10 microprobe/die top coating, 11 random number generator, 12 security summary by part – Maxim Integrated Secure Microcontroller User Manual

Secure Microcontroller User’s Guide

81 of 187

Once activated, the SDI event duration is determined by the state of V

CC

and the SDI pin. Once both V

CC

> 4.5V and SDI = 0 are met, SDI remains active for an additional 1792 machine cycles before exiting the
SDI state.

9.10 Microprobe/Die Top Coating

The DS5002FPM is provided with a special top-layer coating that is designed to prevent a microprobe
attack. The coating is implemented with a second layer of metal on the microcontroller die. This metal
will result in a short circuit of critical functions if probing is attempted. The probing action destroys the
data that is secret. Also, security circuits and Vector RAM derive their power from this screen. Therefore
they will be de-powered if the top coating is removed, also destroying the secret data. In this event, any
critical data stored on-chip will be destroyed and off-chip data is rendered useless.

9.11 Random Number Generator

The DS5002FP incorporates a random number generator used by the bootstrap loader to generate
encryption keys. The application software can also use it to improve overall system security.

For example, to foil an attacker developing a histogram of code execution, the random number generator
could be used to decide how long to spend on particular activities. The output of the DS5002FP random
number generator should be hashed to get uniform random numbers. Using random numbers that have
been run through a linear feedback shift register (LFSR), such as CRC-16, will pass the suite of tests
defined in section 4.11.1 of the Federal Information Processing Standards Publication 140-1 (FIPS PUB
140-1), Security Requirements for Cryptographic Modules.

The random number is created 8 bits at a time. They are obtained by the application code at SFR location
0CFh. The random number takes 160µs to develop. Reading a byte from register 0CFh starts the
generation of another random number. After the random number is read, another is available
approximately 160µs later. The RNR bit (RPCTL.7; 0D8h) is set to logic 1 each time a new number is
available. If the random number is read prior to RNR being set, the value is 00.

9.12 Security Summary by Part

The preceding information outlined each of the security features. Their inclusion in various parts is shown
in the table at the beginning of this section. For completeness, the following is a summary description of
security features for each part in the secure microcontroller family.

DS5000FP/DS5000(T)/DS2250(T)
The DS5000 is the second generation of a microcontroller with security. The first is an earlier version of
DS5000 circa 1988, now obsolete. The DS5000 incorporates a combination of real-time memory
encryption and Security Lock. The memory encryption is optional however. To invoke the encryption, the
user must select a 48-bit encryption key using the bootstrap loader. A user then loads the memory that is
automatically encrypted using this key. After the memory is loaded and verified, the DS5000 can be
locked. Locking the micro prevents an attacker from using the bootstrap loader to decrypt and dump the
memory contents. Unlocking the DS5000 destroys the encryption key and vector RAM. Vector RAM is
48 bytes of secret storage on-chip. It is used to hold reset and interrupt vectors as well as any application
values than must be hidden. In addition to encrypting the memory, the DS5000 generates dummy bus
cycles to obscure the actual program flow. Dummy cycles appear to be actual memory fetches but are not
actually used inside the microcontroller. Also fundamental to the security of a DS5000 is its basis on
RAM. This allows all security features to be changed frequently. The strategy is that an attacker must