DS5003 Datasheet, PDF(18/24 Page) Maxim Integrated Products

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

DS5003 Datasheet, PDF (18/24 Pages) Maxim Integrated Products – Secure Microprocessor Chip

◁

Secure Microprocessor Chip

When the application software is executed, the

DS5003âs internal CPU operates as normal. Logical

addresses are calculated for op code fetch cycles and

also data read and write operations. The DS5003 can

perform address encryption on logical addresses as

they are generated internally during the normal course

of program execution. In a similar fashion, data is

manipulated by the CPU in its true representation.

However, data is also encrypted when it is written to the

external program/data SRAM, and is restored to its

original value when it is read back.

When an application program is stored in the previously

described format, it is virtually impossible to disassem-

ble op codes or to convert data back into its true repre-

sentation. Address encryption has the effect that the op

codes and data are not stored in the contiguous form in

which they were assembled, but rather in seemingly

random locations in memory. This effect makes it virtu-

ally impossible to determine the normal flow of the pro-

gram. As an added protection measure, the address

encryptor also generates dummy read-access cycles

whenever time is available during program execution.

Dummy Read Cycles

Like the DS5002FP, the DS5003 generates a dummy

read-access cycle to nonsequential addresses in exter-

nal SRAM memory whenever time is available during

program execution. This action further complicates the

task of determining the normal flow of program execu-

tion. During these pseudorandom dummy cycles, the

SRAM is read to all appearances, but the data is not

used internally. Through the use of a repeatable

exchange of dummy and true read cycles, it is impossi-

ble to distinguish a dummy cycle from a real one.

Encryption Algorithm

The DS5003 incorporates a proprietary hardware algo-

rithm that performs the scrambling of address and data

on the byte-wide bus to the SRAM. Improvements

include the following:

â¢ 64-bit encryption key (protected by the security

lock function).

â¢ Incorporation of DES-like operations to provide a

greater degree of nonlinearity.

â¢ Customizable encryption.

Encryption Key

As previously described, the on-chip 64-bit encryption

key is the basis of both the address and data encryptor

circuits. When the loader is given certain commands,

the key is generated from an on-chip hardware ran-

dom-number generator. This action is performed just

prior to actually loading the code into the external

SRAM. This scheme prevents characterization of the

encryption algorithm by continuously loading new,

known keys. It also frees the user from the burden of

protecting the key selection process.

The random-number generator circuit uses the asyn-

chronous frequency differences of two internal ring

oscillators and the processor master clock (determined

by XTAL1 and XTAL2). As a result, a true random num-

ber is produced.

Vector RAM

A 48-byte vector RAM area is incorporated on-chip,

and is used to contain the reset and interrupt vector

code in the DS5003. It is included in the architecture to

help ensure the security of the application program.

If reset and interrupt vector locations were accessed

from the external nonvolatile program/data RAM during

the execution of the program, it would be possible to

determine the encrypted value of known addresses.

This could be done by forcing an interrupt or reset con-

dition and observing the resulting addresses on the

byte-wide address/data bus. For example, it is known

that when a hardware reset is applied, the logical pro-

gram address is forced to location 0000h and code is

executed starting from this location. It would then be

possible to determine the encrypted value (or physical

address) of the logical address value 0000h by observ-

ing the address presented to the external SRAM follow-

ing a hardware reset. Interrupt vector address

relationships could be determined in a similar fashion.

By using the on-chip vector RAM to contain the inter-

rupt and reset vectors, it is impossible to observe such

relationships. The vector RAM eliminates the unlikely

possibility that an application program could be deci-

phered by observing vector address relationships. Note

that the dummy accesses mentioned are conducted

while fetching from vector RAM.

The vector RAM is automatically loaded with the userâs

reset and interrupt vectors from the Intel hex file during

bootstrap loading.

Security Lock

Once the application program has been loaded into the

DS5003âs external and vector RAM, the security lock

can be enabled by issuing the Z command in the boot-

strap loader. While the security lock is set, no further

access to program/data information is possible by the

on-chip ROM. Access is prevented by both the boot-

strap loader firmware and the DS5003 encryptor cir-

cuits.

Access to the SRAM can only be regained by clearing

the security lock by the U command in the bootstrap

18 ______________________________________________________________________________________

▷