High-Performance, 32-Bit Micro

High-Performance, 32-Bit Microcontroller Integrates Security Supervisor and Cryptographic Functionality for Financial Applications

• The MAXQ1103 is a high-performance secure microcontroller for financial terminal applications and any other application that requires PCI, FIPS 140-2, Common Criteria, or other security certifications.
• The device integrates sophisticated protection mechanisms for secret key data. Using low-power sensors, the MAXQ1103 detects when it comes under attack and erases all sensitive data and secret encryption keys before an attacker can discover anything.
• The MAXQ1103 employs high-performance cryptographic engines for secure communication and authentication, critical for high-speed financial transactions.
• The MAXQ1103 protects software applications better than any other product available. Code is stored in 3DES-encrypted form, making it impossible for an attacker to clone or reverse engineer an application.

SUNNYVALE, CA—September 22, 2008—Maxim Integrated Products (PINK OTC MARKETS: MXIM) introduces the MAXQ1103, a high-performance 32-bit RISC microcontroller for the financial terminal market. The MAXQ1103 integrates security supervisory features, advanced encryption acceleration, and 1kB internal nonvolatile memory (NVSRAM) around a 32-bit MAXQ® microcontroller core. With this high integration, the MAXQ1103 simplifies and protects designs that require a high level of physical and logical security, such as financial terminals, government security applications, and digital rights management.

A secure application's primary function is to protect secrets, and the MAXQ1103 does this better than any device available on the market. The MAXQ1103 is resistant to side-channel attacks and physical attacks, and provides many options for application-specific tamper detection. Most important for key protection is the MAXQ1103's custom-designed, battery-backed nonvolatile (NV) SRAM. NVSRAM is the best kind of memory for secret storage because it can be erased quickly in reaction to tampering.

The MAXQ1103's combination of NVSRAM for secret storage, tamper-detection technology, and hardware encryption accelerators makes it the best choice for applications requiring PCI, FIPS 140-2, Common Criteria, or other security certifications.

Financial Application Challenge: Low Power and High Alert

A financial application needs to maintain its secret keys even when it does not have power. It cannot, moreover, stop protecting those keys just because someone unplugged it. This means that financial applications need to support low-power modes that can run for long periods of time under battery power, without sacrificing extremely high levels of security monitoring and tamper reactivity.

Consider a financial terminal that is implemented without components designed for secure applications. There would be a small SRAM, a real-time clock, and at least one microcontroller to monitor the security circuitry. A low-power microcontroller might consume 1µA while in stop mode, but it will need to wake up about twice a second to take measurements. It will check connections for opens and shorts and possibly monitor some other sensors (such as a light or motion sensor). Assume that this microcontroller needs to run for 10ms, consuming 1mA during this active time. This makes the average current consumption:

(2 × 10ms × 1mA) + (980ms × 1µA) = 21µA

At 21µA, a 250mAHr battery will last about 1.4 years, far too short a period of time for a device that is expected to last 5 or more years. A bigger battery can be used, but would be much more expensive. Consider too that this 21µA power consumption does not include the additional current consumption from the SRAM or real-time clock.

The MAXQ1103 improves this power situation by integrating all of its functions into one chip: NVSRAM for key storage, a real-time clock, and circuitry to detect tamper events. These circuits are designed to be lean in battery-backed mode—a low-power ring oscillator clocks the circuitry that monitors security, and the SRAM is custom designed to require minimal current to maintain its state. The resulting MAXQ1103 device provides complete security functions with a worst-case 85°C battery leakage of 2.55µA. Using the original example of a 250mAhr battery, this translates to 11 years of life. Alternatively, a designer can opt for a less expensive battery, for which a 125mAhr battery will provide about 5.5 years of life.

Financial Application Challenge: High-Speed Encryption and Authentication

Gone are the days when a financial application only needed to encrypt a PIN and transmit it over a serial port. Today's financial terminals must validate program updates that they download over the internet, communicate with smart cards, authenticate financial logs and reports, navigate credit-card networks, and manage sensitive financial data in long-term storage (just to name a few). Each of these tasks requires encryption, and a software DES implementation does not leave enough bandwidth to do all these tasks, unless you wait five minutes for your credit card to clear.

The numbers tell the story best. For example, a software implementation of the Triple DES (3DES) algorithm might need 3kB of code space and take 4 milliseconds to execute on an 8-bit microcontroller. Other 16- and 32-bit microcontrollers might take less code space and less time to execute, but that execution still requires operations measured in kilobytes and milliseconds.

In notable contrast to this traditional solution, the MAXQ1103 integrates several high-security hardware accelerators for standard cryptographic algorithms. This means that applications can support high-speed encryption and authentication algorithms with minimal code and data memory support. The MAXQ1103's hardware 3DES accelerator needs only 57 cycles to execute an encryption or decryption operation. So running at 20MHz, the 3DES algorithm completes in only 2.8 microseconds. Also, since the algorithm is implemented in hardware and not software, 100 bytes of instruction code are required to load and execute the hardware engine. Restated simply, the MAXQ1103 converts an algorithm that takes kilobytes and milliseconds to execute into one that needs only bytes and microseconds.

The MAXQ1103 has hardware acceleration support for several advanced encryption algorithms, including the Secure Hash Algorithm (SHA-1, SHA-224, SHA-256), DES, 3DES, RSA (up to 2048-bit keys), DSA, and Elliptic Curve DSA (ECDSA).

Financial Application Challenge: Protecting Application Code

The protection of intellectual property (IP) is becoming important in all applications; not only does data need to be protected, but also the application code. Companies and engineers spend man-years of time developing software for embedded applications, and want to protect that investment from being copied by a competitor. The manufacturers of financial terminals have an additional requirement to protect their devices from attackers that insert their own application code to disclose PINs or other sensitive financial information. A solution is needed that will prevent application code from being modified, copied, and reverse engineered.

Conventional solutions to the problem of protecting IP include dongles or coprocessors. The idea is that if an external component (e.g., the dongle) with a secret key is not present, then the application will not run. In the case of a secure coprocessor, the external component could even run a key piece of the application.

Another potential solution is to use only microcontrollers with integrated flash or ROM memory for code storage.

While these solutions add some security, a determined attacker can still easily prevail—dongles and coprocessors do little to prevent reverse engineering or code modification, and internal memory storage can be defeated with an IC engineer wielding a microprobe. Fortunately, there is a higher security alternative: code encryption.

The MAXQ1103 supports code encryption through a dedicated 3DES engine that decrypts instructions and a 4kB instruction cache to maintain performance. In addition, each MAXQ1103 uses its hardware random number generator to create its own unique encryption keys. The result is that the encrypted code stored externally is always different from device to device, even when the decrypted code image is the same. The code encryption makes it practically impossible for someone to reverse engineer the code; the unique code encryption key in each device makes it useless to copy the code, as it will not work with any other MAXQ1103 device.

But what about modification? With only the support of code encryption, an attacker can still modify the code by inserting random instructions. They will have a difficult time controlling the microcontroller, but with enough attempts they might find a useful instruction that moves secret data to an output port. To prevent this, the MAXQ1103 includes code integrity checking: a checksum of each unencrypted block is stored and compared when instruction blocks are decrypted. If the integrity check code does not match, it triggers a tamper event and destroys the keys, thus preventing an attacker from supplying the microcontroller with modified instructions.

MAXQ1103 Provides Best System Security

The MAXQ1103 offers the most complete set of security tools available for financial applications. It meets the demanding security and performance specifications of today's financial terminal industry by providing vigilant tamper detection with extremely low power consumption, executing high-speed hardware encryption accelerators, and protecting software applications from modification or cloning.

Secure 32-Bit µC for Financial, Government, and IP Protection Applications