Mitsubishi Motors DS5000TK User Manual
Page 80
USER’S GUIDE
050396 79/173
80
APPLICATION: ADVANCED SECURITY
TECHNIQUES
The Secure Microcontroller family has been used for
numerous applications requiring security. Different lev-
els of security are required depending on the sensitivity
of the application and the value of the protected informa-
tion. As mentioned above, the goal of the microcontrol-
ler security is to make stealing the protected information
more difficult than the information is worth. This task
actually has two pieces. First, the Secure Microcontrol-
ler makes attack difficult. This is combined with the
user’s physical security to make information retrieval
difficult. The second part is to make the protected
information less valuable. To this end, the NV RAM
nature allows a user to frequently alter the firmware
based security aspects of the system. Thus if the critical
information changes before the security can be broken,
the information that is actually retrieved will be worth-
less.
To assess the security of a system, the total imple-
mentation must be examined. The DS5000FP or
DS5002FP provide a high level of security, but the
user’s firmware can accidentally defeat some features.
Below are a sampling of implementation issues that will
make the DS5000FP or DS5002FP more difficult to
crack. There are also suggestions on making a system
more secure using external circuits.
Avoid Clear Text
The encryption algorithms used by DS5000FP or
DS5002FP are generally adequate to prevent analysis
when combined with well developed code. However, the
encryption is defeated to some extent if the user stores
text that appears on a display in encrypted form. This
gives the pirate a starting point to look for the clear text in
encrypted storage and analyze the encryption algo-
rithm. The “data answer” is already known. If clear text is
required, then preferably store it in nonencrypted
memory. If this is impractical, then disperse it so that it is
hard to find. Avoid at all costs reading the clear text from
memory then immediately displaying it. This is a sure
means to identify the encrypted values of the text for the
attacker.
Avoid CRC or Checksum
Running a checksum on power up provides the pirate
with a sequential listing of the addresses in encrypted
form. Therefore the attacker has a great advantage in
deciphering the Address Encryptor. Preferably avoid a
checksum. If one is needed, then check the minimum
amount of memory and perform the check in non–se-
quential fashion.
Avoid Long Straight Runs of Code
A common coding practice is to run numerous sequen-
tial operations. This is common knowledge and should
be avoided. The pirate can use this in the same way as a
checksum process. It provides a sequential listing of
encrypted addresses and assists with analysis of the
address encryption.
Use Jumps
To address the prior problem, jumps are advised. These
can be jumps for no reason other than to space out
straight runs of code. However, using jumps also pro-
vides several other techniques to make bus analysis
more difficult. As an example, the code can jump into
Vector RAM. While in this area, dummy access will
occur on the bus.
Use Random values
The Random Number Generator of the DS5002FP can
be used to make a pirate’s task more difficult. When time
is available, the software should perform random
actions at random time intervals. As an example, the
Random Number Generator can be used to select a
timer interrupt value. Thus the microprocessor will be
interrupted at random intervals making characterization
very difficult. Software can elect to out of Vector RAM for
a random period of time. Also as discussed above, the
microprocessor generates dummy RAM reads when
possible. However, it can not generate dummy writes.
However the user’s code can. Random numbers can be
written to address that are known to be unused. If this is
done while the microprocessor is visibly performing a
meaningful task, it will make analysis very difficult.
Vector RAM
As mentioned above, the Vector RAM can be used for
many things beside vectors. This is the most secure
storage in the system. It resides on–chip behind tamper
protection. Thus it is useful for storing the most sensitive
data. Thus even an attacker could break the encryption,
this information would still be secret. For EFT or similar
applications, this is a good location for the storage of
DES keys. Since DES is a public algorithm, the real
protection is keeping the DES key secret. As this is only
8 bytes, it fits well within the Vector RAM.