Protected Memory

Detailed Description

The microcontroller used in turbo does not have memory management unit, i.e. any application can access memory - RAM, EEPROM or PROGMEM - of any another application.

To overcome this security weakness turbo kernel provides Protected Memory. Protected memory is a one page in PROGMEM loader section of the MCU, which is securely locked with the help of hardware lock-bits provided by the MCU. This 256 bytes long page is divided into 15 blocks, each 16 bytes long. The access to the block is controlled by the kernel checking the application rights to perform desired operation:

READ - read the block
ENCRYPT - use the block as the twofish 128bit key to encrypt input
DECRYPT - use the block as the twofish 128bit key to decrypt input

Each block has PROT_MEM_READ, PROT_MEM_ENCRYPT and PROT_MEM_DECRYPT access permisions, which are set when the block is created by prot_mem_make_block().

Possible attack: Turbo kernel checks whether the application trying to access the protected block is the owner of the block (application which created the block). In the case the attacker would find out how and where the current application identification is stored he could fake it and pretend he is the owner. But still he would be able to perform only the operation(s) that are permited.

So how to create secure application?: Use encryption. The main problem of encryption is how to securely store the initial (first, root) key for encryption (in case of symmetric keys).
Scenario - you want to be able to store incoming data (SMS, measured results) immediately and securely to SIM or memory card and you simply cannot ask user for the secret key (he is not available, device was reset, etc.). So the secret has to be stored somewhere, but not in EEPROM, or PROGMEM or memory card.
The solution is to store the secret key in the protected memory block with PROT_MEM_ENCRYPT permision only. This case is as secure as hardware permits, the block is in locked area and cannot be read - it can be used only for encryption.

Defines

Functions

u8 prot_mem_delete (u8 id)
b8 prot_mem_make_block (u8 attr, u8 block[16])
u8 prot_mem_read (u8 id, u8 out[16])
u8 prot_mem_encrypt (u8 id, u8 in[16], u8 out[16])
u8 prot_mem_decrypt (u8 id, u8 in[16], u8 out[16])

Define Documentation

#define PROT_MEM_DECRYPT

Indicate decrypt operation permision - block can be used for decryption.

#define PROT_MEM_ENCRYPT

Indicate encrypt operation permision - block can be used for encryption.

#define PROT_MEM_READ

Indicate read operation permision - block can be read.

Function Documentation

u8 prot_mem_decrypt ( u8 id,

u8 in[16],

u8 out[16]

)

Use protected memory block as the 128bit twofish key and encrypt in to out.
Parameters:

id block id

in cipher text

out plain text

Returns:
NO_ERROR, ERR_PROT_MEM_WRONG_BLOCK, ERR_PROT_MEM_FORBIDDEN, ERR_NO_RAM

Examples:
test_prot_mem.c.

u8 prot_mem_delete ( u8 id )

Delete protected block id from loader memory.
Parameters:

id block id

Returns:
NO_ERROR, ERR_PROT_MEM_WRONG_BLOCK, ERR_NO_RAM

Examples:
test_prot_mem.c.

u8 prot_mem_encrypt ( u8 id,

u8 in[16],

u8 out[16]

)

Use protected memory block as the 128bit twofish key and encrypt in to out.
Parameters:

id block id

in plain text

out cipher text

Returns:
NO_ERROR, ERR_PROT_MEM_WRONG_BLOCK, ERR_PROT_MEM_FORBIDDEN, ERR_NO_RAM

Examples:
test_prot_mem.c.

b8 prot_mem_make_block ( u8 attr,

u8 block[16]

)

Create new protected memory block in loader memory.
Parameters:

attr allowed operation on block PROT_MEM_READ|PROT_MEM_ENCRYPT|PROT_MEM_DECRYPT

block content of te block to be written into flash loader memory

Returns:
>=0 block number, -ERR_NO_PROT_MEM, -ERR_NO_RAM

Examples:
test_prot_mem.c.

u8 prot_mem_read ( u8 id,

u8 out[16]

)

Read protected memory block.
Parameters:

id block id

out content of the block (if successful)

Returns:
NO_ERROR, ERR_PROT_MEM_WRONG_BLOCK, ERR_PROT_MEM_FORBIDDEN

Examples:
test_prot_mem.c.

Turbo version 1.2