Hi, I have LPC1788 embedded board with external NAND flash.Is it poosible to put some code/function in the NAND flash that we are able to run ?
Best Regards, Mostafa
Yes, the code is calculation of important parameters those no oneself is not allowed to use. In this way, i can protect the code.
Important to you? Or important to the world?
I think nothing important to world! But the data is belonging to the company that i am working for them that i am responsible that no one can copy them.
"But the data is belonging to the company that i am working for them that i am responsible that no one can copy them."
So were the developers who implemented the code for Microsoft X-Box and a number of other game consoles too.
It's hard to protect information from someone who wants to access it. Especially when you add external memory. Did you plan to use AES-128? And even then, people eat the encryption by just analyzing the power consumption of your processor while it decrypts the data...
It'll be extra interesting when the customers expects your device to support field-updating with new firmware - then you need a way to distribute even the part of the code that is inside the processor.
So in the end, you can't invest too much on the assumption that you can protect the contents of the flash memory if the information really matter to someone else. And if it doesn't matter to someone else, then it's a waste of time to try to protect the information in the first place - the extra complications of the encryption is likely to cost more for the company than the perceived gain.
Surely, the obvious place to start for anything specific to the LPC1788 would be:
www.nxp.com/.../LPC1788FET208.html
Look on the 'Design Support' and 'Downloads' tabs
And the standard place for NXP support - as linked from that page - is:
http://www.LPCware.com
Secure boot hardware is worth mentioning here.
Yes, I know that there is no way to protect completely from reverse engineering. But my plan is to put the reverse engineering to encounter him/her to more challenges. the main code is in the internal flash with CPR level 3. Each parts of the code containing the program code and part of code those are intended to update from outside or store in external memory will be encrypted with AES-256 with some random data in the original data. the key will be encrypted by some simple algorithm in the internal flash. Another security that i will suppose in my work, I put many hardware signatures to check in the firmware, ie. serial of SD card, each micro-controller that can put some hardware signature. In this way, someone who wants to hack without changing firmware, should copy all the ICs (ARM, simulated SD/Card, micro-controllers , ....). Another security to overcome from copying the ICs is using internal RTC to check that if backup battery or ARM core are replaced or not. Another level of security is activated online to find the fake machines. the last security that someone can apply is using some artificial intelligence techniques in the firmware to track the changes in the system.
By the way, i do not know the mentioned processes will work or not. I have designed a system that today will not be copied!!! But for the new one, I have doubt to do these works.
Why AES-256? It isn't really more secure than AES-128 from a practical perspective. See for ecample: blog.agilebits.com/.../
Encrypting the key - stored in read-protected flash - isn't really meaningful either. Encrypting the key is something you do when the key file is likely to be publicly available - and then you need strong encryption with strong pass-phrase.
You are making your life way too complicated without having shown that there are real significant monetary investments that needs to be protected. Right now, you are only introducing significant costs for the company. And for the support, who are going to tell the customer that oops - your security measures made your own devices fail because the RTC battery run out of power. Is the danger of someone peeking at your data really representing losses of millions of dollars?
Remember that if the data in that chip really is worth lots of money, then the attacker will most probably be way more skilled than you (since there is an economical incentive to use someone who is explicitly skilled in reverse-engineering - or in social engineering) so in the end, your protection will quite likely fail because of some unexpected oops you didn't even see. They might even mail you a PDF file that harvest your local machine... So you and your company takes all the costs and inconveniences without getting even close to the advantages you expected.
Yes, you are right. the worth of code is not about the million dollars in a month. But you know that the cost of reverse engineering in the complex version should really be high that there is a few poeple can support it. By the way, You are right! But considering the system simple, it can be reversed by an armature engineer!!! For example, one internal factory produced a program that we need a part of it. You know, I am really do not know about reverse engineering the code. But i did that very simple!!! On the other hand, we had some challenges about the CLIP software for RENAULT company. I and many expert reverse engineers can not do that! I mean that if someone wants to copy the software and hardware, it is better to has this merit.
But you are making sure it's you, and your company, that gets the costs. The intention is for you to save money.
Let's say you spend three weeks extra to implement this security. Will management then give you three weeks extra, to make sure it doesn't affect the quality of the rest of the software? And will the management allocate extra resources for the support - since you will get higher support costs when you get issues out in the field? And will the management allocate extra resources for the maintainance of the software, since increased complexity will introduce more errors and require you to spend more time on this software for the rest of the economical life if it?
The decision should be to maximize profit. And then you need to show that the probabilities - and the dangers of - someone reverse-engineering your software is much higher than all the costs it takes to try to protect the code.
If anyone gets access to the content of the internal ROM, then any protection you have tried will fail totally.
If you can protect the internal ROM - and make sure all critical data is there - then you can get by with a very, very, very much simpler solution. Then it's enough to just use a cryptographically strong hash function to verify the integrity of the code that is stored in external flash - and make sure you refuse to run any external code that isn't properly signed.
Right now, you are trying to build Fort Knox with several meters of armored concrete walls on a building with a dirt floor - anyone who wants the data will just dig under the walls and ignore your costly protection.
If you really have millions of dollars of value to protect, then you should pay for independent security reviews by someone who specializes in security audits. You would most probably be surprised by the security holes that are likely to show up. One single buffer overflow somewhere in your code will totally 100% invalidate every single line of advanced protection you added to your shell protection. If you want Fort Knox security, then your company must be ready to invest massive amounts of money - which is only meaningful if you have massive amounts of money to protect.
One single bad line if code in your complicated protection can make your company lose significant amount of money in goodwill losses, and in work needed to replace the software with corrected software. And down time while the customers waits to receive the fixed software. And potentially a need for a physical visit to every installation in case that bug breaks any over-the-air remote update functionality. In short - complexity costs money. Often huge amounts of money. And complexity reduces the quality of the base functionality - the one the customers is actually paying for. That's why someone a bit up in management should sign the work order for complex solutions after having received a document that clearly describes the problems involved, and the potential for significant additional costs down the line.
Realize that most information losses doesn't happen from people investing heavily in breaking advanced encryption - there are just too many other ways to get access to information. It's just so much cheaper to trick you - or quite a number of other people around you - to insert that USB thumb drive they happened to find on the parking lot outside your job. And that is why a number of companies tries to keep their important data on machines that aren't networked - until some unsuspecting employee decides to charge their Android phone from a USB connector.
In the end, AES-256 will just trick you into believing your data is well protected.
Thank you for your help. I want to mentioned some issues:
1- It is true that takes about few weeks (about 4 six month) to implement this security for testing and some other issues. But it is done for once. If all things will be automated, there is no concern about allocating extra resources. Because the system have alarms for probable faults and are able to recovery itself in some situation. We are already doing for AVR micro-controller system.
2- considering these few weeks does not effect the cost of support. Because many things will be done automatic.
3- Please consider that you developed a software and hardware with weak security in a short time. What is your sense, if your hardware copy in a day and you can not make profit! But I think if your system has many securities, it will be hacked more time with extra costs. If we see that the software hacks after 2 years of production time. It can be reasonable than a month after production time.
4- Another thing that i believe, It is not related that how the company is big and rich. In my opinion, I, as an engineer, should have the most talent to protect my innovation. Starting from this simple security can be ended with an intelligent securities.
5- As an important things, as my opinion, stolen data from WIFI or USB flashes or something else need many times to construct and copy the production. But if the software needs many updates and supports more capabilities, It can not be supported furthermore. for example one of our earlier software was cracked because of simple encryption. After that we changed the security and by the next updates, they can not continue producing the fake software.
6- Assigning an expert team has many cost that our management system can not accept them. But they can not accept an earlier copy of the software. In this way, taking 4 weeks is really reasonable.
At the end, we want to build a system that when they try to remove a simple ICs the system can detect and generate the faults.
And finally, I do not have many experiences in electronic system (about 14 years). But i hope consider your helps and supports and design to reduce the cost of maintenance as much as possible.