Page 40

EETE FEBRUARY 2013

MEMORY & DATA STORAGE Fig. 1: Solid Flash provides several advantages for logistics and development. Fig. 2: Principle of the secure Flash loader. has been reached already years ago, for the remaining smart card applications Solid Flash products were developed. Infineon already had its first Flash based security controller EAL5+ high certified in 2006. All platforms from 90nm onwards are planned without customer ROMs in favour of Flash. In the meantime all required certifications (CC EAL 5+/6+ (high), EMVCo, several local type approvals around the world) have been obtained. Replacing ROM with Flash certainly is a paradigm shift for the industry for secure applications. But, with respect to applications and security there is no difference between ROM and Solid Flash based products. Principally the only difference lies in the fact that the locking of the code has been moved from the ROM mask creation in the semiconductor production towards the (pre-)personalization phase which also has to be done in a secure and certified environment. Security mechanisms The high functional security of Solid Flash is achieved by a secure mask transfer equal to that of a ROM mask code, secure and encrypted downloading and a special blocking mechanism. The program code of Flash products must be protected after programming to be secured against changes in the field. Moreover every Flash-based security Fig. 3 All Solid Flash products are based on the same UCP cell. chip has a chip-specific random key for encryption, whereas for mask ROM all chips that belong to the same ROM mask (often millions) have the same key. Given the fact that Flash products offer the flexibility to download the Card Operating System and the applications into the smart cards during development and the production phase, it is not only necessary to protect the access to the secure loading mechanism by a project- and customer-specific key but it is also crucial to permanently deactivate the mechanism before deployment. This is to prevent any attacker from using the secure loading mechanism to download malicious applets to carry out attacks against the chip. The Solid Flash products provide a certified locking mechanism, which protects the programmed memory content after personalization to the same level like in ROM products. The mechanism is part of the specific Flash loader from Infineon, which is certified together with the hardware by Common Criteria, EMVCo and other type approvals. Also provisions in the hardware architecture to protect the memory from analysis and manipulation have been made. Storage of information in Flash cells offers another advantage if the chip is subject to reverse engineering. In ROM products, the information is typically stored in metal conductors, so that the ROM content itself can be read by relatively simple means. Flash memory cells, in contrast, store the information as electrons only, making reverse engineering more difficult. In Solid Flash products a hardware firewall is implemented in order to separate code, data and other applications. This provides ef- Table 1: Comparison of storage technologies for smartcard products. 32 Electronic Engineering Times Europe February 2013 www.electronics-eetimes.com


EETE FEBRUARY 2013
To see the actual publication please follow the link above