US20110307650A1 - Method for Securing Electronic Device Data Processing - Google Patents

Method for Securing Electronic Device Data Processing Download PDF

Info

Publication number
US20110307650A1
US20110307650A1 US13/214,501 US201113214501A US2011307650A1 US 20110307650 A1 US20110307650 A1 US 20110307650A1 US 201113214501 A US201113214501 A US 201113214501A US 2011307650 A1 US2011307650 A1 US 2011307650A1
Authority
US
United States
Prior art keywords
data
length
item
confidential data
buffer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/214,501
Inventor
Olivier Benoit
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS France SA
Original Assignee
Gemalto SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto SA filed Critical Gemalto SA
Priority to US13/214,501 priority Critical patent/US20110307650A1/en
Publication of US20110307650A1 publication Critical patent/US20110307650A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • G06F21/755Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/105Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems involving programming of a portable memory device, e.g. IC cards, "electronic purses"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card

Definitions

  • the present invention relates to electronic devices. More specifically, the present invention is concerned with a method for securing the internal process of electronic devices.
  • Smart cards as a particular embodiment of electronic devices, were initially conceived to enhance the security of distributed systems.
  • Applications of smart cards include, for example, calling cards, identification cards, medical cards, transaction cards (credit/debit bank, store, restaurant, etc.) and security cards. All of these applications require sensitive and confidential data to be processed within the smart card.
  • an electronic device 10 conventionally includes a Central Processing Unit (CPU) 12 , which is the primary controller/processor of the electronic device 10 .
  • the CPU 12 can optionally include a large number of internal registers 13 , as, for instance, in RISC (Reduced Instruction Set Computer) processors.
  • RISC Reduced Instruction Set Computer
  • the electronic device 10 also includes a volatile memory in the form of a Random Access Memory (RAM) 14 , Read Only Memory (ROM) 16 , Electrically—Erasable Programmable Read Only Memory (EEPROM) 18 and optionally Cache Memory 15 , all coupled to the CPU 12 .
  • RAM Random Access Memory
  • ROM Read Only Memory
  • EEPROM Electrically—Erasable Programmable Read Only Memory
  • Cache Memory 15 optionally Cache Memory 15 , all coupled to the CPU 12 .
  • volatile memory used hereafter may include RAM, Internal Registers and/or Cache Memories.
  • An Input/Output (I/O) device such as a terminal 20 , allows the smart card 10 to share data with a distributed system (not shown), by controlling Inputs/Outputs to and from the electronic device 10 , via the CPU 12 .
  • the smart card 10 includes an I/O port (not shown) for transferring data to and from the Input/Output device 20 .
  • the CPU 12 processes instructions to manage data stored in the electronic device and includes a program that ensures protection against access to the sensitive and/or confidential data contained and processed in the smart card 10 by non-authorized entities, such as, for example, hackers. Indeed, in many instances, the sensitive and/or confidential information contained or processed in the device is of significant value (financial or otherwise) to its owner.
  • Power Analysis is based on measurement of power consumption during the processing of confidential binary coded information in a smart card.
  • RF Analysis consists in intercepting and analyzing the radio frequency emitted during the transfer of confidential data. These two types of attacks use either the variation of energy consumption or the variation of emitted RF radiation during processing of the confidential data. Knowing one of these variations makes it mathematically possible to retrieve the confidential data.
  • conventional secure programs used in electronic devices comprise a means to temporarily store confidential data in the volatile memory at a given predetermined memory location since, for performance purposes, it has been found to be preferable to work with fixed memory locations.
  • confidential data might be changing in the storing and reading process since the memory location does not change.
  • hackers may attempt to retrieve the confidential data using “side channel analysis” or another similar attack.
  • FIG. 2 which is labelled as “prior art” illustrates a dedicated area 19 where confidential data 21 , having a size k, is stored.
  • a method for securing data storage in a volatile memory of an electronic device comprising:
  • the length of the dedicated area being at least equal to the length of the data to be stored
  • a device for securing data storage in a volatile memory of an electronic device comprising:
  • the means for defining a dedicated area in the volatile memory the length of the dedicated area being at least equal to the length of the data to be stored;
  • a secure electronic device for processing data received from an input/output device comprising:
  • EEPROM Electrically-Erasable Programmable Read-Only Memory
  • the volatile memory including a dedicated area; the length of the dedicated area being at least equal to the length of the data to be transferred;
  • a data processing CPU comprising a random offset determining means and a data transfer means responsive to the random offset and interposed between the data and a memory location of the dedicated area determined by the offset.
  • FIG. 1 which is labeled “prior art”, is a schematic block diagram illustrating the major elements of an electronic device
  • FIG. 2 which is labeled “prior art”, is a schematic illustration of a dedicated area in a volatile memory as managed by conventional electronic devices of the prior art.
  • FIG. 3 is a schematic illustration of a dedicated area where confidential data has been stored according to a first embodiment of the present invention
  • FIG. 4 is a flow chart of a method for randomly allocating a volatile memory area according to a first embodiment of the present invention
  • FIG. 5 is a schematic illustration of a RAM buffer where confidential data has been stored according to a second embodiment of the present invention.
  • FIG. 6 is a flow chart of a method for randomly allocating memory according to a second embodiment of the present invention.
  • the present innovation consists of a method for securing electronic device data processing by using a random memory location for the storage of confidential data.
  • the method according to the present invention hinders confidential data retrieval by means for instance of a side channel signal analysis during confidential data processing therein.
  • the method of the invention also makes the side channel analysis more complex during secret processing by adding an unknown parameter, i.e., a random memory location, in a data area provided in the volatile memory of the electronic device.
  • This method can be embodied within the electronic device 10 through, for example, a digital software.
  • FIGS. 3 and 4 A first embodiment of the method of the present invention will now be described with reference to FIGS. 3 and 4 .
  • the first embodiment of the method of the present invention involves a dedicated area in a volatile memory 22 having a length (2k) that is larger than the length (k) of the confidential data 24 to be stored therein.
  • the length of the dedicated area 22 may also be predetermined. In the illustrative example of FIG. 3 , the length of the dedicated area 22 has been selected as being twice the length of the confidential data 24 .
  • the confidential data 24 is not necessarily stored at the beginning of the dedicated area 22 , but starts at a random memory location within the dedicated area 22 that is determined by an offset value 26 .
  • FIG. 4 of the appended drawings the method for allocating memory according to the first embodiment of the present invention will be described.
  • the first step 28 consists of defining a dedicated area 22 in a volatile memory 14 of the electronic device 10 .
  • Such dedicated area 22 in a volatile memory 14 may be referred to as a RAM buffer.
  • the dedicated area 22 has a predetermined length (in this example 2k).
  • a random offset value 26 is defined for the storing address of the confidential data 24 within the dedicated area 22 .
  • confidential data 24 is stored in the volatile memory 14 at the storing address defined by the starting address 23 of the dedicated area 22 plus the offset 26 .
  • the random offset 26 must be randomly chosen so as to prevent the confidential data 24 from exceeding the dedicated area 22 . This can be achieved by selecting a random number between zero and the difference between the length of the dedicated area 22 and the length of the confidential data 24 minus 1.
  • the offset 26 should not exceed the value k ⁇ 1 (2k ⁇ k ⁇ 1) to prevent memory overflow.
  • step 32 the confidential data 24 is transferred from the non-volatile memory 18 at the address defined by the start address 23 of the dedicated area 22 in the volatile memory 14 plus the offset 26 .
  • the expression transferred is intended here to include storing, accessing or any other operation performed on the confidential data 24 .
  • the confidential data 24 may then be processed or accessed directly from its location in the dedicated area 22 in the volatile memory 14 .
  • each execution of the process will transfer the confidential data 24 at a random memory location in the dedicated area 22 , even if the process is repeated many times in the same conditions.
  • a side channel analysis will have to consider two unknown parameters: the confidential data value 24 and its address. This kind of analysis becomes much more difficult to perform since it requires finding two equations or relations between the side channel signal and the parameters.
  • the data 24 is transferred to a randomly determined memory location in the dedicated data area 22 , thereby rendering more difficult the analysis and subsequently the attacks (e.g. side channel attacks).
  • the dedicated area 22 defining step 28 may be omitted, for instance, in case of static memory management where a dedicated area is defined during program compilation/link.
  • FIGS. 5 and 6 A second embodiment of the method of the present invention will now be described with reference to FIGS. 5 and 6 .
  • the dedicated area 100 has the same length as the confidential data 102 to be stored therein.
  • each bit of the confidential data 102 has been illustrated separately with its position in a memory location 104 , 105 , 106 and 110 in the dedicated area 100 shown in bracket, i.e. CD[0] for the first bit of the confidential data 102 and CD[k ⁇ 1] for the last one.
  • the confidential data 102 is stored in the dedicated area 100 starting at a memory location 105 determined by the beginning of the dedicated area 22 and by a random offset 108 . However, the confidential data 102 is looped to the beginning 106 of the dedicated area 100 once the end 110 of the dedicated area 100 is reached. Therefore, depending on the offset value 108 , each bit of the confidential data 102 can take any memory location in the dedicated area 100 .
  • FIG. 6 summarizes the method according to this second embodiment.
  • a dedicated area 100 (RAM buffer) is defined in the volatile memory 14 .
  • the dedicated area length is advantageously the same as the confidential data length.
  • a random offset 108 is defined for the storing address of the confidential data 102 .
  • the value of the offset ranges from zero (0) to k ⁇ 1
  • step 116 the first part of the confidential data 102 is transferred to the dedicated area 100 at the address defined by the offset 108 .
  • the length of the first part of the confidential data 102 corresponds to the difference between the length of the dedicated area and the offset 108 .
  • step 118 the last part of the confidential data 102 is transferred at the beginning of the dedicated area 100 .
  • the confidential data 102 can be processed or accessed directly from its location in the dedicated area 100 .
  • the present invention has been described hereinabove as being advantageous when confidential data is transferred from the CPU to the volatile memory of a smart card, the term “transfer” should be construed as including the direct generation of confidential data in the volatile memory by the CPU and not merely the “transfer” therefrom. Similarly, the present invention is also advantageous when confidential data is transferred from the non-volatile memory to the volatile memory of the electronic device.
  • the offset value may be chosen at random at the beginning of a session instead of being chosen at the beginning of each storage operation.
  • the nature of the electronic device is not limited to smart cards as described hereinabove. Indeed, the method of the present invention could be advantageously implemented in other types of electronic devices such as, for example, Personal Digital Assistant (PDA) and cellular phones.
  • PDA Personal Digital Assistant

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Finance (AREA)
  • Mathematical Physics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)
  • Read Only Memory (AREA)

Abstract

A method for securing electronic device processes against attacks (e.g. side channel attacks) during the processing of sensitive and/or confidential data by a Central Processing Unit (CPU) to the volatile memory (e.g. RAM) of an electronic device such as, for example, a smart card, a PDA or a cellular phone is described herein. The method involves the storage of the confidential data to a dynamically and randomly assigned memory location, thereby rendering more difficult the analysis and subsequently the attacks (e.g. side channel attacks).

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • This application is a continuation application of application Ser. No. 10/416,754, filed Oct. 20, 2003, now U.S. Pat. No. 8,006,058, issued Aug. 23, 2011.
    • FIELD OF THE INVENTION
  • The present invention relates to electronic devices. More specifically, the present invention is concerned with a method for securing the internal process of electronic devices.
    • BACKGROUND OF THE INVENTION
  • Smart cards, as a particular embodiment of electronic devices, were initially conceived to enhance the security of distributed systems. Applications of smart cards include, for example, calling cards, identification cards, medical cards, transaction cards (credit/debit bank, store, restaurant, etc.) and security cards. All of these applications require sensitive and confidential data to be processed within the smart card.
  • As can be seen from FIG. 1, which is labelled as “Prior Art”, an electronic device 10 conventionally includes a Central Processing Unit (CPU) 12, which is the primary controller/processor of the electronic device 10. The CPU 12 can optionally include a large number of internal registers 13, as, for instance, in RISC (Reduced Instruction Set Computer) processors.
  • The electronic device 10 also includes a volatile memory in the form of a Random Access Memory (RAM) 14, Read Only Memory (ROM) 16, Electrically—Erasable Programmable Read Only Memory (EEPROM) 18 and optionally Cache Memory 15, all coupled to the CPU 12. For a better understanding of the following description, the term volatile memory used hereafter may include RAM, Internal Registers and/or Cache Memories.
  • An Input/Output (I/O) device, such as a terminal 20, allows the smart card 10 to share data with a distributed system (not shown), by controlling Inputs/Outputs to and from the electronic device 10, via the CPU 12. The smart card 10 includes an I/O port (not shown) for transferring data to and from the Input/Output device 20.
  • The CPU 12 processes instructions to manage data stored in the electronic device and includes a program that ensures protection against access to the sensitive and/or confidential data contained and processed in the smart card 10 by non-authorized entities, such as, for example, hackers. Indeed, in many instances, the sensitive and/or confidential information contained or processed in the device is of significant value (financial or otherwise) to its owner.
  • It has been found that some breaches were left, in protection of data, against various kinds of attacks such as the so-called “side channel attacks” that include, for example, “Power Analysis” and “Radio Frequency (RF) Analysis”.
  • Power Analysis is based on measurement of power consumption during the processing of confidential binary coded information in a smart card. RF Analysis consists in intercepting and analyzing the radio frequency emitted during the transfer of confidential data. These two types of attacks use either the variation of energy consumption or the variation of emitted RF radiation during processing of the confidential data. Knowing one of these variations makes it mathematically possible to retrieve the confidential data.
  • Indeed, conventional secure programs used in electronic devices comprise a means to temporarily store confidential data in the volatile memory at a given predetermined memory location since, for performance purposes, it has been found to be preferable to work with fixed memory locations. Hence, only the confidential data might be changing in the storing and reading process since the memory location does not change. In such cases, when the CPU is processing confidential data, for example when confidential data is transferred from the CPU to the volatile memory, hackers may attempt to retrieve the confidential data using “side channel analysis” or another similar attack.
  • Conventional algorithms used for allocating memory in device 10, such as Dynamic Memory Management (DMM), are not sufficient to properly protect against attacks the confidential data processed therein. Indeed, conventional DMM algorithms are predictable, since they follow conventional rules. Therefore, if a given process is executed twice and under the same conditions, the same memory allocation should be expected. FIG. 2, which is labelled as “prior art” illustrates a dedicated area 19 where confidential data 21, having a size k, is stored.
    • SUMMARY OF THE INVENTION
  • In accordance with the present invention, there is provided a method for securing data storage in a volatile memory of an electronic device, the method comprising:
  • defining a dedicated area in the volatile memory; the length of the dedicated area being at least equal to the length of the data to be stored;
  • randomly defining an offset from the beginning of the dedicated area; and
  • transferring the data to the dedicated data area at a memory location determined by the offset;
  • whereby the data is transferred to a randomly determined memory location in the dedicated area.
  • According to another aspect of the present invention, there is providing a device for securing data storage in a volatile memory of an electronic device, comprising:
  • means for defining a dedicated area in the volatile memory; the length of the dedicated area being at least equal to the length of the data to be stored;
  • means for randomly defining an offset from the beginning of the dedicated area; and
  • means for transferring the data to the dedicated data area at a memory location determined by the offset;
  • whereby the data is transferred to a randomly determined memory location in the dedicated area.
  • According to yet another aspect of the present invention, there is also provided a secure electronic device for processing data received from an input/output device, the device comprising:
  • an Electrically-Erasable Programmable Read-Only Memory (EEPROM) for receiving the data from the input/output device;
  • an input/output port for transferring the data from the input/output device to the EEPROM;
  • a volatile memory for transferring the data during processing; the volatile memory including a dedicated area; the length of the dedicated area being at least equal to the length of the data to be transferred; and
  • a data processing CPU comprising a random offset determining means and a data transfer means responsive to the random offset and interposed between the data and a memory location of the dedicated area determined by the offset.
  • The above and other objects, advantages and features of the present invention will become more apparent upon reading the following non-restrictive description of preferred embodiments thereof, given by way of example only with reference to the accompanying drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • In the appended drawings:
  • FIG. 1, which is labeled “prior art”, is a schematic block diagram illustrating the major elements of an electronic device;
  • FIG. 2, which is labeled “prior art”, is a schematic illustration of a dedicated area in a volatile memory as managed by conventional electronic devices of the prior art.
  • FIG. 3 is a schematic illustration of a dedicated area where confidential data has been stored according to a first embodiment of the present invention;
  • FIG. 4 is a flow chart of a method for randomly allocating a volatile memory area according to a first embodiment of the present invention;
  • FIG. 5 is a schematic illustration of a RAM buffer where confidential data has been stored according to a second embodiment of the present invention; and
  • FIG. 6 is a flow chart of a method for randomly allocating memory according to a second embodiment of the present invention.
    •  DESCRIPTION OF THE PREFERRED EMBODIMENT
  • In a nutshell, the present innovation consists of a method for securing electronic device data processing by using a random memory location for the storage of confidential data.
  • In this manner, the method according to the present invention hinders confidential data retrieval by means for instance of a side channel signal analysis during confidential data processing therein.
  • The method of the invention also makes the side channel analysis more complex during secret processing by adding an unknown parameter, i.e., a random memory location, in a data area provided in the volatile memory of the electronic device. This method can be embodied within the electronic device 10 through, for example, a digital software.
  • A first embodiment of the method of the present invention will now be described with reference to FIGS. 3 and 4.
  • As it can be seen from FIG. 3, the first embodiment of the method of the present invention involves a dedicated area in a volatile memory 22 having a length (2k) that is larger than the length (k) of the confidential data 24 to be stored therein. It is to be noted that since the confidential data 24 is usually of a predetermined and known length, the length of the dedicated area 22 may also be predetermined. In the illustrative example of FIG. 3, the length of the dedicated area 22 has been selected as being twice the length of the confidential data 24.
  • As can be seen from FIG. 3, the confidential data 24 is not necessarily stored at the beginning of the dedicated area 22, but starts at a random memory location within the dedicated area 22 that is determined by an offset value 26.
  • Thereby, during the confidential data processing, the address where the confidential data is stored or transferred will be different at each execution, making the so-called side channel analysis more complex. Turning now briefly to FIG. 4 of the appended drawings, the method for allocating memory according to the first embodiment of the present invention will be described.
  • The first step 28 consists of defining a dedicated area 22 in a volatile memory 14 of the electronic device 10. Such dedicated area 22 in a volatile memory 14 may be referred to as a RAM buffer. The dedicated area 22 has a predetermined length (in this example 2k).
  • In the second step 30, a random offset value 26 is defined for the storing address of the confidential data 24 within the dedicated area 22. As described hereinabove, confidential data 24 is stored in the volatile memory 14 at the storing address defined by the starting address 23 of the dedicated area 22 plus the offset 26.
  • It is to be noted that since the entire confidential data 24 has to be stored in the dedicated area 22, the random offset 26 must be randomly chosen so as to prevent the confidential data 24 from exceeding the dedicated area 22. This can be achieved by selecting a random number between zero and the difference between the length of the dedicated area 22 and the length of the confidential data 24 minus 1.
  • In the example of FIGS. 3 and 4, since the length of the confidential data 24 is k and the length of the dedicated area 22 is 2k, the offset 26 should not exceed the value k−1 (2k−k−1) to prevent memory overflow.
  • In step 32, the confidential data 24 is transferred from the non-volatile memory 18 at the address defined by the start address 23 of the dedicated area 22 in the volatile memory 14 plus the offset 26. The expression transferred is intended here to include storing, accessing or any other operation performed on the confidential data 24.
  • As can easily be understood by those of ordinary skill in the art, since the location of the confidential data 24 is known by the CPU, the confidential data 24 may then be processed or accessed directly from its location in the dedicated area 22 in the volatile memory 14.
  • Hence, each execution of the process will transfer the confidential data 24 at a random memory location in the dedicated area 22, even if the process is repeated many times in the same conditions. Thereby, a side channel analysis will have to consider two unknown parameters: the confidential data value 24 and its address. This kind of analysis becomes much more difficult to perform since it requires finding two equations or relations between the side channel signal and the parameters.
  • In other words, the data 24 is transferred to a randomly determined memory location in the dedicated data area 22, thereby rendering more difficult the analysis and subsequently the attacks (e.g. side channel attacks).
  • As will be easily understood by those of ordinary skill in the art, depending on the length of the volatile memory 14 of the electronic device 10, the dedicated area 22 defining step 28 may be omitted, for instance, in case of static memory management where a dedicated area is defined during program compilation/link.
  • A second embodiment of the method of the present invention will now be described with reference to FIGS. 5 and 6.
  • The main distinction between the first and second embodiment resides in the approach used to store the confidential data in the dedicated area. In this case, the dedicated area 100 has the same length as the confidential data 102 to be stored therein.
  • Indeed, it has been found that instead of providing a dedicated area larger than the data to be stored therein, it is possible to provide a dedicated area having the same length and to loop the confidential data 102 when the end of the dedicated area 100 is reached. This way, it is possible to provide the improved security of the present invention while optimizing the use of the limited amount of volatile memory typically provided in electronic devices (e.g. smart cards).
  • More specifically, as shown in FIG. 5, and for illustration purposes, each bit of the confidential data 102 has been illustrated separately with its position in a memory location 104, 105, 106 and 110 in the dedicated area 100 shown in bracket, i.e. CD[0] for the first bit of the confidential data 102 and CD[k−1] for the last one.
  • The confidential data 102 is stored in the dedicated area 100 starting at a memory location 105 determined by the beginning of the dedicated area 22 and by a random offset 108. However, the confidential data 102 is looped to the beginning 106 of the dedicated area 100 once the end 110 of the dedicated area 100 is reached. Therefore, depending on the offset value 108, each bit of the confidential data 102 can take any memory location in the dedicated area 100.
  • FIG. 6 summarizes the method according to this second embodiment.
  • In step 112, a dedicated area 100 (RAM buffer) is defined in the volatile memory 14. The dedicated area length is advantageously the same as the confidential data length.
  • In step 114, a random offset 108 is defined for the storing address of the confidential data 102. Again, the value of the offset ranges from zero (0) to k−1
  • In step 116, the first part of the confidential data 102 is transferred to the dedicated area 100 at the address defined by the offset 108. The length of the first part of the confidential data 102 corresponds to the difference between the length of the dedicated area and the offset 108.
  • In step 118, the last part of the confidential data 102 is transferred at the beginning of the dedicated area 100.
  • Consequently, the obvious advantage of this second embodiment is the optimization of the volatile memory 14.
  • Again, since the location of the confidential data is known by the CPU 12, the confidential data 102 can be processed or accessed directly from its location in the dedicated area 100.
  • It is to be noted that even though the two embodiments of the method of the present invention described hereinabove have been presented as independent secure processes against attacks (e.g. side channels) for the smart card technology, they can advantageously be combined with other conventional security features of smart cards.
  • It is also within the scope of the present invention to combine the two embodiments in a method where the dedicated area is made longer than the confidential data to be stored therein and where the confidential data would be looped to the beginning of the dedicated area should the end of the dedicated area be reached. This would allow the offset to be randomly chosen from the entire dedicated area.
  • As will easily be understood by one skilled in the art, even though the present invention has been described hereinabove as being advantageous when confidential data is transferred from the CPU to the volatile memory of a smart card, the term “transfer” should be construed as including the direct generation of confidential data in the volatile memory by the CPU and not merely the “transfer” therefrom. Similarly, the present invention is also advantageous when confidential data is transferred from the non-volatile memory to the volatile memory of the electronic device.
  • Optionally, the offset value may be chosen at random at the beginning of a session instead of being chosen at the beginning of each storage operation.
  • As will also be apparent to one skilled in the art, the nature of the electronic device is not limited to smart cards as described hereinabove. Indeed, the method of the present invention could be advantageously implemented in other types of electronic devices such as, for example, Personal Digital Assistant (PDA) and cellular phones.
  • Although the present invention has been described hereinabove by way of preferred embodiments thereof, it can be modified, without departing from the spirit and nature of the subject invention as defined in the appended claims.

Claims (10)

1. A method for storing an item of confidential data having a predetermined length, in a volatile memory, comprising the following steps:
allocating a buffer in said volatile memory for the storage of said item of confidential data, wherein the length of said buffer is allocated based on a predetermined multiplier of the length of said item of confidential data, said multiplier being a value greater than one;
selecting a random number that is based on the predetermined multiplier and the length of the item of confidential data;
determining a memory location within said buffer that is offset from the beginning of said buffer by an amount corresponding to said random number; and
loading said item of confidential data into said buffer, beginning at said determined memory location.
2. The method of claim 1, wherein said random number is selected from within the range of zero to the difference between the length of said buffer and said predetermined length, minus one.
3. The method of claim 1, wherein the step of loading said item of confidential data comprises loading the data bits of said item in consecutive memory locations, starting at said determined memory location.
4. A portable electronic device, comprising:
a volatile memory; and
a processor which executes the following operations:
allocate a buffer in said volatile memory for the storage of an item of confidential data having a predetermined length, wherein the length of said buffer is allocated based on a predetermined multiplier of the length of said item of confidential data, said multiplier being a value greater than one;
select a random number that is based on the predetermined multiplier and the length of the item of confidential data;
determine a memory location within said buffer that is offset from the beginning of said buffer by an amount corresponding to said random number; and
load said item of confidential data into said buffer, beginning at said determined memory location.
5. The portable electronic device of claim 4, wherein said processor loads the data bits of said item in consecutive memory locations, starting at said determined memory location.
6. The portable electronic device of claim 4, wherein said processor selects said random number from within the range of zero to the difference between the length of said buffer and said predetermined length, minus one.
7. A secure electronic device for processing data received from an input/output device, said device comprising:
an Electrically-Erasable Programmable Read-Only Memory (EEPROM) for receiving the data from the input/output device;
an input/output port for transferring the data from the input/output device to the EEPROM;
a volatile memory for transferring the data during processing, said volatile memory including a dedicated area, the length of the dedicated area being greater than the length of the data to be transferred; and
a data processing CPU configured to implement:
a random offset determining means that determines a random offset based upon the difference between the length of the dedicated area and the length of the data to be transferred, and
a data transfer means that is responsive to the random offset and configured to transfer the data to the dedicated data area beginning at a memory location of the dedicated area that is determined by the offset.
8. The secure electronic device according to claim 7, wherein said volatile memory is selected from the group consisting of Random Access Memory (RAM), Internal Register and Cache Memory.
9. The secure electronic device according to claim 7, wherein the electronic device is selected from the group consisting of a smart card, a Personal Digital Assistant (PDA) and a cellular phone.
10. The secure electronic device of claim 7, wherein said data transfer means transfers the data bits of said item to consecutive memory locations in the dedicated area, starting at said determined memory location.
US13/214,501 2000-11-16 2011-08-22 Method for Securing Electronic Device Data Processing Abandoned US20110307650A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/214,501 US20110307650A1 (en) 2000-11-16 2011-08-22 Method for Securing Electronic Device Data Processing

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
CA002326036A CA2326036A1 (en) 2000-11-16 2000-11-16 Method for securing electronic device data processing
CA2326036 2000-11-16
PCT/FR2001/003582 WO2002041151A1 (en) 2000-11-16 2001-11-15 Method and device for making secure data processing
US10/416,754 US8006058B2 (en) 2000-11-16 2001-11-15 Method and securing electronic device data processing
US13/214,501 US20110307650A1 (en) 2000-11-16 2011-08-22 Method for Securing Electronic Device Data Processing

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
PCT/FR2001/003582 Continuation WO2002041151A1 (en) 2000-11-16 2001-11-15 Method and device for making secure data processing
US10/416,754 Continuation US8006058B2 (en) 2000-11-16 2001-11-15 Method and securing electronic device data processing

Publications (1)

Publication Number Publication Date
US20110307650A1 true US20110307650A1 (en) 2011-12-15

Family

ID=4167673

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/416,754 Expired - Fee Related US8006058B2 (en) 2000-11-16 2001-11-15 Method and securing electronic device data processing
US13/214,501 Abandoned US20110307650A1 (en) 2000-11-16 2011-08-22 Method for Securing Electronic Device Data Processing

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/416,754 Expired - Fee Related US8006058B2 (en) 2000-11-16 2001-11-15 Method and securing electronic device data processing

Country Status (6)

Country Link
US (2) US8006058B2 (en)
EP (1) EP1344137A1 (en)
CN (1) CN1484791A (en)
AU (1) AU2002220786A1 (en)
CA (1) CA2326036A1 (en)
WO (1) WO2002041151A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW554268B (en) * 2001-12-28 2003-09-21 Via Tech Inc Data storage security method
CN1293485C (en) * 2003-07-23 2007-01-03 凌阳科技股份有限公司 Processor unit and method for protecting data by data block confounding processing
EP1612639A1 (en) * 2004-06-30 2006-01-04 ST Incard S.r.l. Method for detecting and reacting against possible attack to security enforcing operation performed by a cryptographic token or card
WO2006135999A1 (en) * 2005-06-24 2006-12-28 Research In Motion Limited System and method for managing memory in a mobile device
EP1949292A1 (en) * 2005-11-04 2008-07-30 Gemplus SA. Method for securely handling data during the running of cryptographic algorithms on embedded systems
KR20090043823A (en) * 2007-10-30 2009-05-07 삼성전자주식회사 Memory system for sensing external attack
US20110022852A1 (en) * 2008-03-25 2011-01-27 Mitsubishi Electric Corporation Cryptographic computation apparatus, cryptographic computation program, and storage medium
US9449197B2 (en) * 2013-06-13 2016-09-20 Global Foundries Inc. Pooling entropy to facilitate mobile device-based true random number generation
CN104766117B (en) * 2014-01-07 2019-04-26 国民技术股份有限公司 Smart card and its data processing method
US9418231B2 (en) * 2014-06-03 2016-08-16 Empire Technology Development Llc Perturbation of field programmable gate array code to prevent side channel attack
CN116226673B (en) * 2023-05-05 2023-07-07 中国人民解放军国防科技大学 Training method of buffer region vulnerability recognition model, vulnerability detection method and device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5081675A (en) * 1989-11-13 1992-01-14 Kitti Kittirutsunetorn System for protection of software in memory against unauthorized use
JP2933090B2 (en) * 1990-04-25 1999-08-09 富士通株式会社 Nonvolatile semiconductor memory device
US5313582A (en) * 1991-04-30 1994-05-17 Standard Microsystems Corporation Method and apparatus for buffering data within stations of a communication network
EP0640228A1 (en) * 1992-05-12 1995-03-01 International Business Machines Corporation Method and apparatus for reducing memory wearout in a computer system
US5969632A (en) * 1996-11-22 1999-10-19 Diamant; Erez Information security method and apparatus
US6115760A (en) * 1998-08-24 2000-09-05 3Com Corporation Intelligent scaleable FIFO buffer circuit for interfacing between digital domains
ATE234418T1 (en) 1998-10-30 2003-03-15 Christopher Paulet Mel Walters VALVE CONTROL DEVICE
FR2787216B1 (en) * 1998-12-11 2001-07-27 Bull Cp8 METHOD FOR STORAGE AND OPERATION OF INFORMATION UNITS IN A SECURITY MODULE, AND ASSOCIATED SECURITY MODULE

Also Published As

Publication number Publication date
EP1344137A1 (en) 2003-09-17
AU2002220786A1 (en) 2002-05-27
US8006058B2 (en) 2011-08-23
WO2002041151A1 (en) 2002-05-23
CA2326036A1 (en) 2002-05-16
US20040093306A1 (en) 2004-05-13
CN1484791A (en) 2004-03-24

Similar Documents

Publication Publication Date Title
US20110307650A1 (en) Method for Securing Electronic Device Data Processing
US6880037B2 (en) Method of data caching on a smartcard
US8689338B2 (en) Secure terminal, a routine and a method of protecting a secret key
US8261098B2 (en) Method and apparatus for encrypting and processing data in flash translation layer
US10762408B2 (en) Smart card
US7966467B1 (en) Secure memory access system and method
US6952822B2 (en) Program installation method, program installation system, program executing apparatus, and storage medium
US7035965B2 (en) Flash memory with data decompression
US20080005799A1 (en) Program execution control circuit, computer system, and IC card
CA2489737C (en) Electronic data processing device with secured memory access
US6925569B2 (en) Secured microprocessor comprising a system for allocating rights to libraries
US7228400B2 (en) Control of multiply mapped memory locations
US8468493B2 (en) Information processing apparatus, information processing method, and program
US20150261663A1 (en) Method for managing the memory resources of a security device, such as a chip card, and security device implementing said method
WO2005116917A1 (en) Semiconductor memory card
US20140331325A1 (en) Anti-malware system and method for processing data in system
US9927995B2 (en) Method and an integrated circuit for executing a trusted application within a trusted runtime environment
US7103705B2 (en) Computing system, and method for enabling a digital signal processor to access parameter tables through a central processing unit
JP4734838B2 (en) Information recording medium, program, and command execution control method
US20240134790A1 (en) Garbage collection method and apparatus
JP4811560B2 (en) IC card and IC card program
US20100200650A1 (en) Mobile communication device and method for recovering mifare memory
JP3668204B2 (en) Portable electronic device and data area allocation method
KR100689223B1 (en) Method for optimizing patch and for security patch of smart card operating system
KR20050075533A (en) Method of demand paging of pda and input reference page information in page

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION