Protect Your MCU Design from Copying and Reverse Engineering
MCUs are used as the main control element in just about every application imaginable. Their power and flexibility make them the go-to component at the heart of most designs. Since it is important to make sure that your design cannot be easily copied, reverse engineered or tampered with, modern MCUs now provide a few different options for protecting your design; a good understanding of the capabilities and trade-offs are important in order to determine which approach is best for a given design.
This article will review some of the common approaches to design protection, such as making your MCU unreadable from the outside world, using on-chip capabilities to validate that the code to be executed is unmodified, and using external components to provide more advanced security capabilities. On-board techniques for tamper detection and possible “penalties” that can be applied also will be described.
Protecting your design
You may not have given much thought to how easy it is to copy your design, but engineers who have experienced design theft will tell you that once it has happened, you never want it to happen again! For example, if the on-chip code for your MCU design can be read out by a competitor, or even by an unscrupulous contract manufacturer, your entire design can be easily copied and resold — either under a different brand or perhaps even using your brand on the black market. Popular designs that outstrip product capacity are ripe for this type of treatment, and if sellers cannot get product from you they may dip into the black market to satisfy their customer demand.
Just as vulnerable is the actual design or algorithm hidden in the heart of your MCU code. Perhaps you have an innovative approach to analyzing sensor data that dramatically reduces the power or processing time required. Do you want a competitor to be able to just copy your code and reverse engineer your algorithm? There are even software tools that can take binary and regenerate reasonable “C” code so that the algorithmic details are even easier to decipher. Even something as mundane as an on-board test routine may have taken many months to get just right — do you want a competitor to get short-cut access to your infrastructure related code, dramatically reducing their development cost so they can unfairly cut their market price to win your business?
Another aspect of protection is related to hardware authentication. Often a design will allow for peripherals or add-on cards so a base design can be upgraded or enhanced. If the design does not include some capabilities to detect that the add-on module hardware is authorized, it’s possible for other vendors to create lower-cost modules to compete for the add-on business. Printer cartridges are perhaps the most familiar application for hardware authentication, to ensure that you buy a manufacturer’s branded cartridge. Often the printer is sold at a discount and the cartridge price is inflated to cover the discount over the lifetime of the printer. A competitor could sell a cartridge at a lower price, since it need not recoup the printer discount, and still make a healthy profit.
So, it should now be clear that in many cases it is important to be able to protect your hardware from copying, reverse engineering, and from counterfeiting. Furthermore, without secure hardware as a starting point, it would be impossible to create the variety of secure devices needed in applications like the connected home
For more detail: Protect Your MCU Design from Copying and Reverse Engineering