A Brief Introduction to the Secure Tech of VeKey

VeKey is a specially designed identity hardware device for asset management that boasts superior security to current market offerings. The VeKey boasts robust performance thanks to the ARM SC300 processor. It features a nested vectored interrupt controller, wake-up interrupt controller, Armv7-M CPU, memory protection unit, AHB-Lite, JTAG, ITM trace, ETM trace, serial wire, and breakpoint unit. The SecurCore SC300 processor is able to provide support for countering side-channel attacks, fault injection, and probing in addition to common functionality.

Built upon the Cortex™-M3 processor, SC300 combines the coding efficiency of the Thumb®-2 instruction set architecture for a two-fold increase in energy efficiency and performance. This processor enables more features to be integrated into the chip with minimum space. The chip also incorporates the proven security features of ARM SecurCore processors, which enables high assurance level certification for security-critical applications, making SC300 one of the most widely used processors in Secure Elements for advanced security and performance unparalleled by traditional chips.

Hardware architecture of secure elements

Attacks and Counter-measures

With SC300 processor embedded, VeKey is able to defend against various attacks, and provide multi-layer robust security protection. Below please find brief introductions into the main attacks and their countermeasures within VeKeys offering.

For the time being, attacks can mainly be divided into two categories: physical attacks and software attacks.

Physical Attacks

There are mainly three types of physical attacks:

• Non-invasive attacks
• Invasive attacks
• Semi-invasive attacks

Non-invasive Attacks

Non-invasive attacks, also known as side-channel attacks, are implemented without destroying the chip package nor the chip structure, such attacks attempt to obtain the secret key or confidential data by forcing an error or performing statistical analysis on the voltage fluctuations, power consumption, electromagnetic radiation, and the like of the device.

Non-invasive attacks include:

• Differential Power Analysis，DPA
• Simple Power Analysis，SPA
• Electromagnetic analysis，EMA
• Radiofrequency analysis，RFA

Non-invasive attacks can be most destructive since they are almost impossible to be noticed, thus the users are unable to prevent further losses.

Invasive Attacks

Invasive attacks are conducted through decapping and modifying the chip in an irreversible manner, to launch such attacks, hackers need to remove the chip package through etching drilling or laser cutting, after defeating the encapsulation, they can scan or modify the chip directly with various machines, for example, scanning electron microscope, by sending an electron beam directly toward the decapped chip, images composed of various signals are generated, thus the hacker can obtain the encrypted data by reading the images and then translate the patterns they learned into the confidential data through reverse engineering.

Multiple devices and materials are needed to facilitate the process, such as chemical reagents, high-resolution optical microscopes, laser cutting systems, microprobe platforms, oscilloscopes, signal generators, scanning electron microscopes, and FIB equipment, thus making the invasive attacks the most pricey one among the three.

Semi-invasive Attacks

Semi-invasive attacks are also known as fault injection, referring to the kind of attacks lie in between non-invasive and invasive attacks, while involving the removal of packagings, hackers don’t need to modify the chip structure.

Explanation of Semi-invasive attacks

Fault injection attacks are unleashed by injecting voltage glitch, clock glitch, intense light, UV light, X-rays and the like into the running device, in this way hackers can alter the device’s working behavior or create an error output, thereby getting access to the confidential data.

Software attacks

Software attacks are the most common attacks that the hackers conduct to expose, tamper, or access information by taking advantage of the bugs of the software.

From chips to applications, providing end to end protection

To cope with the above-mentioned attacks, VeKey is equipped with all-around security protection that covers the entire path from the chip all the way to application.

Chip

• Embedded ARM SecurCore SC300 CPU, providing support for countering side-channel attacks, fault injection, and probing, SC300 is widely used by banks, government agencies, and transportation companies.
• MPU(memory protection unit) is introduced to assign access permission to memory, flash and more, with MPU in place, the encrypted area and confidential area can be protected against applications and parties without authorization.
• Installed Environment Monitoring Sensors: including voltage sensor, frequency sensor, temperature sensor, voltage glitch detector, light sensor, clock glitch filter, and true random number generator.
• Active fuse is applied to protect the chips against physical probing.

Encapsulation

• The metal shield offers active protection against de-packaging and probing. When attackers try to de-cap the chip, such attempts will be detected and the data stored in the chip will be erased.
• The fully-closed package can effectively lessen electromagnetic radiation emission, thus substantially reducing the possibility of Electromagnetic (EM) side-channel attacks.

System

Concealment tech is applied in the encryption algorithm to eliminate the correlation between power consumption, operation and the median being processed:

• Conceal time pattern
• Conceal amplitude pattern

The encryption algorithm also supports masking technology, which can randomize the median processed by the device so that its power consumption does not depend on the median of the encryption algorithm executed by the device.

• Randomize the plaintext and secret key input
• Randomize the median

Application

• The confidential data, such as private keys and passwords, are stored encrypted and scrambled, the devices each have its own encryption code.
• The interfaces, such as debug interface, are closed to prevent external injection.
• Other countermeasures, such as remote authentication, are introduced to further enhance VeKey’s security.

Conclusion

With ARM SC300, an advanced processor, perfectly integrated, VeKey is able to provide the high-level security and performance necessary for commercial adoption. Apart from that, VeKey combined hardware protection, encryption algorithm, and other methods to further improve its efficiency and provide bank-level security, it can defend against various attacks and enable perfect memory protection. Incorporating the firmware and algorithm VeChain specially designed for blockchain application scenarios, VeKey can provide the best secure storage solution for private keys in the market, freeing the customers from being worried that their data might be stolen.

In this article, the first session of VeKey series, we had a brief introduction to the secure tech of VeKey, in the next session, we will take you to its current applications scenarios, including:

• On-chain ecosystem management: In Digital Carbon Ecosystem, VeKey is used by DNV GL, the independent third party, to perform parameter modification, data authentication, and credit issuing.
• On-chain KYC: In the case of VeVID, VeKey is used to validate, audit, and check system users, and each validated user will be assigned a unique ID on the blockchain.
• Digital Asset Management: In the case of off-chain threshold signature solution, private keys can be broken down into multiple encrypted parts and stored in separate VeKey devices to avoid misappropriation and reduce the possibility of economic loss caused by SPOF.

Please stay tuned for more technical insights of VeChain’s software and hardware technology.