data required by the application must be written to the device. For relatively small-capacity memory, you can choose to use the 1-Wire file system. If applicable, single pages or all memory pages and keys can be write-protected to prevent changes during use. You can also put one of the memory pages in EPROM emulation mode, in which the corresponding bit can only change from 1 to 0; this function is very useful in some applications. After the initial setup is complete, the DS1961S is ready for on-site operations, that is, accessing memory data and rewriting data.

To upgrade an existing DS1991L application to DS1961S, the following two changes are required: Modify the application software so that it recognizes the new device and knows how to use it. If you work in a low-voltage environment, you must activate the strong pull-up function through software to provide the required power for calculating and installing new keys, calculating page MAC, and updating EEPROM. Always verify the scratchpad before sending the Copy Scratchpad command. In order to ensure reliable operation in a contact operating environment, it is strongly recommended to design in accordance with the measures to ensure data integrity in Application Note 159 (see above). For additional information on SHA-1 security, please refer to the list of application notes at the end of this document. It should be emphasized that the application note 1820: "White Paper 1: SHA Devices Used in Small Cash Systems" describes the use of DS1961S as a token in electronic payment applications.

The security of DS1963S SHA iButton DS1963S is much higher than that of DS1991L. The DS1963S uses NV SRAM to count write operations on memory pages and keys, and supports 1-Wire high-speed communication mode. The DS1963S is similar to the DS1961S and uses a key for authentication; the key is installed but will never be transferred between storage areas (exposed information). The device supports 8 keys, each key corresponding to two memory pages. These keys can be device-specific information, such as the key calculated by the SHA-1 algorithm using the host key, memory data, registration code, memory page number, and constants. In addition to the key, the data stored in the DS1963S can be opened for reading. In order to prevent the public from accessing the data stored in the device, data encryption is required. The difference between DS1963S and DS1961S is that the data of DS1963S can be changed without knowing the key; the device's memory page or key does not have write protection. The cost of DS1963S is lower than that of DS1977; if four or more applications share a DS1963S, the cost of each application is lower than other alternative models. Due to the use of NV SRAM, the power required for read operations, write operations, and SHA-1 calculations is provided by the internal battery. This feature is very beneficial for write operations. Once the Copy Scratchpad command is accepted, even if the device is disconnected from the host, it will not affect the data transfer to the memory page or key.

The memory data of DS1963S can be modified without knowing the key. Therefore, the application data space provided by some devices must be reserved for storing "signatures" in order to verify the validity of the application data. After the device is authenticated by challenge-response, other authentication operations must be performed, using the internal key of the memory page for verification. The signature can be a 20-byte SHA-1 MAC code. The key is used to calculate the signature data and is usually not stored in the DS1963S; in addition to the device authentication key, the host must know the signature key in order to verify the data and generate verification data to be written to the device. Unlike calculating its own SHA-1 MAC, the host should use the DS2460 SHA-1 coprocessor with EEPROM. At the address where the old data is stored (for example, after completing a payment in an electronic payment application), in order to prevent reply attacks, the calculation of the embedded signature must include the page write operation count value.

Before using the DS1963S, you must first define and install the device authentication key. The calculated key is more secure than a fixed key (constant) similar to the loaded password. Second, the required data, including the valid embedded signature used for data authentication, should be written to the device. To allow multiple applications to share a DS1963S, the 1-Wire file system is recommended. After the initial setup is complete, the DS1963S is ready for on-site operation, that is, you can access the memory and change the data.

To upgrade the existing DS1991L application to the DS1963S, the application software needs to be modified to identify the new model, understand the command, identify the corresponding data page (multiple pages), and verify the validity of the device and its stored data. Typically, when the application changes the data in the storage area, it needs to calculate and embed a valid signature in the new data page. Always verify the scratchpad before sending the Copy Scratchpad command. In order to ensure reliable operation in a contact operating environment, it is recommended to design according to the measures in Application Note 159 on ensuring data integrity. For more information about SHA-1 security, please refer to the list of application notes at the end of this document. It should be emphasized that the application note 1820 describes the use of the DS1963S as a token and SHA-1 coprocessor in electronic payment applications.

Solution Selection Each of the above alternative devices requires changes to existing software (such as DS1977) or development of new software. DS1977 requires (DS1961S may require) to upgrade the 1-Wire master to support strong pull-ups in order to provide sufficient power. Table 2 lists the advantages and disadvantages of each alternative.

Table 2. Alternatives
DS1977 DS1961S DS1963S
Required host hardware changes Increase strong pull Increase strong pull-up (if necessary) no
Application software changes Modify existing software Need to develop new software Need to develop new software
advantage • Memory capacity is much larger than DS1991L, DS1961S and DS1963S

• Independent passwords for read operations and full access
• Lowest cost

• Unable to capture password

• Write operation needs to know the device key

• Based on challenge-response authentication and secure write operations, support higher security levels
• Unable to capture password

• Based on challenge-response authentication, data embedded signature and write operation count value, support higher security level

• Up to 8 programs can share the same device
Disadvantages • Safety is similar to DS1991L

• A single program or multiple programs share the same key
• A single program or multiple programs share the same key • Data can be changed or invalidated without a key

If the hardware cannot be modified (strong pull-up), the DS1977 cannot be used as a replacement product.

If the hardware interface cannot provide enough current to support DS1961S communication, DS1963S is the only option. Because the security of the device is based on a key (not a password), the DS1963S is more secure. If four or more applications share the same device, the cost performance is higher. The application software of DS1963S is more complicated, but the speed will not be lower than DS1991L, because the device supports 1-Wire high-speed communication mode. The disadvantage of DS1963S is that each program has a lower data capacity due to the embedded signature. However, a single program can use multiple data memory pages and keys to compensate for this deficiency.

If the system can choose a strong pull-up or no strong pull-up, DS1961S is a cost-effective choice. Because the principles of DS1977 and DS1991L are the closest, the software changes are minimal using this device.

Summary This application note discusses the three devices that replace existing DS1991L applications and the advantages of using new technologies. Each device requires modification of the application software (in some cases the changes are larger) and modification of the 1-Wire host hardware (except for DS1963S, DS1961S is not required in some cases). Despite the large software changes, the application based on SHA-1 certification has higher security, and the cost performance is higher than DS1991L. Using the DS2460 SHA-1 coprocessor helps simplify the software changes required to implement the SHA-1 security algorithm.



Supplementary documents
Application Note# title Comment applicability
114 1-Wire File Structure Detailed description of the 1-Wire file system. All memory iButtons; not suitable for DS1991L
152 SHA iButton Secrets and Challenges Challenge-Respond to suggestions for using keys and challenges in the application. DS1961S, DS1963S
159 Realize reliable 1-Wire communication by software method in iButton application Software instructions for achieving reliable iButton communication in a contact environment. All memory iButton
190 Challenge and Response with 1-Wire SHA devices Challenge-response certification overview. DS1961S, DS1963S
1098 White Paper 3: Why are 1-Wire SHA-1 devices safe? Various attack methods are introduced to explain how SHA-1 prevents these attacks. DS1961S, DS1963S
1099 White Paper 4: Glossary of 1-Wire SHA-1 Terms Interpretation of technical terms related to challenge-response certification. DS1961S, DS1963S
1201 White Paper 8: Overview of 1-Wire SHA-1 SHA-1 security instructions and other information. DS1961S, DS1963S
1820 White Paper 1: SHA Devices Used in Small Cash Systems Describe the application of DS1961S and DS1963S in the financial field in detail, and provide detailed example flowcharts. DS1961S, DS1963S
4255 Powering the extended functions of 1-Wire devices Design guidelines for powering 1-Wire devices. DS1977, DS1961S

Stellar provides industrial motherboards, Android motherboards, Windows motherboards, and LCD module kits according to the different needs of customers. LCD kit includes: LCD panel, AD board, inverter board and backlight cable, OSD button and cable, LVDS cable, touch screen, optical bonding, industrial keyboard, etc.

Industrial Motherboard

Indusrial Motherboard,Windows Motherboard,Android Mainboard,Pc Motherboard

Shenzhen Hengstar Technology Co., Ltd. , https://www.angeltondal.com