DOCSLIB.ORG

AWS Nitro Enclaves User Guide AWS AWS Nitro Enclaves User Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
AWS Nitro Enclaves User Guide AWS AWS Nitro Enclaves User Guide AWS AWS Nitro Enclaves User Guide AWS AWS Nitro Enclaves User Guide AWS: AWS Nitro Enclaves User Guide Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. AWS AWS Nitro Enclaves User Guide Table of Contents What is Nitro Enclaves? ....................................................................................................................... 1 Learn more ............................................................................................................................... 1 Requirements ............................................................................................................................ 2 Considerations ........................................................................................................................... 2 Pricing ...................................................................................................................................... 2 Related services ......................................................................................................................... 2 Nitro Enclaves concepts ...................................................................................................................... 4 Enclave ..................................................................................................................................... 4 Enclave ID ................................................................................................................................. 4 Parent instance .......................................................................................................................... 4 Enclave image file ...................................................................................................................... 4 AWS Nitro Enclaves CLI ............................................................................................................... 5 AWS Nitro Enclaves SDK ............................................................................................................. 5 Cryptographic attestation ............................................................................................................ 5 Attestation document ................................................................................................................. 5 Platform configuration registers ................................................................................................... 5 KMS proxy ................................................................................................................................. 5 Vsock socket .............................................................................................................................. 6 Getting started: Hello enclave ............................................................................................................. 7 Step 1: Prepare the enclave-enabled parent instance ...................................................................... 7 Step 2: Build the enclave image file ............................................................................................. 8 Step 3: Run the enclave .............................................................................................................. 9 Step 4: Validate the enclave ........................................................................................................ 9 Step 5: Terminate the enclave ................................................................................................... 10 Using enclaves ................................................................................................................................. 11 Enclaves workflow .................................................................................................................... 11 Involved parties ............................................................................................................... 11 Data and environment preparation ..................................................................................... 11 Attestation and data decryption ......................................................................................... 12 Building an enclave image file ................................................................................................... 12 Creating an enclave .................................................................................................................. 14 Launch the parent instance ............................................................................................... 14 Create the enclave ............................................................................................................ 15 Cryptographic attestation .................................................................................................................. 16 Integration with AWS KMS ........................................................................................................ 16 Where to get an enclave's measurements .................................................................................... 16 PCR0, PCR1, and PCR2 ...................................................................................................... 17 PCR3 ............................................................................................................................... 18 PCR4 ............................................................................................................................... 18 PCR8 ............................................................................................................................... 18 How to get an enclave's attestation document ............................................................................. 19 Using cryptographic attestation with AWS KMS ........................................................................... 20 Secret data preparation .................................................................................................... 11 KMS key preparation ........................................................................................................ 20 Getting started with cryptographic attestation: KMS Tool tutorial ................................................... 21 Nitro Enclaves application development .............................................................................................. 23 Nitro Enclaves Developer AMI .................................................................................................... 23 Nitro Enclaves SDK ................................................................................................................... 23 Application development on Linux ............................................................................................. 23 Getting started with the vsock: Vsock tutorial ...................................................................... 23 Application development on Windows ........................................................................................ 25 Considerations for Windows instances ................................................................................. 26 Nitro Enclaves for Windows release notes ............................................................................ 26 Subscribe to notifications of new versions ........................................................................... 27 iii AWS AWS Nitro Enclaves User Guide Working with the vsock socket in Windows .......................................................................... 28 Verifying the root of trust ................................................................................................................. 33 Attestation in the Nitro Enclaves world ....................................................................................... 33 The attestation document ......................................................................................................... 33 Attestation document specification ..................................................................................... 33 Attestation document validation ................................................................................................ 34 COSE and CBOR ............................................................................................................... 35 Semantical validity ........................................................................................................... 35 Certificate validity ............................................................................................................ 36 Certificate chain validity .................................................................................................... 36 Security ........................................................................................................................................... 37 Shared responsibility ................................................................................................................ 37 Amazon EC2 security ...............................................................................................................
Load more

Recommended publications
  • Implementation and Analysis of Key Reinstallation Attack
    International Journal of Innovations in Engineering and Technology (IJIET) http://dx.doi.org/10.21172/ijiet.133.21 Implementation and Analysis of Key Reinstallation Attack Saba Khanum1, Ishita kalra2 1Department of Information Technology, MSIT, Janakpuri, New Delhi, India 2Department of Computer Science and Engineering, MSIT, Janakpuri, New Delhi, India Abstract- The objective of the paper is to implement and analyzed the impact of Key Reinstallation Attack (popularly dubbed as KRACK) on debian based machines. The paper elucidates on the capture of packets through the attack without being a part of the network and affecting the target machines with the help of an attack machine placed inside the network. It basically exploits the nonce of the network which ultimately paves way to the execution of the attack. The issue tends to gather more eyeballs as it affects all devices using Wi-Fi through WPA2 protocol. Hence, the catastrophe complimented along the attack is severe. The analysis of the impact is carried on by analyzing the type of packets visible as well as captured during the course of the implementation. Here, we have created a python script which identifies whether the targeted machine is vulnerable to KRACK or not and corresponding to that the packet capture starts and ultimately, the impact is measured. Keywords – KRACK, weakness, WPA2, attack, security I. INTRODUCTION The presence of the bug has been detected in the cryptographic nonce of the WPA2 and can be used to clone a connected party to reinstall a used key. The presence of the nonce is specifically intended to prevent reuse, but in this particular case, it gives malicious users the opportunity to replay, decrypt, or forge packets, ultimately enabling them to access all previously considered encrypted information without actually being part of the network.
    [Show full text]
  • CBOR (RFC 7049) Concise Binary Object Representation
    CBOR (RFC 7049) Concise Binary Object Representation Carsten Bormann, 2015-11-01 1 CBOR: Agenda • What is it, and when might I want it? • How does it work? • How do I work with it? 2 CBOR: Agenda • What is it, and when might I want it? • How does it work? • How do I work with it? 3 Slide stolen from Douglas Crockford History of Data Formats • Ad Hoc • Database Model • Document Model • Programming Language Model Box notation TLV 5 XML XSD 6 Slide stolen from Douglas Crockford JSON • JavaScript Object Notation • Minimal • Textual • Subset of JavaScript Values • Strings • Numbers • Booleans • Objects • Arrays • null Array ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"] [ [0, -1, 0], [1, 0, 0], [0, 0, 1] ] Object { "name": "Jack B. Nimble", "at large": true, "grade": "A", "format": { "type": "rect", "width": 1920, "height": 1080, "interlace": false, "framerate": 24 } } Object Map { "name": "Jack B. Nimble", "at large": true, "grade": "A", "format": { "type": "rect", "width": 1920, "height": 1080, "interlace": false, "framerate": 24 } } JSON limitations • No binary data (byte strings) • Numbers are in decimal, some parsing required • Format requires copying: • Escaping for strings • Base64 for binary • No extensibility (e.g., date format?) • Interoperability issues • I-JSON further reduces functionality (RFC 7493) 12 BSON and friends • Lots of “binary JSON” proposals • Often optimized for data at rest, not protocol use (BSON ➔ MongoDB) • Most are more complex than JSON 13 Why a new binary object format? • Different design goals from current formats – stated up front in the document • Extremely small code size – for work on constrained node networks • Reasonably compact data size – but no compression or even bit-fiddling • Useful to any protocol or application that likes the design goals 14 Concise Binary Object Representation (CBOR) 15 “Sea Boar” “Sea Boar” 16 Design goals (1 of 2) 1.
    [Show full text]
  • Decentralized Identifier WG F2F Sessions
    Decentralized Identifier WG F2F Sessions Day 1: January 29, 2020 Chairs: Brent Zundel, Dan Burnett Location: Microsoft Schiphol 1 Welcome! ● Logistics ● W3C WG IPR Policy ● Agenda ● IRC and Scribes ● Introductions & Dinner 2 Logistics ● Location: “Spaces”, 6th floor of Microsoft Schiphol ● WiFi: SSID Publiek_theOutlook, pwd Hello2020 ● Dial-in information: +1-617-324-0000, Meeting ID ● Restrooms: End of the hall, turn right ● Meeting time: 8 am - 5 pm, Jan. 29-31 ● Breaks: 10:30-11 am, 12:30-1:30 pm, 2:30-3 pm ● DID WG Agenda: https://tinyurl.com/didwg-ams2020-agenda (HTML) ● Live slides: https://tinyurl.com/didwg-ams2020-slides (Google Slides) ● Dinner Details: See the “Dinner Tonight” slide at the end of each day 3 W3C WG IPR Policy ● This group abides by the W3C patent policy https://www.w3.org/Consortium/Patent-Policy-20040205 ● Only people and companies listed at https://www.w3.org/2004/01/pp-impl/117488/status are allowed to make substantive contributions to the specs ● Code of Conduct https://www.w3.org/Consortium/cepc/ 4 Today’s agenda 8:00 Breakfast 8:30 Welcome, Introductions, and Logistics Chairs 9:00 Level setting Chairs 9:30 Security issues Brent 10:15 DID and IoT Sam Smith 10:45 Break 11:00 Multiple Encodings/Different Syntaxes: what might we want to support Markus 11:30 Different encodings: model incompatibilities Manu 12:00 Abstract data modeling options Dan Burnett 12:30 Lunch (brief “Why Are We Here?” presentation) Christopher Allen 13:30 DID Doc Extensibility via Registries Mike 14:00 DID Doc Extensibility via JSON-LD Manu
    [Show full text]
  • Interoperability for the Semantic Web: a Loosely Coupled Mediation Approach Antoine Zimmermann
    Interoperability for the Semantic Web: A Loosely Coupled Mediation Approach Antoine Zimmermann To cite this version: Antoine Zimmermann. Interoperability for the Semantic Web: A Loosely Coupled Mediation Ap- proach. Modeling and Simulation. Université Jean Monnet, 2021. tel-03163932 HAL Id: tel-03163932 https://tel.archives-ouvertes.fr/tel-03163932 Submitted on 9 Mar 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. These` d'habilitation Universite´ Jean Monnet Ecole´ doctorale 488 Sciences, Ing´enierieet Sant´e(SIS) Interop´erabilit´epour le Web s´emantique : une approche par m´ediationfaiblement coupl´ee Soutenue publiquement par : Antoine Zimmermann MINES Saint-Etienne´ Membres du jury : Olivier Boissier Professeur, MINES Saint-Etienne´ Tuteur de recherche Pierre-Antoine Champin Ma^ıtrede conf´erenceHDR, Universit´eClaude-Bernard Examinateur J´er^ome Euzenat Directeur de recherche, Inria Examinateur Fabien Gandon Directeur de recherche, Inria Rapporteur Andreas Harth Professeur, Friedrich-Alexander-Universit¨atErlangen-N¨urnberg Rapporteur
    [Show full text]
  • Authenticated Encryption Mode IAPM Using SHA-3'S Public Random
    Authenticated Encryption Mode IAPM using SHA-3’s Public Random Permutation Charanjit Jutla IBM T. J. Watson Research Center New York 10598 Abstract. We study instantiating the random permutation of the block- cipher mode of operation IAPM (Integrity-Aware Parallelizable Mode) with the public random permutation of Keccak, on which the draft stan- dard SHA-3 is built. IAPM and the related mode OCB are single-pass highly parallelizable authenticated-encryption modes, and while they were originally proven secure in the private random permutation model, Kurosawa has shown that they are also secure in the public random per- mutation model assuming the whitening keys are uniformly chosen with double the usual entropy. In this paper, we show a general composabil- ity result that shows that the whitening key can be obtained from the usual entropy source by a key-derivation function which is itself built on Keccak. We stress that this does not follow directly from the usual indifferentiability of key-derivation function constructions from Random Oracles. We also show that a simple and general construction, again employing Keccak, can also be used to make the IAPM scheme key- dependent-message secure. Finally, implementations on modern AMD-64 architecture supporting 128-bit SIMD instructions, and not supporting the native AES instructions, show that IAPM with Keccak runs three times faster than IAPM with AES. 1 Introduction Symmetric key encryption of bulk data is usually performed using either a stream cipher or a block cipher. A long message is divided into small fixed-size blocks and encryption is performed by either a stream-cipher mode or a block-cipher mode employing a cryptographic primitive that operates on blocks.
    [Show full text]
  • Healing the Fragmentation to Realise the Full Potential of The
    HealingHealing thethe fragmentationfragmentation toto realiserealise thethe fullfull potentialpotential of thethe IoTIoT Dr.Dr. DaveDave Raggett,Raggett, W3C/ERCIMW3C/ERCIM email:email: [email protected]@w3.org 2525 JuneJune 20202020 ThisThis talktalk isis supportedsupported byby thethe CreateCreate--IoTIoT CoordinationCoordination andand SupportSupport ActionAction withwith fundingfunding fromfrom thethe EuropeanEuropean CommissionCommission Investments in IoT are at risk! Eric Siow, Director, Open Web Platform Standards and Ecosystem Strategies at Intel: • IoT is a little over 10 years old • Hype has been much greater than present reality • IoT is “biting off more that it can chew” • Trying to address too many markets • Involves too many and mostly uncoordinated SDOs and SIGs 2/14 Key IoT Challenges Facing Smart Cities • Lack of coalescence around a set of complementary standards • Hinders scalability, interoperability and evolution • Need to simplify: prioritise and define requirements • Regional regulatory differences adding to the confusion • Diverse requirements impede scalability of the market • Need regulatory agencies to participate and help with standardisation requirements • Lack of interoperability wastes up to 40% of IoT value1 • Cities and technology partners may waste up to $321 billion by 20252 1. https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/the-internet-of-things-the-value-of-digitizing-the-physical-world 2. https://machinaresearch.com/news/smart-cities-could-waste-usd341-billion-by-2025-on-non-standardized-iot-deployments/
    [Show full text]
  • OCB: a Bock-Cipher Mode of Operation for Efficient Authenticated Encryption
    OCB: A Bock-Cipher Mode of Operation for Efficient Authenticated Encryption Phillip Rogaway UC Davis This work done at Chiang Mai University [email protected] http://www.cs.ucdavis.edu/~rogaway Mihir Bellare John Black Ted Krovetz UC San Diego University of Nevada UC Davis CCS-8 — Philadelphia, USA — November 8, 2001 Slide 1 Principal Goals of Symmetric Cryptography Privacy What the Adversary sees tells her nothing of significance about the underlying message M that the Sender sent Authenticity The Receiver is sure that the string he receives was sent (in exactly this form) by the Sender Authenticated Encryption Achieves both privacy and authenticity C C* Nonce M M K Adversary K or invalid K K Sender Receiver Slide 2 Why Authenticated Encryption? • Efficiency By merging privacy and authenticity one can achieve efficiency difficult to achieve if handling them separately. • Easier-to-correctly-use abstraction By delivering strong security properties one may minimize encryption-scheme misuse. Slide 3 Easier to correctly use because stronger security properties Idealized encryption OCB Authenticated encryption [Bellare, Rogaway] IND-CPA + auth of ciphertexts [Katz,Yung] [Bellare, Namprempre] IND-CCA = NM-CCA CTR, CBC$ [Goldwasser, Micali] IND-CPA [Bellare, Desai, Jokipii, Rogaway] ECB Slide 4 Right or Wrong? It depends on what definition E satisfies K A . R K A A B EK (A . B . RA . RB .sk) EK (RB) Slide 5 Folklore approach. See Generic Composition [Bellare, Namprempre] and [Krawczyk] Traditional approach to authenticated encryption for
    [Show full text]
  • Global Journal of Engineering Science And
    [Arslan, 6(3): March 2019] ISSN 2348 – 8034 DOI- 10.5281/zenodo.2599921 Impact Factor- 5.070 GLOBAL JOURNAL OF ENGINEERING SCIENCE AND RESEARCHES PRIVACY PRESERVING SECURITY MECHANISM FOR IOT BASED DISTRIBUTED SMART HEALTHCARE SYSTEM Farrukh Arslan School of Electrical and Computer Engineering, Purdue University, USA ABSTRACT Data security and privacy are one of the key concerns in the Internet of Things (IoT). Usage of IOT is increasing in the society day-by-day, and security challenges are becoming more and more severe. From a data perspective, IOT data security plays a major role. Some of the sensitive data such as criminal record, military information, the medical record of the patients, etc. Due to the size and other features of IOT, it is almost impossible to create an efficient centralized authentication system. The proposed system focused on IoT security for distributed medical record to provide perimeter security to the patient. Building trust in distributed environments without the need for authorities is a technological advance that has the potential to change many industries, the IOT is one among them. Furthermore, it protects data integrity and availability. It improves the accessibility of data by using the indexing method along with the blockchain. Moreover, it facilitate the utility of tracking the previous history of the patient record using the hyper ledger with authorization. Keywords: security, Internet of Things, Health-care, Block chain, Hyper ledger. I. INTRODUCTION Amount of information grows day by day but the security of the data is not maintained properly. Nowadays blockchain technology is very useful in IOT field such as smart cities, smart home system as well as it provides security [1].
    [Show full text]
  • Weave TLV White Paper
    Nest Weave TLV White Paper Revision 4 2020-03-04 Status: Approved / Active ​ ​ Copyright © 2020 Google LLC Google LLC Public Information APPROVED / ACTIVE Revision History Revision Date Modified By Description 1 2014-11-24 Grant Erickson Initial revision. 2 2015-02-25 Grant Erickson Final draft. 3 2015-06-03 Grant Erickson Updated quantitative analysis to include Flatbuffers. Reran all quantitative analysis using GCC 4.8.2 targeted to an ARM Cortex A9 with a hard floating point ABI. 4 2020-03-04 Grant Erickson Updated for CBOR. Rev. 4 Copyright © 2020 Google LLC 2 2020-03-04 Google LLC Public Information APPROVED / ACTIVE Table of Contents Revision History Table of Contents Summary Introduction Motivation and Rationale Target System Resources Core Message Format Application Data Representation Requirements Capable of Representing Basic Machine Types Capable of Representing Arrays Capable of Representing Structures Capable of Forward- and Backward-Compatibility Capable of Representing Optional Content Partitioned and Controlled Tag Space System Neutrality Resource Overhead Trivial In-place Access of Basic Machine Types Over-the-wire Compactness Lossless Translation to JSON Licensing and Seat Costs Market Penetration Proliferation and Quality of Infrastructure and Tools Competitive Analysis Summary JSON memcpy Google Protocol Buffers Trivial In-place Access of Basic Machine Types ASN.1 EXI Other Thrift CBOR Partitioned and Controlled Tag Space Rev. 4 Copyright © 2020 Google LLC 3 2020-03-04 Google LLC Public Information APPROVED / ACTIVE Trivial In-place Access of Basic Machine Types Flatbuffers Conclusion Appendix A: Size Analysis JSON memcpy Google Protocol Buffers libprotobuf Size Speed libprotobuf-lite nanopb Thrift Flatbuffers Weave CBOR References Rev.
    [Show full text]
  • CMU-CS-17-118 July 2017
    Secure Large-Scale Outsourced Services Founded on Trustworthy Code Executions Bruno Vavala CMU-CS-17-118 July 2017 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 Faculty of Sciences University of Lisbon 1749-16 Lisbon, Portugal Thesis Committee: Peter Steenkiste, Co-Chair Nuno Neves, University of Lisbon, Co-Chair Anupam Datta Vyas Sekar Antonia Lopes, University of Lisbon Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Copyright c 2017 Bruno Vavala This research was sponsored by Fundac¸ao˜ para a Cienciaˆ e Tecnologia (Portuguese Foundation for Science and Technology) through the Carnegie Mellon Portugal Program under grant SFRH/BD/51562/2011 (until August 2016) and the Information and Communication Technology Institute at Carnegie Mellon University, by FCT through project UID/CEC/00408/2013 (LaSIGE), by the EC through project FP7-607109 (SEGRID) and project H2020-643964 (SUPERCLOUD). The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of any sponsoring institution, the Portuguese government, the U.S. government or any other entity. Keywords: Trusted Computing, Cloud Security, Trusted Execution Abstraction, Execution Integrity, Code Identity, Large-scale Data, TPM, Intel SGX, Efficient Execution Verification, Passive Replication, Service Availability This work was partially supported by the Fundac¸ao˜ para a Cienciaˆ e Tecnologia (FCT) through research grant SFRH/BD/51562/2011 (until August 2016) and through project UID/CEC/00408/2013 (LaSIGE), by the Informa- tion and Communication Technology Institute at Carnegie Mellon University, by the EC through project FP7-607109 (SEGRID) and project H2020-643964 (SUPERCLOUD).
    [Show full text]
  • The Evolution of Authenticated Encryption
    The Evolution of Authenticated Encryption Phillip Rogaway University of California, Davis, USA Those who’ve worked with me on AE: Mihir Bellare Workshop on Real-World Cryptography John Black Thursday, 10 January 2013 Ted Krovetz Stanford, California, USA Chanathip Namprempre Tom Shrimpton David Wagner 1/40 Traditional View (~2000) Of Symmetric Goals K K Sender Receiver Privacy Authenticity (confidentiality) (data-origin authentication) Encryption Authenticated Encryption Message scheme Achieve both of these aims Authentication Code (MAC) IND-CPA [Goldwasser, Micali 1982] Existential-unforgeability under ACMA [Bellare, Desai, Jokipii, R 1997] [Goldwasser, Micali, Rivest 1984, 1988], [Bellare, Kilian, R 1994], [Bellare, Guerin, R 1995] 2/40 Needham-Schroeder Protocol (1978) Attacked by Denning-Saco (1981) Practioners never saw a b IND-CPA as S encryption’s goal A . B . NA {N . B . s . {s . A} } 1 A b a 2 a b {s . A} A 3 b B 4 {NB}s 5 {NB -1 }s 3/40 Add redundancy No authenticity for any S = f (P) CBC ~ 1980 Doesn’t work Beyond CBC MAC: regardless of how you compute unkeyed checksums don’t work even the (unkeyed) checksum S = R(P1, …, Pn) with IND-CCA or NM-CPA schemes (Wagner) [An, Bellare 2001] 4/40 Add more arrows PCBC 1982 Doesn’t work See [Yu, Hartman, Raeburn 2004] The Perils of Unauthenticated Encryption: Kerberos Version 4 for real-world attacks 5/40 Add yet more stuff iaPCBC [Gligor, Donescu 1999] Doesn’t work Promptly broken by Jutla (1999) & Ferguson, Whiting, Kelsey, Wagner (1999) 6/40 Emerging understanding that: - We’d like
    [Show full text]
  • ATAES132A 32K AES Serial EEPROM Complete Data Sheet
    ATAES132A ATAES132A 32K AES Serial EEPROM Complete Data Sheet Features • Crypto Element Device with Secure Hardware-Based Key Storage • 32 kb Standard Serial EEPROM Memory – Compatible with the Microchip AT24C32D and the Microchip AT25320B – 16 User Zones of 2 kb Each • High-Security Features – AES Algorithm with 128-bit Keys – AES-CCM for Authentication – Message Authentication Code (MAC) Capability – Guaranteed Unique Die Serial Number – Secure Storage for up to Sixteen 128-bit Keys – Encrypted User Memory Read and Write – Internal High-Quality FIPS Random Number Generator (RNG) – 16 High-Endurance Monotonic EEPROM Counters • Flexible User Configured Security – User Zone Access Rights Independently Configured – Authentication Prior to Zone Access • Read/Write, Encrypted, or Read-Only User Zone Options • High-Speed Serial Interface Options – 10 MHz SPI (Mode 0 and 3) – 1 MHz Standard I2C Interface • 2.5V to 5.5V Supply Voltage Range • <250 nA Sleep Current • 8-pad UDFN and 8-lead SOIC Package Options • Temperature Range: -40°C to +85°C Applications • Easily Add Security by Replacing Existing Serial EEPROM • Authenticate Consumables, Components, and Network Access • Protect Sensitive Firmware • Securely Store Sensitive Data and Enable Paid-for Features • Prevent Contract Manufacturers from Overbuilding • Manage Warranty Claims • Securely Store Identity Data (i.e. Fingerprints and Pictures) © 2018 Microchip Technology Inc. Datasheet Complete DS40002023A-page 1 ATAES132A Description The Microchip ATAES132A is a high-security, Serial Electrically-Erasable and Programmable Read-Only Memory (EEPROM) providing both authentication and confidential nonvolatile data storage capabilities. Access restrictions for the 16 user zones are independently configured, and any key can be used with any zone.
    [Show full text]