SNIA051 January 2023 TMP1827
Control systems often rely on inputs from sensors that can be part of a sub-system or module on a chassis or perhaps an off-board component. These components can be an ultra-high accuracy negative temperature coefficient (NTC) thermistor or platinum resistance temperature detector (RTD), which are often expensive and require additional engineering time and resources for calibration. In key industrial applications, where accurate temperature compensation is required, often a Class-AA RTD or a 0.01% tolerance NTC thermistor is used. However it is very easy to replace these expensive components with off-the-shelf RTD or NTC thermistor. Additionally, end equipment such as application or vendor specific battery-packs, medical disposables and reposables, require a mechanism by which the host controller can make sure that the plug-in module is genuine. To address the challenges and requirements of authentication, TI developed the TMP1827, a 1-wire based ±0.3°C accurate temperature sensor with integrated 2048-bit EEPROM and SHA-256-HMAC authentication engine which features:
As previously-mentioned, the host controller is not capable of distinguishing such replacement devices and can have large errors and possibly be a hazard for safety applications. This becomes even more critical in medical applications where strict standards must be met. An optimum way of detecting such replacement is by adding authentication for the replacement device using the TMP1827. The host can issue a challenge message, which is generally a set of random data bytes, to the target device and receive a response, which is the hash signature for the message. By verifying the received response to expected response, the host can now verify that the temperature sensor is authentic and the digital value can be trusted.
However, the host and the target must share a common key so that both devices can generate the same digital signature. A common method is to use the same key for all targets, which poses a problem, where if one target device key is extracted, it is possible to compromise an entire batch of target devices. Thus, it is always advisable to have a unique key per target device, which while providing enhanced security, can make the process of key generation more complicated.
Figure 1-1 shows a method to make sure the key generation is unique per target device by using cryptographic means. To simplify the cryptographic scheme, an example with the SHA-256-HMAC is used. The host reads the 64-bit unique identifier, which is factory programmed, and then mixes the identifier with a user specific secret message and keys. This results in a unique 256-bit hash for every TMP1827, which can then be programmed back to the device securely and protected by the TMP1827. However, since not every host MCU can have a SHA-256-HMAC block, the SHA-256-HMAC engine of the TMP1827 can be used in a secure environment to generate the key. Otherwise, use the software implementation available here.
Having generated and programmed the keys, in-field deployment now becomes easier. As shown in Figure 1-2, the same procedure now can be used by the host to re-generate the key and then use the key for generating the hash when writing to the TMP1827 or verifying the hash from TMP1827, without having to exchange the keys. With the use of a new challenge-response data payload for every transaction, the host can dynamically change the expectation from the target device, thus counteracting a replay attack model.
The TMP1827 is a unique ±0.3°C accurate temperature sensor, with an integrated SHA-256-HMAC authentication engine, which can allow industrial applications such as heat-cost allocators and cold-junction compensation, that depend on accurate temperature measurements to securely read temperature and update key system calibration contents in the 2048-bit EEPROM, while at the same time deterring counterfeits and evading tampering of the end equipment.