Battery authentication
NXP A1006 Secure Cryptographic Authenticator chip
Counterfeit batteries are a threat to your brand and bottom line
Rechargeable batteries, such as lithium ion batteries, must be engineered for both high performance
and safety. Poorly engineered batteries can result in shorter battery life and shorter operating hours,
resulting in a poor user experience. More importantly, poorly engineered batteries have been cited as the
source of system damage, fires, severe bodily harm to the user, and even death. Many of the reported
safety incidents have been attributed to counterfeit replacement batteries, which often use sub-standard
components and eliminate needed safety features.
While the best known cases of counterfeit battery safety issues may be related to notebook PC and cell
phone batteries, counterfeit batteries have been found in many other electronic devices, including digital
cameras, portable power tools, portable medical equipment, electronic cigarettes, and most recently
hoverboards. In January 2016, 16,000 hoverboards were seized by U.S. customs for counterfeit batteries. In
February 2016, Amazon stopped selling hoverboards due to “unreasonable risk of fire.” Target and Toys “R”
Us have done the same. Counterfeit batteries and chargers are widespread — one cell phone manufacturer
recently reported that up to half of all external power banks sold with their name on them were counterfeit,
estimating losses at > $100M.
Counterfeit batteries have been found in a
wide variety of consumer, medical, and industrial
products
Counterfeit batteries have been known to explode
and cause fires, and can result in injury or death.
Counterfeit chargers can cause similar problems
Figure 1. Counterfeit batteries are found in a wide variety of products and pose a potential threat to consumers.
Identifying counterfeits through authentication
Early attempts to minimize battery counterfeits involved creating unique mechanical form factors and labels
for individual products, but cloning these has become a trivial exercise and this is no longer considered a
useful deterrent to counterfeiters.
A range of electronic anti-counterfeit techniques have been evolving to provide increasing levels of security
while maintaining an affordable cost structure for the battery. These techniques range from simple digital
serial numbers to tamper resistant chips (secure elements) that use cryptographic authentication techniques
combined with anti-tampering and hacking countermeasures.
As the volume/value of the product increases, the incentive for the counterfeiter increases and a higher
security level is needed to keep down the value to the counterfeiters as well as to detect counterfeits that
do emerge. This can be seen conceptually in Figure 2, where the expected cost/loss from counterfeiting
is graphed against the cost to deploy security. For a given application, the expected cost to the business,
when measured across revenue loss, brand impact, product liability, returns, and other factors, will decrease
as higher levels of security are employed to prevent counterfeits. However, these higher levels of security
often come with an increase in solution cost, so that a company needs to judge the appropriate level of
security to balance this cost vs. the cost impact of failure. As can be seen in the diagram, a low volume, noncritical application may find a simple tracking/identification chip to be sufficient, while applications where
there is a high cost/loss impact from counterfeit batteries will find additional security beneficial.
Determining optimal security levels
Tracking /ID
Symmetrical crypto
Limited /
no security
Keys are
vulnerable
Keys are secured /
tamper resistant
Asymmetrical crypto
Asymmetrical crypto +
online revocation
Keys are secured /
tamper resistant
Keys are secured /
tamper resistant
Cost to deploy
security
Total cost
Expected business
cost from counterfeits
Lack of effectiveness
doesn’t justify cost of
less expensive solution
Optimal
Increased
security yields
limited additional
benefits
Low volumes
(Lower probability of being targeted)
Security level
Key features
Cert tracking, advanced
Online tracking
Simple
ID
Symmetrical
(Hash / SHA256)
Logical security only
Programmable
Asymmetrical (e.g. ECC)
(AES)
(Increasing key length)
Physical / tamper resistance
Figure 2. Determining optimal security levels.
2
Moving from left to right in the figure above shows increasing levels of security. At the lowest end are
simple tracking/identification solutions which store an equivalent of a silicon serial number in non-modifiable
memory. Some identification solutions add a symmetrical cryptographic challenge/response that can be
used as an additional safeguard. However, without physical anti-tampering and hacking countermeasures
built into the chip, these solutions can be readily hacked by a determined counterfeiter. Tamper resistant
solutions can be found for both symmetric and asymmetric cryptographic authentication.
Asymmetric authentication methods such as elliptic curve cryptography (ECC) are often preferred due to
two primary factors — they do not require a secure chip in the host system (only on the battery) and they
usually use different keys per device. Unlike symmetric authentication methods, which use a common shared
key and are therefore more vulnerable to scalable attacks, asymmetric solutions usually provide unique keys
per device, making the value of hacking any individual device limited.
Tracking / ID
Lower value
Higher value
Advanced
•Designed for inventory
tracking
•No security, easily
counterfeited
•Same symmetrical key
used everywhere
•Varying levels of
tamper resistance
protects key(s)
•Additional tamper
resistant security is
needed on the host
to protect the key,
increasing costs
•Key updates and
using unique keys are
difficult
•Asymmetrical keys are
used, which can be
unique per device
•Digitally signed
certificates provide
authenticity of the
unique key pair
•No secrets are stored
or shared with the host
system, eliminating the
need for a secure chip
in the host system
•In the unlikely event
that a single battery is
counterfeited, it can
be blacklisted, limiting
the value of an attack
•Certificates (and
therefore batteries)
can be expired if
desired
For typical battery authentication applications, NXP recommends a tamper-resistant secure authenticator
based on asymmetrical elliptic curve authentication. The NXP A1006 secure authenticator is optimized for
securing moderate to high volume peripherals such as batteries. It incorporates advanced tamper resistance
and hacking countermeasures, and provides certificate-based authentication using industry standard
cryptographic protocols based on elliptic curve cryptography (ECC) and Elliptic Curve Diffie-Hellman
(ECDH) challenge-response. [Note: Key length and algorithm (e.g. ECC vs. RSA, AES vs. 3DES) are much
less critical than the above design considerations.]
Battery authentication using the A1006 Secure Authenticator
Authenticating an accessory such as a battery involves pairing each of the batteries with an A1006 Secure
Authenticator IC. Each A1006 has a pre-provisioned unique asymmetrical key pair and certificate that are
securely generated and signed by NXP. The key pair contains a private key that must be protected, and
a public key that can be freely distributed (and is included in the certificate). NXP then securely ships the
A1006 chips to the customer’s manufacturing line. The customer has the option to create an additional
customized certificate that can be stored in the A1006, and used instead of the NXP certificate. This
certificate can contain additional information specific to the customer or application, and provides an
additional level of security, ensuring that only batteries controlled by the customer’s provisioning process
will operate with the intended device.
In addition, the firmware running on the host / device needs to include code that will authenticate the
A1006 on the battery, communicating through a bus such as a one-wire interface or I2C. The authentication
3
code must contain a public key corresponding to the private key used to sign the certificate embedded
in the A1006, which unlike a symmetrical solution, does not need to be protected in specialized hardware
— as it is a public key. It does need to be protected against modification; however, this can readily be
done with the same mechanisms that you would typically use to ensure that the firmware is authentic. If
the authentication is successful, the application code on the device will operate normally, otherwise it can
generate an appropriate error message and take appropriate actions such as refusing to charge the battery.
HOST
BATTERY
Unique battery
certificate
A
Unique battery
certificate
A1006
Validate
Root public
certificate/
signing key
1
Private key
A
Request certificate
Random
data
Unique
key pair
101001
100111
001010
2
Public certificate
Challenge
Application
proceeds
Validate
Provisioned and
signed by NXP.
Additional
customized cert
is available.
3
Validate response
CERTIFICATE
Public key
Serial number
Digital signature
Figure 3. Overview of the authentication process.
Figure 3 provides an overview of the authentication process. The first step (A) is provisioning the keys and
certificates. In a secure provisioning center, for each A1006, NXP generates a unique asymmetrical key pair
(public + private key), and generates the associated certificate that contains the public key, a unique serial
number, and a digital signature signed by the NXP Private Root Signing Key. The key pair and certificate
are then provisioned into the A1006 Secure Authenticator in NXP’s secure manufacturing flow. NXP delivers
the pre-provisioned chips to the customer, who can optionally add a second customized digital certificate
before inserting the chip into the battery circuit board. This certificate can contain additional information
about the application in addition to the unique ID provided by NXP. NXP provides the Root Certificate
(which contains the Public Signing Key) that must be included in the firmware on the host. Alternatively, the
customer can use their own Root Certificate in the host if they have provisioned the A1006 with the optional
second certificate.
When the provisioned battery is inserted into the device, the authentication process will occur early in the
firmware boot cycle (or upon a hot battery swap) and works as follows:
1. Request Certificate
The host sends a request (over a one-wire or I2C interface) for the A1006 unique battery certificate.
The host will validate the digital signature on the battery certificate with the Signing Key embedded
in the Root Certificate. Additional information in the certificate (e.g. serial number or other
customized information) can be used for additional validation or tracking.
4
2. Challenge
The host generates random data that is sent to the A1006. The A1006 Secure Authenticator will use
its private key to digitally sign the challenge and returns it to the Host.
3. Validate Response
The host will use the unique Battery Certificate validated in step 1 to verify the A1006’s digital
signature of the challenge using the public key in the certificate. The results of the verification will
be provided to the application firmware that will operate normally if the validation is successful,
otherwise it will generate the appropriate error message and take action based on the policies that
are set up in the host system. Additional functionality such as tracking battery expiration, types
of batteries, etc can be integrated into the application firmware based on the information in the
certificate.
A1006 Secure Authenticator benefits for batteries
The NXP A1006 Secure Authenticator offers best-in-class security features. Building on the inherent
advantages of elliptic curve cryptography, the A1006 incorporates industry-leading anti-tampering and
security attack countermeasures. Features such as on-chip memory and logic scrambling and encryption,
security routing and protection against side-channel analysis that are typically found in more expensive
secure elements used in banking and government id applications offer the highest levels of security for
this class of product. At the same time, end-to-end security provided by NXP ensures that secret keys are
protected during the manufacturing process.
The A1006 Secure Authenticator is designed to easily integrate into the overall system. Communication
options include I2C and a one-wire interface. When using the 8 kV ESD-protected one-wire interface,
the A1006 can be directly powered from the bus, eliminating the need for an additional VIN supply. With
the industry’s lowest power consumption (~ 50 µA typical), a very low power deep sleep mode and the
industry’s smallest footprint (as low as 1 mm2), the A1006 offers the ideal combination of security, ease of
integration and system performance.
NXP offers a demo board, embedded developer’s kit, and reference host code to simplify system design
and accelerate time to market. Additional information can be found at www.nxp.com/authentication.
www.nxp.com/authentication
© 2016 NXP B.V.
All rights reserved. Reproduction in whole or in part is prohibited without the prior written consent of the copyright owner. The
Date of release: May 2016
information presented in this document does not form part of any quotation or contract, is believed to be accurate and reliable and
Published in the USA
may be changed without notice. No liability will be accepted by the publisher for any consequence of its use. Publication thereof
does not convey nor imply any license under patent or other industrial or intellectual property rights.