Mitsubishi Motors DS5000TK User Manual

USER’S GUIDE

050396 71/173

72

SECTION 9: FIRMWARE SECURITY

One of the most unique features of the Secure Micro-
controller is its firmware security. The family far sur-
passes the standard offering of ROM based microcon-
trollers in keeping system attackers or competitors from
viewing the contents of memory. In a standard EPROM
based microcontroller, a knowledgeable attacker can
disable the EPROM security bit and have access to the
entire memory contents. The Secure Microcontroller’s
improved security makes it a natural choice for systems
with high security requirements such as financial trans-
action terminals. However, the firmware security can
also be employed to keep competitors from copying pro-
prietary algorithms. Allowing access to these algo-
rithms can create an instant competitor. This section
describes the security features and their application.

Also included are guidelines to using microcontroller
security within the framework of total system security.

As with memory map control, there are variations
between the different Secure Microcontroller versions.
The original DS5000 has a high level of firmware secu-
rity and the DS5002 has added several distinct improve-
ments. Note that the DS5001 has only minimal security
and should only be applied when other physical security
is used or when security is not needed. The table below
provides a brief summary of the versions and their secu-
rity features. A detailed description of each feature fol-
lows. In the description, elements that are unique to a
particular Secure Microcontroller version have that ver-
sion underlined.

FEATURE

DS5001

DS5000

DS5002

Security Lock

Yes

Yes

Yes

RAM memory

Yes

Yes

Yes

Encrypted memory

None

Yes, user must enable

Yes

Encryption Key

None

48 bits

64 bits

Encryption Key Selection

None

User selected

True random number

Encryption Keys loaded

N/A

When user selects

Automatic, any new load, dump

Dummy bus access

None

Yes, when encrypted

Yes

On–chip Vector RAM

None

Yes, when encrypted

Yes

Self–Destruct Input

None

None

Yes

Die Top Coating

None

None

Optional (DS5002FPM)

Random Number Generator

Yes

None

Yes

SECURITY OVERVIEW

Security features are useful if an application dispenses
services on a pay per service basis. Electronically
bypassing the security would allow the dispensing of the
service for free, resulting in lost revenue to the system
owner. Another common application is the transmission
of secret information. The user’s algorithm and key data
could be observed in a unsecured system, resulting in a
break in the secure transmission. The Secure Micro-
controller Family is designed to protect the contents of
memory from being viewed. This is done with a com-

bination of circuit techniques and physical security. The
combination is a formidable defense. Regardless of the
application, the secure microcontroller protects the con-
tents of memory from tampering and observation. This
preserves secret information, access to services, criti-
cal algorithms etc. The security features of the Secure
Microcontroller include physical security against probe,
memory security through cryptographic scrambling,
and memory bus security preventing analysis of the
CPU’s operation. The features mentioned above and
described below protect the application code and data.