Securing Flash Technology

Flash memory is a type of non-volatile semiconductor memory that can be electrically erased and programmed. It can be found in almost every high-capacity consumer electronic device in the market. Examples of such mass memory products include USB flash drives, digital cameras, mobile handsets, set-top boxes for Pay-TV applications, and many more. Some of them use NAND flash technology and others use NOR flash technology. To put it simply, NAND flash is the most adequate for mass-storage of user data because of its high speed access and because the organization of user data is usually error-tolerant (digital pictures, music) and NOR flash is more adequate for code-type data because of its highly reliable nature and its XIP (execute in place) capability, meaning that a program stored in NOR flash does not need to be transferred to RAM before being executed. When it comes to set-top boxes or handsets, manufacturers and operators are becoming increasingly security concerned. Conditional Access providers do not want to see their operating system and security codes dispatched over the internet and mobile phone operators fear that viruses or Trojan horses will eventually reach the handset platform. Thus new security features start appearing on those types of flash memory devices. Another sector which needs increasing data and program storage capacity is the smart card industry. Current high-end cards have a few hundred kilobytes of embedded ROM and EEPROM memory to hold their operating system and application data when several megabytes would ideally be required. The new high density smart cards will address such requirements in the near future by providing increased on-board storage capacity. The question then becomes how to reach the required security level operators expect for all these new devices.