4 encryption algorithm, 5 encryption key, 6 encryption key selection and loading – Maxim Integrated Secure Microcontroller User Manual

Secure Microcontroller User’s Guide

78 of 187

Different memory areas are encrypted in the DS5000 and DS5002. For a DS5000, all memory accessed
under

CE1 can be encrypted. CE2 is not encrypted. This allows access to peripherals such as a Real-time

Clock to be performed using

CE2. For the DS5002, encryption is performed on all bytes stored under

CE1– CE4. The memory or peripherals accessed by PE1–PE4 on a DS5002 are not encrypted.

9.4 Encryption Algorithm

The secure microcontroller family uses a proprietary encryption algorithm. The DS5000FP and
DS5002FP use different encryption algorithms, with the DS5002FP being the most secure, with a longer
encryption key than the DS5000FP and an encryption algorithm that is more nonlinear. In addition, the
DS5002FP memory encryptor uses elements of the DES (Data Encryption Standard), although not the
entire algorithm. The encryption algorithm is supported by the fact that both address and data are
encrypted, the algorithm and key are both secret, the most critical data can be stored on chip in vector
RAM (discussed below), and the bus activity is scrambled using dummy access (discussed below). For
this reason, a security analysis of the DS5002FP is much more complicated than a simple mathematical
treatment of the encryption algorithm.

9.5 Encryption Key

The DS5000FP uses a 40-bit Encryption Key that is stored on-chip. As mentioned above, the Key is the
basis of the encryption algorithm. Tampering with or unlocking the microcontroller will cause the Key to
be instantaneously destroyed. If the memory contents are encrypted, they become useless without this
Key. A user selects the 40-bit Key and loads it via the bootstrap loader. Selecting this Key enables the
encryption feature. The DS5002FP uses an 80-bit Key. It is similarly stored on-chip in tamper resistant
circuits. Using a wider Key gives the encryption more complexity and more permutations that must be
analyzed by an attacker. Apart from the Key width and encryptor complexity, the principal differences
between the DS5000FP and DS5002FP are discussed below under Key selection and loading.

9.6 Encryption Key Selection and Loading

One of the significant differences between DS5000FP and DS5002FP lies in encryption key management.
In the case of a DS5000FP, the user must select a 40-bit key during program loading. This Key must be
selected prior to loading the microcontroller, as the memory will be encrypted as it is loaded. The Key
selection process must be protected since an attacker that learns the Key can reproduce the user’s code.
This would be done by loading the correct Key in an unlocked DS5000FP, attaching the encrypted
memory chip, and dumping the code using the Bootstrap Loader.

The DS5002FP provides an improved Key management system. The microcontroller chooses its own
80-bit Encryption Key from a number that is internally generated and secret. The Keys come from a true
hardware random number generator. There is no method to discover the Key value, and no attacker can
force the DS5002 to a particular Key. In addition, no one can “forget” to enable the encryptor, since it is
always enabled. An additional advantage of the secret Key is that an attacker cannot “characterize” the
encryptor by repeatedly loading known Keys and observing the result.

As mentioned above, encryption is always enabled on the DS5002FP. Each time the Bootstrap Loader is
invoked, a new random number is prepared. If a Fill, Load, Dump, Verify, or CRC command is
requested, the Loader selects the random number as a new Encryption Key prior to accessing the
memory. Execution of a Load or Fill command results in the data being loaded in an encrypted form
determined by the value of the newly-generated Key. Any subsequent Dump, Verify, or CRC within the
same Bootstrap session will cause the contents of the encrypted RAM to be read out and properly