Introduction to the functions of SHA-1 devices and secure microcontrollers

Information security is very important to both the country and individuals. Information security means preventing illegal copying of important data information and program codes; avoiding illegal modification of data or codes; protecting financial transactions, including the transmission protection of bank encryption keys, the protection of credit card user keys, the protection of electronic wallet data, etc. In order to ensure information security and protect data information, security devices and security measures are required, including encryption.

Encryption Algorithm

For information security, information needs to be encrypted. Encryption is to encode the original text of data information in a certain way so that third parties cannot recognize it.

Encryption algorithms include symmetric encryption algorithms, asymmetric key algorithms, hash algorithms, etc.

Symmetric encryption algorithms (such as DES, 3DES, AES)

Symmetric encryption algorithms use the same key for both encryption and decryption. The advantages are fast encryption and decryption speed and less resource consumption; the disadvantage is that the key transmission is not secure enough.

Asymmetric key algorithms (such as RSA, DSA, ECC)

This algorithm uses different keys for encryption and decryption, also known as public and private keys. Its advantages are security, strong encryption, and easy transmission; its disadvantages are that it has a long number of bits, takes up more resources to store the key, and has a high computational cost.

Slow speed.

Hash algorithm (such as SHA-1, MD5)

SHA-1 (Secure Hash Algorithm) was invented by the National Security Association of the United States in 1995 and is an ISO/IEC10118-3 standard. SHA-1 is an irreversible operation, which means that the implicit password cannot be derived from the data source and MAC (Message Authentication Code) code, providing a more secure and lower-cost secure data storage and ID card solution. Any change in the input information, even if it is only one bit, will lead to a significant change in the hash result, which is called the "avalanche effect". This algorithm also has "anti-collision", that is, it is difficult to find two different input data sources corresponding to the same set of MAC codes.

SHA-1 Devices

Recently, Maxim, a developer and manufacturer of analog and mixed-signal ICs, introduced a series of security devices and security microcontrollers. Maxim currently has three SHA-1 devices: DS28E01-100, DS28CN01, and DS2460. The performance of these security devices is shown in Table 1. The functional block diagram of DS28CN01 is shown in Figure 1.

Table 1 SHA-1 device performance

*DS28ED00 is a future product and is expected to be put into mass production in September 2009.

Key applications for SHA-1 devices include:

Software code (IP) protection;

Software authorization and upgrade management;

Accessory identification and electronic labeling;

Online identity recognition;

e-wallets;

·Encryption and decryption of data transmission and media files;

Conditional Access System (CAS) for DVB, STB and CMMB.

Taking the software code (IP) protection application of SHA-1 as an example, the host verifies the legitimacy of the identity of the SHA-1 device on the board (see Figure 2) to determine whether the software should be executed normally. Since the SHA-1 device cannot be copied by illegal users, it can protect the software code from being illegally copied, thereby preventing the device from being illegally copied. The protected objects can be: systems or devices with external software codes such as MCU/DSP/ARM/FPGA, such as PMP, DVR, GPS navigator, router, CNC equipment, etc.; PC software, such as antivirus software, professional tool software, etc.; devices connected to the Webserrer, such as smart home

Home terminal, IP-STB, IP-Camera, etc.

In short, the irreversibility of the SHA-1 algorithm ensures the security of the system; each SHA-1 device has a unique 64-bit ROMID, which makes it possible for each device to load a unique password, and ultimately achieves that the security of the system does not rely on a single device; low-cost, high-security SHA-1 devices are particularly suitable for applications such as IP protection, authorization management, accessories/identity identification, electronic tags, secure data storage, and encryption and decryption of component data.

Safety MCU

Maxim has launched a series of secure ?Cs for the market of highly secure equipment such as financial terminals and confidential communications, including DS5002, DS5250, MAXQ1103, MAXQ1850, etc. These secure ?Cs are different from general processors in terms of their security and confidentiality. In addition to the core, memory, serial and parallel interfaces, secure ?Cs also have special security features (Figure 3):

Random Number Generator (RNG) - Based on the phase difference of three independently working crystal oscillators, the random number changes with time, voltage, and temperature, which increases the uncertainty of product encryption. RNG can provide very good interference data and protect against SPA and DPA (more advanced attack technology) attacks.

Encryption algorithm unit——Supports encryption algorithms DES, 3DES, RSA, DSA, SHA. It can encrypt program codes and data stored externally.

Battery monitoring security architecture - Battery monitoring ensures that security protection is still effective in the event of a power outage; NVSRAM ensures that sensitive information is completely lost in the event of an attack or power outage.

Tamper detection and self-destruction capabilities – Built-in temperature and voltage sensors detect error injection attacks, and the serpentine pattern on the top of the chip detects external microprobe attacks, quickly erasing sensitive data when attacked.

Comply with PCI (Payment Card Industry) security standards, of which the MAXQ1103 complies with PCI20 security standards.

References:

〔1〕 Liu Wuguang, SHA-1 Devices and Their Applications, Maxim, 2008

〔2〕 Li Yong, All-round protection of electronic payment by secure microcontroller, Maxim, 2008

〔3〕 Wei Zhi, Overview of Maxim, Maxim, 2008

〔4〕 DS28CN01 Datasheet,Maxim,2008

Figure 1 DS28CN01 functional block diagram [page]

Figure 2 SHA-1 device identity authentication process

Figure 3. MAXQ1103 functional block diagram