Technical Articles
2025-01-02

How Early MCU Chips Were Encrypted?

Source | IoVSecurity

Editor | strongerHuang

Since the birth of MCUs in the 1970s, the technology for cracking chips and the solutions to prevent chip cracking have been in a continuous chase of “one height above the other”.

This article shares the development history of microcontrollers in security protection and summarizes the advantages and disadvantages of the highest security level smart card chips at the end of the article.

1. Single Board Computer Era

In the early 1970s, embedded systems were composed of separate components such as: CPU, ROM, RAM, I/O cache, serial ports, and other communication and control interfaces.

During this period, there were almost no protective measures, apart from legal ones, to prevent intruders from copying data from the ROM area on the single board computer.

2. Microcontroller Era

With the development of large-scale integrated circuit technology, the central processing unit (CPU), data memory (RAM), program memory (ROM), and other I/O communication ports were integrated into a single microcontroller chip, replacing the single board computer. As shown:

How Early MCU Chips Were Encrypted?
During this period, the internal memory EEPROM and MCU were sealed separately within the same package. Intruders could use microprobes to retrieve data.

3. Security Fuse

As the number of intruders increased, MCUs added security fuses to prohibit data access for their own safety. As shown:

How Early MCU Chips Were Encrypted?
Advantages: It is easy to implement, requiring no complete redesign of the MCU architecture, only using fuses to control data access.
Disadvantages: Fuses are easily locatable and attackable. For example, the state of the fuse can be modified by directly connecting the bit output to power or ground. Some can simply cut the sensing circuit of the fuse using laser or focused ion beams. Non-invasive attacks can also succeed because a separate fuse layout differs from the normal storage array, allowing external signals to force the bits into a state that cannot be correctly read, thereby accessing information stored on the internal chip. Semi-invasive attacks can quickly lead to success but require opening the chip package to approach the die. A well-known method is to erase the security fuse using ultraviolet light.

4. Security Fuses Become Part of Memory Arrays

Later, MCU manufacturers made security fuses part of the memory array, as shown:

How Early MCU Chips Were Encrypted?
General fuses are placed very close to the main memory or share some control lines, manufactured using the same process as the main memory, making fuses difficult to locate. Non-invasive attacks can still be used, allowing external signals to force the fuse bits into a state that cannot be correctly read. Similarly, semi-invasive attacks are also applicable. Of course, attackers need more time to find the security fuses or the control circuits responsible for security monitoring, but these can be automated. Conducting invasive attacks will be very difficult and require manual operation, which will cost more to crack.

5. Using Part of the Main Memory to Control External Data Access

Using power-up to lock specific address areas as security fuses. Or using passwords to control memory access. For example, Texas Instruments’ MSP430F112 can only perform read-back operations after entering the correct 32-byte password. If not entered, only after erasing the byte password can read-back operations be performed. Although this protection method seems more effective than previous ones, it has some drawbacks that can be cracked using low-cost non-invasive attacks, such as timing analysis and power consumption. If the state of the security fuse is part of the memory after power-up or reset, it gives attackers the opportunity to use power noise to crack, forcing the route into an erroneous state in memory.

6. Using Top Metal Layers

Using top metal layer designs increases the difficulty of intrusion. All grids are used to monitor short circuits and open circuits, and once triggered, it will cause the memory to reset or clear. As shown:

How Early MCU Chips Were Encrypted?
Ordinary MCUs do not use this protection method because the design is difficult, and it can also be triggered under abnormal operating conditions, such as high-intensity electromagnetic field noise, low or high temperatures, abnormal clock signals, or poor power supply. Therefore, some ordinary MCUs use cheaper pseudo-top metal grids, which can be attacked very efficiently through optical analysis and micro-probing. Additionally, these grids cannot prevent non-invasive attacks. Similarly, they cannot effectively prevent semi-invasive attacks because there is capacitance between wires, and light can reach the effective area of the circuit through the wires. In smart cards, some of these grid lines are also laid between power and ground. Some programmable smart cards go further, simply eliminating the standard programming interface, or even removing the EEPROM reading interface, replacing it with a boot module that can erase or shield itself after code is loaded, only responding to functions supported by the embedded software of the user. This effectively prevents non-invasive attacks.

7. Smart Card Chip Security Design

In recent years, some smart cards have used Bus Encryption technology to prevent probing attacks. As shown:

How Early MCU Chips Were Encrypted?
Data is stored in encrypted form in memory. Even if intruders obtain data from the data bus, they cannot know the keys or other sensitive information (such as data restoration methods). This protection measure effectively prevents invasive and semi-invasive attacks. Some smart cards can even achieve different bus encryption keys for each card, so even if intruders fully crack it, they cannot produce chips with the same functions, as each smart card chip has a unique ID number, and identical ID smart cards cannot be purchased. Additionally, it is worth mentioning that some smart cards design standard module structures such as decoders, register files, ALUs, and I/O circuits using ASIC-like logic. These designs become mixed logic designs. Mixed logic makes it practically impossible to obtain information about the card through manual signal or node searching for physical attacks, greatly enhancing the performance and security of the CPU core. Mixed logic designs make it almost impossible to know the physical location of the bus, effectively preventing reverse engineering and micro-probing attacks.

8. Advantages and Disadvantages of Smart Card Chip Encryption Schemes

For developers, choosing a more secure design microcontroller can provide better protection. Compared to most microcontrollers, even smart cards designed ten years ago can offer better protection. Modern smart cards provide more anti-attack protections, internal voltage sensors protect against power noise attacks (Power Glitch attacks), over-voltage, and under-voltage protections. Clock frequency sensors prevent attacks that lower clock frequency due to static analysis. It can also prevent clock noise (Clock glitch attacks) that attempt to raise clock frequency. Top metal grids and internal bus hardware encryption can prevent micro-probing attacks. However, compared to microcontrollers, smart card chips also have disadvantages, such as high chip prices, and they are difficult to obtain in small quantities. Development tools are expensive, requiring confidentiality agreements with manufacturers, and even the manuals must be treated this way. Many manufacturers only sell large quantities of smart cards to specific customers. Another drawback is the limited I/O functionality; ordinary smart card chips usually only have ISO7816 interfaces, and very few have separate I/O ports. This makes them unable to replace microcontrollers in most applications and can only be used in industries with very high security requirements, such as: pay TV set-top boxes, bank cards, SIM cards, second-generation ID cards, high-end encryption chips, etc. The application of smart card chips in the field of encryption chips will be a good direction. Because smart card chips have high security levels, but fewer I/O resources. Meanwhile, ordinary MCUs have very rich hardware resources but low security levels, allowing some critical algorithms and operating parameters to be stored in special forms on smart card chips, thus achieving powerful functions with high security strength.

9. Postscript

The ongoing struggle between groups attempting to break protective mechanisms and manufacturers continuously introducing new security measures is endless. “One height above the other” or “evil cannot suppress righteousness” will continue to play out between the two sides!

Related posts

Leave a Comment

Your email address will not be published. Required fields are marked *