3.13. Auth Objects : ECKey¶
ECKey is secure channel protocol tailored for secured authentication and communication between a Host and a connected SE.
Please contact NXP CAS/FAE for the specification of ECKey.
- The Secure Channel Protocol consists of two logical phases:
Authentication phase
Secure messaging phase
3.13.1. ECKey - Keys Used¶
The table below gives an overview of the required keys and their presence at SE and Host as required for the ECKey setup, authentication phase
key |
SE |
Host |
Purpose |
---|---|---|---|
SK.SE.ECKA |
√ |
Static SE key pair for Key Agreement Private key |
|
PK.SE.ECKA |
√ |
√ |
Static SE key pair for Key Agreement Public key |
SK.Host.ECDSA |
√ |
Host signing key pair Private key |
|
PK.Host.ECDSA |
√ |
Host signing key pair Private key |
|
eSK.Host.ECKA |
√ |
Ephemeral private key of the Host used for key agreement |
|
ePK.Host.ECKA |
√ |
Ephemeral public key of the Host used for key agreement |
3.13.2. ECKey - Use for connection / authentication¶
- Authentication Phase:
In the Secure Channel authentication phase, a Host-generated ephemeral key pair, the static SE key pair and SE-generated random data are used to compute a shared master secret
The Host generates an ephemeral ECC key pair and exchanges the public key component ePK.Host.ECKA with the SE. The ePK.Host.ECKA is signed to prove its authenticity.
Both the Host and the SE compute the shared secret ShS from (eSK.Host.ECKA , PK.SE.ECKA) and (SK.SE.ECKA, ePK.Host.ECKA) respectively.
The SE generates random bytes DR.SE and exchanges this with the Host.
Both the Host and the SE compute the shared master secret MK from the shared secret ShS and random bytes DR.SE.
- Optionally:
Both Host and SE compute the Key-DEK.
Both Host and SE compute the S-RMAC session key (used for the receipt).
Both Host and SE compute the receipt.
The Host verifies the receipt.
- Secure Messaging phase:
In the Secure Channel secure messaging phase, first a setup is performed, where the shared master secret is used to compute the AES session keys (S-ENC, S-MAC and S-RMAC) and initialize the encryption counter
Both the Host and the SE compute the AES session keys from MK.
Both the Host and the SE apply an OWF to MK. Note that this is performed after the validation of the command’s C-MAC (to exclude DOS attacks on the SE).
Both the Host and the SE initialize the encryption counter to 1 for the first command/response with C-DECRYPTION or R-ENCRYPTION.
After the secure messaging setup has been performed, the AES session keys are employed to realize SCP03 secure messaging between Host and SE
Command APDUs are MACed.
Response APDUs are optionally MACed.
Command and response APDUs are optionally encrypted. For each command/response with C-DECRYPTION or R-ENCRYPTION, the encryption counter is incremented.
The phases inclusive the optional Key-DEK and receipt are shown in the figure below
