4 Enhance the Security Level of BQ26100 SHA-1 Authentication

As a dedicated authentication device, one advantage of BQ26100 is that it can prevent physical hack. This is achieved by the dedicated and special process of BQ26100. So, we can make use of this advantage to enhance the security level of BQ26100 SHA-1 authentication. Figure 4-1 shows a modified flow of SHA-1 authentication.

In the modified flow of SHA-1 authentication, there is one more BQ26100 in the host side. With this additional BQ26100, the MCU in the host side doesn’t need to store the keys in the flash. This can avoid the risk of hacking in the MCU to get the keys. Thus, can enhance the authentication security of BQ26100.

The flows are:

1. Both BQ26100 in the host side and slave side store the same keys.
2. MCU generates 20 bytes random number as challenge. And also send to both BQ26100, as shown in Figure 4-1 with green arrows
3. Both BQ26100 in the host side and slave side use the same key, the same challenge, the same function SHA-1 to calculate the 20 bytes digest respectively.
4. MCU read the digests from both BQ26100 in the host side and slave side respectively, as shown in Figure 4-1 with blue arrows.
5. Host does not need to calculate the digest, but just compares the two returned digests.
6. If the two digests are matched, then consider the slave is qualified.