 English |
|
|
|
|
|
|
|
| DS5002FP_1 Datasheet, PDF (8/29 Pages) Dallas Semiconductor – Secure Microprocessor Chip | |||
| |||
| ◁ |
DS5002FP
CPU in its true representation. However, it is also encrypted when it is written to the external
program/data RAM, and is restored to its original value when it is read back.
When an application program is stored in the format described above, it is virtually impossible to
disassemble opcodes or to convert data back into its true representation. Address encryption has the effect
that the opcodes and data are not stored in the contiguous form in which they were assembled, but rather
in seemingly random locations in memory. This in itself makes it virtually impossible to determine the
normal flow of the program. As an added protection measure, the address encryptor also generates
âdummyâ read access cycles whenever time is available during program execution.
DUMMY READ CYCLES
Like the DS5000FP, the DS5002FP generates a âdummyâ read access cycle to non-sequential addresses
in external RAM memory whenever time is available during program execution. This action has the effect
of further complicating the task of determining the normal flow of program execution. During these
pseudo-random dummy cycles, the RAM is read to all appearances, but the data is not used internally.
Through the use of a repeatable exchange of dummy and true read cycles, it is impossible to distinguish a
dummy cycle from a real one.
ENCRYPTION ALGORITHM
The DS5002FP incorporates a proprietary algorithm implemented in hardware which performs the
scrambling of address and data on the byte-wide bus to the static RAM. This algorithm has been greatly
strengthened with respect to its DS5000FP predecessor. Improvements include:
1. 64-bit Encryption Key.
2. Incorporation of DES-like operations to provide a greater degree of nonlinearity.
3. Customizable encryption.
The encryption circuitry uses a 64-bit key value (compared to the DS5000FPâs 40-bit key) which is stored
on the DS5002FP die and protected by the Security Lock function described below. In addition, the
algorithm has been strengthened to incorporate certain operations used in DES encryption, so that the
encryption of both the addresses and data is highly nonlinear. Unlike the DS5000FP, the encryption
circuitry in the DS5002FP is always enabled.
Dallas Semiconductor can customize the encryption circuitry by laser programming the die to insure that
a unique encryption algorithm is delivered to the customer. In addition, the customer-specific version can
be branded as specified by the customer. Please contact Dallas Semiconductor for ordering information of
customer-specific versions.
ENCRYPTION KEY
As described above, the on-chip 64-bit Encryption Key is the basis of both the address and data encryptor
circuits. The DS5002FP provides a key management system which is greatly improved over the
DS5000FP. The DS5002FP does not give the user the ability to select a key. Instead, when the loader is
given certain commands, the key is set based on the value read from an on-chip hardware random number
generator. This action is performed just prior to actually loading the code into the external RAM. This
scheme prevents characterization of the encryption algorithm by continuously loading new, known keys.
It also frees the user from the burden of protecting the key selection process.
8 of 29
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese