Mitsubishi DS907x SIP manual Firmware Security, Security Overview, Feature, DS5001 DS5000 DS5002

SECTION 9: FIRMWARE SECURITY

One of the most unique features of the Secure Micro- controller is its firmware security. The family far sur- passes the standard offering of ROM based microcon- trollers in keeping system attackers or competitors from viewing the contents of memory. In a standard EPROM based microcontroller, a knowledgeable attacker can disable the EPROM security bit and have access to the entire memory contents. The Secure Microcontroller's improved security makes it a natural choice for systems with high security requirements such as financial trans- action terminals. However, the firmware security can also be employed to keep competitors from copying pro- prietary algorithms. Allowing access to these algo- rithms can create an instant competitor. This section describes the security features and their application.

Also included are guidelines to using microcontroller security within the framework of total system security.

As with memory map control, there are variations between the different Secure Microcontroller versions. The original DS5000 has a high level of firmware secu- rity and the DS5002 has added several distinct improve- ments. Note that the DS5001 has only minimal security and should only be applied when other physical security is used or when security is not needed. The table below provides a brief summary of the versions and their secu- rity features. A detailed description of each feature fol- lows. In the description, elements that are unique to a particular Secure Microcontroller version have that ver- sion underlined.

SECURITY OVERVIEW

Security features are useful if an application dispenses services on a pay per service basis. Electronically bypassing the security would allow the dispensing of the service for free, resulting in lost revenue to the system owner. Another common application is the transmission of secret information. The user's algorithm and key data could be observed in a unsecured system, resulting in a break in the secure transmission. The Secure Micro- controller Family is designed to protect the contents of memory from being viewed. This is done with a com-

bination of circuit techniques and physical security. The combination is a formidable defense. Regardless of the application, the secure microcontroller protects the con- tents of memory from tampering and observation. This preserves secret information, access to services, criti- cal algorithms etc. The security features of the Secure Microcontroller include physical security against probe, memory security through cryptographic scrambling, and memory bus security preventing analysis of the CPU's operation. The features mentioned above and described below protect the application code and data.