mark@mips.COM (Mark G. Johnson) (05/30/90)
There was an EPROM built which was indeed secure. It was the Intel
27916 device, organized as 16K by 8 (128Kbits). Intended for
applications such as storage of software [game cartridges are mentioned
in the paper], it prevents accesses unless the user proves s/he is
authorized.
A 64-bit key is programmed into the part. However there is no way
to read the key out; the key only participates in the "authentication
handshake" protocol.
The chip enters the Locked mode upon power-up. To unlock it, you
must authenticate yourself by proving that you know the 64-bit key.
The chip produces a 32-bit pseudorandom number, and encrypts it with
the key. It presents this encrypted result on its pins. The external
system must take this encrypted value and decrypt it, then return the
decrypted result to the 27916 EPROM. If the decryption is correct
then the EPROM is convinced that you do indeed know the key, and it
unlocks. Then the external system generates a random number, encrypts
it with the key, and presents this to the EPROM. The EPROM decrypts
it and hands back the result. If the decryption is correct, then the
system knows the EPROM contains the right key, and the handshake protocol
is completed.
For simplicity, and also to increase sales volume, Intel built the entire
pseudorandom number generator and encryption/decryption hardwire right
onto the 27916 EPROM chip. Thus the software contains an EPROM, and the
system contains another EPROM (used to unlock the software).
Much of the technical paper is devoted to a discussion of the encryption
function and the psuedorandom number generator. I will however note here
that the random number outputs were subjected to several statistical tests,
and that the generator is carefully arranged so as not to produce the same
random number upon each power-up.
It's a good read; I recommend having a look at
L. Letham, D. Hoff, and A. Folmsbee, "A 128K EPROM Using Encryption of
Pseudorandom Numbers to Enable Read Access," IEEE Journal of Solid
State Circuits, Vol. SC-21, No. 5, October 1986, pp. 881-888.
Also, I recommend talking to your favorite IC engineer and asking
the question "Suppose I want to use microprobes to discern the logic
states on 64 different signals of a chip, and suppose those signals
don't connect to the metal layer. How easy and/or costly would this be,
and how many samples (chips) would be required?"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^--- this is the yucky
part; even the best
probe operators mangle a
die after N<<64 probings.
For spazzes like me, it's
a lucky day if N=10 and
that's if they're metal!!
(metal is easiest to probe)
--
-- Mark Johnson
MIPS Computer Systems, 930 E. Arques M/S 2-02, Sunnyvale, CA 94086
(408) 524-8308 mark@mips.com {or ...!decwrl!mips!mark}mark@mips.COM (Mark G. Johnson) (05/30/90)
In article <21908@shamash.cdc.com> mpe@shamash.cdc.com writes: >The simplest method to by-pass security shells on any computer (or in >this case an EPROM) would be to allow the target computer to present >itself to the EPROM at power-up and receive the necessary validation and >later access the EPROM from the run-time evironment. Some OS kernels will >even assist the process by copying the slower EPROM into faster SRAMS. But remember that the EPROM is designed for use in a game cartridge, whose host machine will apply both ends of the authentication handshake: (1) EPROM verifies that host contains secret key; (2) host verifies that EPROM contains secret key. The goal is to prevent folks from copying game cartridges. A game cartridge must contain one of these Intel EPROM chips so that it can perform the hardware handshake. If you know what bits to program into the data-store area of the ROM, that's most of the battle, but you still need to know how to program the KEY bits so your duplicate EPROM can perform both halves of the hardware handshake. Otherwise the host will refuse to talk to you. If all you want to do is read out the contents of the datastore of the ROM and you don't give a hoot about the key, just purchase a legimitate cartrige, remove the plastic housing, clip a logic analyzer onto the pins of the ROM and record the address/data pairs as they whizz by. Aside: Pull down your Intel catalog and look for 27916. It isn't there. I guess the game cartridge market might have evaporated before Intel was ready to deliver the part. Or, mebbe customers decided they didn't like Intel's scheme (or, dare I say, Intel's price?). Rumor has it that Nintendo game cartridges contain ROMS that are somehow abnormal (encrypted? wacko custom chip design that doesn't correspond to any commercial part, e.g. 48K by 11bits?), and that this is how they guarantee they are the only source of [highly lucrative] cartridges. -- -- Mark Johnson MIPS Computer Systems, 930 E. Arques M/S 2-02, Sunnyvale, CA 94086 (408) 524-8308 mark@mips.com {or ...!decwrl!mips!mark}