JP2010136066A - Apparatus and method of processing information, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce the risk of leakage of secret information. <P>SOLUTION: An attack detector 52 proves the operation result of an operation part 51 to detect a fault-based attack. A caller 53 calls a recursive function which is called recursively by being executed. A supplying part 55 supplies a return address obtained by execution of the recursive function to a stack region 32a of a RAM 32 to which data including secret information is stored every time the recursive function called by the caller 53 is executed and called recursively. The invention can be applied to a non-contact IC card or an information processing apparatus such as a mobile telephone or the like having a function of the non-contact IC card. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an information processing apparatus and method, and a program, and more particularly, to an information processing apparatus and method, and a program that can reduce the risk of leakage of confidential information.

  In recent years, malicious persons (attackers) deliberately irradiate radiation, apply high voltage to non-contact IC (Integrated Circuit) cards undergoing cryptographic processing, and apply clock frequency and drive. A secret such as a secret key is obtained by comparing a calculation result obtained by normal processing with an incorrect calculation result obtained by causing a physical failure (error) such as instantaneous voltage fluctuation. Attack methods that obtain information (hereinafter referred to as failure use attacks) are threats.

  The failure use attack is detected by performing the above-described calculation of the calculation result, checking the data stored in the memory, or the like. Therefore, it may be possible to stop the operation of the contactless IC card and prevent leakage of secret information by performing hardware reset or infinite loop processing when a failure use attack is detected. Yes.

  However, in the above-described method, there is a possibility that secret information remains in the volatile memory, such as a calculation result when receiving a failure use attack, and the secret information may be obtained by an attacker.

  By the way, when there is a request for a predetermined service and a function for executing the service is called, the function is stored in a table in a temporary storage area different from the table in which the pointer to the function is originally held. There is a technique in which a service can be replaced without affecting the operation of the entire system by holding a pointer to and calling a function from a pointer in another table (see, for example, Patent Document 1). .

JP 2000-137605 A

  As described above, temporarily storing information in a storage area such as a volatile memory is useful for arithmetic processing, but the information is confidential information that should not be leaked to the outside. It is not preferable to store the information.

  The present invention has been made in view of such a situation, and is intended to reduce the risk of leakage of secret information.

  An information processing apparatus according to an aspect of the present invention is called by a rewritable memory that stores data including secret information, a calling unit that calls a recursive function that is recursively called when executed, and the calling unit. Supplying means for supplying data obtained by executing the recursive function to the memory each time the recursive function is executed and recursively called.

  The information processing apparatus further includes attack detection means for detecting a failure use attack, and the calling means can call the recursive function when the attack detection means detects a failure use attack.

  The memory is a volatile memory, and the supply means can supply the return address of the recursive function to the stack area of the memory.

  The information processing apparatus further includes a calculation unit that performs a predetermined calculation, and the attack detection unit checks a calculation result of the calculation unit or checks the data stored in the memory. Thus, a failure use attack can be detected.

  The information processing apparatus may further include communication means for performing contactless communication with an external apparatus, and the memory may store the data including secret information related to communication performed by the communication means.

  An information processing method according to one aspect of the present invention is an information processing method of an information processing apparatus including a rewritable memory that stores data including secret information, and calls a recursive function that is recursively called when executed. A calling step, and a supply step of supplying data obtained by the execution of the recursive function to the memory each time the recursive function called by the processing of the calling step is executed and recursively called.

  A program according to one aspect of the present invention is a program for causing a computer to execute processing of an information processing apparatus including a rewritable memory that stores data including secret information and is recursively called by being executed. And a supply step of supplying data obtained by the execution of the recursive function to the memory every time the recursive function called by the processing of the calling step is executed and recursively called. Causes the computer to execute the processing that includes it.

  In one aspect of the present invention, a recursive function that is recursively called by being executed is called, and the recursive function that is called is executed. Supplied to the memory.

  According to one aspect of the present invention, it is possible to reduce the risk of leakage of secret information.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

[Functional configuration example of contactless IC card]
FIG. 1 shows an example of the functional configuration of a non-contact IC card as an embodiment of an information processing apparatus to which the present invention is applied.

  The non-contact IC card 11 of FIG. 1 has tamper resistance, and performs mutual authentication with an external device that is a counterpart of wireless communication by a public key cryptosystem. When wireless communication is performed with an external device, the contactless IC card 11 uses a public key and a private key by mutual authentication using a public key cryptosystem such as RSA (R. Rivest, A. Shamir, L. Adelman) cryptography. Is used to authenticate whether each other is a legitimate device.

  1 includes a communication unit 31, a RAM (Random Access Memory) 32, an NVRAM (Non Volatile RAM) 33, a ROM (Read Only Memory) 34, and a control unit 35.

  The communication unit 31 wirelessly communicates with an external device such as an R / W (reader / writer) (not shown) in a non-contact manner using electromagnetic waves. Specifically, for example, the communication unit 31 supplies a command transmitted from an unshown R / W and data transmitted together with the command to the control unit 35. In addition, the communication unit 31 transmits a command and data for a command from the R / W (not shown) supplied from the control unit 35 to the R / W (not shown).

  The RAM 32 is a rewritable volatile memory, and stores data including parameters that change as appropriate during execution of the processing of the control unit 35 and secret information such as the public key and secret key described above. The RAM 32 has a stack area 32a. For example, the stack area 32a temporarily stores data necessary for calling a function or a subroutine in a program used in executing the process of the control unit 35.

  The NVRAM 33 is a rewritable nonvolatile memory, data supplied from the communication unit 31, programs for the control unit 35 to execute various processes, data such as device IDs and encryption keys required for mutual authentication Is stored.

  The ROM 34 is a read-only memory and stores basically fixed data among programs for the control unit 35 to execute various processes and calculation parameters.

  The control unit 35 reads a program stored in the NVRAM 33 or the ROM 34, executes the read program, and controls the non-contact IC card 11 as a whole. The control unit 35 executes processing corresponding to various commands supplied from the communication unit 31, generates corresponding commands and data, and supplies the commands and data to the communication unit 31.

  The control unit 35 is configured to include a calculation unit 51, an attack detection unit 52, a calling unit 53, an execution unit 54, and a supply unit 55.

  The computing unit 51 reads a program for executing processing corresponding to the command from the NVRAM 33 or the ROM 34 in accordance with various commands supplied from the communication unit 31, and performs a predetermined computation. Specifically, the calculation unit 51 reads a program from the NVRAM 33 or the ROM 34, calls a function specified by the program from the RAM 32, and executes it. For example, the calculation unit 51 reads a program for executing a process for performing mutual authentication using a public key cryptosystem such as RSA encryption, and calls and executes a function for encrypting or decrypting data.

  The attack detection unit 52 verifies (recalculates) the calculation result of the calculation unit 51, confirms the address of an instruction (task) to be executed next, which is stored in a program counter (not shown), and stores it in the RAM 32 and the NVRAM 33. Failure check attacks are detected by checking the data, such as calculating the checksum for the data that has been processed, and executing CRC (Cyclic Redundancy Check).

  When the attack detection unit 52 detects a failure use attack, the calling unit 53 calls a recursive function that calls itself, that is, performs a recursive call, from the RAM 32. The calling unit 53 calls the recursive function to be recursively called from the RAM 32 by executing the recursive function.

  The execution unit 54 executes the recursive function called by the calling unit 53.

  The supply unit 55 supplies the return value of the function executed by the calculation unit 51 and the execution unit 54 and the return address when the subroutine is called to the stack area 32a of the RAM 32.

[State transition diagram of non-contact IC card]
Here, with reference to FIG. 2, the state transition of the non-contact IC card 11 when the non-contact IC card 11 receives a failure use attack due to a physical failure from the outside will be described.

  In the state transition diagram of FIG. 2, each state is represented by one ellipse. That is, in the state transition diagram of FIG. 2, three states A, B, and C are shown.

  The state A is a state in which the non-contact IC card 11 is in a normal state, that is, a state where a command is transmitted / received while performing mutual authentication with an external device, and data is encrypted or decrypted. The non-contact IC card 11 transitions from the state A to the state B at a predetermined timing (for example, after a predetermined time elapses).

  State B is a state in which the contactless IC card 11 detects a failure use attack (failure use attack detection state). In the state B, the contactless IC card 11 transits to the state C when it detects that there is a failure use attack by checking the calculation result in the state A and checking the stored data. Further, when it is not detected that there is a failure use attack (when there is no failure use attack), the state returns to state A.

  The state C is a state (recursive function call processing state) in which the contactless IC card 11 performs a process of calling a recursive function. This recursive function returns a completely meaningless return value that is irrelevant to the process executed in state A. In state C, when the recursive function is called and executed, the return address for the recursive call together with the meaningless return value is stored in the stack area 32a of the RAM 32, and this recursive function is called again. (Recursive call). That is, in the state C, the recursive function call is repeated.

  In this way, the contactless IC card 11 repeats calling the recursive function when detecting a failure use attack. As a result, the return value and return address of the recursive function are stored one after another in the stack area 32a of the RAM 32.

[Recursive function call processing]
Next, details of the recursive function call processing by the non-contact IC card 11 will be described with reference to the flowchart of FIG.

  In step S11, the attack detection unit 52 determines whether a failure use attack has been detected. More specifically, the attack detection unit 52 verifies the calculation result of the calculation unit 51, confirms the address of an instruction to be executed next, which is stored in a program counter (not shown), and is stored in the RAM 32 and the NVRAM 33. Check the data, such as calculating the checksum for the data being executed, executing the CRC, etc., and determine whether an error has occurred.

  If it is determined in step S11 that a failure use attack has not been detected, that is, the contactless IC card 11 is in a normal state (state A in FIG. 2), step S11 is performed until a failure use attack is detected. The process is repeated.

  On the other hand, if it is determined in step S11 that a failure use attack has been detected, the process proceeds to step S12, and the calling unit 53 calls the function f, which is a recursive function, from the RAM 32. The function f returns a completely meaningless return value that is irrelevant to the processing executed by the calculation unit 51.

  In step S <b> 13, the execution unit 54 executes the function f called by the calling unit 53. As a result, the function f is recursively called.

  In step S <b> 14, the supply unit 55 supplies the return address to the stack area 32 a of the RAM 32 along with the return value of the function f executed by the execution unit 54.

  In step S15, the calling unit 53 calls the function f to be recursively called from the RAM 32 by executing the function f (step S13).

  In step S <b> 16, the execution unit 54 executes the function f called by the calling unit 53. As a result, the function f is recursively called.

  In step S <b> 17, the supply unit 55 supplies the return address to the stack area 32 a of the RAM 32 together with the return value of the function f executed by the execution unit 54. The process returns to step S15, and the processes of steps S15 to S17 are repeated.

  According to the above processing, when the contactless IC card 11 detects a failure use attack, the function f is repeatedly called. As a result, the return value and return address of the function f are successively stored in the stack area 32a of the RAM 32 each time the function f is called.

  As a result, the stack area 32a overflows, and other areas of the RAM 32 are eroded, so that the data originally stored in the RAM 32 is rewritten. That is, since there is no secret information remaining in the RAM 32, it is difficult for an attacker to obtain the secret information, and the risk of leakage of the secret information can be reduced.

  In the above, an embodiment in which the present invention is applied to a non-contact IC card has been described. However, the present invention can be applied to an information processing apparatus such as a mobile phone having the function of a non-contact IC card.

  The series of processes described above can be executed by hardware or can be executed by software. When a series of processing is executed by software, a program constituting the software may execute various functions by installing a computer incorporated in dedicated hardware or various programs. For example, it is installed from a program recording medium in a general-purpose personal computer or the like.

  FIG. 4 is a block diagram illustrating an example of a hardware configuration of a computer that executes the above-described series of processes using a program.

  In a computer, a CPU (Central Processing Unit) 901, a ROM (Read Only Memory) 902, and a RAM (Random Access Memory) 903 are connected to each other by a bus 904.

  An input / output interface 905 is further connected to the bus 904. An input / output interface 905 includes an input unit 906 made up of a keyboard, mouse, microphone, etc., an output unit 907 made up of a display, a speaker, etc., a storage unit 908 made up of a hard disk, nonvolatile memory, etc., and a communication unit 909 made up of a network interface, etc. A drive 910 for driving a removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory is connected.

  In the computer configured as described above, the CPU 901 loads, for example, the program stored in the storage unit 908 to the RAM 903 via the input / output interface 905 and the bus 904, and executes the above-described series. Is performed.

  The program executed by the computer (CPU 901) is, for example, a magnetic disk (including a flexible disk), an optical disk (CD-ROM (Compact Disc-Read Only Memory), DVD (Digital Versatile Disc), etc.), a magneto-optical disk, or a semiconductor. It is recorded on a removable medium 911 which is a package medium composed of a memory or the like, or provided via a wired or wireless transmission medium such as a local area network, the Internet, or digital satellite broadcasting.

  The program can be installed in the storage unit 908 via the input / output interface 905 by attaching the removable medium 911 to the drive 910. The program can be received by the communication unit 909 via a wired or wireless transmission medium and installed in the storage unit 908. In addition, the program can be installed in the ROM 902 or the storage unit 908 in advance.

  The program executed by the computer may be a program that is processed in time series in the order described in this specification, or in parallel or at a necessary timing such as when a call is made. It may be a program for processing.

  The embodiments of the present invention are not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the present invention.

It is a block diagram which shows the function structural example of the non-contact IC card as one Embodiment of the information processing apparatus to which this invention is applied. It is a state transition diagram showing the state transition of a contactless IC card. It is a flowchart explaining a recursive function call process. It is a block diagram which shows the structural example of the hardware of a computer.

Explanation of symbols

  11 contactless IC card, 31 communication unit, 32 RAM, 32a stack area, 33 NVRAM, 34 ROM, 35 control unit, 51 calculation unit, 52 attack detection unit, 53 calling unit, 54 execution unit, 55 supply unit

Claims (7)

A rewritable memory for storing data including confidential information;
A calling means for calling a recursive function that is recursively called when executed;
An information processing apparatus comprising: a supply unit that supplies data obtained by executing the recursive function to the memory each time the recursive function called by the calling unit is executed and recursively called. It further comprises attack detection means for detecting a failure use attack,
The information processing apparatus according to claim 1, wherein the calling unit calls the recursive function when the attack detection unit detects a failure use attack. The memory is a volatile memory;
The information processing apparatus according to claim 2, wherein the supply unit supplies a return address of the recursive function to a stack area of the memory. It further comprises a calculation means for performing a predetermined calculation,
The information processing apparatus according to claim 2, wherein the attack detection unit detects a failure use attack by checking a calculation result of the calculation unit or checking the data stored in the memory. It further comprises a communication means for performing contactless communication with an external device,
The information processing apparatus according to claim 2, wherein the memory stores the data including secret information related to communication performed by the communication unit. In an information processing method of an information processing apparatus having a rewritable memory for storing data including secret information,
A calling step that calls a recursive function that is recursively called when executed;
An information processing method comprising: a step of supplying data obtained by execution of the recursive function to the memory each time the recursive function called by the processing of the calling step is executed and recursively called. In a program for causing a computer to execute processing of an information processing apparatus including a rewritable memory that stores data including confidential information,
A calling step that calls a recursive function that is recursively called when executed;
Each time the recursive function called by the process of the calling step is executed and recursively called, a process including a step of supplying data obtained by executing the recursive function to the memory is executed on the computer. Program to make.

Images