By Guillaume Sauzon, Infineon Technologies
In the late 1990s, the task of securing identities met the challenges of an increasingly digital world. The introduction of electronic documents was on the agenda for most governments around the world. Since then, ministries and their appointed agencies and officials have had to understand not only the political, but also some of the technological implications of issuing documents containing chips and other electronic components, but also some of the technological implications of issuing documents containing chips and other electronic components.
The carrier documents of chips or ICs (integrated circuits), such as an ID card or passport booklet, are now being used beyond public sector applications, such as border control and social or medical welfare access. Increasingly, secure ID applications extend into the private sector, allowing citizens to use ID cards to securely open bank accounts, verify contracts or even withdraw cash from ATMs.
The advent of flash
Nowadays, most ICs used in electronic documents are Read only Memory (ROM) based. This means that the operating system and program code executed by the embedded microcontroller is burned into a ROM as part of the chip fabrication process. The code is represented by an array of individual bit-cells, each of which is tied to a fixed value (0 or 1) by a physical link, etched into the silicon by means of a mask reticle. This code is meant to be fixed during the complete product lifecycle. The data (i.e. the ID document holder data) is written in an electrical programmable Non Volatile Memory (NVM) later, at the ‘Personalization’ step, when the chip has been embedded in the ID document.
This approach – embedding two different technologies onto the same chip – has been implemented to deal with two cost factors: firstly, size. In older chip generations, programmable memory cells were nearly five times bigger than a ROM cell. This was very relevant, as, in those days, memory cells occupied most of the chip. Secondly, price. The price for ‘ROM masks’ (one set of reticles for each different code) is growing exponentially, for example, times ten between the 220nm and the 65nm technologies. The price of RoM masks will soon be higher per chip than the individual chip price in the future technologies. Both of these factors have driven the need to find a path towards a unified memory concept and a conceptual change in the fabrication of ICs used for ID cards.
Modern chip card ICs only contain programmable memory. In the case of Infineon, a non-volatile memory cell technology, called Uniform Channel Program (UCP), used successfully for many years in automotive applications is now being further evolved and introduced in payment card and government ID applications, known as the SOLID FLASH technology. As quality requirements of the automotive industrial sector are very high, its high volume usage of UCP based flash technology is a measure of the reliability of this process. However, as explained, this move toward a unified programmable non volatile memory (NVM) is an industry-wide necessity, driven by market requirements and price developments.
Benefits for OS developers
The advantages for software companies are obvious: In the old days of ROM based chip cards, companies had to develop all kinds of tricks to be able to substitute code running in the ROM with code running in the EEPROM. This is known as ‘patching’, and was used in cases of bug-fixing, but also for other small changes to the software. However, on Flash-based chips, it is much more simple to introduce new code versions by secured download.Another advantage of secure flash is, that there is no more need for emulator-based development. The software can be compiled and downloaded directly onto the real target (a flash- based chip). Software performance can be directly measured in ‘real life’ scenarios and optimization can be applied directly. This eliminates the need for a cumbersome bond-out chip with external memory for testing or the wait for the fabrication of ROM masks, to notice that the software is not behaving as expected because of simulator and chip differences. Finally, and this is less obvious, the security of the software is enhanced by architectural changes. one of the most used software attack paths is to force the software to jump in an uncontrolled manner. for example, even if a signature generation is only needed in some projects, the ROM masks have to include it.
It will be enabled for the ‘high security’ projects and disabled for the ‘lower security’ projects. A hacker might be able to obtain some ‘lower security’ devices and use the code, which was disabled to behave as a ‘higher security’ device. on flash chips, this code can simply be removed – this concept is called ‘modularization’. Therefore, different flash images are generated for each product and the security differentiation of the products is done through code modules. Software weaknesses in the ‘lower security’ devices will have less impact than on ROM-based chips, just because the code will be different and missing ‘high security’ functionalities. This modularization concept is easily certifiable, without compromising on security due to different existing code bases. In the past, the ROM making process was done in a secure environment, controlled by the chip manufacturers. This implies that the complete binary image of the operating system and the application is given to a third or even fourth party, such as a silicon foundry, also requiring security management on site. Using properly designed flash technology, the card manufacturer is enabled to use secured flashing in his own or the document manufacturer’s premises.
Benefits for manufacturers
Manufacturers clearly benefit from this modularization concept. Software modules exist in different variations, all available off- the-shelf and Flashed just in time for production. For example, if some project uses different asymmetric cryptography, RSA and elliptic curves, some other projects may be better served by down- loading a flash image which only contains the RSA algorithm onto the chip whereas the other projects may be served by downloading a flash image where elliptic curves replaces RSA. In a RoM-based approach, both algorithms (RSA and elliptic curve) would need to be present in the ROM. With Flash, only one of them can be downloaded to the chip. The program memory, which would have been used for storing both images, can be saved, thus offering the choice of using either a smaller chip, or reusing the space for other purposes. One could add additional features in the software or keep the gained space for user data. In both cases, the product value increases.It is clear that this approach allows a manufacturer to go a long way through the production process before having to choose the software that will be on the device. For example, passport booklets or ID cards may be fully manufactured before a specific version of the operating system is downloaded. This ‘just-in-time’ software download permits the manufacturer to choose one of various different versions of an operating system or an entirely different operating system altogether. The change from one vendor to another normally leads to quite complicated situations in the logistics chain. By using flash-based chips, the logistics, stock and the fabrication can be handled in the same way until the soft- ware is downloaded. The stock that has to be maintained is more uniform and easier to manage. There is no need to keep different stock for different versions of the software, and that drastically reduces stock costs for a manufacturer serving several projects. The improvement in time-to-market processes and cost management is substantial. In this case, the traditional chip card lifecycle model is modified: Usually, the fabrication process is based on the fact that the software is delivered together with the chip. Now, the software can be added at a very late stage and therefore, the product type – at least from a software point of view – is fixed later on in the production chain. To do this modification in a secure way, an evaluated cryptography-based process is used: only authorized users can flash the chip, using mandatory user authentication with the binary code being protected using encryption.
Benefits for implementers
In technological terms, the use of flash in chip card applications constitutes a revolution; it has brought down cost and increased quality for project implementers. The effect on the timelines of a project is obvious, the physical and software design decisions can be taken in parallel instead of sequentially. Prototypes for demonstration purposes can be made available during the development process with only part of the features of the software, allowing very early feedback to enhance the final product to fit to the customer’s requirements. Product quality is increased by the ability to consistently generate ‘real life’ products. for example, the contactless performance may be tested in a very early phase and, if not satisfactory, enhanced through the usage of new features such as very high bit rates (VHBR) or higher frame size. Also, the security quality is enhanced as it is less costly to improve the software, and easier to react to software weaknesses in real time.On older, ROM-based, chip families, different levels of security were used for different memory technologies. This led to incomprehensive security measures and the limitation to put application code, for example Javacard applets, in RoM. This development led to the worst-case scenario that is putting the final application development in the critical path of chip fabrication, as well as ‘reserving’ ROM space for software libraries of possible future applications. In the latest Common Criteria certifications, where new benchmarks of certification levels for chip card hardware have been obtained, it has been shown that flash technology can be more secure than the ROM and EEPROM technology combination. Now, project owners can define, in a flexible way, only the required applications and download them in the same memory as the rest of the code. This unified memory can then have a very strong and comprehensive security system, which protects the application code as well as the operating system code. Finally, the secure and Common Criteria certified process of downloading binary code to the chip is handed to the project owner to define, in a cryptographically secured manner, which entity has the right to download the code onto the chip. This changes an old paradigm, enhancing security through cryptographic means instead of organizational means. flash technology is also an enabler for advanced card management features, like the ones described in the Global Platform specifications1. They can now be fully used, allowing project owners to use different security domains. For example, a national Ministry of Interior and Ministry of Transport may decide to share the same card, by offering a senior citizen ID card with discounted transport ticketing options. each function with its own security domain will allow each Ministry to independently manage their own card applications and content. Post-issuance application creation and usage may also be rolled out in an easier way. The technology storing the application is the same as the technology storing the complete operating system code (including its configuration and eventual patches) reducing memory management issues.
For many years, the chip card industry worked with two different memory technologies embedded into one chip – ROM and EEPROM. Recent technology innovation allows the efficient use of only one memory technology: flash. As discussed in this article, secure flash-based microcontrollers offer stakeholders great advantages compared to conventional Mask RoM products: high flexibility to serve different projects, drastic reduction of time- to-market, reduction of R&D effort, higher quality and improved security. That may go a long way to explain the success of this technology, with over 100 million Infineon SOLID FLASH microcontrollers already sold and shipped, including some of the first project references in the e-ID Market, such as the national eID card in Malaysia as well as the 2nd generation of healthcare cards in Germany. The rapid adoption of this technology, especially in very demanding projects, indicates that SOLID FLASH will have a major role in the Government ID market of the future.
This article was first published in #12 of THE VAULT
SOLID FLASH is a registered trademark of Infineon Technologies AG