1. Field of the Invention
The present invention relates to a memory security device, and in particular to the security of flash memory used in conditional access devices.
2. Description of the Related Art
In conditional access devices for pay television, or any other device using memory and requiring security, there is a need to provide flash memory but to avoid hacking. Hacking is the unauthorised placing of software in memory to override security features.
A known way of attempting to prevent hacking is to use some form of checking instructed by ROM memory to ensure that an application code stored in flash memory is correct.
In such devices, a flash memory has a boot sector and an application sector. A CPU is arranged to run application code from the flash memory retrieved over an interface. The security is provided by the fact that the CPU boots from a boot ROM which contains code to check the boot sector of the flash memory. This is done once by the CPU producing a function of the code in the boot sector and comparing with a stored signature on startup. The CPU then jumps to the code in the boot sector if it passes the check.
We have appreciated, however, that there is a relatively simple way of hacking such a security arrangement. When the CPU boots up using code from the ROM, the CPU checks that the code in the boot sector is correct. The weakness is that the process of power on, CPU boot and checking the flash takes a predictable number of clock cycles of the CPU clock. Thus to hack the system, a hacker places code in an unchecked part of the flash memory and forces the CPU to read from that part of the memory after a predetermined number of clock cycles by fixing an external address line.
The CPU thereafter runs from unchecked code and no further checks are conducted, because the verification of code is only conducted on boot up from the ROM.
We have appreciated the problem that memory storing application code within devices can be insecure and prone to hacking by storing unauthorised code.
We have further appreciated the need to provide security to memory which stores application code, but to also allow the application code to be changed or updated. Further, we have appreciated deficiencies in the prior art in that a CPU could be hacked to run from unverified code, whilst checking devices redundantly checks verified code.