Mitsubishi Motors DS5000TK User Manual

USER’S GUIDE

050396 75/173

76

Encryption Algorithm

The Secure Microcontroller family uses a proprietary
algorithm to encrypt memory. The DS5000FP and
DS5002FP use different encryption algorithms. They
are the result of improvements made over time in the
proprietary encryptor circuits. The original DS5000FP
(circa 1988) has the first version of encryptor. This was
soon improved with a second version encryptor in 1989,
and remains in production today. A substantial improve-
ment was made in the DS5002FP, which uses a wider
Key and a more non–linear algorithm. The DS5002FP
memory encryptor uses elements of the DES (Data
Encryption Standard) although not the entire algorithm.
Full DES is impractical as memory encryption must be
performed in real–time on a one–to–one substitution
and not a block cypher basis. The encryption algorithm
is supported by the fact that both address and data are
encrypted, the algorithm and key are both secret, the
most critical data can be stored on chip in vector RAM
(discussed below), and the bus activity is scrambled
using dummy access (discussed below). For this rea-
son, a security analysis of the DS5002FP is not simply a
mathematical treatment of the encryption algorithm.

Encryption Key

The DS5000FP uses a 40–bit Encryption Key that is
stored on–chip. As mentioned above, the Key is the
basis of the encryption algorithm. The resulting physical
addresses and data are dependent on this value. Tam-
pering with or unlocking the microcontroller will cause
the Key to be instantaneously destroyed. If the memory
contents are encrypted, they become useless without
this Key. A user selects the 40–bit Key and loads it via
the Bootstrap Loader. Selecting this Key enables the
encryption feature. The DS5002FP uses a 64–bit Key. It
is similarly stored on–chip in tamper resistant circuits. In
much the same way, this Key is the basis for the physical
values that are presented on the bus. Using a wider Key
gives the encryption more complexity and more per-
mutations that must be analyzed by an attacker. Apart
from the width of the Key and complexity of the encryp-
tor, the principal differences between the DS5000FP
and DS5002FP are discussed below under Key Selec-
tion and Loading.

Encryption Key Selection and Loading

One of the significant differences between DS5000FP
and DS5002FP lies in Encryption Key Management. In
the case of a DS5000FP, the user must select a 40–bit

Key during program loading. This Key must be selected
prior to loading the microcontroller, as the memory will
be encrypted as it is loaded. The Key selection process
must be protected since an attacker that learns the Key
can reproduce the user’s code. This would be done by
loading the correct Key in an unlocked DS5000FP,
attaching the encrypted memory chip, and dumping the
code using the Bootstrap Loader.

The DS5002FP provides an improved Key manage-
ment system. The microcontroller chooses its own
64–bit Encryption Key from a number that is internally
generated and secret. The Keys come from a true hard-
ware random number generator. It is based on fre-
quency differences between two on–chip ring oscilla-
tors and the user’s crystal. At any time, it is unlikely that
any two DS5002FPs have the same key with 2

64

(1.84 *

10

19

) combinations. There is no method to discover the

Key value. No attacker can force the DS5002 to a partic-
ular Key. In addition, no one can “forget” to enable the
encryptor, since it is always enabled. An additional
advantage of the secret Key is that an attacker can not
“characterize” the encryptor by repeatedly loading
known Keys and observing the result.

As mentioned above, encryption is always enabled on
the DS5002FP. Each time the Bootstrap Loader is
invoked, a new random number is prepared. If a Fill,
Load, Dump, Verify, or CRC command is requested, the
Loader selects the random number as a new Encryption
Key prior to accessing the memory. Execution of a Load
or Fill command will result in a the data being loaded in
an encrypted form determined by the value of the new-
ly–generated Key. Any subsequent Dump, Verify, or
CRC within the same Bootstrap session will cause the
contents of the encrypted RAM to be read out and prop-
erly decrypted by the micro. Once a new Key is loaded, it
will allow all commands to work properly within the same
Bootstrap session since memory access is done using
the correct Key. Exiting and re–entering the Bootstrap
Loader, then doing a Dump will not work since this
action would first result in Loading a new Encryption
Key. The microcontroller would no longer be able to
decrypt the RAM contents. This extra precaution is used
regardless of the Security Lock. It prevents an attacker
from retrieving memory through the Bootstrap Loader
even if the programmer forgets to lock the DS5002FP.
Once the Security Lock is set, all Bootstrap Loader
access to the memory is prohibited.