I develop commercially embedded hardware, using Microchip dsPIC or similar processors.
The firmware I have is sometimes very complex and costly, and needs to be hacker and tamper proof in hardware. All basic software protections are there, but for $500 – $1,000 the hex code can be retrieved via several foreign website services, even if there are security fuses (preventing only not-determined tampering).
After that, it is just a few months and the code can be reverse-engineered using disassembler, like IDA Pro.
How can I protect the hardware design a bit better (no need for military protection)?
Can you recommend another non-readable processors, or perhaps an addition to my existing design?
All I need is to hide few functions, I do not need the whole product. Also, it is not enough just to hide data in secure external memory, I need to hide a piece of program.
Update (based on many comments):
I have dsPIC and 4 full-time years of development on firmware (would take quite an effort to do it from scratch another way):
1) This product already sells and hackers have access if they want to
2) The NEW FIRMWARE is not released yet. Contains 5kB code which no-one from all competition has yet. I need to prevent anyone easily getting it for about 12 months after the release
3) There is no budget to go very exotic or complicated, maybe additional $10 per product, plus or minus
4) A solution like added SIM card might do the trick?
5) The function to hide does very tricky calculation, non-standard, to decrypt/encrypt 16 bytes. Known processes cannot hack it in 1 year, the function is needed, which is why I want to hide it.
6) I do not mind if it is publicly visible, when the request is sent to 'hidden' hardware, or if the response is publicly visible. Only need to hide the process calculating it, and cannot be inside the dsPIC processor.
Best Answer
There is companies specializing on that. Atmelwas one of them, also inside secure. They habe special hardware that can suit your needs. But if you want it really work,be prepared to secure the whole chain from their asic warehouse to your production facility with vaults and guards for the security codes. Otherwise you will only make $1k for attempt $10k, while you actually need $1M at least.