The best way to build a small, secure system is with a one-chip MCU that provides a security bit. But, a security bit can cause a problem: If a system exhibits strange behavior, the vendor may not have access to the inside of the MCU, noted Rudan Bettelheim, senior marketing manager at Freescale Semiconductor. "Once you set the security bit, the MCU locks into single-chip mode and disables background debug mode. So, you cannot analyze what wentwrong in the field." To help overcome this problem, Freescale implements a "backdoor key" for its secure processors and gives customers the option to store a secret key in the MCU's internal flash. When they provide that key to the MCU, they can access it without having to erase it. No one can ‘see' the key and the processor cannot access it. A comparator saves the key separate from other circuits on the chip. Earlier this year, Freescale extended security capabilities by including a cryptographic acceleration unit (CAU) in its ColdFire MCF52235 32-bit MCU for Ethernet communications. "But, the CAU is not dedicated to the Ethernet controller, so developers can use it to encrypt and decrypt data from anywhere to anywhere; flash memory, a hard drive and so on," said Bettelheim. "One problem we have not yet solved is how to store the crypto keys," said Bettelheim. "You can keep keys locally in RAM, but you would need to ensure they stay protected. We plan to provide secure-key storage in an MCU that offers the functions and security of a single-chip part with a security bit and that protects software and data even in external memory." Security goes beyond theft of intellectual property and may include liability issues and protection of designs so others cannot "play" with them. People must not tamper with slot machines or engine-control units (ECUs), for example. Suppose an after-market supplier changes ECU algorithms and an engine suffers a catastrophic failure. That is a situation automanufacturers do not want to face. Click here to view Figure 1. The Actel Fusion, ProASIC3 and IGLOO families of FPGAs accept encrypted bit streams that they then decrypt to program their flash memory. This technique keeps IP from prying eyes. "In addition we can save small amounts of data in an FPGA's nonvolatile memory," said Martin Mason, director of silicon product marketing at Actel."So you can store keys or use thememory for crypto tasks." Actel'simplementation of the ARM7architecture also makes its possibleto run an "engine" inside the FPGAthat decrypts program code savedin external nonvolatile memory. "If someone copies the code from external memory, they cannot make sense out of it," said Mason. Decryption of external code imposes a timing penalty that depends on whether an application decrypts small quantities of code on the fly or if it decrypts a complete program, and that goes into on-chip SRAM. The penalty also depends on the encryption/decryption algorithm you use. A home-grown algorithm may provide "good enough" protection that thwarts most attacks. But the more protective Advanced Encryption Standard (AES) requires more processing overhead. Actel's flash-based FPGA architecture provides for secure code updates. The FPGA decrypts the update and stores it as "plain text" on the chip. Most secure MCUs cannot accommodate a similar type of remote-code-update process. Protection of financial information in an embedded system requires more than securing software from prying eyes. The computer industry, for example, supplies signed drivers that verify their authenticity. Zilog provides a similar mechanism that authenticates the boot program for a secure processor. Change just a single bit in the code and the processor will not run it. "Unlike a cyclic redundancy code, which you could fool, our technique uses a 2,048-bit key and an ARM9 processor, so it is very difficult to crack," said Ray Chock, product manager for the ZA9L POS ASSP product family at Zilog. "The code itself remains in the clear," said Chock. "You could look at the ROM and see it is not encrypted. But change the code even slightly, and it will not run." Zilog aims these secure processors—members of the ZA9L family—at secure-transaction equipment such as point-of-sale terminals, ATMs, lottery systems, and other devices that process financial transactions. Placement of the 2,048-bit key in the chip occurs during ROM fabrication. Chock explained,"Programmers write and test theircode as usual. When they are readyto program off-chip flash memory,you take the secret key, run itthrough a program that meshes itwith the code and then puts it inflash memory. The processor looksfor the encoded signature when itpowers up." Program development takes place through a JTAG port and special procedures that allow for that type of access. But, once you deploy the chips, you lose access to the JTAG port. And, Zilog provides a special version of the chip and a reference design developers can use to start a design. |
