6.1 Motivation
This application note presents techniques that can be used when securing a design from outside access. Although no design can ever be fully secured it can be constructed such that the effort required to break the security is as high as possible. There is a significant difference between an unsecured design that a person with basic engineering skills can duplicate and a design that only a few, highly skilled intruders can break. In the unsecured case, the design is easily copied and even reverse engineered, violating the intellectual property of the manufacturer and jeopardizing the market potential for the design. In the secured case, the effort required to break the design is so high that most intruders simply focus on developing their own products.
There is only one general rule on how to build a secure system: It should be designed to be as difficult to break as possible. Any mechanism that can be used to circumvent security will be tried during a break attempt. A few examples of what must be considered are given below.
- What will happen if power is removed during a firmware update? What is the state of the microcontroller when power is restored back? Are lock bits and reset vectors set properly at all times?
- Are there any assumptions that can be made on what plain-text data will look like? In order for AES to be broken, there must be a pattern to look for. The attack software will have to be configured to search for a known pattern, such as interrupt vectors at the start of program memory, memory areas padded with zero or one, and so on.
- Is there any feedback that can be derived from the decryption process? Any such feedback can help the attacker. For example, if the decryption algorithm inside the bootloader would give an OK/Not-OK type of signal for each block processed, then this signal could be used as feedback to the attacker.
- Should encrypted frames be sent in another order? If the first frame sent to the bootloader always includes the first block of the encrypted file then the attacker can make some assumptions from this. For example, it can be assumed that the first frame maps program data starting from address zero and that it contains the interrupt vector table. This information helps the attacker to refine the key search. To increase the security of the system, send the frames in random order (the decrypted frames will be mapped to their proper address, anyhow).