This application note presents techniques that can be used when securing a design
from outside access. Although no design can ever be fully secured it can be constructed
such that the effort required to break the security is as high as possible. There is a
significant difference between an unsecured design that a person with basic engineering
skills can duplicate and a design that only a few, highly skilled intruders can break.
In the unsecured case, the design is easily copied and even reverse engineered,
violating the intellectual property of the manufacturer and jeopardizing the market
potential for the design. In the secured case, the effort required to break the design
is so high that most intruders simply focus on developing their own products.
There is only one general rule on how to build a secure system: It should be designed to
be as difficult to break as possible. Any mechanism that can be used to circumvent
security will be tried during a break attempt. A few examples of what must be considered
are given below.
- What will happen if power is removed
during a firmware update? What is the state of the microcontroller when power is
restored back? Are lock bits and reset vectors set properly at all times?
- Are there any assumptions that can be
made on what plain-text data will look like? In order for AES to be broken, there
must be a pattern to look for. The attack software will have to be configured to
search for a known pattern, such as interrupt vectors at the start of program
memory, memory areas padded with zero or one, and so on.
- Is there any feedback that can be
derived from the decryption process? Any such feedback can help the attacker. For
example, if the decryption algorithm inside the bootloader would give an OK/Not-OK
type of signal for each block processed, then this signal could be used as feedback
to the attacker.
- Should encrypted frames be sent in
another order? If the first frame sent to the bootloader always includes the first
block of the encrypted file then the attacker can make some assumptions from this.
For example, it can be assumed that the first frame maps program data starting from
address zero and that it contains the interrupt vector table. This information helps
the attacker to refine the key search. To increase the security of the system, send
the frames in random order (the decrypted frames will be mapped to their proper
address, anyhow).