Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/002—Countermeasures against attacks on cryptographic mechanisms
  • H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
  • G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
  • G06F21/755—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
  • G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
  • G06F2207/7219—Countermeasures against side channel or fault attacks
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/2123—Dummy operation

Definitions

• the present invention relates to an electronic component and a method for masking the execution of instructions or the manipulation of data.
• the present invention relates more particularly to electronic components used in applications where access to services or to data is strictly controlled.
• Such components have an architecture formed around a microprocessor and memories. They implement algorithms using secret data contained in the component, inaccessible from the outside. Secret data can thus be used to validate an electronic transaction such as a purchase, without this data being accessible at any time from outside the component.
• the object of the present invention is to mask the execution of instructions or the manipulation of data in the component, in order to render sterile the observation of external parameters of the electronic component.
• the invention relates to an electronic component comprising at least one microprocessor and storage means for executing a main program.
• the component further comprises a counter of a random value generating information to output the execution of said program during the execution of a secondary program.
• this execution time of the secondary program is constant.
• this execution time is variable. It can even be random.
• this secondary program activates means of current consumption, which will distort the current consumption curve of the component, making the masking of the operations executed and of the data manipulated even more effective.
• the invention also relates to a method for masking the execution of instructions or the manipulation of data in an electronic component.
• FIG. 1 shows a block diagram of an electronic component according to the invention.
• FIG. 2 shows a variant of the block diagram of an electronic component according to a variant of one invention.
• FIG. 1 represents a simplified block diagram of an electronic component CI according to the invention. It includes a microprocessor 1 and internal resources which are connected to a data bus 6.
• the internal resources include in particular memories, in the example, a program memory 2 and a working memory 3, a counter 4 and a generator 5 with a random value R.
• the electronic component CI includes various external connection terminals. In the example, it is a component with serial data input / output, therefore with an I / O terminal for data input / output. It also includes a VSS ground terminal, a power terminal VCC and terminals relating to control signals (not shown).
• the microprocessor receives instructions and data on a serial input / output port 8, connected to the data input / output terminal in connection with an external system.
• the microprocessor internally generates different control signals to manage the different internal resources.
• control signals there is shown a validation signal EN of the counter 4, a signal LOAD of initialization of the counter and an activation signal SEL of the random generator 5.
• the counter When enabled (EN activated), the counter generates an ITO counting end signal. This end of counting information signal is used as the microprocessor interrupt signal. It is thus connected to an input of the interrupt port 7 of the microprocessor. It will be noted that the expression end of counting is a general expression which means as well that the counter has finished counting up to a determined value or that the counter has finished counting down to zero from a determined value.
• the counter is a material resource.
• the microprocessor 1 executes a main program contained in program memory, relative to data or instructions received from the serial input input port 8, in relation to an external system. According to the invention, the execution of the main program is suspended at random times, the time of the execution of a secondary program, contained in program memory.
• a counter initialization routine is provided with a new random value.
• this routine includes instructions to invalidate the counter (EN disabled), draw a random value R in the random generator 5, load (LOAD) this value in the counter, then activate the counter (EN enabled).
• the counter When the counter has counted down to zero, it activates the ITO end of counting information signal, which causes an interruption on the microprocessor.
• the execution of the main program is suspended for the time of execution (by the microprocessor) of the secondary program, corresponding to the interrupt management routine considered.
• the secondary program includes at least the already seen sequence of initialization of the counter, at a new random value, so that a new interruption can take place.
• This secondary program can correspond to a fixed number of instructions, in which case it is executed in constant time. For example, if the secondary program includes only the instructions corresponding to drawing a new random value R in the generator 5 and loading the counter 4 to this new value R (initialization), there is a secondary program executable in constant time. In this case, in addition to the execution of the main program, there are bits of code (corresponding to the secondary program) executed in constant time at random times.
• the duration of execution of the secondary program is variable.
• the secondary program provides for a test on a binary datum, modified at each passage in the program, the number of instructions executed next being a function of the result of the test.
• the variable duration of execution depends on a mathematical function. For example, if this mathematical function requires a certain number of calculation turns to arrive at the result, this number of turns being a function of the input data, there will be a variable execution time, depending on a mathematical function. All these techniques for arriving at a variable duration are well known.
• this variable execution time will be random.
• the secondary program includes provision for deactivation of the counter, drawing of a new random value, counting down to zero of this value in a countdown loop, then initialization of the counter to a new random value.
• This additional current consumption may be due, instantaneously, to instructions provided in the secondary program.
• instructions provided in the secondary program For example, we can plan in this secondary program to execute turns of calculation of an algorithm, for example of a cryptography algorithm.
• This execution will correspond to an instantaneous current consumption, that is to say the time of the execution of the instruction, which will interfere with the normal consumption of the main program by interposing in the normal current consumption as a function of the time due to execution of the main program. It can also be expected that this additional current consumption will have a lasting effect for a certain time.
• the secondary program then provides for activating current consumption means, which will consume current for at least a certain time, during the execution of the following instructions of the secondary program and of the main program.
• FIG. 2 A block diagram of an electronic component corresponding to this second embodiment of the invention is shown in Figure 2.
• the electronic component comprises a pump of charges 9.
• this charge pump normally designed to supply a high voltage VF? programming and / or erasing from the supply voltage VCC to allow programming and / or erasing of data in a non-volatile programmable and / or electrically erasable memory, such as for example the memories commonly called EPROM memories , EEPROM or flash EPROM.
• this charge pump is associated with the program memory.
• a known characteristic of such a pump is that it consumes a lot of current during the time of setting up the high voltage at the output and the programming or erasing time, which can be of the order of a few milliseconds.
• a high current consumption is therefore superimposed which will mask the consumption of the following instructions of the secondary program and of the main program.
• the invention is not limited to the embodiments or to the variants described. It covers any use of means to suspend the main program at random times for a time which may be fixed, variable or random, with or without the use of means to add additional current consumption.
• the invention applies to all components comprising at least one counter and one random generator.
• the choice of such or such secondary program depends on the resources of the component considered, on the efficiency in relation to the application considered.
• Such a component is particularly useful in smart cards, to improve their inviolability.

Landscapes

• Engineering & Computer Science (AREA)
• Physics & Mathematics (AREA)
• Theoretical Computer Science (AREA)
• Computer Hardware Design (AREA)
• Computer Security & Cryptography (AREA)
• General Engineering & Computer Science (AREA)
• Software Systems (AREA)
• General Physics & Mathematics (AREA)
• Mathematical Physics (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Microcomputers (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=9531646

Family Applications (1)

Country Status (6)

Families Citing this family (10)

Family Cites Families (3)

• 1998
  • 1998-10-16 FR FR9812988A patent/FR2784763B1/fr not_active Expired - Fee Related
• 1999
  • 1999-10-15 WO PCT/FR1999/002521 patent/WO2000023866A1/fr not_active Application Discontinuation
  • 1999-10-15 AU AU62077/99A patent/AU6207799A/en not_active Abandoned
  • 1999-10-15 JP JP2000577544A patent/JP2002528784A/ja active Pending
  • 1999-10-15 EP EP99949058A patent/EP1121629A1/de not_active Withdrawn
  • 1999-10-15 CN CN99812249A patent/CN1332860A/zh active Pending

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events