Potential application of hardware protected symmetric authentication microcircuits to ensure the security of internet of things

The paper objective is to determine the basic schemes and their characteristics for ensuring the security of Internet of Things nodes using symmetric authentication cryptographic microcircuits. The main results that had been obtained by using method of structural and functional design represent potentially possible options for using symmetric authentication cryptomicrocircuits to ensure the protection of Internet of Things nodes. The analysis of the presented schemes’ functioning made it possible to form the following conclusions. The host-side private key storage authentication scheme provides a fast symmetric authentication process, but requires secure storage of the private key on the host side. The simplest authentication scheme without storing a secret key on the host side, which does not imply the use of a cryptographic chip on the host side, provides a fast symmetric authentication process, but has a relatively low cryptographic strength, since the interaction in the system is performed without a random component in cryptographic transformations, which assumes constant the nature of requests in the system, and, consequently, the possibility of cryptanalysis of messages. To increase the cryptographic strength of such a scheme, it is advisable to introduce into the interaction system a random component in cryptographic transformations and use additional hashing procedures with an intermediate key, which leads to the complication of the scheme due to double hashing, but significantly increases the level of information security of IoT nodes. Downloading software in the system is implemented using secret encryption and authentication keys, which are permanently stored in the secure non-volatile memory of cryptographic chips of IoT nodes. In this case, session keys for encrypting the firmware code or decrypting it are generated on the client and host side, respectively. This approach allows creating unique downloads of the original firmware code (application) by preventing cryptanalysts from obtaining its images and algorithms. The peculiarity of the scheme of exchange of symmetric session encryption keys of messages are: use of a secret key stored on the side of the host and the client; the determination of the session key is performed as a result of hashing a random number with a secret key, that is, the exchange of the session key is performed in an encrypted secure form.