EP4078418A1 - Elektronisches system und verfahren zur dynamischen aktivierung von gegenmassnahmen - Google Patents

Elektronisches system und verfahren zur dynamischen aktivierung von gegenmassnahmen

Info

Publication number
EP4078418A1
EP4078418A1 EP20848856.9A EP20848856A EP4078418A1 EP 4078418 A1 EP4078418 A1 EP 4078418A1 EP 20848856 A EP20848856 A EP 20848856A EP 4078418 A1 EP4078418 A1 EP 4078418A1
Authority
EP
European Patent Office
Prior art keywords
function
security
hardware
execution
electronic system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20848856.9A
Other languages
English (en)
French (fr)
Inventor
Sylvain Charbonnier
Jean Roch Coulon
Vincent DUMAS
André Sintzoff
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS France SAS
Original Assignee
Thales DIS France SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thales DIS France SAS filed Critical Thales DIS France SAS
Publication of EP4078418A1 publication Critical patent/EP4078418A1/de
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Definitions

  • the present invention relates to the field of securing the execution of software on an electronic device against attacks, and more particularly to a method for dynamically activating countermeasures.
  • Software execution on an electronic device can be the subject of various attacks, allowing an attacker to maliciously modify the execution of software code on the electronic device or to gain knowledge of sensitive data stored on the secure device. , such as secret cryptographic keys or banking information.
  • the present invention therefore relates to a method of configuring an electronic system for a secure execution of a code comprising a plurality of functions, said electronic system being configured to apply, during an execution of a code. a function, a security countermeasure configuration among a plurality of security countermeasure configurations, said method being executed by said electronic system comprising a hardware processor, security hardware registers configured to store start addresses of functions among said plurality of functions and associated security countermeasures configurations to be applied during an execution of said functions, a detection system configured to detect an attack on said electronic system during an execution of a function among said plurality of functions and including:
  • said electronic system further comprises a backup memory while the start address of said first function and said selected security countermeasure configuration, stored in said hardware security register, are copied from said register.
  • security equipment to said backup memory after said detection of an attack and, on startup of the electronic system, the starting addresses and the associated security countermeasures configurations, stored in said backup memory, are copied from said memory backup to said material security registers.
  • the present invention relates to a method for executing a code comprising a plurality of functions, by an electronic system configured for secure execution of said code according to the method according to the first aspect, and for application, during an execution of a function, of a configuration of security countermeasures among a plurality of configurations of security countermeasures and comprising a hardware processor and hardware security registers storing, for at least one function among said plurality of functions, a function start address and an associated configuration of security countermeasures, to be applied during an execution of said at least one function, said method being executed by said electronic system and comprising, when the code execution passes through 'a first function has a second function:
  • Such a method makes it possible to effectively protect parts of the code by activating, during their execution, the countermeasures necessary to protect them from the type of attacks which have already been detected during a previous execution of the code.
  • Applying said predefined configuration of security countermeasures may include disabling all activated countermeasures.
  • said electronic system comprises a secure processor state hardware register (psr_sec) storing a start address of a function in execution and a current configuration of a security countermeasure, as well as:
  • determining whether one of the hardware security registers stores a start address of the second function includes comparing the start address of the second function stored in said processor secure state hardware register (psr_sec) to the start of function addresses stored in the hardware safety registers (break (i) _sec),
  • - applying a security countermeasure configuration associated with the start address of the second function before executing said second function includes activating the required security countermeasures in the countermeasure configuration security associated with the start address of the second function and disabled in the current security countermeasure configuration.
  • the method according to the second aspect can comprise: when the execution of the code passes from a first function to a second function, saving the contents of the processor secure state hardware register storing the start address of the first function in running and updating the secure processor state hardware register with the start address of the second function, and at the end of the execution of the second function and when execution reverts to the first function, reloading the saved content.
  • the step of determining whether one of the security hardware registers stores a start address of the second function and / or the step of saving the content and reloading the saved content can be performed by a dedicated hardware circuit.
  • this invention relates to a computer program product directly loadable into the memory of at least one computer, comprising software code instructions for carrying out the steps of the methods according to the first and second aspects of the invention. when said product is run on the computer.
  • the present invention relates to an electronic system comprising a hardware processor, hardware security registers and a detection system, configured to perform the steps of the methods according to the first and the second aspect of the invention.
  • one or more embodiments include the following features, fully described and particularly emphasized in the claims.
  • Figure 1 is a schematic illustration of an electronic system according to the present invention.
  • Figure 2 is a schematic illustration of a method according to an embodiment of the present invention.
  • Figure 3 is an exemplary configuration of an electronic device according to the present invention.
  • Figures 4 and 5 are schematic illustrations of an example of secure execution of a code according to the present invention.
  • the invention relates to a method of configuring an electronic system 1 for secure execution of a code comprising a plurality of functions.
  • the electronic system is able to apply, during the execution of a function, a configuration of security countermeasures among a plurality of configurations of security countermeasures .
  • Each configuration of security countermeasures is defined by one or more countermeasures, the activation of which protects the electronic system against one or more types of attacks.
  • Such countermeasures may include timing desynchronization such as clock jitter, power smoothing, activation of an anti-code rerouting mechanism, and memory access redundancy.
  • Such an electronic system comprises, as shown in FIG. 1, a hardware processor 101 intended for the execution of the code to be protected and at least one memory 102, such as a non-volatile memory, a RAM memory and / or a ROM memory. in which the code is stored.
  • the electronic system can also include a backup memory 105 such as a non-volatile memory, a programmable read only memory, a hard disk, etc.
  • Such an electronic system can for example be a smart card or a tamper-proof computer.
  • the main idea of the invention is to activate countermeasures during the execution of functions which have undergone attacks during a previous execution. To do this, attacks are detected during the operation of the electronic system.
  • the electronic system comprises a detection system 103 configured to detect an attack on the electronic system during the execution of a function among the plurality of functions of the code to be protected.
  • countermeasures to be activated for the next executions of the function, are defined.
  • a security countermeasures configuration associated with the function that was running at the time of the attack is defined.
  • the electronic system includes hardware security registers 104 configured to store function start addresses among the plurality of functions of the code, and associated security countermeasure configurations. , to be applied when performing these functions.
  • such hardware security registers may be named break, _sec, where i represents an integer.
  • the electronic system checks, at the start of the execution of a function, whether its starting address is stored in any one of the registers. break safety equipment, _sec. If a start-of-function address is found, the associated configuration is applied by activating the required countermeasures, such that these countermeasures remain active throughout the execution of the associated function.
  • a first step S1 the detection system of the electronic system detects an attack on said electronic system during the execution of a first function. This step can be carried out continuously during the operation of the electronic system, until an attack is detected.
  • the electronic system selects, as a function of the attack detected in the first step, a security countermeasure configuration to be applied during an execution of the first function.
  • This security countermeasure configuration preferably includes one or more countermeasures against the attack detected in the first step, so that this countermeasure configuration, when applied, triggers the necessary countermeasures to protect the electronic system against further execution of the detected attack.
  • the electronic system stores, in a break hardware security register, _sec, the start address of the first function and the selected configuration of the security countermeasure to be applied during an execution of the first function.
  • a fourth step S4 when the execution code passes from a first function to a second function, the electronic system determines whether one of the hardware security registers break, _sec stores the start address of the second. function. This step can be performed by a dedicated hardware circuit. When one of the break hardware security registers, _sec stores the start address of the second function in a step S41, the electronic system applies the stored security countermeasure configuration before executing the second function. Thus, the execution of the second function is effectively protected by the countermeasures activated against the type of attacks it suffered during a previous execution.
  • the second function does not require special countermeasures to be activated.
  • the electronic system can apply a predefined security countermeasure configuration before executing the second function.
  • This predefined security countermeasure configuration may simply indicate that no countermeasure is required.
  • the application of the predefined configuration of security countermeasures may include deactivation of all activated countermeasures, in order to speed up the execution of the second function.
  • the fourth step described above can be executed repeatedly each time a new function is called, in order to adapt the configuration of the countermeasures to the next function to be executed.
  • the electronic system can at the same time carry out on the one hand the first three steps S1 to S3, in order to continuously detect new attacks and to adapt the configurations of security countermeasures stored in the hardware security registers; and on the other hand, performing the fourth step S4 at each change of function, in order to adapt the countermeasures applied to the function being executed.
  • the electronic system may include a backup memory 105, such as an NVM or a programmable read only memory and after detection of an attack during the execution of a first function, the start address of said first function and said selected security countermeasure configuration, stored in said hardware security register, are copied from said hardware security register to said backup memory.
  • a backup memory 105 such as an NVM or a programmable read only memory
  • the starting addresses and the associated security countermeasures configurations, stored in said backup memory are copied from said backup memory to said security hardware registers.
  • the electronic system may include a psr_sec processor secure state hardware register, configured to store the start address of the running function and the configuration. current security countermeasure applied.
  • a start address of the first function and the current configuration of the security countermeasure can be stored, at the start of the execution of a first function, in the register.
  • psr_sec processor secure state hardware configured to store the start address of the running function and the configuration.
  • the content of the processor secure state hardware register psr_sec relating to the first function can be saved, for example in RAM or in dedicated hardware registers, and the psr_sec processor secure state hardware register may be updated with the start address of the second function.
  • the fact of determining whether one of the break hardware security registers, _sec stores the start address of the second function can comprise the comparison of the start address of the second function stored in the hardware register.
  • This comparison step can be carried out by a dedicated hardware circuit, for example by hardware comparators between each hardware security register break, _sec and the hardware secure state processor register psr_sec.
  • a dedicated hardware circuit for example by hardware comparators between each hardware security register break, _sec and the hardware secure state processor register psr_sec.
  • second function can then include the activation of the security countermeasures, required in the security countermeasure configuration associated with the start address of the second function and disabled in the current security countermeasure configuration, applied when performing the first function.
  • the execution returns to the first function while the previous state of the processor secure state hardware register psr_sec, saved when passing from the execution to the second function, can be reloaded, for example from RAM or dedicated hardware registers. This step can be performed by a dedicated hardware circuit.
  • FIG. 3 An example of the configuration of the electronic system is represented in FIG. 3, which shows the operations carried out during the detection of an attack during the execution of a function B called by a function A.
  • Function A is executed from on board.
  • the processor secure state hardware register psr_sec stores the A function start address 0x200 and a safety countermeasure configuration 0x0, indicating that no countermeasure is required.
  • function B is called.
  • the psr_sec processor safety status hardware register is updated with the start address of function B 0x2000.
  • the detection of an attack triggers a security alarm which leads to writing the starting address of function B 0x2000 in one of the breakr_sec hardware security registers.
  • the electronic system determines that three countermeasures are necessary to prevent this attack and therefore associates, with the starting address of function B 0x2000, a configuration of security countermeasure 0x3 requiring the activation of these three countermeasures .
  • the contents of the breakr_sec security hardware registry can be copied to backup memory, so that it can be restored on restart.
  • FIGS. 4 and 5 an example of secure execution of a code according to the invention is given in FIGS. 4 and 5.
  • This example shows an initial state of the electronic system, in which a first function A is executed and calls a second function B. It is assumed that three hardware safety registers, breakr_sec, break2_sec and break / v_sec, store the start addresses of functions B (0x2000), D (0x4000) and F (0x6000) and the countermeasure configurations associated safety systems - which are not shown in FIG. 4 - but the start address of function A 0x200 is not stored in any of the hardware safety registers. As a result, function A is executed without the activation of any countermeasures.
  • the processor secure state hardware register psr_sec When executing function A, the processor secure state hardware register psr_sec stores the starting address (A @ or 0x200) of function A and the safety countermeasure configuration 0x0, indicating that no countermeasures are required in this configuration. Function B is then called. Function B's start address B @ 0x2000 is copied to the processor secure state hardware register psr_sec and this starting address is looked up in the safety hardware registers. The breakr_sec safety hardware register stores the start address B @ 0x2000 associated with the safety countermeasure configuration 0x3 requiring the activation of three countermeasures.
  • the processor secure state hardware register psr_sec After the execution of function B has started, the processor secure state hardware register psr_sec then stores the start address of function B @ 0x2000 and the associated safety countermeasure configuration 0x3.
  • Figures 4 and 5 also show what happens when the execution of function B is completed and the execution of function A resumes.
  • the processor secure state hardware register psr_sec still stores the start address of the B function @ 0x2000 and the associated safety countermeasure configuration 0x3.
  • the start of function address A 0x200 could not be found in the hardware safety registers.
  • the predefined safety configuration 0x0 is therefore applied, which deactivates the three countermeasures activated during the execution of function B, by a call to the deactivation function at address 0x1100.
  • the hardware safety status register of psr_sec processor again memorizes the start address of function A @ 0x200 and the associated safety countermeasure configuration 0x0.
  • the invention relates to a computer program product directly loadable into the memory of at least one computer, comprising software code instructions making it possible to execute, when said product is executed on the computer, the steps of the methods described above.
  • the method and the computer program according to the second and third aspects of the invention can be configured to execute or can include any other characteristic described above.
  • the electronic system and the method presented here therefore make it possible to effectively trigger the execution of additional countermeasures on specific parts of the code to be protected, almost without any imprint on this code and with a limited impact on the execution time, since 'no countermeasures are activated while performing functions for which no protection is required.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
EP20848856.9A 2019-12-18 2020-12-18 Elektronisches system und verfahren zur dynamischen aktivierung von gegenmassnahmen Pending EP4078418A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP19306680.0A EP3839779A1 (de) 2019-12-18 2019-12-18 Elektronisches system und verfahren zur dynamischen aktivierung von gegenmassnahmen
PCT/FR2020/052559 WO2021123684A1 (fr) 2019-12-18 2020-12-18 Système électronique et procédés d'activation dynamique de contre-mesures

Publications (1)

Publication Number Publication Date
EP4078418A1 true EP4078418A1 (de) 2022-10-26

Family

ID=74494940

Family Applications (2)

Application Number Title Priority Date Filing Date
EP19306680.0A Withdrawn EP3839779A1 (de) 2019-12-18 2019-12-18 Elektronisches system und verfahren zur dynamischen aktivierung von gegenmassnahmen
EP20848856.9A Pending EP4078418A1 (de) 2019-12-18 2020-12-18 Elektronisches system und verfahren zur dynamischen aktivierung von gegenmassnahmen

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP19306680.0A Withdrawn EP3839779A1 (de) 2019-12-18 2019-12-18 Elektronisches system und verfahren zur dynamischen aktivierung von gegenmassnahmen

Country Status (3)

Country Link
US (1) US20230080096A1 (de)
EP (2) EP3839779A1 (de)
WO (1) WO2021123684A1 (de)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3376423A1 (de) * 2017-03-14 2018-09-19 Gemalto Sa Adaptive gegenmassnahmen
US10459477B2 (en) * 2017-04-19 2019-10-29 Seagate Technology Llc Computing system with power variation attack countermeasures
US10990682B2 (en) * 2017-12-18 2021-04-27 Nuvoton Technology Corporation System and method for coping with fault injection attacks

Also Published As

Publication number Publication date
WO2021123684A1 (fr) 2021-06-24
EP3839779A1 (de) 2021-06-23
US20230080096A1 (en) 2023-03-16

Similar Documents

Publication Publication Date Title
EP1605333A1 (de) Programmausführungssteuerung
EP1904946B1 (de) Entdeckung eines fehlers durch eine lange störung
FR2989504A1 (fr) Registre protege contre des attaques par injection de fautes
FR2979442A1 (fr) Microprocesseur protege contre le vidage de memoire
WO1998057255A1 (fr) Procede de modification de sequences de code et dispositif associe
EP2656268A1 (de) Schutz von applets vor analysen verdeckter kanäle
WO2014023894A1 (fr) Systeme de detection de modification d'une pile d'appel de sous-programme
EP3441902B1 (de) Schutzverfahren einer elektronischen vorrichtung gegen angriffe durch fehlerinjektion
EP4078418A1 (de) Elektronisches system und verfahren zur dynamischen aktivierung von gegenmassnahmen
EP1939745B1 (de) Verfahren und Vorrichtung zur Sicherung vom Speicherszugang
EP3198540B1 (de) Verfahren zur automatischen erkennung von versuchter piraterie einer elektronischen bezahlkarte, zugehörige karte, endgerät und programm
KR20140082542A (ko) 보안부팅을 위한 인증수단의 변경을 지원하는 방법 및 장치
WO2012080139A1 (fr) Procede dynamique de controle de l'integrite de l'execution d'un code executable
EP3032451B1 (de) Verfahren zur ausführung eines programms über einen prozessor, und elektronische einheit, die einen solchen prozessor umfasst
FR3072477B1 (fr) Securisation d’instructions de branchement conditionnel compose dans un programme informatique en code intermediaire
EP2630605B1 (de) Verfahren zur sicherung der ausführung eines computercodes mittels dynamischer redundanz
EP3239845A1 (de) Verfahren zur zuteilung von speicherplatz
EP2343663A1 (de) Verfahren zum polymorphen Schutz eines ausführbaren Codes
FR2897452A1 (fr) Procede pour empecher l'execution de logiciels malveillants au sein d'un systeme informatique.
EP2698739B1 (de) Verfahren zur dynamischen Verwaltung von Codes, die mit Sicherheitsgegenmaßnahmen assoziiert sind, entsprechendes Computerprogrammprodukt und entsprechende Vorrichtung
EP3179400B1 (de) Verfahren zum hochladen einer it-ressource in einem elektronischen gerät, elektronisches modul und entsprechendes computerprogramm
KR101673367B1 (ko) 경고 어플리케이션을 이용하여 메인 어플리케이션의 보안 위협 시도를 경고할 수 있는 모바일 단말기의 어플리케이션 보안 제공 방법
FR2910658A1 (fr) Systemes electroniques securises,procedes de securisation et utilisations de tels systemes
FR2996659A1 (fr) Procede d'execution d'un programme par un processeur et entite electronique equipee d'un tel processeur
EP1942428A2 (de) Verfahren zur Konformitätsprüfung einer elektronischen Plattform und/oder eines Softwareprogramms auf dieser Plattform sowie entsprechende Vorrichtung und entsprechendes Computerprogramm

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20220718

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20240405