JP6119345B2 - IC chip, IC card, verification processing method, and verification processing program - Google Patents

Description

  The present invention relates to an IC chip technology capable of detecting a malfunction caused by an attack from the outside.

  Conventionally, an attack technique (FA: Fault) that causes a malfunction of the IC chip by applying a disturbance to the IC chip in operation, causes the IC chip to respond with an erroneous calculation result, or outputs information unintended by the IC chip to the outside. Analysis) is known. Examples of the disturbance include an unexpected abnormal voltage change to the power supply terminal, the ground terminal, or the clock terminal, irradiation of strong light to the front or back surface of the chip, generation of a strong magnetic field in the vicinity of the IC chip, and the like. . As countermeasures against such attacks, each function group such as CPU (ALU, registers, etc.), memory, peripheral circuits (cryptographic calculators, timers, etc.) is given redundant information and its validity is set at an appropriate timing. It is considered effective to verify.

  For example, in Patent Document 1, internal data has a representation format of positive representation data and negative representation data in a bit-inverted relationship with each other, and arithmetic units that operate in these representation formats are operated in parallel. An IC chip for verifying whether the output result of the arithmetic device of the expression format maintains a bit-inverted relationship is disclosed.

  However, there are many known IC chips that have the function of verifying malfunctions that occur inside each function group. For example, detection of falsification of information on the bus (for data and address) that connects each function group is detected. Therefore, since wiring is also required for redundant information necessary for verification, there are not many IC chips that have taken countermeasures against attacks.

International Publication No. WO2005-027403

  By the way, it is assumed that an attacker to the IC chip tries repeatedly while changing the physical location and timing at which the disturbance is applied in order to find a vulnerable portion of the IC chip. Conventionally, no technology has been known that can increase the resistance to such repeated attacks with an IC chip in terms of software.

  Therefore, an object of the present invention is to provide an IC chip, a verification processing method, and a verification processing program that can increase resistance to repeated attacks in software.

In order to solve the above-mentioned problem, the invention described in claim 1 is used in the command processing, storage means for storing data, command processing means for executing command processing corresponding to a command received from the outside, and the command processing. An allocation unit that allocates an area of a size requested by the program to the storage unit, and a verification process that is not related to the command process, and that reads the verification data written in the area allocated to the storage unit Verification processing means for repeatedly executing verification processing to be verified at regular or irregular timing, and the allocation means is necessary for writing the verification data in addition to the area of the size requested by the program A region having a size is allocated to the storage means .

  According to a second aspect of the present invention, in the IC chip according to the first aspect, the verification processing unit repeatedly executes writing and reading of the verification data with respect to an area allocated to the storage unit. Features.

  According to a third aspect of the present invention, in the IC chip according to the first or second aspect, there are a plurality of areas allocated to the storage unit, and the verification processing unit includes the plurality of areas. A region in which the verification data is written is selected at random.

  According to a fourth aspect of the present invention, in the IC chip according to any one of the first to third aspects, the command processing includes a plurality of fetch processing in which instruction codes constituting a program used in the command processing are read out. The verification processing means executes the verification processing between the fetch processing.

  According to a fifth aspect of the present invention, in the IC chip according to any one of the first to third aspects, the verification processing unit executes the verification processing in response to a timeout of a timer counter. .

  According to a sixth aspect of the present invention, in the IC chip according to any one of the first to fifth aspects, the IC chip stores an area having a size requested by a program used in the command processing. Allocating means for allocating to the storage means, the allocating means allocating an area of a size required for writing the verification data to the storage means in addition to the area of the size requested by the program. .

The invention of the IC card according to claim 6 is requested by a storage means for storing data, a command processing means for executing command processing corresponding to a command received from the outside, and a program used in the command processing. An allocating unit for allocating an area of a size to the storage unit, and a verification process not related to the command process, the verification process for reading and verifying the verification data written in the area allocated to the storage unit Verification processing means that repeatedly executes at regular or irregular timings, and the allocation means includes an area of a size required for writing the verification data in addition to the area of the size requested by the program. It is allocated to the storage means . The invention according to claim 7 is a verification processing method executed by an IC chip having storage means for storing data, the command processing corresponding to a command received from the outside, and the command processing An allocation step of allocating an area of a size requested by the program used in the storage unit to the storage unit and a verification process not related to the command process, the verification data written in the area allocated to the storage unit and executing repeatedly at regular or irregular timing verification processing for verifying reads, only contains, in the assignment step, the writing of the verification data in addition to the region of the magnitude required by the program An area having a necessary size is allocated to the storage means .

According to an eighth aspect of the present invention, there is provided command processing means for executing command processing corresponding to a command received from the outside, a computer included in an IC chip having storage means for storing data, and a program used in the command processing An allocation unit that allocates an area having a size requested by the storage unit to the storage unit, and a verification process that is not related to the command processing, wherein the verification data written in the area allocated to the storage unit is read and verified The verification process is performed as a verification processing unit that repeatedly executes the verification process at regular or irregular timings, and the allocation unit has a size required for writing the verification data in addition to the area of the size requested by the program. Are allocated to the storage means .

  According to the present invention, the verification processing unit is a verification process not related to the command process, and performs the verification process for reading and verifying the verification data written in the area allocated to the storage unit periodically or irregularly. Since it is configured to repeatedly execute at the timing, it is possible to increase resistance to repeated attacks in terms of software.

1 is a diagram illustrating a schematic configuration example of an IC card 1. FIG. (A) is a figure which shows the example of a memory map in case a verification area | region is a specific area | region. (B) is a diagram showing an example of a memory map when the verification area is an unspecified area. (C) is a diagram showing another example of the memory map when the verification area is an unspecified area. It is a figure which shows a mode that a verification process is repeatedly performed at a regular timing. It is a figure which shows a mode that a verification process is repeatedly performed at irregular timing.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a diagram illustrating a schematic configuration example of the IC card 1. The IC card 1 is used as a cash card, a credit card, an employee card, or the like. Alternatively, the IC card 1 is incorporated into a smartphone, a mobile phone, or the like.

  As shown in FIG. 1, an IC chip 1 a is mounted on the IC card 1. The IC chip 1a includes a CPU (Central Processing Unit) 10, a ROM (Read Only Memory) 11, a RAM (Random Access Memory) 12, a flash memory 13, a timer 14, and an I / O circuit 15. Note that an EEPROM may be used instead of the flash memory. The IC chip 1a communicates with or without contact with the external terminal 2 including the IC reader / writer via the I / O circuit 15. The I / O circuit 15 serves as an interface with the external terminal 2. The I / O circuit 15 is provided with eight terminals C1 to C8 defined by, for example, ISO / IEC7816. For example, the C1 terminal is a power supply terminal, the C2 terminal is a reset terminal, the C3 terminal is a clock terminal, the C5 terminal is a ground terminal, and the C7 terminal is a terminal that performs data communication with the external terminal 2. Examples of the external terminal 2 include an ATM, a ticket gate, and an authentication gate. Alternatively, when the IC card 1 is mounted on a mobile terminal, the external terminal 2 corresponds to a controller that performs the function of the mobile terminal.

  The CPU 10 is an arithmetic unit that executes various programs stored in a ROM (Read Only Memory) 11, a flash memory 13, or a RAM 12. The RAM 12 is a volatile memory that temporarily stores data. The ROM 11 is a non-rewritable memory, and stores an OS (Operating System), a verification processing program of the present invention, and an application program described in a program language such as JAVA (registered trademark). The flash memory 13 is a non-volatile memory, and is written in a program language such as an OS, a verification processing program of the present invention, and JAVA (registered trademark) in an IC chip having a size that can replace a ROM. In some cases, all or part of the application program is stored. The timer 14 receives a clock signal supplied to the CPU 10 and counts the number of clock signals by a timer counter. When the timer 14 counts up to a value designated in advance, the timer counter times out, executes the program designated in advance, is reset to the initial state, and starts counting again. Note that the timer 14 may be configured by software or hardware.

  The CPU 10 functions as a VM (also referred to as a virtual machine or virtual machine) 101 (an example of a command processing unit) and a verification processing unit 102 (an example of a verification processing unit) according to the verification processing program of the present invention.

  The VM 101 executes command processing corresponding to the command (instruction) received from the external terminal 2. In this command processing, fetch processing for reading out an instruction code (a code constituting a program used in command processing) stored in the ROM 11 or the flash memory 13 is executed a plurality of times. This instruction code is a data string called a byte code constituting the application program. That is, the VM 101 sequentially executes the data string as a program according to the command.

  The verification processing unit 102 is configured by a monitoring program (monitoring PG) that reads verification data written in the ROM 11, the flash memory 13, or the RAM 12 and verifies that the data is a specific value. The verification data may be any value. The verification processing unit 102 performs verification processing for reading and verifying verification data written in an area allocated to the ROM 11, flash memory 13, or RAM 12 (hereinafter referred to as “verification area”) at regular or irregular timings. Run repeatedly. This verification process is a process not related to the command process, in other words, a process performed independently of the command process. Although it is desirable that the verification processing unit 102 repeatedly executes writing and reading of verification data to and from the verification area (because resistance against repeated attacks can be further improved), the verification processing unit 102 stores the verification data in the flash memory 13 or the RAM 12 in advance. The written verification data may be repeatedly read and compared with an expected value (set value) for verification. Alternatively, the verification data may be written in the ROM 11 during the manufacturing process in the factory, and the verification data may be repeatedly read out and compared with the expected value for verification. That is, the ratio between the number of times of writing and the number of times of reading may be “1: 1”, and the ratio between the number of times of writing and the number of times of reading may be “n: m” (n ≦ m).

  In such a verification process, if the value related to the verification data read from the verification area does not match the expected value, an abnormality is detected. In this case, for example, the CPU 10 stops the operation and locks the response to the IC reader / writer, or returns an error to the IC reader / writer. Alternatively, the CPU 10 may be configured to output dummy data (fixed value or random number) different from the response to the IC reader / writer.

  Here, a verification area in which verification data is written will be described. The verification area includes a specific area and an unspecified area. The specific area is a fixed area previously allocated to the ROM 11, the flash memory 13, or the RAM 12. FIG. 2A is a diagram showing an example of a memory map when the verification area is a specific area. In the example of FIG. 2A, an unused area is allocated as a verification area in accordance with the execution status of the application program in an area that can be used as a stack in the RAM 12 (hereinafter referred to as “stack area”).

  On the other hand, the unspecified area is an area appropriately allocated to the flash memory 13 or the RAM 12 by the OS. If the verification area is an unspecified area, it is possible to prevent an attacker from searching for a physical place to which disturbance is applied. FIG. 2B is a diagram showing an example of a memory map when the verification area is an unspecified area. Each time the subroutine is called, the stack is consumed. As shown in FIG. 2B, the OS secures an extra area larger than necessary for the stack (at least larger than necessary for verification). The extra reserved area is allocated as a verification area. That is, a verification area having a size required for writing verification data is allocated to the RAM 12 in addition to an area required for the stack.

  FIG. 2C is a diagram showing another example of the memory map when the verification area is an unspecified area. When an application program used in command processing is installed in the IC chip 1a, the OS (an example of an allocation unit) allocates an area having a size requested by the application program to the flash memory 13 or the RAM 12. The minimum unit of allocation is set to several bytes, and as shown in FIG. 2C, an area larger than the area required by the application program (at least larger than the size required for verification) is secured. The extra reserved area is allocated as a verification area. That is, in addition to the area requested by the application program, a verification area having a size necessary for writing verification data is allocated to the flash memory 13 or the RAM 12. At this time, a list describing the addresses of a plurality of extra verification areas that are reserved in excess may be generated (this is performed so that the operation of the application program is not adversely affected. The OS management area in the memory 13 or RAM 12 may be the target). In this case, in the verification process, the verification processing unit 102 randomly selects an address from the generated list (that is, selects a verification area in which the verification data is written with, for example, a random number), thereby verifying the verification data. It is also possible to configure such that the verification area for writing the data is appropriately changed (for example, the verification area is periodically reselected). According to this configuration, it is possible to further prevent an attacker from searching for a physical place where disturbance is applied.

  Next, verification processing that is repeatedly executed at regular or irregular timing will be described. FIG. 3 is a diagram illustrating a state in which the verification process is repeatedly executed at regular timing. Here, “instruction identification” shown in FIG. 3 is processing for identifying what a command (instruction) is received from the IC reader / writer and determining which bytecode string is to be executed. Further, “MOV” (move) shown in FIG. 3 is one of byte codes executed by the VM 101, and the value of the register to be executed is written in the memory, or the value is read from the memory to the register to be executed. It shows that. “INC” (increment) shown in FIG. 3 is one of byte codes executed by the VM 101, and indicates that the value of the register to be executed is added. In FIG. 3A, the verification processing unit 102 executes the verification process by calling the monitoring PG in response to the timeout of the timer counter of the timer 14 (that is, by being periodically interrupted by the timer function). Yes. According to this configuration, it is possible to prevent an attacker from searching for the timing to apply a disturbance. In FIG. 3B, the verification processing unit 102 executes the verification process between fetch processes. According to this configuration, it is possible to prevent an attacker from searching for a timing for applying a disturbance without depending on the timer. As shown in FIG. 3B, the processing time varies depending on the bytecode, so it looks irregular, but the verification process is executed every fetch process, so the term “periodic timing” is used. it can.

  On the other hand, FIG. 4 is a diagram illustrating a state in which the verification process is repeatedly executed at irregular timing. In FIG. 4A, the verification processing unit 102 calls the monitoring PG in response to the timeout of the timer counter of the timer 14, but, for example, ends the execution without executing the verification process by selecting whether or not to execute with a random number. There is also. According to this configuration, in addition to further preventing the attacker from searching for the timing to apply the disturbance, the instruction execution time by the verification process can be reduced. In the case of using the timer 14, even if the time until the next timeout is set as a random number in the verification process, an “irregular” effect can be obtained. In FIG. 4B, the verification processing unit 102 calls the monitoring PG in each fetch process, but may end without executing the verification process, for example, by selecting whether or not to execute with a random number. According to this configuration, it is possible to reduce the instruction execution time by the verification process in addition to further preventing the attacker from searching for the timing to apply the disturbance without depending on the timer.

  As described above, according to the above-described embodiment, the verification processing unit 102 is a verification process not related to the command process, and periodically performs the verification process for reading and verifying the verification data written in the verification area. Alternatively, since it is configured to repeatedly execute at irregular timings, it is possible to increase resistance to repeated attacks in terms of software.

1 IC Card 2 External Terminal 1a IC Chip 10 CPU
11 ROM
12 RAM
13 Flash memory 14 Timer 15 I / O circuit 101 VM
102 Verification processing unit

Claims (8)

Storage means for storing data;
Command processing means for executing command processing corresponding to a command received from outside;
An allocating unit that allocates an area having a size requested by the program used in the command processing to the storage unit;
Verification processing not related to the command processing, the verification processing means for repeatedly executing the verification processing for reading and verifying the verification data written in the area allocated to the storage means at regular or irregular timing; ,
Equipped with a,
2. The IC chip according to claim 1, wherein the allocating unit allocates an area having a size required for writing the verification data to the storage unit in addition to an area having a size requested by the program .   2. The IC chip according to claim 1, wherein the verification processing unit repeatedly executes writing and reading of the verification data to and from an area allocated to the storage unit. There are a plurality of areas allocated to the storage means,
3. The IC chip according to claim 1, wherein the verification processing unit randomly selects an area in which the verification data is written from a plurality of the areas. In the command processing, fetch processing for reading out an instruction code constituting a program used in the command processing is executed a plurality of times,
4. The IC chip according to claim 1, wherein the verification processing unit executes the verification process between the fetch processes. 5.   4. The IC chip according to claim 1, wherein the verification processing unit executes the verification processing according to a timeout of a timer counter. 5. Storage means for storing data;
Command processing means for executing command processing corresponding to a command received from outside;
An allocating unit that allocates an area having a size requested by the program used in the command processing to the storage unit;
Verification processing not related to the command processing, the verification processing means for repeatedly executing the verification processing for reading and verifying the verification data written in the area allocated to the storage means at regular or irregular timing; ,
Equipped with a,
2. The IC card according to claim 1, wherein the allocating unit allocates an area having a size required for writing the verification data to the storage unit in addition to the area having a size requested by the program . A verification processing method executed by an IC chip comprising a storage means for storing data,
Executing command processing corresponding to a command received from the outside;
An allocation step of allocating an area of a size requested by the program used in the command processing to the storage means;
A verification process not related to the command process, the verification process for reading and verifying the verification data written in the area allocated to the storage means is repeatedly executed at regular or irregular timing;
Only including,
In the allocation step, an area having a size required for writing the verification data is allocated to the storage unit in addition to an area having a size requested by the program . A computer included in an IC chip having storage means for storing data;
Command processing means for executing command processing corresponding to a command received from the outside, allocation means for allocating an area of a size requested by a program used in the command processing to the storage means, and not related to the command processing A verification process that reads and verifies verification data written in an area allocated to the storage unit, and functions as a verification process unit that repeatedly executes at regular or irregular timings ;
The allocation processing program allocates an area of a size required for writing the verification data to the storage unit in addition to an area of a size requested by the program.