PEmicro | Experts in Embedded tools for Flash Programming and Development
Cart New Account Login

HomeAbout usProductsSupportForumsBlogCustomer Service


by Esteban Gonzalez, Keith McNeil & Peter Truong


PEmicro's new ProCryption Security feature on Cyclone programmers allows for easy-to-use custom encryption of programming images as well as control over how and when programming images are used. By taking advantage of these security features a user can send their programming images electronically with the confidence that their valuable IP will remain safe and only usable on their own Cyclone programmers. It is also possible to control how many times an image is programmed and when, such that unwarranted programming does not occur. Once implemented, these security measures are also easy to maintain.  

With ProCryption Security, Cyclone users can:

  1. Create RSA/AES encrypted programming images (eSAP images) that use their own uniquely generated ImageKey(s). These programming images may only be used on Cyclones that are pre-configured with the same ImageKey(s). 
  2. Restrict the use of programming images by programming count and date range. 
For a step-by-step example of creating an ImageKey, provisioning a Cyclone with the ImageKey, setting programming image restrictions and creating encrypted (eSAP) programming images, please see Cyclone ProCryption Security - A Step-By-Step Example.

ProCryption Security Uses

There are many reasons that the user may wish to include ProCryption security features in their production process.

1. Encrypted Programming Images use industry standard AES/RSA encryption to secure programming data with a user-generated ImageKey. This prevents reverse engineering programming data in the image file (even with access to the ImageKey used to generate it).  

2. ProCryption Security allows the user to easily and securely update programming images at off-site manufacturing facilities. Simply generate the programming image and specify that it should be encrypted with a user-generated ImageKey (this ImageKey will be saved as the current default setting for future image generation). These secure images can then be sent electronically to the manufacturing facility through non-secure means. They can only be loaded into, and used on, Cyclones that have been previously provisioned with the same ImageKey. The overall process looks like this :

a. User creates an ImageKey that would not be shared with other parties.(Infrequent)

b. User provisions Cyclones with the ImageKey. (Infrequent)

c. The provisioned Cyclones are sent to the third-party manufacturer in advance of production. (Infrequent)

d. The user specifies the ImageKey during programming image generation. The programming image is automatically encrypted and can be sent electronically to the third-party manufacturer. Encrypted (eSAP) programming images can only be loaded and used for programming on Cyclones which have previously been provisioned with the appropriate ImageKey. (Frequent)

3. ProCryption security also allows the user to implement image restrictions to prevent unauthorized programming of valuable IP at the manufacturing facility. Production runs can be limited to a specific amount of programs, or limited to programming within a specified date range. 

Encrypted (eSAP) Programming Images

PEmicro uses a combination of industry-standard RSA and AES encryption technologies to encrypt images. When a programming image has been encrypted it requires two different asymmetric keys to be decrypted. The first is a user-generated RSA encryption Key that was specified when the programming image was generated. The second is a native key which comes pre-installed in the Cyclone (and does not exist on the PC). This means that an encrypted image may (A) only be loaded onto a Cyclone which holds a copy of a specific user-generated Image key, and (B) be decrypted for programming while on a Cyclone which holds a copy of a specific user-generated Image key. The Cyclone Control Suite (GUI, Console, SDK) allows the user to add and delete ImageKeys from Cyclones, much like programming images may be added or deleted. While many users will use only a single ImageKey to encrypt all of their images, Cyclones may have many different keys loaded.

Encrypted images are stored in the Cyclone in their encrypted form. If the ImageKey needed by a programming image is deleted from the Cyclone, the Cyclone loses the ability to load any images encrypted with that Imagekey, or program any encrypted images encrypted with that ImageKey that are already loaded. Adding the ImageKey back onto a Cyclone restores access to those stored encrypted images which require that ImageKey. 

Encrypted images can safely be sent through electronic means to production facilities since they are unusable without a Cyclone which has been pre-loaded with the appropriate ImageKey. 

ImageKeys on the PC are themselves partially encrypted so that certain pieces can only by used on a Cyclone. Even with this, they should be handled with care as they can be loaded into any Cyclone.

Encrypted Images (eSAP) - What Is Encrypted and How?

An encrypted image (eSAP) contains three distinct sections : an informational header, a configuration section, and a stand alone programming (SAP) data section. The ImageKey encrypts each section in different ways to control access to each portion of the eSAP file.  

The three eSAP sections are:

  1. Informational Header : This section includes the description of the eSAP Image, its unique ID, the ID and name of the ImageKey used to encrypt it, and a checksum of the data. This section is not encrypted.
  2. Configuration Section : This section contains a copy of the configuration settings used to generate the Image including which algorithm was used, power settings, clock settings, script files, and paths to the binary data files. No programming data from the user’s data files is included in this section. This section is encrypted in such a way that if a user has the appropriate ImageKey on the PC, they may import the configuration information from an eSAP file into the Image Creation Utility. This is useful for seeing the settings used to generate an image, and, if the user has all of the data files needed, for generating a new programming image file with the same configuration.
  3. Stand Alone Programming (SAP) Data : This section contains all of the information a Cyclone needs to program a target as specified in the image creation process. This includes all programming data, algorithms, scripts, settings, etc. This section is encrypted with several keys, including the user-generated asymmetric key as well as a native asymmetric key used by the Cyclone. Once encrypted, this section may not be decrypted except by the Cyclone during the programming process.

Figure 1: Cyclone Image Encryption Overview

The end result of the encryption used to process the Stand Alone Programming Data is that the eSAP section can only by decrypted and used internally on a Cyclone which has a copy of the specified ImageKey provisioned within it. This eSAP section cannot be decrypted on a PC even with the ImageKey.

Adding Restrictions to Programming Images 

The ProCryption Security feature also includes the ability to restrict programming image usage. When using the Cyclone Image Creation Utility to create an image, users can restrict programming of the image to a specific date range, a specific number of programs, and a specific number of failures. These restrictions persist even if the programming image is deleted and then loaded back onto the Cyclone. 

Safer Production That's Easy To Implement

SAP Image encryption is simple to implement and helps keep valuable intellectual property safe. Protected programming images can safely be sent electronically to remote production facilities. This adds much needed convenience and peace of mind to the production process.  

Note: ProCryption Security is included with PEmicro's Cyclone FX in-system programmers, and can be added as an optional feature for Cyclone LC programmers. Current-gen Cyclone users should download and install the latest Cyclone software to allow their Cyclone(s) to be capable of supporting the ProCryption Security feature. Connecting to the Cyclone will then update the firmware.





search in blog posts

Tags

Product pages
Cyclone (51)
Cyclone FX (52)
Multilink (26)
Multilink FX (21)
GDB Server (12)
Prog ACMP (10)
Interface Library Routines (5)


Manufacturer
ARM (47)
NXP (52)
Microchip (6)
Cypress (6)
Infineon (2)
Maxim (3)
Nordic Semiconductor (3)
Silicon Labs (5)
Silergy Teridian (1)
STMicroelectronics (7)
Texas Instruments (2)
Toshiba (3)
Renesas (6)


Categories
Production Programming (61)
Debug (31)
Automated Control (17)
Miscellaneous (36)



© 2019 P&E Microcomputer Systems Inc.
Website Terms of Use and Sales Agreement