Mitsubishi DS5000TK, DS907x SIP manual Security Lock, RAM Memory, Encrypted Memory

SECURITY LOCK

Ordinarily, the easiest way to dump (view) the memory contents of a Secure Microcontroller is using the Boot- strap Loader. On request, the Loader will transfer the contents of memory to a host PC. This is prevented by the Security Lock. The lock is the minimal security fea- ture, available even in the DS5001. Once set, the Secu- rity Lock prevents the Loader from gaining access to memory. In fact, no Loader commands (except Unlock) will work while the Lock is set. The Security Lock is simi- lar in function to an EPROM security bit on a single chip microcontroller. It prevents a programmer from reading the memory. In addition, the Security Lock prevents the microcontroller from executing code on the Expanded bus of Ports 0 and 2. Thus an attacker can not add a memory and use MOVC instructions that would force the microcontroller to read out the contents of protected memory. However, the Secure Microcontroller Security Lock does provide one important difference from EPROM security bits. When the Security Lock is cleared, it destroys the RAM contents. If a knowledge- able user were to physically erase the security bit in an EPROM±based microcontroller, the memory contents would remain to be read. The Security Lock consists of a multiple bit latch distributed throughout the micropro- cessor with circuits that collapse the lock in the event of tampering. Clearing the lock starts an irreversible destructive process that acts differently for each device as described below.

In a DS5001 clearing the lock causes the loader to manually write over the first 32K bytes of NV RAM with zeros. Thus the contents of memory would be erased. This is obviously a low level of security but would deter casual inspection. In a DS5000 or DS5002, clearing the lock causes an instantaneous erasure of the Encryption Key and Vector RAM. This action is unpreventable once the lock is cleared and happens independent of VCC or crystal. Once the erasure has occurred, a DS5000, assumes a non±secure (brand±new) state. In a DS5002, the Loader proceeds to load a new Encryption Key once the erasure has occurred. In both, the Boot- strap Loader will then proceed to overwrite the first 32K bytes of RAM if power is available and the crystal is still present. This last action is for thoroughness. In sys- tems that really require security, the Lock should be combined with Memory Encryption (discussed below).

Thus the instantaneous erasure of the Encryption Key renders the contents of memory useless since it can no longer be properly deciphered.

The Security Lock is set via the Bootstrap Loader using the ªZº command. Once issued, the Loader will continue to communicate with a user but will not perform other commands. The Loader will respond with an error mes- sage in the event that further commands are issued. While the Lock is set, the Loader has no access to the Byte±wide bus memory. The Security Lock can be cleared using the ªUº command. Issuing this command to a locked part results in the destructive process described above. No confirmation is requested. The status of the Security Lock can be read by application software at MCON.0. This bit is only a status flag and can not be affected by the software.

RAM Memory

NV RAM provides a useful way to store program and data. The contents can be retained for a long period, but can be changed when desired. This attribute is impor- tant when considering security. No matter what probing techniques are used on a ROM, the contents remain un- affected. With resources and patience, a determined attacker will obtain the contents of a ROM based prod- uct. NV RAM can be destroyed on demand. The user's physical security must simply remove the power (VCC and VBAT) from a microprocessor chip to eliminate the memory contents. Thus NV RAM provides flexibility as well as security. Enough physical security can be com- bined with even a DS5001 to provide a very secure sys- tem. The DS5002 even provides a direct facility to destroy memory discussed below.

Encrypted Memory

The heart of Secure Microcontroller security is the memory encryption function. Since the NV RAM is vis- ible, the memory contents and memory bus are encrypted. That is, in real time, the addresses and data moving between the RAM and the microcontroller are scrambled by on±chip encryption circuits. Thus an attacker that observes the RAM contents or memory bus will see unintelligible addresses and data. Figure 9±1 shows the conceptual diagram of the memory encryptor for a DS5000 series device. Figure 9±2 shows the encryptor for a DS5002.