Discretix Anti-Cloning | Anti-Hacking

Discretix' Anti-Cloning and Anti-Hacking (DxACAH) solutions protect original equipment manufacturers against reverse engineering, device cloning, illegal software updates and unauthorized access to run-time data. DxACAH provides device and semiconductor manufacturers with a comprehensive set of tools to mitigate widespread illegal cloning and hacking.

Market Needs

Illegal product cloning, hacking and counterfeiting are a major source of lost revenue for device manufacturers. This unprecedented global phenomenon accounts for nearly 10% of worldwide device sales. With the steady rise of software attacks on devices, end-users and organizations alike require robust and reliable detection and prevention solutions.

Preventing software piracy and illegal product replication is an on-going challenge for software vendors and device manufacturers, with both online attacks (which occur when the device is in use) and offline attacks (which occur when the device is switched-off) becoming commonplace.

Protecting against run-time software modification requires the prevention of code injection either directly onto the SoC, or indirectly by modifying the software image on external RAM. Offline attacks which are aimed at illegal software updates are harder to prevent, particularly because the device is powered-off. Offline protection, however, can be provided by identifying that a modification has occurred once power is restored.

Another common form of attack is software theft and reverse-engineering, where the attacker is interested in obtaining know-how and/or accessing certain algorithms. Protection against such intellectual property theft requires controlled access to software locations as well as continuous access monitoring. Protecting against anti-cloning requires mechanisms that bind a software image to a specific device, rendering the software image unusable on any another device.

Technical Overview

Discretix' ACAH solution includes four key modules: Secure Boot, RTIC Engine, Code Encryption, and Secure Debug. Available in several configurations, the DxACAH can be tailored to specific security and budgetary requirements.

Secure Boot: This module prevents changes to the software image stored on external flash memory, or offline attacks. During system boot, the Secure Boot module verifies the authenticity of the software image, guaranteeing a known and trusted starting point.

RTIC Engine: Once the system is up and running, online attacks aimed at modifying the software image must be prevented. As a self-contained module, the Run-Time Integrity Checking (RTIC) engine continuously checks the integrity of the software image, and is capable of detecting online attacks in real time.

Code Encryption: This module provides protection against reverse-engineering. The module encrypts the software image residing on external memory (flash or external RAM). System performance is maintained using an on-chip fast code decryption mechanism within the SoC boundary, ensuring minimal latency as the SoC reads code for execution (into an on-chip I-cache RAM).

Secure Debug: Reverse-engineering protection also requires a Secure Debug capability, preventing unauthorized debugging (via JTAG) when the device is running and code is available in on-chip memory (preventing physical access to the SoC).
To prevent device cloning, the software image residing on the flash memory is encrypted using a unique key. Only a specific SoC can decrypt the software image, effectively binding the software to a particular chip. Any cloned device will be unable to decrypt the software image, rendering the device useless.