mark@mips.COM (Mark G. Johnson) (05/30/90)
There was an EPROM built which was indeed secure. It was the Intel 27916 device, organized as 16K by 8 (128Kbits). Intended for applications such as storage of software [game cartridges are mentioned in the paper], it prevents accesses unless the user proves s/he is authorized. A 64-bit key is programmed into the part. However there is no way to read the key out; the key only participates in the "authentication handshake" protocol. The chip enters the Locked mode upon power-up. To unlock it, you must authenticate yourself by proving that you know the 64-bit key. The chip produces a 32-bit pseudorandom number, and encrypts it with the key. It presents this encrypted result on its pins. The external system must take this encrypted value and decrypt it, then return the decrypted result to the 27916 EPROM. If the decryption is correct then the EPROM is convinced that you do indeed know the key, and it unlocks. Then the external system generates a random number, encrypts it with the key, and presents this to the EPROM. The EPROM decrypts it and hands back the result. If the decryption is correct, then the system knows the EPROM contains the right key, and the handshake protocol is completed. For simplicity, and also to increase sales volume, Intel built the entire pseudorandom number generator and encryption/decryption hardwire right onto the 27916 EPROM chip. Thus the software contains an EPROM, and the system contains another EPROM (used to unlock the software). Much of the technical paper is devoted to a discussion of the encryption function and the psuedorandom number generator. I will however note here that the random number outputs were subjected to several statistical tests, and that the generator is carefully arranged so as not to produce the same random number upon each power-up. It's a good read; I recommend having a look at L. Letham, D. Hoff, and A. Folmsbee, "A 128K EPROM Using Encryption of Pseudorandom Numbers to Enable Read Access," IEEE Journal of Solid State Circuits, Vol. SC-21, No. 5, October 1986, pp. 881-888. Also, I recommend talking to your favorite IC engineer and asking the question "Suppose I want to use microprobes to discern the logic states on 64 different signals of a chip, and suppose those signals don't connect to the metal layer. How easy and/or costly would this be, and how many samples (chips) would be required?" ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^--- this is the yucky part; even the best probe operators mangle a die after N<<64 probings. For spazzes like me, it's a lucky day if N=10 and that's if they're metal!! (metal is easiest to probe) -- -- Mark Johnson MIPS Computer Systems, 930 E. Arques M/S 2-02, Sunnyvale, CA 94086 (408) 524-8308 mark@mips.com {or ...!decwrl!mips!mark}
mark@mips.COM (Mark G. Johnson) (05/30/90)
In article <21908@shamash.cdc.com> mpe@shamash.cdc.com writes: >The simplest method to by-pass security shells on any computer (or in >this case an EPROM) would be to allow the target computer to present >itself to the EPROM at power-up and receive the necessary validation and >later access the EPROM from the run-time evironment. Some OS kernels will >even assist the process by copying the slower EPROM into faster SRAMS. But remember that the EPROM is designed for use in a game cartridge, whose host machine will apply both ends of the authentication handshake: (1) EPROM verifies that host contains secret key; (2) host verifies that EPROM contains secret key. The goal is to prevent folks from copying game cartridges. A game cartridge must contain one of these Intel EPROM chips so that it can perform the hardware handshake. If you know what bits to program into the data-store area of the ROM, that's most of the battle, but you still need to know how to program the KEY bits so your duplicate EPROM can perform both halves of the hardware handshake. Otherwise the host will refuse to talk to you. If all you want to do is read out the contents of the datastore of the ROM and you don't give a hoot about the key, just purchase a legimitate cartrige, remove the plastic housing, clip a logic analyzer onto the pins of the ROM and record the address/data pairs as they whizz by. Aside: Pull down your Intel catalog and look for 27916. It isn't there. I guess the game cartridge market might have evaporated before Intel was ready to deliver the part. Or, mebbe customers decided they didn't like Intel's scheme (or, dare I say, Intel's price?). Rumor has it that Nintendo game cartridges contain ROMS that are somehow abnormal (encrypted? wacko custom chip design that doesn't correspond to any commercial part, e.g. 48K by 11bits?), and that this is how they guarantee they are the only source of [highly lucrative] cartridges. -- -- Mark Johnson MIPS Computer Systems, 930 E. Arques M/S 2-02, Sunnyvale, CA 94086 (408) 524-8308 mark@mips.com {or ...!decwrl!mips!mark}