 English |
|
|
|
|
|
|
|
| DS5250_04 Datasheet, PDF (2/3 Pages) Dallas Semiconductor – High-Speed Secure Microcontroller | |||
| |||
| ◁ |
A Non-Disclosure Agreement (NDA) is required for full disclosure of details. Contact factory for more information.
DS5250 High-Speed Secure Microcontroller
DETAILED DESCRIPTION
The DS5250 has a user-selectable, program memory integrity-checking feature that triggers a tamper response if
the decrypted program memory does not match a precalculated checksum, indicating a possible attack. In addition,
all encryption keys for encrypted memory are stored in internal battery-backed SRAM so they can be erased
instantaneously in the event tamper activity is detected. The battery-backed memory architecture subjects critical
application data and encryption keys stored internally to instantaneous zeroization, as defined in Federal
Information Processing Standard (FIPS) 140-1 as a tamper response. Additionally, power is removed from external
memory, and all data and address lines are collapsed as an additional response to tamper detection.
The DS5250 incorporates the most sophisticated security features available in any microprocessor. The security
features resist multiple levels of threat, including observation, analysis, and physical attack. Attempts to discover
the deviceâs encryption keys result in their erasure, rendering useless the encrypted external memory. Such
measures require a massive effort to acquire any information about the memory contents. Sophisticated internal
sensors monitor various environmental parameters, and trigger a tamper response if they deviate from acceptable
levels. A microprobe shield covers the top of the microcontroller die and deters tampering by triggering a
destructive reset if it is breached. Other security measures implement defenses against known direct and side-
channel attacks. Specific security-related hardware includes a 4096-bit MAA for public key infrastructure (PKI)
calculations, a random-number generator, a CRC-16/32 generator, and a user-available DES (or 3DES) engine.
In addition to the internal sensors, two external self-destruct input (SDI) pins allow the designer to trigger a tamper
response based on user-defined external stimuli. One SDI input controls destruction of program memory, external
data memory, cache memory, key registers, and all the internal 5kB RAM. The second SDI functions as an
interrupt, allowing the application software to appropriately respond to a detected attack. Other security methods
include optional timed-access-write restrictions to the parallel I/O port pins, making certain attack practices
ineffective.
Program loading is accomplished using a secure ROM-based serial port bootloader. The battery-backed nature of
the DS5250, combined with an internal ROM-based bootloader, allows frequent modification of secure information,
either program or data, through a secure loading mechanism. An optional challenge-response protection of access
to the bootstrap-ROM loader ensures that only trusted agents can load programs into the device. Once the
challenge response has been successfully completed, communications between the host system and the
microcontroller are conducted in a 3DES cipher-block-chained data stream to prevent communication interception.
Alternatively, a user can create a custom bootloader using the microcontrollerâs encryption tools.
PIN CONFIGURATIONS
TOP VIEW
80
51
81
50
Dallas
Semiconductor
DS5250
64
41
65
Dallas
40
Semiconductor
DS5250
100
1
MQFP
31
30
80
1
MQFP
25
24
2 of 3
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese