Security of Intelligent Terminals: Hardware Security Technology – Encryption Chips

Preface

After the basic hardware has the capability of independent control, necessary security reinforcement in upper-level applications becomes the main task of terminal security. Among these, hardware encryption work is one of the fundamental tasks for application security reinforcement, and encryption chips are indispensable encryption hardware.

In products such as U-shields, smart cards, card readers, and encryption boards, as well as in fields like online banking, mobile payments, data security, confidential communication, copyright control, and smart grids, encryption chips are widely used as an important basic security function unit.

Defined, an encryption chip is an integrated circuit chip capable of independently generating keys and performing data encryption and decryption, implementing various cryptographic algorithms, and using cryptographic technology to store keys and sensitive information.

Inside the encryption chip, there is its own CPU and memory for encryption and decryption calculations, storing keys and sensitive data, providing data encryption, decryption, and authentication services for encryption products. Products that use encryption chips for encryption store keys and encrypted data within the encryption chip, making it difficult to steal and decrypt from the outside, thus achieving the goal of protecting data security.

As of June 2015, the National Cryptography Administration has certified over 100 domestic commercial encryption chip products. According to the “Security Chip Cryptography Detection Guidelines” issued by the National Cryptography Administration’s commercial cryptography testing center, encryption chips are classified into three security levels.

Among them, security level 1 (the lowest level) requires that the chip can be applied in situations where physical security and input/output information security can be guaranteed; Security levels 2 and 3 (the highest level) require that the chip can be applied in situations where physical security and input/output information security cannot be guaranteed, which requires the chip to have corresponding logical and physical protection measures to protect sensitive data.

Regardless of the level of the encryption chip, it must have the capability of generating true random numbers, which requires that the security chip must be able to generate random numbers directly from physical random sources such as voltage, temperature, and frequency or directly generate the initial input for random expansion algorithms.

Based on the capability of true random number generation, the encryption chip must also have the ability to implement cryptographic algorithms. For security levels 2 and 3 encryption chips, the cryptographic algorithms must be implemented on dedicated hardware modules. For commercial encryption chip products certified by the National Cryptography Administration, national cryptographic algorithms must be used, such as the SM1 and SM4 algorithms in block cipher algorithms, the SM2 elliptic curve algorithm in public key cryptography, the SM3 algorithm in hashing algorithms, and the ZUC algorithm in stream cipher algorithms.

Should we learn national cryptographic algorithms?

For block cipher algorithms, encryption chips generally support ECB (Electronic Codebook) and CBC (Cipher-block Chaining) modes.

For security levels 2 and 3 encryption chips, since they may operate in situations where physical security and input/output information security cannot be guaranteed, they need to possess the ability to defend against various attacks, including timing attacks, power analysis attacks, electromagnetic analysis attacks, and fault attacks, and also need to have self-destruction capabilities for keys and sensitive information to ensure information is not leaked.

For general commercial encryption chip products, national cryptographic algorithms are usually adopted, which are generally publicly available within a limited scope, mostly implemented through hardware encryption modules, ensuring a certain level of security. For dedicated cryptographic security chips with higher security requirements, such as those used in military or state secret scenarios, the technical implementation principles are similar to commercial cryptographic security chips, but they will use non-public encryption algorithms to achieve a higher level of security.

For confidential scenarios with certain security level requirements, mobile terminals can use encryption chips to encrypt and store application data and ensure encrypted transmission. For basic services such as phone calls and text messages used for user communication, encrypted transmission of communication data can be achieved through encryption chips and necessary modifications to the terminal, allowing operators to provide encrypted communication services for users in need to ensure the security of user communications. (Does it remind you of the listening devices used by agents in movies?)

With the development of mobile internet, mobile phones are no longer just communication tools, but intelligent terminals with multiple functions such as mobile e-commerce, mobile payments, mobile internet finance, mobile governance, mobile law enforcement, and mobile office. Through encryption chips and necessary modifications to relevant applications, user personal information, business information, and financial information can also be securely protected.

Next, we will learn about SIM card security technology.

Aside

SIM: subscriber identify module, a module for customer identification. The SIM card, also known as a smart card or user identity card, is mainly used for user identification in digital cellular mobile phones. A mobile phone can only access the network after the SIM card is inserted.

We now focus on advanced chips like CPUs and GPUs, but we have not paid much attention to chips like SIM cards and IC cards. This is natural; the design difficulty of IC card chips, SIM card chips, and ID card chips is not high, while the most challenging is the processor.

But do you remember? Back in the early 2000s, phone cards were very expensive. This was because the small SIM card used in our phones could not be produced in China and had to be imported, with an average price of 82 yuan.

Huahong Group has opened a gap in the situation where China’s chip supply was dependent on imports. After Huahong NEC broke the import dependence, the average price of domestic SIM cards dropped to 8.1 yuan. The 8KB capacity IC card chip originally priced at four to five dollars, after being produced by Huahong NEC, the price of the 32KB capacity IC card chip is now less than 1 dollar. China has established a complete industrial chain in the smart IC card field, from chip design, production, module and IC card manufacturing, to application system software development, with Huahong Group occupying over 80% of the domestic IC card market share. Huahong NEC has made outstanding contributions to China’s IC card industry.

Beihua Hong entered the supplier list of China Mobile and China Unicom at the end of 2002, and the following year sold 3.2 million SIM cards, achieving sales revenue of 25 million yuan. In 2004, Beihua Hong’s sales exceeded 100 million yuan, and it also supplied to GEMPLUS, the world’s largest IC card company.

Of course, the story always has its ups and downs.

Huahong Group has established two chip design companies known as “Nanhua Hong” and “Beihua Hong” in Shanghai and Beijing, respectively. Considering the immense difficulty of chip design and the scarcity of domestic chip design talents, Nanhua Hong chose to focus on chips that are urgently needed in the domestic market and have lower design difficulty, such as IC card chips and communication chips for product development.

Beihua Hong is one of the earliest companies in China to attempt mobile baseband chip design. In December 1998, the Ministry of Information Industry and the National Development and Reform Commission jointly issued several opinions on accelerating the development of the mobile communication industry, proposing to vigorously support the development of mobile communication products with independent intellectual property rights. In 1999, in the bidding for the Ministry of Information Industry’s Electronic Development Fund’s special 2.5G mobile core technology project, Beihua Hong became the only integrated circuit design company to win the bid.

Subsequently, Beihua Hong collaborated with Texas Instruments to develop 2.5G mobile baseband chips, only to find the design difficulty too high, requiring at least two years to produce a product, and even then it might not have price competitiveness or market application. Therefore, Beihua Hong turned to designing lower-end communication smart card chips. At that time, China was preparing to promote its own 3G mobile communication standard, so corresponding mobile baseband chips were necessary. Even Beihua Hong, backed by national support, found it challenging; can China still have its own mobile baseband chip design companies?

Content excerpted from “Chip War”

References

Security of Intelligent Terminals in the Mobile Internet Era

Related posts

  1. Exploring the STM32H7 High-Performance Series and Application Design
  2. Research on Data Compliance Business Encryption Algorithms (Part 1)
  3. Exploring the Trillion-Dollar Smart Market: Xavier and Jetson AGX
  4. Security Products – Secure Password Modules
  5. Exploring Technical Solutions for Vehicle-Cloud Integration Using Rust on Android
  6. The Relationship Between Riemann Hypothesis and Blockchain Encryption Algorithms
  7. Embedded Security Series | I2C Protocol Analysis
  8. Introducing the Curie Nano: The Best Maker Board of the Year by DFROBOT
  9. Embedded Weekly Report #275: Security-Critical C Code Rules
  10. Lightweight Embedded System Framework: mr-library Overview
  11. Optimizing Your Android (Go Edition) Application
  12. Emerging Professional Insights (Part 1) | Artificial Intelligence
  13. Toshiba Launches Arm Cortex-M4 Microcontroller for Motor Control
  14. Unlocking the RK3588 Development Board in 3 Minutes: A Comprehensive Guide
  15. When LEGO Meets Arduino: Building a PM2.5 Detector with LEGO
  16. DIY Wall-Climbing Drone Project
  17. The Past, Present, and Future of Embedded System Cybersecurity
  18. Building and Debugging the JTAGulator for Embedded Security
  19. In-Vehicle MCU Hardware Encryption Module Training

Leave a Comment