DS5002FP
111996 8/28 55
tion. Address encryption has the effect that the op-
codes and data are not stored in the contiguous form in
which they were assembled, but rather in seemingly
random locations in memory. This in itself makes it virtu-
ally impossible to determine the normal flow of the pro-
gram. As an added protection measure, the Address
Encryptor also generates “dummy” read access cycles
whenever time is available during program execution.
DUMMY READ CYCLES
Like the DS5000FP, the DS5002FP generates a
“dummy” read access cycle to non–sequential address-
es in external RAM memory whenever time is available
during program execution. This action has the ef fect of
further complicating the task of determining the normal
flow of program execution. During these pseudo–ran-
dom dummy cycles, the RAM is read to all appearance,
but the data is not used internally. Through the use of a
repeatable exchange of dummy and true read cycles, it
is impossible to distinguish a dummy cycle from a real
one.
ENCRYPTION ALGORITHM
The DS5002FP incorporates a proprietary algorithm im-
plemented in hardware which performs the scrambling
of address and data on the Byte–wide bus to the static
RAM. This algorithm has been greatly strengthened
with respect to its DS5000FP predecessor. Improve-
ments include:
1. 64–bit Encryption Key
2. Incorporation of DES–like operations to provide a
greater degree of nonlinearity
3. Customizable encryption
The encryption circuitry uses a 64–bit key value
(compared to the DS5000FP’s 40–bit key) which is
stored on the DS5002FP die and protected by the Secu-
rity Lock function described below . In addition, the al-
gorithm has been strengthened to incorporate certain
operations used in DES encryption, so that the encryp-
tion of both the addresses and data is highly nonlinear.
Unlike the DS5000FP, the encryption circuitry in the
DS5002FP is always enabled.
Dallas Semiconductor can customize the encryption cir-
cuitry by laser programming the die to insure that a
unique encryption algorithm is delivered to the custom-
er. In addition, the customer–specific version can be
branded as specified by the customer. Please contact
Dallas Semiconductor for ordering information of cus-
tomer–specific versions.
ENCRYPTION KEY
As described above, the on–chip 64–bit Encryption Key
is the basis of both the address and data encryptor cir-
cuits. The DS5002FP provides a key management sys-
tem which is greatly improved over the DS5000FP. The
DS5002FP does not give the user the ability to select a
key. Instead, when the loader is given certain com-
mands, the key is set based on the value read from an
on–chip hardware random number generator . This ac-
tion is performed just prior to actually loading the code
into the external RAM. This scheme prevents character-
ization of the encryption algorithm by continuously load-
ing new, known keys. It also frees the user from the bur-
den of protecting the key selection process.
The random number generator circuit uses the asynch-
ronous frequency differences of two internal ring oscil-
lator and the processor master clock (determined by
XT AL1 and XT AL2). As a result, a true random number
is produced.
VECTOR RAM
A 48–byte Vector RAM area is incorporated on–chip,
and is used to contain the reset and interrupt vector
code in the DS5002FP. It is included in the architecture
to help insure the security of the application program.
If reset and interrupt vector locations were accessed
from the external nonvolatile program/data RAM during
the execution of the program, then it would be possible
to determine the encrypted value of known addresses.
This could be done by forcing an interrupt or reset
condition and observing the resulting addresses on the
Byte–wide address/data bus. For example, it is known
that when a hardware reset is applied the logical pro-
gram address is forced to location 0000H and code is
executed starting from this location. It would then be
possible to determine the encrypted value (or physical
address) of the logical address value 0000H by observ-
ing the address presented to the external RAM following
a hardware reset. Interrupt vector address relationships
could be determined in a similar fashion. By using the
on–chip Vector RAM to contain the interrupt and reset
vectors, it is impossible to observe such relationships.
Although it is very unlikely that an application program
could be deciphered by observing vector address rela-
tionships, the Vector RAM eliminates this possibility.