FR2853097A1 - PROGRAMMABLE CIRCUIT PROVIDED WITH A SECURE MEMORY - Google Patents

Abstract

The present invention relates to a programmable circuit which comprises a microprocessor MIC, peripherals including a non-volatile memory FL and a RAM working memory, a BUS interconnection bus for connecting these peripherals to the microprocessor MIC. In addition, this circuit comprises means AD protection to secure FL non-volatile memory.

Description

i

  The present invention relates to a programmable circuit provided with a secure memory.

  The field of the invention is that of secure electronic components 5, in particular that of the circuits used to carry out confidential transactions.

  Such a circuit can be subdivided into two zones, one secure, the other not. Information passing through the secure area is protected: it is scrambled on transmission and unscrambled on reception. In the non-secure zone, the information passes in clear.

  In any event, this circuit integrates a microprocessor and, often, a cache memory, a cache memory controller and / or a memory management unit. In addition, a non-volatile memory, one or more working memories such as random access memory ("RAM" for the English term "Random Access Memory") or read-only memory ("ROM" for the English term "Read Only Memory ") are usually found in the secure area. Most of the time, other devices are installed in the unsecured area.

  The non-volatile memory (also called "flash" memory) stores the 20 data recorded when the circuit is de-energized, so that this data is accessible at the next power-up. It is therefore in this memory that the data which must always be available is stored and, in particular, the encryption keys specific to the circuit.

  However, a flash memory is not fully protected. It is possible to come and read its contents from the outside by means of two main types of attacks.

  First, the software attack consists in requesting the circuit through an external interface to read the flash memory, or else in directly requesting the microprocessor to remove the data recorded in this memory from the circuit. This type of attack is generally prevented by the use 3 o of a memory management unit coupled to the microprocessor.

  Second, the physical attack on the circuit is most often carried out with a field effect microscope. This makes it possible to measure the charges stored on the floating grids of non-volatile cells in order to decode the data contained in these cells. This second attack is now 35 slow and costly. In addition, certain mechanisms have been put in place to detect it and empty the entire contents of the memory in the event of detection.

  However, these mechanisms have a certain response time and it can happen that at least part of the memory is decoded before it is erased.

  In certain applications, one should not take the risk of such an attack which makes the data stored in the flash memory vulnerable, data among which may include encryption keys.

  The object of the present invention is therefore to strengthen the protection of this memory against fraudulent access.

  According to the invention, a programmable circuit comprises a 1c microprocessor, peripherals including a non-volatile memory and a working memory, an interconnection bus for connecting these peripherals to the microprocessor; moreover, this circuit includes protection means for securing the non-volatile memory.

  Advantageously, these protection means include encryption means for addressing encrypted words to the non-volatile memory.

  Preferably, the encryption means use a private key.

  According to a preferred embodiment of the circuit, the encryption means appear in an adaptation module connected on the one hand to the interconnection bus and on the other hand to the non-volatile memory via 2 o of a link dedicated.

  It is desirable that the length of the encryption key be greater than the standard length of the data processed by the microprocessor, so that the latter includes means for decomposing the encrypted words into data of standard length.

  According to the preferred embodiment above, these means for breaking down the encrypted words into standard length data preferably appear in the adaptation module.

  Thus, when the circuit further comprises a cache memory associated with a controller, the length of the encryption key being greater than the standard length of the data processed by the microprocessor, the adaptation module is provided for exploiting the consecutive accesses of this controller in order to decompose the encrypted words into standard length data.

  It is preferable that the encryption key is stored in a programmable register only once, this register being able to appear in the non-volatile memory.

  The present invention will now appear in more detail in the context of the following description of an exemplary embodiment given by way of illustration with reference to the appended figure which represents a diagram of a programmable circuit according to the invention.

  Referring to the figure, a programmable circuit comprises a microprocessor MIC possibly associated with a cache memory and / or with a memory controller (not shown). The other elements of the circuit are: - a non-volatile memory FL of flash type, - a working memory RAM with random access, - possibly one or more other PER peripherals, - an adaptation module AD, - a system bus BUS for interconnect all the elements of the circuit except the non-volatile memory FL, and - a dedicated link DL to connect this non-volatile memory FL and the adaptation module AD.

  The invention therefore proposes to protect the data in the non-volatile memory FL and an advantageous solution consists in using encryption means which are preferably implemented by the adaptation module AD.

  Thus, the data is encrypted before being stored in this memory and it is decrypted when it is read before being processed.

  It is therefore advisable to encrypt the data on the fly before storing them in the non-volatile memory FL.

  Commonly, the microprocessor processes data of length 8, 16 or 32 bits (standard length), so that accessing such data securely would require 32 bit encryption. This would be very vulnerable encryption, practically ineffective, if known algorithms are used.

  It is therefore desirable to choose an algorithm working on 64-bit data in the present case, or even 128 bits when it proves necessary. The selection of a standard algorithm avoids additional constraints, while ensuring a maximum level of security.

  We prefer a private key algorithm because it requires much shorter computation times than a public key algorithm.

  By way of example, the following algorithms will be retained: - AES (abbreviation of the English expression "Advanced Encryption Standard"), working on 128-bit words and offering, at present, maximum security, - DES (abbreviation of the English expression "Data Encryption Standard"), working on 64-bit words, known for its universality in the least demanding systems in terms of security, - 3DES (abbreviation of the English expression "Triple Data Encryption Standard "), or - XDES (abbreviation of the English expression" Extended Data Encryption Standard "), these latter two algorithms being renowned for systems which are more demanding in terms of security 10 while ensuring high encryption throughputs at low cost.

  Naturally, the AD adaptation module makes it possible to encrypt data longer than the standard length. This module is designed to process 64 or 128 bit data recorded in two or four 32 bit words in the non-volatile memory FL, so that one access to one of these data is divided into several 32 bit accesses.

  For this purpose, the adaptation module AD can exploit the grouped accesses or consecutive accesses of the control of the cache memory of the microprocessor.

  This cache memory contains a partial copy of the non-volatile memory FL which is updated according to the part of the program which the microprocessor 20 MIC executes. The cache memory being very fast and very close to the MIC microprocessor, it generally makes it possible to improve the performance of the circuit.

  The replacement of the data present in the cache memory by means of the cache controller is carried out in packets, these packets having a minimum size of 2 or more often 4 words of 32 bits, this regardless of the size of the data processed by the MIC microprocessor.

  It will be noted here that the cache memory can also be used for other purposes by the circuit.

  The controller writes the data recorded in the cache memory which 3o relates to the flash memory FL, in packets of a size multiple of 64 bits.

  Interfacing the cache memory with the FL flash memory which is only capable of managing 32-bit accesses is done in a simple manner by splitting a 64-bit size access into two 32-bit accesses.

  The DES or 3DES algorithm will thus be loaded every 2 words of 32 bits, while the AES algorithm will be loaded every 4 words of 32 bits. Data is loaded on the fly. In the case of a "pipeline" processing of the AES algorithm, in other words when the complete processing of a data item in one or more cycles is capable of receiving new data at each cycle, only the first access introduces a time of latency over the total time of data transfer.

  The private key used by the algorithm is stored in an insecure area of the circuit whose access is done without encryption, preferably in a programmable register only once called "OTP" (for the English expression One Time Programmable). This register can also take place in the non-volatile memory FL.

  In the case of a physical attack as described above, it suffices to erase the encryption key as soon as the attack is detected, which is a very rapid operation. It is no longer necessary to completely empty the FL flash memory to make it inoperative, this emptying operation can take a relatively long time if this memory has a significant size. The fact that this memory is made inoperative much more quickly offers an additional safety factor.

  The embodiment of the invention presented above was chosen for its concrete character. However, it would not be possible to exhaustively list all the embodiments covered by this invention.

In particular, any means described may be replaced by equivalent means without departing from the scope of the present invention.

Claims (8)

  1) Programmable circuit comprising a microprocessor MIC, peripherals including a non-volatile memory FL and a working memory RAM, an interconnection bus BUS for connecting said peripherals to said microprocessor MIC, characterized in that it comprises protection means AD to secure said non-volatile memory FL.   2) Circuit according to claim 1, characterized in that said protection means AD include encryption means for addressing encrypted words to said non-volatile memory FL.   3) Circuit according to claim 2, characterized in that said AD encryption means use a private key.   4) Circuit according to any one of claims 2 or 3, characterized in that said encryption means appear in an adaptation module AD connected on the one hand to said interconnection bus BUS and on the other hand to said memory non-volatile FL via a dedicated DL link.   5) Circuit according to any one of claims 2 or 3 characterized in that, the length of the encryption key being greater than the standard length of the data processed by said microprocessor MIC, it comprises means AD for decomposing said encrypted words as standard length data.   6) Circuit according to claim 4 characterized in that, comprising 3 0 plus a cache memory associated with a controller, the length of the encryption key being greater than the standard length of the data processed by said microprocessor MIC, said module adaptation AD is intended to exploit the consecutive accesses of said controller in order to decompose said encrypted words into standard length data.   7) Circuit according to any one of claims 2 to 6, characterized in that the encryption key is stored in a programmable register only once.   8) Circuit according to claim 7, characterized in that said register is in said non-volatile memory FL.