Use LPC55S69 SRAM PUF and User Key to encrypt/decrypt flash program

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Use LPC55S69 SRAM PUF and User Key to encrypt/decrypt flash program

817 Views
zhliao
Contributor I

Hi,

I am trying to build a secure IoT project using the LPC55S69 board. Here are the high-level ideas:

For the development phase:

1. Enroll PUF to get AC.

2. Encrypt the user program (e.g., an image-capturing program running on an LPC board) using the User Key.

3. Encrypt the User Key using the PUF fingerprint.

Now the encrypted user program is stored on Flash. Only this board can decrypt it when it is powered up (tamper-resistant and code secrecy maintained). 

For the deployment phase:

1. Power up the board and recover the PUF fingerprint.

2. Decrypt the User Key using PUF.

3. Decrypt the user program using the User Key.

4. Load the program to RAM and execute it.

5. Shut down the board. The decrypted program should be deleted.

I have read the document AN12278 and AN12324 and have a few questions to figure out:

1. How to store the encrypted user program on Flash? I think I need to write an enrollment program to enroll the PUF, encrypt the user program, and store AC (with an encrypted User Key) and an encrypted user program on Flash (separately). But how can I store them on Flash? Are there any APIs available so that I can specify the address to store them?

2. How to decrypt the user program and load it to RAM? I suppose I need another program, saying boot program. The boot program can recover the PUF fingerprint using the newly generated SRAM startup data and pre-stored AC. Then, it can load the pre-stored encrypted user program, decrypt it and load it to RAM. My question is: How to load the decrypted user program to RAM and execute it? Can the BLHOST tool help us?

 

Thank you very much for your time. Any suggestions for my ideas are welcomed.

0 Kudos
Reply
2 Replies

791 Views
Alice_Yang
NXP TechSupport
NXP TechSupport

Hello @zhliao 

First of all, you need confirm which encryption algorithm you want to use.

If Prince, you can refer to : https://www.nxp.com.cn/docs/en/application-note/AN12527.pdf 

or "Prince" demo under SDK.

If HASH, you can refer to "Hashcrypt" under SDK. 

 

BR

Alice

0 Kudos
Reply

779 Views
zhliao
Contributor I

Hi Alice,

Thank you very much for your information. Looks like HashCrypt is a good option

Best,

Zhonghao

0 Kudos
Reply