Secure functions with CPU card encryption coprocessor technology


The piracy of PC software has always been a major problem that has plagued the development of the software industry. Similarly, in the field of embedded applications, with the development of hacker technology and chip anatomy technology in recent years, the embedded system is facing more and more attacks. The anti-copy board technology that was born also attracted the attention of product designers.

The current problems faced by product designers are mainly the hacking of products by hackers. The purpose of the product is to obtain product design techniques or reduce the cost of product design. The attack methods are mainly to copy the wiring pattern and copy of the product designer's circuit board to obtain the product operation program.

At present, ARM, DSP and MCU are generally used in the market, and there are few security protection methods. More programs are exposed in transparent Flash or EEPROM. In the face of the development of attack technology and competition among hackers, the time and cost of product cracking. It is getting lower and lower, and compared to the huge benefits that product imitations get, sometimes the cost of cracking is even negligible. Especially in some non-industry users' industries, such as the game machine industry, the consumer electronics industry, and even the phenomenon that the imitation products are much more than the proprietary property products. Therefore, how to protect their own interests is a problem that product designers are currently facing, and the development of the anti-copy board technology of embedded systems is also promoted.

The higher protection technology of embedded systems means higher costs, but for products that are attacked, it is often a consumer electronics product with large production and sales volume. The increased product cost to increase protection technology will weaken the price competitiveness of products. Therefore, the popular anti-copy board security technologies and products on the market are mostly low-cost solutions. Some technical analysis of these mainstream solutions will be made below.

1, early password authentication protection technology

A few years ago, product designers often used a logic encryption card chip to define a unique serial number or storage serial number for the product. This logical encryption memory must be authenticated by a password before it can be read or written. This protection technology faces the hacker's oscilloscope. Data transmitted in passwords and plaintext can be easily obtained, and protection techniques are completely ineffective and outdated.

2, dynamic password authentication protection technology

In order to avoid the defects of line monitoring fixed password, some protection chips adopt dynamic password technology. The basic principle is that the protection chip and the MCU have the same key and the same symmetric algorithm. The random number is used as the communication data, and the MCU judges that the calculation result of the protection chip is correct. Whether or not to decide whether the program will continue to run. This product and technology solves the problem of line monitoring in the certification process, but the actual protection is minimal. Because the MCU itself does not have hardware protection functions, the protection chip is selected, and the hardware security of the protection chip is not even as good as the MCU, and the key stored therein can be easily obtained. More importantly, the MCU only has a certification process for security protection, which can be easily skipped by hackers who can modify the program. Although the sales of such chips on the market are large, they lack real protection effects, and actually increase the cost of product designers without any compensation.

3, dynamic password authentication + data storage technology

In order to solve the problem of simple authentication, some companies continue to use secure storage technology. The protection chip has built-in dynamic password and authentication algorithm, and has data storage function. First, use complex dynamic two-way authentication technology to obtain read and write permissions of the memory, then read and write. Sensitive data information. This kind of protection chip has certain security and therefore has a certain protective effect. However, the security of the MCU is not solved. The hacker can obtain the algorithm and key by attacking the program of the MCU, and monitor the read/write channel to obtain sensitive data after authentication. Therefore, the security is also limited.

Functional diagram of CPU card encryption coprocessor technology

A functional diagram of the CPU card encryption coprocessor technology.

4, CPU cartoon with COS protection technology

The wide application of CPU cards in the SIM field and the financial field has made their security very widely recognized. The potential security risks brought by the financial application and the huge card issuance of the SIM card make the CPU card face the biggest security challenge. Therefore, the hardware security protection technology of the CPU card is relatively comprehensive, and it is constantly upgraded, and the international authority There are also security certifications for CPU cards, and the certification costs are very expensive, making the design and manufacturer of CPU cards often large international companies, which also increases people's trust in CPU cards.

The security of commonly used CPU cards is often reflected in both hardware and software:

The hardware design of the CPU card usually adds a lot of sensors, such as high-voltage and low-voltage sensors, frequency sensors, filters, light sensors, pulse sensors, temperature sensors, etc. These sensors can clearly sense changes in the external environment and can effectively prevent hackers. A semi-invasive attack that induces chip missensing by changing the external environment of the silicon. In order to deal with physical attacks, the CPU card encrypts the memory and the bus system inside the chip. The data on the chip itself is encrypted with a powerful cryptographic algorithm. Even if the attacker can obtain the data, only the useless information can be obtained. On the other hand, the use of an effective shielding network constitutes an effective barrier for attackers. Cover the safety controller with a micron-sized ultra-fine protection wire. These lines of protection are continuously monitored and an alarm is activated if some lines are shorted, cut or damaged. With so many levels of protection, the controller can be protected from physical attacks. In addition, CPU cards often have a real random number generator and a hardware encryption coprocessor internally to increase the security and speed of the calculation.

In addition to the CPU card hardware security, the CPU card also uses the internal operating system COS to achieve data security management, such as the use of a security state machine to achieve data read and write permissions management, access to memory permissions through a random number authentication mechanism, stored in the card Data can also be communicated using ciphertext or dynamic ciphertext. These techniques basically solve the data security at the end of the protection chip.

At present, the use of CPU card protection has become a leading technology, the huge application of CPU card in the SIM field can make its cost gradually decline to the extent acceptable to the designer.

However, although the CPU card is relatively safe, it still does not solve the security problem on the MCU side. The use of the symmetric algorithm still exposes the algorithm and the key on the MCU side. In addition, for the user of the CPU card, the COS function has been designed. Well, only passive instructions can be used passively, function expansion is difficult, and the authority of third-party COS will be worried and questioned by people.

5, open CPU card encryption coprocessor technology

The CPU card is still a single-chip microcomputer. Although it is loaded with various security technologies, it is equivalent to a mini-interface security microcontroller. For software developers of COS vendors, COS programming is equivalent to microcontroller development, and the development used. Tools and programming languages ​​are even the same as microcontrollers. Therefore, if the CPU card is used as a security coprocessor of the main MCU, the auxiliary MCU works, so that some important programs or data processing processes are completed inside the CPU card, which will solve the security problem at the MCU side, and the CPU card usually has internal Large data storage space (20K-120K bytes), secure computing to increase capacity and secure storage, and greatly improve the performance price ratio of CPU card applications.

However, for the MCU engineers, the biggest trouble in the process of writing COS or communicating with the CPU card is the complicated ISO7816 protocol. In order to solve this problem, some technologies use the firmware firmware inside the CPU card to change the ISO7816 protocol. It becomes an ordinary serial port protocol, so engineers can program the secure microcontroller as easily as the one-chip computer programming.

The open CPU card encryption coprocessor technology has a great advantage over the traditional authentication technology. Based on the secure CPU card hardware platform as a security coprocessor, the design engineer can freely implement his own design within the security coprocessor. The idea is not restricted by the third party COS, and completely controls the design ideas and sensitive data in their own hands.

At present, the emerging product ESPU0808 developed by Beijing Baoxingda Information Technology Co., Ltd. has attracted people's interest and has been successfully applied in many fields. For example, in the game console, ESPU0808 is used to calculate the winning probability of the human-machine game. In the field of access control applications, ESPU0808 is used to manage normal users and blacklists. This technology not only increases the security of the algorithm, but also reduces the burden on the main MCU.

There are still some issues to consider when using this technology. Programs running inside the CPU card encryption coprocessor should have good randomness. Simple programs and too little data interaction will increase the chance of hackers.

With the advancement of technology, anti-copy board technology is also growing in the future, in order to counter the ever-increasing hacking methods.

We have variety of ruler mold.

OEM and ODM designs are welcome.

MOQ: normally 5000set/design, or we can further discuss.

Sampling: if we have samples available, we're glad to send you free sample as long as you can offer us your courier number.

Certificate: our art sets are able to pass EN71 part 1 to part 3, Phthalate free, ASTM D-4236, CPSIA HR4040...etc.

Delivery: usually 35-40 days after approval of pre-production sample.

Payment terms: 30% TT deposit prepaid, 70% TT balance against BL copy.

Ruler Set

Ruler Set,Plastic Ruler Set,School Ruler Set,Students Ruler Set

Ningbo Vinny International Trading Co., Ltd ,