JP2000187618A - Information processor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make it difficult to analyze secret information based on the measurement of current consumption or electromagnetic waves. SOLUTION: The operations of a program counter block 12 and a register block 17 are switched according to a switching signal S outputted from a time- division processing controlling part 19, and real processing based on secret information held in a flash memory 15 and false processing which does not use the secret information is executed in time-vision parallel. Thus, the influence of the false processing is mixed with current consumption or electromagnetic waves so that the secret information can be made difficult to analyze from the current consumption or the electromagnetic waves at that time. Also, hardware to be used for the processing is switched according to the switching signal S, and the time-division parallel processing is operated so that high speed processing can be realized by making it unnecessary to operate switching processing by software processing. Moreover, plural common hardware is used for the real processing and the false processing so that the secret information becomes more difficult to be analyzed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information processing apparatus having confidential information, and more particularly, to an information processing apparatus for performing time-sharing processing that makes it difficult to decipher confidential information.

[0002]

2. Description of the Related Art There is an information processing apparatus, such as an IC card, which holds secret information that should not be known to others and performs processing based on the information. In this type of information processing apparatus, processing is sequentially performed according to secret information using a CPU or dedicated hardware. When processing is performed based on secret information, the processing content differs depending on the content of the secret information. That is, when the processing is performed by the CPU, the contents of the instructions to be executed and the order of the instructions are different depending on the value of the secret information. Different instructions to be executed have different current consumption and radiated electromagnetic waves. The same applies to the case where processing is performed using dedicated hardware. The operation state of each transistor of the dedicated hardware differs depending on the value of the secret information, and the current consumed at that time and the radiated electromagnetic wave differ.

[0003] A technique has been discovered which utilizes this to analyze the secret information from outside by measuring the current consumption and the temporal change of the electromagnetic wave. At that time, the data supplied from the outside is changed and processed, and the difference between the current consumption and the time change of the radiated electromagnetic wave in each processing is compared and analyzed (“Differential Power Analysis” Cryptography Res.
earch).

For example, assuming that the secret information is a secret key of the RSA public key encryption, multiplication in encryption or decryption processing depends on whether each bit of the secret key is “1” or “0”. The presence or absence and the order of the remainder operation and other operations are different. Therefore, the value of each bit of the secret key can be known by encrypting or decrypting various data and analyzing a series of these operations from current consumption and radiated electromagnetic waves at that time.

[0005]

As described above, since the instructions executed according to the value of the secret information and the operating conditions of the hardware are different, the problem that the secret information is analyzed from the current and electromagnetic waves consumed at that time. was there.

The present invention has been made in view of the above problems, and has as its object to provide an information processing apparatus that makes it difficult to analyze secret information based on current consumption and electromagnetic wave measurement.

[0007]

An information processing apparatus according to the present invention includes a storage unit for storing secret information and a process for periodically executing other processing during execution of a process based on the secret information stored in the storage unit. And a parallel processing means for executing the processing in a time-division manner.

According to the information processing apparatus having such a configuration,
During execution of the process using the secret information held by the present apparatus, a false process is executed in a time-division parallel manner. Therefore, the influence of the fake processing is mixed into the current consumption and the electromagnetic wave, and it is difficult to know the secret information even if the current consumption and the electromagnetic wave at that time are measured and analyzed.

Further, the information processing apparatus of the present invention comprises a common use means which is a resource which can be commonly used in a plurality of processes, a non-common use means which is a resource which cannot be commonly used in a plurality of processes, and the common use means. Switching means for switching between the common use means and the common use means at a predetermined cycle, while switching between the common use means and the non-common use means by this switch means,
A control unit that executes a plurality of processes in a time-division parallel manner and performs a process based on secret information in at least one process executed by the non-common use unit.

According to the information processing apparatus having such a configuration,
Hardware that cannot be shared by a plurality of processes and hardware that can be shared are appropriately switched to perform time-division parallel processing, and at least one of the processes performs a process based on secret information. Therefore, high-speed processing can be realized without switching processing by software processing such as an OS.

Further, since many common hardware are used for the processing based on the original secret information and the fake processing by time division, the radiation positions of the electromagnetic waves in the real processing and the fake processing are almost the same. It is more difficult to separate than radiating fake electromagnetic waves from completely different hardware,
Decryption of confidential information can be made more difficult.

[0012]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of the present invention will be described below with reference to the drawings.

FIG. 1 is a block diagram showing the internal configuration of an LSI in an IC card used as an embodiment of the information processing apparatus of the present invention. This IC card holds secret information. Here, the secret information is, for example, a secret key of an RSA public key cryptosystem, and only a part related to processing using the secret key is illustrated, and the description of an interface with the outside of the IC card and various security circuits is simplified. For simplicity.

As shown in FIG. 1, I in the present embodiment
The C card includes a program ROM 11, a program counter block 12, an instruction decoder 13, a RAM 14, a flash memory (FLASH MEMORY) 15, a data ROM 16, a register block 17, an arithmetic unit 18,
A time division processing control unit 19 is provided.

The program ROM 11 is a memory in which a processing program is stored. The program counter block 12 stores a program ROM according to the instruction address AD.
11 are controlled to control the flow of instructions. The detailed configuration of the program counter block 12 will be described later with reference to FIG. The instruction decoder 13 decodes an instruction output from the program ROM 11 and outputs various control signals. In this figure, for simplicity of explanation, only the register control signal RC is shown as a control signal, and other control signal lines are omitted.

The RAM 14 is a memory temporarily used as processing work. The flash memory 15
It is a nonvolatile memory for storing secret information such as an encryption key. The data ROM 16 stores data used for various processes.

The register block 17 comprises a plurality of registers used for processing. The detailed configuration of the register block 17 will be described later with reference to FIG. The operation unit 18 includes a plurality of dedicated hardware such as an ALU, a multiplier, and a shifter (hardware for bit shifting) that realize various operations. The time-division processing control unit 19 is a switching signal S for switching hardware used in a plurality of processes (here, two processes) operating in parallel in a time-division manner at a predetermined cycle (in units of instructions).
Occurs.

The external address bus a shown in FIG.
M14, a signal line for specifying addresses of the flash memory 15 and the data ROM 16. However, RAM
14 and the most significant bit of the address of the flash memory 15 are determined by the switching signal S output from the time-division processing control unit 19.

The external data bus b is a signal line through which data read from or written to the RAM 14, the flash memory 15, and the data ROM 16 flows. Note that the term "external" is used here to distinguish it from an internal data bus c, which will be described later.
Keeping in mind that the part other than the data ROM 16 is the CPU part, it means outside of the CPU.
It does not mean outside.

Here, data exchange with the RAM 14, the flash memory 15, and the data ROM 16 is always performed via the register block 17. Also, RAM
14, the addresses of the flash memory 15 and the data ROM 16 are also specified via the register block 17.

The internal data bus c is connected to the register block 1
7, a data line for performing data processing between the arithmetic unit 18, the program counter block, and the time-division processing control unit 19. Although this diagram is represented by a single line in this figure, this is for the sake of simplicity, and this bus often has a plurality of systems.

In such a configuration, the internal operations of the register block 17 and the program counter block 12 are affected by the switching signal S output from the time division processing control section 19.

FIG. 2 shows the internal configuration of the register block 17.

As shown in FIG. 2, the register block 17
Includes a register section (1) 21 and a register section (2) 2
2, a selector (1) 23, a selector (2) 24, a selector (3) 25, and a selector (4) 26.

Register section (1) 21, register section (2)
Reference numeral 22 has the same structure, and is composed of a plurality of registers. More specifically, a general-purpose register used for temporary storage of normal operation results and data and addresses, a status register holding information such as the presence / absence of carry of operation results, a stack pointer indicating a stack position in RAM, and the like. Is composed of registers.

The register section (1) 21 is provided with a selector (4) 2
6, the register section (2) 22 operates according to the register control signal RC via the selector (4) 26.

In this case, the selector (4) 26
The register control signal RC output from the instruction decoder 13 in FIG. 1 according to the level (0/1) of the switching signal S output from the time-division processing control unit 19 of FIG.
21 or the register section (2) 22. That is, when the switching signal S is "0", the register control signal RC output from the instruction decoder 13 is transmitted to the register (1) 21.
When the switching signal S is "1", the register control signal RC is supplied to the register section (2) 22. that time,
A signal that does not operate is supplied to the other register unit. As a result, only the register to which the register control signal RC is supplied switches to the operating state.

The selector (1) 23 connects the external data bus b to the register section (1) 21 or the register section (2) 22 according to the level (0/1) of the switching signal S. That is, when the switching signal S is "0", the external data bus b is connected to the register section (1) 21, and the switching signal S becomes "1".
In this case, the external data bus b is connected to the register (2) 22.

Selector (2) 24 and selector (3)
25 performs the same operation as the selector (1) 23,
According to the switching signal S, the external address buses a,
This is for switching to which register unit the internal data bus c is connected. That is, when the switching signal S is “0”, the selector (2) 24 connects the external address bus a to the register section (1) 21 and outputs the switching signal S
Is "1", the external address bus a and the register (2)
22 is connected. The selector (3) 25 connects the internal data bus c to the register section (1) 21 when the switching signal S is “0”, and connects the internal data bus c to the register section (1) when the switching signal S is “1”. The register unit (2) 22 is connected.

As described above, when the switching signal S is "0", the register section (1) 21 operates to be connected to the outside of the register block 17, and when the switching signal S is "1", the register section (2). 22 operates and is connected to the outside of the register block 17. Accordingly, the operations of the two register units (1) 21 and (2) 22 are appropriately switched according to the switching signal S.

FIG. 3 shows the internal configuration of the program counter block 12.

As shown in FIG. 3, the program counter block 12 includes a program counter (1) 31, a program counter (2) 32, and a selector (5).
33 and the selector (6) 34 and the inverter 3
5 are provided.

The program counter (1) 31 and the program counter (2) 32 have the same configuration.
Each of them controls the flow of instruction addresses of one process. Both program counters input the switching signal S as an Enable signal,
It operates when the signal e is "1" and does not operate when it is "0". In this case, the program counter (1) 31 includes:
The switching signal S inverted by the inverter 35 is enabled.
It is supplied as a signal. Therefore,
When the switching signal S is "0", the program counter (1)
31 operates, and when the switching signal S is "1", the program counter (2) 32 operates.

The selector (5) 33 and the selector (6)
The operation of 34 is the same as that of each selector of the register block 17, and selects the program counter unit (1) 31 or the program counter unit (2) 32 according to the switching signal S. That is, the selector (5) 33 outputs the switching signal S
Is "0", the register section (1) 21 is selected, and its instruction address is set as the instruction address AD, and the program RO is selected.
M11. When the switching signal S is "1", the program counter (2) 32 is selected, and the instruction address is output to the program ROM 11 as the instruction address AD. The selector (6) 34 sets the switching signal S to “0”.
In this case, the register section (1) 21 is selected and connected to the internal data bus c. When the switching signal S is "1", the program counter section (2) 32 is selected and connected to the internal data bus c.

As described above, when the switching signal S is "0", the program counter (1) 31 is connected to the outside of the program counter block 12 and operates. When the switching signal S is "1", the program counter (1) 31 operates. (2) 32 operates by being connected to the outside of the program counter block 12. Thus, according to the switching signal S, the two program counters (1) 31 and the program counters (2) 3
2 will be switched appropriately.

The switching signal S is also included in the most significant bits of the addresses of the RAM 14 and the flash memory 15 in FIG. Thus, when the switching signal S is "0", the lower halves of the addresses of both memories are accessed, and when the switching signal S is "1", the upper halves of the addresses of both memories are accessed. That is, this is also the switching signal S
, The two memory spaces are appropriately switched.

As described above, since the operations of the two types of circuits are switched by the switching signal S, the two processes can be executed in a time-division manner by changing the switching signal S in units of instructions.

FIG. 4 shows a simple example.

Now, as shown in FIG.
It is assumed that instructions 1 to 7 have been written at addresses 0 to 6 of address 11.

It is also assumed that data 80 (H) is written at address = 0 of the data ROM 16.
It is assumed that the addresses of the RAM 14 and the flash memory 15 are both 13 bits, and that the data 90 (H) is written in the address = 0000 (H) and the data 70 (H) is written in the address = 1000 (H) in the flash memory 15 in advance. Shall be

First, two program counter units (1)
31 and the program counter section (2) 32 both indicate the address 0 of the program ROM 11. Each instruction is executed in one instruction cycle. Switching signal S
Is initially 0 and is inverted every instruction cycle. Therefore, in the first instruction cycle (instruction cycle 1), the switching signal S
Is "0", the program counter (1) 31 and the register (1) 21 operate. At this time, since the program counter (1) 31 indicates the address 0 of the program ROM 11, the instruction 1 written at the address = 0 of the program ROM 11 is given to the instruction decoder 13 and decoded. As a result, the instruction 1 is executed, and the data at the “address 0” of the flash memory 15 is read into the “register A”. The “register A” at this time is the register of the register unit (1) 21. It is.

Since the highest address of the flash memory 15 is determined by the switching signal S, “address 0” of the flash memory 15 is
Address = 000000 (H). Therefore, the address of the flash memory 15 = 0000 (H)
Is loaded into the register A of the register section (1) 21.

The program counter (1) 31 holds the value 1 obtained by adding 1 to the current address as the next instruction address 1. This completes the operation of the instruction 1 and enters the next instruction cycle (instruction cycle 2).

At this time, since the switching signal S is inverted and becomes "1", the instruction address of the program ROM 11 becomes the output of the program counter (2) 32, that is, "0". Therefore, the instruction 1 of the program ROM 11 address = 0 is executed again, but this time the register unit (2) 22 operates, and the “register A” at this time is the register of the register unit (2) 22. The “address 0” of the flash memory 15 means that the address of the flash memory 15 = 1000 (H), and thus the data 70 (H) is loaded into the register A of the register section (2) 22. Become.

The program counter (2) 32 holds the value 1 obtained by adding 1 to the current address as the next instruction address 2. Thus, the operation of the instruction 1 ends again, but the program counter (1) 31 and the register (1) 21 have not changed during this instruction cycle.

In the next instruction cycle (instruction cycle 3), the switching signal S is inverted and becomes "0" again. Therefore, the instruction address of the program ROM 11 is the output of the program counter unit (1) 31, that is, "1". ". Therefore, the instruction 2 of the program ROM 11 address = 1 is executed, and the data 80 is stored in the register B of the register section (1) 21.
(H) is loaded.

Thereafter, the same processing is repeated.

FIG. 5 shows how the data in the registers and the like changes.

The level of the switching signal S (1
/ 0) is switched. In the example of FIG. 5, the values of the registers and the like indicate the values at the time when the instruction cycle starts. For example, in the instruction cycle 1, the register unit (1) 21
Data 90 (H) is loaded into the register A of FIG. 2, but the value is written in the column of the instruction cycle 2 in this figure.

In this way, two processes are executed in parallel on a command-by-command basis in a time-sharing manner. Therefore, the consumed current and the radiated electromagnetic wave are data in which the data obtained by the two processes are mixed. In this case, it is difficult to separate the two effects because the two processes are switched in a short time in instruction units.
Further, if the switching signal S is fixed to one of “1” and “0”, only one process can be operated as a normal operation. Therefore, by controlling the switching signal S, the normal operation and the time-division parallel operation can be switched.

Next, a description will be given of the operation of a decryption process when a secret key of the public key cryptosystem is provided in the IC card and the externally provided encrypted data is decrypted.

FIG. 6 shows R used as a decoding memory.
2 shows data areas of the AM 14 and the flash memory 15.
FIG. 6A shows the flash memory 15, and FIG.
This is the data area of M14. Here, a case is shown where the length of the secret key is 2048 bits and the encrypted data (data to be decrypted) is also 2048 bits.

It is assumed that the secret key is written in secret on the IC card in advance, but the encrypted data, the fake encrypted data, and the fake secret key are also written at the time of starting the decryption process.

The encrypted data is data to be decrypted received from outside the IC card, and is used in processing based on the original secret information (secret key). On the other hand, the fake encrypted data and the fake secret key are used in fake processing that does not use secret information (secret key), and are values generated randomly in the IC card. Note that the operation of creating and writing these data before the start of the decoding process is not the essence of the present invention, and a description thereof will be omitted here. Also, some hardware configurations required for that purpose are omitted for simplicity.

The encrypted data and the fake encrypted data are stored in RAM.
14, and the fake secret key is written to a predetermined area of the flash memory 15. Here, when performing the decoding processing, the switching signal S is switched for each instruction cycle, and the following processing is executed in time division parallel.

That is, using the value of the area from the address = 0000 (H) to the address = 00FF (H) of the flash memory 15 as the secret key, the address of the RAM 14 from the address = 0000 (H) to the address = 00FF (H) is used. The decoded data is written in the area from the address = 0100 (H) to the address = 01FF (H) in the RAM 14 by restoring the data in the area up to.

Here, by switching the processing in units of instructions as described above, in one processing, the original encrypted data is restored using the secret key, and the decrypted data is stored in the RAM 14 at the address = 010.
From 0 (H) to address = 01FF (H), the other processing is from address = 1000 (H) of flash memory 15 to address = 10FF.
Using the fake secret key written in (H), the RAM 14
Address = 1000 (H) to address = 10FF
The fake encrypted data written in (H) is restored, and the fake decrypted data is stored in the RAM 14 at the address = 1100.
From (H), data is written to address = 11FF (H).

These two processes are executed alternately in instruction cycle units. Therefore, even if the consumed current and the radiated electromagnetic wave are measured outside the IC card, both the consumed current and the radiated electromagnetic wave generated in the real processing and the fake processing are mixed and measured. In this case, it is difficult to separate the effects of the two processes because the two processes are switched in a short time in the unit of an instruction. As a result, even if the current consumption and the electromagnetic radiation of the IC card are measured, there is no secret. It is difficult to know the key (secret data).

Further, since the fake encrypted data and the fake secret key are generated in the IC card in random numbers each time, the current consumption and the value of the radiated electromagnetic wave due to the fake processing are different each time. Therefore, even if various types of encrypted data are given from outside the IC card and subjected to decryption processing and differences in current consumption and radiated electromagnetic waves at that time are compared and analyzed, it is impossible to search for a secret key held by the IC card.

In the above embodiment, the switching signal S changes in units of instructions. However, other units may be used as long as they are short. For example, it may be a unit of a plurality of instructions, a unit of time obtained by further dividing an instruction, or a unit of processing.

Further, the switching signal S is inverted for each instruction,
Although the two processes are executed alternately, two instruction cycles may be set as a set, and the one to be processed in the previous cycle and the one to be processed in the subsequent cycle may be randomly determined every two instruction cycles. . Then, since the order of the processes is switched at random, it becomes more difficult to separate the effects of the two processes from the current consumption and the electromagnetic wave.

The value of the switching signal S may be randomly determined for each instruction cycle. In that case, occasionally,
Since the same processing is repeated or the processing is switched irregularly, it becomes more difficult to separate the effects of the two processings from the current consumption and electromagnetic waves.

Although the two processes were performed in parallel in a time-division manner, two hardwares operating on the same power supply line
It may be held in one LSI and operated completely in parallel.

Although the two processes were operated in parallel,
More than one. In this case, the more the processing, the higher the effect.

Conversely, false processing may be mixed at a rate smaller than the real processing cycle and performed in a time-division parallel manner.

Although the fake processing is operated by the same program as the real processing, it may be a completely different program. For example, meaningful processing that would normally have been performed before or after the real processing may be performed in parallel to replace the fake processing. However, in that case, there are few random elements, so the processing at that time must be carefully selected.

Although the processing is performed by the CPU using a program, the processing may be performed by dedicated hardware.
At this time, for example, dedicated hardware may be driven in a time-division manner.

The RAM 14 and the flash memory 15
Is completely divided into parts used in two processes, but a part commonly used may be provided.

Although the data ROM 16 is used as a resource commonly used in the two processes, there may be a portion that is not commonly used in the two processes.

The RAM 14 and the flash memory 15
Although the switched circuit such as is used exclusively for the two processes, for example, an operation mode may be provided, and depending on the setting of the operation mode, the circuit may be temporarily used in common. In this case, for example, the switching signal S may not be directly input to the RAM 14 or the flash memory 15 but may be selected as the highest address specified from the register block 17.

[0071]

As described above in detail, according to the present invention, a false process is executed in a time-division parallel manner during execution of a process using secret information. And the fake process that does not use secret information are switched in a short time, so that the influence of the fake process is mixed into the current consumption and electromagnetic waves. It will be difficult to know.

Further, since the data used in the fake processing is generated in a random manner, the data is different each time and cannot be known from outside. Therefore, even if various types of data are given from the outside and processed, and differences in current consumption and electromagnetic waves in each process are compared and analyzed, secret information cannot be known.

Further, since the fake processing operates according to the same program as the real processing, the influence of the fake processing mixed into the current consumption and the electromagnetic wave is also genuine, and it is more difficult to analyze and separate the two effects. It will be difficult.

In addition, since it is difficult to know secret information even when the current consumption and the electromagnetic wave are measured, it is not necessary to provide a hardware device (such as a shield) that makes it difficult to measure the current consumption and the electromagnetic wave. .

In addition, hardware that cannot be shared by a plurality of processes and hardware that can be shared can be appropriately switched to execute time-division parallel processing, and at least one of the processes performs a process based on secret information. O
High-speed processing can be realized by eliminating the need for switching processing by software processing such as S.

Furthermore, since the time division allows a lot of common hardware to be used for the real processing and the fake processing, the radiation positions of the electromagnetic waves in the real processing and the fake processing become almost the same, and completely different hardware is used. Separation is more difficult than radiating fake electromagnetic waves from wear.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an internal configuration of an LSI in an IC card used as an embodiment of the information processing apparatus of the present invention.

FIG. 2 is a block diagram showing an internal configuration of a register block provided in the IC card.

FIG. 3 is a block diagram showing an internal configuration of a program counter block provided in the IC card.

FIG. 4 is a view showing an example of an instruction written in a program counter block provided in the IC card.

FIG. 5 is a view showing data transition of a register and the like provided in the IC card.

FIG. 6 is a diagram showing a data area of a RAM and a flash memory in a case where a secret key is provided in the IC card and encrypted data provided from the outside is decrypted.

[Description of Signs] 11 Program ROM 12 Program counter block 13 Instruction decoder 14 RAM 15 Flash memory 16 Data ROM 17 Register block 18 Arithmetic unit 19 Time division processing control unit 21 Register unit (1 22 ... Register (2) 23 ... Selector (1) 24 ... Selector (2) 25 ... Selector (3) 26 ... Selector (4) 31 ... Program Counter (1) 32 ... Program Counter (2) 33 ... Selector (5) 34 ... Selector (6) 35 ... Inverter a ... External address bus b ... External data bus c ... Internal data bus S ... Switching signal RC ... Register control signal

Claims (5)

[Claims] 1. A storage unit for storing secret information, and a parallel processing unit for periodically performing time-divisional execution of another process during execution of a process based on the secret information stored in the storage unit. An information processing apparatus, comprising: 2. A method according to claim 1, wherein the common use means is a resource which can be commonly used in a plurality of processes, the non-common use means is a resource which cannot be commonly used in a plurality of processes, and the common use means and the common use means are predetermined. Switching means for switching at a cycle of: a plurality of processes are executed in a time-division parallel manner while switching between the common use means and the non-common use means by the switch means, and at least one of the non-common use means executed by the non-common use means An information processing apparatus comprising: control means for performing processing based on secret information in processing. 3. The information processing apparatus according to claim 2, wherein a switching unit by said switching means is a command unit. 4. The information processing apparatus according to claim 2, wherein the processing based on the secret information and the processing not using the secret information are processing according to the same program. 5. The method according to claim 2, wherein the information used in the processing not using the secret information is randomly generated.
An information processing apparatus according to claim 1.