Maxim Integrated Secure Microcontroller User Manual

Secure Microcontroller User’s Guide

83 of 187

stores text that appears on a display in encrypted form. This gives the pirate a starting point to look for the
clear text in encrypted storage and analyze the encryption algorithm. The “data answer” is already known.
If clear text is required, then preferably store it in nonencrypted memory. If this is impractical, then
disperse it so that it is hard to find. Avoid at all costs reading the clear text from memory then
immediately displaying it. This is a sure means to identify the encrypted values of the text for the
attacker.

Avoid CRC or Checksum

Running a checksum on power up provides the pirate with a sequential listing of the addresses in
encrypted form. Therefore the attacker has a great advantage in deciphering the Address Encryptor.
Preferably avoid a checksum. If one is needed, then check the minimum amount of memory and perform
the check in nonsequential fashion.

Avoid Long Straight Runs of Code

A common coding practice is to run numerous sequential operations. This is common knowledge and
should be avoided. The pirate can use this in the same way as a checksum process. It provides a
sequential listing of encrypted addresses and assists with analysis of the address encryption. This problem
can be avoided by using occasional jump commands in the software.. These can be jumps for no reason
other than to space out straight runs of code. However, using jumps also provides several other techniques
to make bus analysis more difficult. As an example, the code can jump into Vector RAM. While in this
area, dummy access will occur on the bus.

Use Random Values

The Random Number Generator of the DS5002FP can be used to make a pirate’s task more difficult.
When time is available, the software should perform random actions at random time intervals. As an
example, the Random Number Generator can be used to select a timer interrupt value. Thus the
microprocessor will be interrupted at random intervals making characterization very difficult. Software
can elect to out of Vector RAM for a random period of time. Also as discussed above, the microprocessor
generates dummy RAM reads when possible. However, it cannot generate dummy writes. However the
user’s code can. Random numbers can be written to address that are known to be unused. If this is done
while the microprocessor is visibly performing a meaningful task, it will make analysis very difficult.

Vector RAM

As mentioned above, the Vector RAM can be used for many things beside vectors. This is the most
secure storage in the system. It resides on-chip behind tamper protection. Thus it is useful for storing the
most sensitive data. Thus even an attacker could break the encryption, this information would still be
secret. For EFT or similar applications, this is a good location for the storage of DES keys. Since DES is
a public algorithm, the real protection is keeping the DES key secret. As this is only 8 bytes, it fits well
within the Vector RAM.

Change Code

Perhaps most importantly, the user should reprogram portions of the secure microcontroller that deal with
security. For example, if the microprocessor is performing DES, the user can change DES keys. Any
security system can be broken with enough time and resources. By altering the security features, this
threat can be minimized.