A Brief Introduction to the Secure Tech of VeKey

VeChain Foundation
May 10, 2019 · 6 min read

VeKey is a specially designed identity hardware device for asset management that boasts superior security to current market offerings. The VeKey boasts robust performance thanks to the ARM SC300 processor. It features a nested vectored interrupt controller, wake-up interrupt controller, Armv7-M CPU, memory protection unit, AHB-Lite, JTAG, ITM trace, ETM trace, serial wire, and breakpoint unit. The SecurCore SC300 processor is able to provide support for countering side-channel attacks, fault injection, and probing in addition to common functionality.

Built upon the Cortex™-M3 processor, SC300 combines the coding efficiency of the Thumb®-2 instruction set architecture for a two-fold increase in energy efficiency and performance. This processor enables more features to be integrated into the chip with minimum space. The chip also incorporates the proven security features of ARM SecurCore processors, which enables high assurance level certification for security-critical applications, making SC300 one of the most widely used processors in Secure Elements for advanced security and performance unparalleled by traditional chips.

Hardware architecture of secure elements

Attacks and Counter-measures

For the time being, attacks can mainly be divided into two categories: physical attacks and software attacks.

Physical Attacks

  • Non-invasive attacks
  • Invasive attacks
  • Semi-invasive attacks

Non-invasive Attacks

Non-invasive attacks include:

  • Differential Power Analysis,DPA
  • Simple Power Analysis,SPA
  • Electromagnetic analysis,EMA
  • Radiofrequency analysis,RFA

Non-invasive attacks can be most destructive since they are almost impossible to be noticed, thus the users are unable to prevent further losses.

Invasive Attacks

Multiple devices and materials are needed to facilitate the process, such as chemical reagents, high-resolution optical microscopes, laser cutting systems, microprobe platforms, oscilloscopes, signal generators, scanning electron microscopes, and FIB equipment, thus making the invasive attacks the most pricey one among the three.

Semi-invasive Attacks

Explanation of Semi-invasive attacks

Fault injection attacks are unleashed by injecting voltage glitch, clock glitch, intense light, UV light, X-rays and the like into the running device, in this way hackers can alter the device’s working behavior or create an error output, thereby getting access to the confidential data.

Software attacks

From chips to applications, providing end to end protection

Chip

  • MPU(memory protection unit) is introduced to assign access permission to memory, flash and more, with MPU in place, the encrypted area and confidential area can be protected against applications and parties without authorization.
  • Installed Environment Monitoring Sensors: including voltage sensor, frequency sensor, temperature sensor, voltage glitch detector, light sensor, clock glitch filter, and true random number generator.
  • Active fuse is applied to protect the chips against physical probing.

Encapsulation

  • The fully-closed package can effectively lessen electromagnetic radiation emission, thus substantially reducing the possibility of Electromagnetic (EM) side-channel attacks.

System

  • Conceal time pattern
  • Conceal amplitude pattern

The encryption algorithm also supports masking technology, which can randomize the median processed by the device so that its power consumption does not depend on the median of the encryption algorithm executed by the device.

  • Randomize the plaintext and secret key input
  • Randomize the median

Application

  • The interfaces, such as debug interface, are closed to prevent external injection.
  • Other countermeasures, such as remote authentication, are introduced to further enhance VeKey’s security.

Conclusion

In this article, the first session of VeKey series, we had a brief introduction to the secure tech of VeKey, in the next session, we will take you to its current applications scenarios, including:

  • On-chain ecosystem management: In Digital Carbon Ecosystem, VeKey is used by DNV GL, the independent third party, to perform parameter modification, data authentication, and credit issuing.
  • On-chain KYC: In the case of VeVID, VeKey is used to validate, audit, and check system users, and each validated user will be assigned a unique ID on the blockchain.
  • Digital Asset Management: In the case of off-chain threshold signature solution, private keys can be broken down into multiple encrypted parts and stored in separate VeKey devices to avoid misappropriation and reduce the possibility of economic loss caused by SPOF.

Please stay tuned for more technical insights of VeChain’s software and hardware technology.

VeChain Foundation

News, partnerships, collaborations, community, events…