Computer systems typically have three main blocks: a central processing unit (CPU), memory, and input/output circuitry. Microcontrollers, which are also known as microcomputers or embedded controllers, may incorporate all three of these blocks onto a single integrated circuit chip. Microcontrollers are used for a variety of control applications such as cellular telephones and other mobile devices, television remote controls, microwave ovens, and the like. Depending on the application, the microcontroller may either be able to have all its data on-chip, or it may have some data on-chip and some off-chip. For those applications where data is stored off-chip, a microcontroller is typically designed to operate in an “expanded mode” in which address and data signals are present on integrated circuit pins. These pins allow the microcontroller to access the data in external memory via an external data bus.
It is frequently important to restrict access to the data stored in mobile devices that use microcontrollers. By their very nature, such mobile devices are more susceptible to loss and theft than non-portable devices. Furthermore in many applications in which the software is complicated, such as cellular telephones, the required data is usually too large to fit completely on-chip. Thus, at least part of the data will typically be located off-chip and the microcontroller must access it in expanded mode. As a result, once such a device is in the hands of an unauthorized user, its data becomes highly susceptible to being accessed and misused. A common approach to accessing the data stored in an external memory is to simply pull the external memory chip out of its socket and read the stored data using separate hardware. Moreover, even data stored internally can frequently be read by probing the external data bus and analyzing the internal data flow and memory status in a kind of reverse-engineering.
In order to protect this sensitive data which may be partially off-chip, certain microcontrollers have implemented address and data encryption techniques. Address encryption consists generally of scrambling the physical locations within the microcontroller's internal memory so that unauthorized users cannot read out the data by determining the logic states of memory cells and knowing the sequence due to the physical location of the memory cells. Data encryption, in turn, consists of encrypting data when it is passed from the CPU or internal memory to external memory, and decrypting data when it is read from external memory into the CPU or internal memory. There are many well known encryption schemes which use mathematical transformations and may even use the address location of the data as part of the transformation.
Nonetheless, despite the improved data security provided by these methods, at least one significant vulnerability remains. In a microcontroller, a software application will frequently have unlimited access to all the data residing in the microcontroller's memory, both internal and external. As a result, software processes may be used as a means to maliciously access sensitive data residing in memory. Unfortunately, while a personal computer may respond to such threats by using techniques such as virtual machines or emulators, such techniques are generally not available in embedded microcontroller applications.
For the foregoing reasons, there is a need to better protect sensitive data associated with a microcontroller from both malicious software processes running inside the device, as well as from unauthorized attempts to read the data from an external data bus and/or external memory.