Friend or foe: Battery-authentication ICs separate the good guys from the bad
All battery packs are not created equal: Unauthorized after-market packs may contain cells that can self-destruct when you charge them at the higher voltages that new lithium-ion technologies demand. Battery-authentication ICs use advanced security methods to weed out counterfeits.
By Margery Conner, Technical Editor -- EDN, February 2, 2006
| AT A GLANCE |
| After-market battery packs may be unable to handle the higher charging voltages that new lithium-ion technologies require, potentially leading to unsafe, explosive conditions.Host systems need to authenticate battery packs before recharging.Authentication ICs handle the complexity of using security algorithms to validate packs. |
|
Sidebars:
A primer on security cracking |
Battery packs for consumer applications, such as cell phones and laptops, continue to move further away from the one-size-fits-all category. The responsibility for ensuring that only compatible packs plug into recharging systems again belongs to the system designer to authenticate a battery pack before charging it. To decide which authentication scheme is right for your design, you need to weigh the cost, size, and security level that chip vendors' authentication approaches are now offering.
Battery-pack authentication is necessary because the lithium-ion cells that are the building blocks of all such packs are changing, and, although they still may have the same physical dimension, their input charging voltage and required charging rates are changing and fragmenting across markets (Reference 1). If the cells charge at the wrong voltage or too quickly, they may explode. Vendors can ship their products with the proper battery pack, only to find that customers go the after-market route to replace or back up battery packs because after-market packs are easy to find and usually cheaper. Counterfeit battery packs pose a threat to user safety (Reference 2).
In 2004, cell-phone manufacturers Kyocera and LG both had to recall branded, counterfeit battery packs that lacked the necessary overcharging circuits to prevent overheating and explosions. To combat such problems, one cell-phone manufacturer, Nokia, places holograms on its approved battery packs. Customers can check the code on the hologram online to verify whether a part is genuine. However, this approach assumes that the customer shares the manufacturer's concern about the battery pack's quality and authenticity and can evaluate the authenticity of the hologram label. A more active approach to verifying packs is to build authentication into the charging system (see sidebar "A primer on security cracking").
The lowest level of authentication is to verify that the battery works basically as a user expects. To perform such authentication, place a resistor into the pack and measure the voltage drop. The next level relies on reading a code in the pack that contains parameters such as battery ID, manufacturing date, and cell voltage. These parameters are easy to read and duplicate, however. The highest level of security uses a challenge-response procedure between the system host and a cryptographic-authentication IC in the battery pack (Figure 1). The host system can be an external, separate battery-pack charger, but, for cell phones and laptops, the battery pack usually charges while it's in the device rather than in an external charger. The authentication IC within the battery pack answers the host query with a response that its security algorithm and a secret key code in the device determine.
Authentication ICs' security level depends on the complexity of their encoding algorithms. The three popular techniques that authentication ICs use are CRC (cyclic redundancy check), SHA-1 (Secure Hash Algorithm-1), and proprietary vendor algorithms (Table 1).
Hashing or encryption
Hashing algorithms calculate a signature for the system inputs and are not, strictly speaking, encryption algorithms, although people commonly refer to them as such. Encryption algorithms are two-way, allowing unlimited encoding and decoding of data streams. Hashing functions are one-way: You can't regain the input data from the signature. The NIST (National Institute of Standards and Technology) created the SHA-1 (pronounced "Shaw-one") hashing algorithm, the most popular security algorithm. It powers the NIST's digital-signature standard (references 3 and 4).
New ICs are offering this algorithm, measuring how seriously companies are taking battery authentication. Previously, they would have considered this feature as overkill for this application. For example, Maxim has introduced the DS2704, a SHA-1 based device, as an upgrade from the DS2502, which provides ID information only with no encryption. The DS2704 is backward-compatible with the 2502 instruction set and has an additional page of EEPROM for storing battery-condition information, such as amount of charge.
SHA-1's high security level comes at a cost: The die for such a chip must be larger because of the more complex algorithm. Jon Qian, senior member of the technical staff at Texas Instruments, which makes the CRC-based bq26150 IC, defends the CRC as a cost-effective security measure: "SHA-1 is well-known; banks use it for financial transactions, but this level of complexity requires a bigger die and more internal memory. CRC-based authentication is still difficult to break but still gives a decent die-size implementation." He concedes that high-security requirements warrant SHA-1. For example, TI plans to introduce the SHA-1-based bq26100 chip in the second quarter.
Arman Naghavi, vice president of Intersil's Handheld Power group, says that determining the amount of security you need requires balancing the life of a consumer product and the cost of the security feature. You can think of the robustness of a security algorithm in the years of computer processing it takes to break it. Intersil's ISL9206 uses the company's proprietary Flexihash+ security algorithm; Naghavi claims that it would take three Pentium 4 processors 10 years to break the code. Consumer products with a typical lifetime of a few years don't warrant such an effort.
Security isn't free
Battery packs for consumer devices are cost-sensitive. Ken Dietz, senior applications engineer in Microchip's Security, Microcontroller, and Technology Development Division, suggests that, although battery-pack manufacturers are moving to higher security levels for battery packs, both the size and the price of the circuit still constrain them. "Battery-pack manufacturers ask us: What is the smallest device they can use, what algorithm they can fit onto that device, and how much will it cost to implement the design?" he says. Microchip offers its proprietary KeeLoq algorithm, which the automotive industry has for 10 years used for key fobs. A true encryption scheme, rather than a hashing algorithm, KeeLoq can fit into just 47 code words, allowing the algorithm to fit into Microchip's PIC 10F (Picture), which the company claims is the world's smallest microcontroller. In a six-pin SOT-23 package, it costs about 49 cents (volume quantities).
|
All authentication-IC vendors emphasize that poor security of a company's internal codes can stop the strongest security algorithm in the world. One of Microchip's customers keeps its secret key in an 8×8-ft vault with 3-ft-thick walls, and only two people in the company have vault keys. Gene Armstrong, managing director of thermal and battery management for Maxim, agrees that SHA-1 security depends on keeping the 64-bit key code secure: If someone within the company can steal the key, then no attempts to crack the algorithm are necessary. He explains how the DS2704 security fits into the supply chain: The company ships the part with a programmed, 64-bit key that is not the ultimate secret key. The battery-pack manufacturer assembles the IC into the pack and, as part of the assembly process, issues a challenge to the part and receives a response. The next step in the assembly process is that the process issues a command, "Compute next secret," which becomes the final key the company stores in the pack. "You can implement your supply chain so that no one source has the secret," he says.
| References |
|
| A primer on security cracking |
|
Gene Armstrong, managing director of thermal and battery management for Maxim, lists several ways to attack a security system for a battery pack: "One attack method is to use brute-force computing: You issue a challenge, review the response, and emulate that function on a very fast computer, looking for the secret key that generated that challenge-response pair. The problem with brute force is that it takes 280 years to find a 64-bit secret. A 3-GHz processor can execute a SHA-1 test in about 220 nsec. To check all combinations would require 3.912 sec, or about 125,000 years. Even when 10,000 engines are running in parallel at 3 GHz, this method doesn't guarantee a match for 12.5 years." A second technique, side-channel attack, looks for a manufacturing-test mode to exploit. Armstrong points out that Maxim's DS2704 has no test modes that read the secret: For test, Maxim looks at an AND of all the bits and an OR, to ensure that that portion of the IC is working. A third type of attack would be a physical one. Maxim bases its parts on a three-metal process, with a final metallized-silicon layer, making it difficult to read even with an electron-beam microscope. |
Intersil: www.intersil.com
Maxim Integrated Products: www.maxim-ic.com
Microchip: www.microchip.com
Micro Power: www.micro-power.com
Texas Instruments: www.ti.com
-
In addition to my first post. By the way what is happening to Methanol Fuel Cells, or how about a butane fuel cell? Butane Lighters have been around for years and are easily recharged (refilled).
Lyle Thompson - 2007-8-1 06:19:00 PST -
Do you know why rechargeable batteries fail? They DRY OUT!
Have you ever asked what: ''VENTING, SELF RESEALING'' means? During the charging process some water in the electrolyte is broken down to Hydrogen and Oxygen. There is a catalyst inside that is suppose to recombined the O2 & H2 back water. This is not perfect. Eventually the pressure builds up and the vent opens to prevent the cell from busting, without any liquid electrolyte leaking. The vent reseals. After about 1000 recharges
(depending on charge rate and temperature) so much O2 & H2 (i.e.: water), is lost that electrolyte dries out and can not function.
Some years ago I did some experiments with AA cells. I drilled a small hole near the top. just big enough to insert a hypodermic needle. I could added 1 to 2 cc of distilled water, and restore the cell to full capacity. However I could not seal the hole so the Potassium Hydroxide (KOH) would leak. What we real need is an epoxy that can withstand KOH, to seal the hole. I understand that there are NiCd wet cells have been used in mine trucks for more that 50 years, they just keep adding water to replace the loss, just as we use to do for car batteries!
Lyle Thompson P.Eng - 2007-8-1 05:50:00 PST -
Thanks for the head's up on a new way to increase my "lifetime" costs for having battery operated equipment.
As nearly every other comment has stated, I do not see this as an improvement.
I really am tired of having to purchase custom batteries at exorbitant prices. (When I can have a local battery store open a custom pack, replace the batteries, and seal the pack back up for less than 1/2 of what a new OEM battery costs, there is price gouging.)
I will do my best not to purchase products with this capability, unless the battery packs become standardized.
Just a note on the posting authentication section. What does a color blind person do??? the letters are red and green, the most common colorblindness around.
James Irwin Jr. - 2007-3-1 09:35:00 PST -
Smart batteries and smart chargers do indeed allow for better and longer battery operation by controlling the charging. However, batteries are like the ink market where the price of ink is a gouging factor. Manufacturers are concerned with product safety, (and lawsuits) but if the consumer is locked into a specific battery, the manufacturer has no incentive to keep price reasonable or competitive.
Battery and equipment manufacturers (cell phones, cameras, notebooks and others)are already supplying batteries in unique sizes that will render equipment obsolete in 10 years when no company finds it profitable to keep building the aftermarket battery replacement. (Try finding one of those portable camera lead-acid batteries that were about 8 inches long.) Even if the manufacturer allows smart batteries to have aftermarket sources, we are still not guaranteed of a continuing source.
Standardization does not exist within the battery or ink markets. Requiring some standardization (like AA battery size)would be a step in the right direction to guarantee against device obsolescense.
L.C. Mathison - 2007-3-1 08:18:00 PST -
Battery Authentication: I read the EDN article of Feb 2 with a bit of chagrin -- in some respects battery authentication represents a "restraint of trade" -- placing a barrier in front of consumer choice -- the risks are minimal compared to the additional costs to consumers as anyone who has had to replace an OEM battery for a cell phone, laptop or piece of portable Hewlett Packard (Agilent) test equipment can attest.
Further -- OEMs stink when it comes to obsolescence of consumer products -- one story from this technology adept consumer -- the external power supply on my Samsung 29" LCD went out -- I looked at it and said, "28V at 7.5 amps -- I think I have a Power-One unit which I can swap in there" -- no way -- the Samsung has a power supply authentication chip which prevents substitution. The replacement part took 6 months (I think that they rowed it across the Pacific from Korea). Fortunately I now purchase extended warranties.
Consumers must employ the "caveat emptor" dictum when purchasing grey market goods, but they shouldn't be denied the opportunity.
Jack Walton - 2006-9-3 10:22:00 PST
