Filter
Top Products
USER’S GUIDE
050396 78/173
79
Security Summary by Part
The preceding information outlined each of the security
features. Their inclusion in various parts is shown in the
table at the beginning of this chapter. For completeness,
the following is a summary description of security fea-
tures for each part in the Secure Microcontroller Family.
DS5000FP / DS5000(T) / DS2250(T)
The DS5000 is the second generation of a microcontrol-
ler with security. The first is an earlier version of DS5000
circa 1988, now obsolete. The DS5000 incorporates a
combination of real–time memory encryption and Secu-
rity Lock. The memory encryption is optional however.
To invoke the encryption, the user must select a 48–bit
Encryption Key using the Bootstrap Loader. A user then
loads the memory which will be automatically encrypted
using this Key. After the memory is loaded and verified,
the DS5000 can be locked. Locking the micro prevents
an attacker from using the Bootstrap Loader to decrypt
and dump the memory contents. Unlocking the DS5000
destroys the Encryption Key and Vector RAM. Vector
RAM is 48 bytes of secret storage on–chip. It is used to
hold reset and interrupt vectors as well as any applica-
tion values than must be hidden. In addition to encrypt-
ing the memory, the DS5000 generates dummy bus
cycles to obscure the actual program flow. Dummy
cycles appear to be actual memory fetches but are not
actually used inside the microcontroller. Also funda-
mental to the security of a DS5000 is its basis on RAM.
This allows all security features to be changed fre-
quently. The strategy is that an attacker must spend a
long time breaking into the DS5000, but the user can
simply change system security at any time. Thus any
stolen information has a very limited lifetime.
DS5001FP / DS2251T
The DS5001 is a newer product than the DS5000, but
has less security. It is useful in systems that need a large
memory, but that provide sufficient physical security for
all needs. The DS5001 incorporates a Security Lock.
This is used to prevent the Bootstrap Loader from
dumping memory. Once locked, the Bootstrap Loader
can not access the memory. Unlocking the DS5001
causes the Bootstrap Loader to write over the NV RAM.
The RAM nature of the DS5001 product allows a user to
vary security frequently and to manually destroy it if nec-
essary.
DS5002FP / DS2252(T)
The DS5002 adopts the memory and I/O improvements
of the DS5001 and improves on the security of the
DS5000. It is a high security version of the DS5001. This
device is intended for maximum security and has
numerous improvements to the DS5000. The security is
always enabled on a DS5002. Thus an attacker can not
characterize the security and the user can not forget to
enable the security. The DS5002 follows a similar
scheme of memory encryption and Security Lock. The
DS5002 encryptor is a superior algorithm using a 64–bit
Encryption Key. In addition, the Key is managed by the
DS5002. Using the Bootstrap Loader, each part gener-
ates a random number for its 64–bit Key prior to loading
memory. Leaving and re–entering the Bootstrap loader
causes the DS5002 to select a new number as a poten-
tial Key. Any subsequent memory access with the
Loader causes the new Key to be installed. Like the
DS5000, the DS5002 also uses dummy bus access and
Vector RAM to further hide memory bus activity. The
Security Lock of a DS5002 is similar in nature to the
DS5000. Once locked, the DS5002 Bootstrap Loader
does not have access to memory. Unlocking the
DS5002 destroys the Encryption Key and Vector RAM.
The NV RAM accessed by the Byte–wide bus is also
manually erased under Bootstrap Loader control. The
DS5002 provides an external method to clear the Secu-
rity Lock using its Self–Destruct Input (SDI). This
causes the erasure of the Key and Vector RAM and also
removes power from the NV RAM. The DS5002FPM
provides a internal metal microprobe shield to prevent
microprobing of the die.