1. Selection of chip platform
There are two camps in the embedded encryption industry at present. One is the traditional logic encryption chip, which uses IIC interface. The principle is EEPROM periphery, hardware protection circuit and built-in algorithm. The other is to use the smart card chip platform, making full use of the high security of the smart card chip itself to resist various external attacks. The logic encryption chip itself has weak protection ability, and most decryption companies can easily crack it, which has been gradually eliminated. On the contrary, it is recognized as the best smart card platform. In order to improve the high security of smart card chips, it is required that the selected smart card chips should have EAL4+ chips of the International Security Certification Committee, otherwise the security will be difficult to meet the requirements. LKT series encryption chips of Ke Ling Xin 'an Company fully meet this requirement.
2. Security of the chip operating system On the premise of determining the smart card chip platform, the security of the chip operating system needs to be considered. Keling Xin 'an's LKCOS operating system has been strictly tested by authoritative departments, and it has extremely high security without any security loopholes. However, the encryption chip system without PBOC certification cannot have high security. In addition, Keling Xin 'an's LKCOS can effectively manage the internal resources of the chip, and at the same time do a lot of practical and effective protection for the bottom interface to ensure that pirates can't attack or crack from the chip operating system. This is very important. Some encryption chips based on smart card chip platform only provide the interface for algorithm download, and hardly do chip resource management and the bottom protection of the interface. Then, pirates can attack as vulnerabilities.
3. Selection of encryption scheme
Traditional encryption chips all adopt the scheme of algorithm authentication. They claim that the encryption algorithm is complex and difficult to crack, but they do not take into account the huge security loopholes in the algorithm authentication scheme itself. We clearly know that single-chip microcomputer is an unsafe carrier, even completely transparent to pirates. In order to authenticate the algorithm, it is necessary to write the key or password in the microcontroller in advance, and give the microcontroller a judgment mark after each authentication as the judgment basis for the implementation of the microcontroller, so that pirates can easily seize this point to attack, simulate and give the microcontroller a signal, and easily bypass the encryption chip, thus achieving the purpose of cracking. The internal data of modchip can be cracked by traditional methods such as slicing, ultraviolet light, debugging port and energy analysis.
The encryption chip based on smart card chip platform can effectively prevent these attacks. Some codes or algorithms in MCU are implanted into the encryption chip, and these programs are executed in the encryption chip, so that the program codes in the encryption chip become a part of the whole MCU program, thus achieving the purpose of encryption. Because the internal program of the single chip microcomputer is incomplete, even if it is pirated, it cannot be copied because of the lack of key codes. Then, what kind of code or program is put into the encryption chip will test the skill of the single chip microcomputer programmer. Implanting as many programs as possible and increasing the strength of the algorithm can effectively prevent the possibility of being deciphered. LKT4200 32-bit smart card chip platform can solve all the above problems, even the floating-point operation inside the chip is no problem.
Therefore, we suggest that when choosing encryption chip, the smart card chip platform is the first choice, and the 32-bit smart card chip platform is selected.
The biggest advantages of embedded encryption IC of Ke Ling Xin 'an Company are summarized as follows:
First, Ke Ling Xin 'an chose the high-end smart card chip platform as the hardware carrier, especially the 32-bit smart card chip, which is the only 32-bit encryption chip platform in China. The security of smart card chip is EAL5+ and cannot be cracked.
Secondly, the chip operating system LKCOS of Ke Ling Xin 'an Company has passed the inspection of the national authoritative department, and has done a lot of processing to protect the bottom port and ensure the security of the encrypted IC port. At the same time, it supports the encryption mode of customer-defined code download and operation, and is also the first implementer in China to transplant the algorithm into the encryption scheme.
Thirdly, the security of Ke Ling Xin 'an Company's encryption scheme and the encryption method of algorithm transplantation are characterized by the incompleteness of the single-chip computer program. If the single-chip microcomputer is cracked, because the program is incomplete, it can't be copied. Some transplanted programs are well protected and run inside the encryption IC, so customers can freely write encryption algorithms or encryption codes. The traditional authentication and encryption scheme, even if you choose a smart card platform chip with high security, is useless, because you can't crack the smart card encryption IC, but it can be cracked because of the integrity of your microcontroller program, which makes the encryption chip lose its due role. Therefore, it is very important to choose an appropriate encryption scheme.