Implementing High Security Remote Control Systems

By Cristian Toma, senior applications engineer, MCU08 Division, Microchip Technology Inc.


However, all time-keeping devices have limited stability and precision. Devices that feature high stability and precision can be very expensive. So, choosing the right time-keeping mechanism is more a design trade-off. A typical implementation will use the same time-keeping circuit on both encoder and decoder sides. A cost-effective solution can be using a crystal oscillator. However, even if the same crystal is used at both ends, there will be some frequency differences.

Discrepancies in frequency: First of all, there is the initial crystal precision. This is specified by the crystal manufacturer and it’s typical in the range of 5-40 parts per million (ppm). The initial crystal precision is due to the manufacturing process. The crystal frequency cannot be exactly the specified value, but a very close value. This is specific and constant over time for every crystal.

Second, crystals are sensitive to temperature. The oscillating frequency is specified at 25 degrees Celsius. Between -20 degrees and 50 degrees, the frequency can vary up to an additional 20ppm.

Third, we must also take into consideration the crystal aging. This is less important since it happens over a very large period of time. Taking into account all the above tolerances will mean that the timers on both the encoder and decoder will never be in perfect synchronisation, except at first pairing. The decoder will not be able to calculate an exact match of the encoder’s real-time value. It will only able to calculate an approximate value. The decoder can still be synchronised with all the encoders by using an acceptance window. For example, once synchronised, the timer error between the encoder and the decoder will be at minimum. As time passes, the time drift between the encoder and decoder will increase. It is then up to the decoder to decide the maximum time difference for a packet to be accepted as a ‘valid packet’.

Since the system relies on the fact that the timers on both ends are in constant synchronisation, it is very important that the timer’s operation is not interrupted. There are cases when the synchronisation can be lost due to power failure (like a mains grid incident or battery replacement).

On the encoder side this will typically happen when the battery becomes empty and needs replacement. This can be easily resolved by manually re-synchronising the encoder. On the decoder side, a loss of power is more serious, especially since the decoder needs to keep track of multiple encoders. Re-learning all encoders is feasible only when having a relatively low number of encoders. If the system has more than just a few encoders, manually synchronising all the encoders is not a good option. In such cases, it is recommended that the decoder has a time-keeping back-up circuit such as a real-time clock circuit with a battery back-up.

Such an implementation can offer a very high security level. System attacks like capture-and-reply and radio frequency (RF) jamming are basically useless.

Another important advantage is that such an encoder can be used with multiple decoders. This is because the decoder only verifies time synchronisation and the authenticity of the encoder. Overall, this is a high-security and cost-effective security solution. From the user standpoint, the solution introduces no differences and allows for ease of use. This technology can be easily used in conjunction with an authentication scheme so it can also provide a good level of OEM protection. The described technology is implemented by the new MCS3142 high security encoder from Microchip Technology.

The technique described in this paper is patented by Microchip Technology Inc.


Please enter your comment!
Please enter your name here