WO2006064318A1 - Method to secure writing in memory against attacks by radiation or other means - Google Patents

Method to secure writing in memory against attacks by radiation or other means

Info

Publication number
WO2006064318A1
WO2006064318A1 PCT/IB2005/003476 IB2005003476W WO2006064318A1 WO 2006064318 A1 WO2006064318 A1 WO 2006064318A1 IB 2005003476 W IB2005003476 W IB 2005003476W WO 2006064318 A1 WO2006064318 A1 WO 2006064318A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
write
data
log
atomic
method
Prior art date
Application number
PCT/IB2005/003476
Other languages
French (fr)
Inventor
Nicolas Giraud
Original Assignee
Axalto Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/10Programming or data input circuits
    • G11C16/102External programming circuits, e.g. EPROM programmers; In-circuit programming or reprogramming; EPROM emulators
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/10Programming or data input circuits
    • G11C16/102External programming circuits, e.g. EPROM programmers; In-circuit programming or reprogramming; EPROM emulators
    • G11C16/105Circuits or methods for updating contents of nonvolatile memory, especially with 'security' features to ensure reliable replacement, i.e. preventing that old data is lost before new data is reliably written
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/22Safety or protection circuits preventing unauthorised or accidental access to memory cells

Abstract

The method according to this invention concerns a method to secure the write in storage means of an electronic assembly comprising information processing means, said method comprising an atomic write process to write data recorded in a write log. The method consists in checking a sequence of atomic writes in said storage means by setting in said write log one or more indicators in memory as proof of one of more successive writes recorded in said log. This invention also concerns the electronic module in which said method is implemented and the card comprising said module.

Description

METHOD TO SECURE WRITING IN MEMORY AGAINST ATTACKS BY

RADIATION OR OTHER MEANS

This invention concerns a method and a device to secure an electronic assembly implementing a program to be protected. More precisely, the purpose of the method is to propose a defence against attacks by radiation, flash, light, laser, glitch or other and more generally against any attack disturbing the execution of the program instructions. These attacks modify the instructions to be executed, resulting in non-execution or incorrect execution of certain parts of the program.

TECHNICAL FIELD

When a program is executed by a microprocessor, attacks for example by injecting faults via laser, glitch or electromagnetic radiation modify the instruction codes executed by the processor: the program instructions may be replaced by instructions producing a different effect. Consequently, a security processing sequence in an operating system for smart cards may be made inoperative by an attacker. Applied during an instruction sequence designed to write in non volatile memory of the card, these attacks may disable security writes used, for example, to count a number of incorrect authentications. Through this type of attack, the attacker also prevents the card from storing security-related events.

Amongst the known defences, one solution consists in setting flags in a byte of the RAM (Random Access Memory) at regular intervals and in checking, at a particular point in the execution of the software, that all flags which should be set have actually been set. Setting up this type of defence is tedious, however, since specific volatile memory areas must be allocated and processing added in the code to be protected, wherever this is required. In addition, since attacks of this type are becoming shorter and more precise, the known solutions are becoming less effective. Firstly, the attack may be too short to have any effect on the setting of flags: the flags in RAM may indicate to the program that all writes have been made correctly, even if this is not the case. Secondly, the flag verification software may itself be disturbed.

One purpose of this invention is to protect all writes contained in the program.

Another purpose of this invention is to propose efficient protection even for very short attacks.

SUMMARY OF THE INVENTION

This invention concerns a method to secure the write in storage means of an electronic assembly comprising information processing means, said method comprising an atomic write process to write data recorded in a write log, characterised in that it consists in checking a sequence of atomic writes in said storage means by setting in said write log one or more indicators in memory as proof of one of more successive writes recorded in said log.

This invention also concerns an electronic module in which said method is implemented, a card comprising said module and a program to implement said method.

BRIEF DESCRIPTION OF THE DRAWINGS

Other purposes, features and advantages of the invention will appear on reading the description which follows of the implementation of the method according to the invention and of a mode of realisation of an electronic system designed for this implementation, given as a non-limiting example, and referring to the attached drawings in which:

- figure 1 is a diagrammatic representation of an example of a device in which the method according to this invention is implemented; - figure 2 is a diagrammatic representation of the content of part of the memory of a device in which the known atomic write process is implemented;

- figure 3 is a graph representing the various steps of a known atomic write process;

- figure 4 is a graph representing the various steps of one form of realisation of the method according to this invention;

- figure 5 is a diagrammatic representation of the content of part of the memory of a device according to a first form of realisation in which the method according to this invention is implemented;

- figure 6 is a diagrammatic representation of the content of part of the memory of a device according to a second form of realisation in which the method according to this invention is implemented.

WAY OF REALISING THE INVENTION

The purpose of the method according to the invention is to secure an electronic assembly and for example a portable object such as a smart card implementing a program. The electronic assembly comprises at least processing means such as a processor and storage means such as a memory. The program to be secured is installed in the memory, for example ROM (Read Only Memory) type, of said assembly.

As a non-limiting example, the electronic assembly described below corresponds to an onboard system comprising an electronic module 1 illustrated on figure LThis type of module is generally realised as a monolithic integrated electronic microcircuit, or chip, which once physically protected by any known means can be assembled on a portable object such as for example a smart card, microcircuit or integrated circuit card (microprocessor card, etc.) or other card which can be used in various fields.

The electronic module 1 comprises a microprocessor CPU 3 with a two-way connection via an internal bus 5 to a non volatile memory 7 of type ROM, EEPROM (Electrical Erasable Programmable Read Only Memory), Flash, FeRam or other containing the program PRO 9 to be executed and a transaction buffer 10 containing a write log used for temporary data storage, a volatile memory 11 of type RAM, input/output means I/O 13 to communicate with the exterior.

The method according to the invention consists in checking that each write in non volatile memory while executing the program 9 is executed correctly.

The method according to the invention consists in checking the atomic write of data in non volatile memory by setting in a write log, when executing a program 9, an indicator in memory as proof of a write. The "write log" means the list of all write operations to be made atomically on the memory, the log containing control data and/or data to be written and/or any other type of information. A sequence of "atomic" writes means all writes recorded in the write log such that, if the log is validated (sequence closed), all the writes are made, even in the event of attack; if the log is not validated, none of said writes is made. According to this invention, writing the indicator in memory is made atomic with the write of the planned data in the write log.

Each write in the log and the indicator are atomic, so the fact that the proof indicator is in memory guarantees that the data has actually been written. By checking that the proof indicator is present, the program ensures a posteriori that the write was made. If the write was not made, various measures can then be taken, such as, for example, triggering by program 9 of a security defence, interruption of program execution or setting of a fraud indicator in non volatile memory 7 to indicate that a fraudulent attack has taken place and for example to prohibit any future use of the operating system.

The methods used to make several atomic writes in the memory and more especially in the non volatile memory 7 of a microprocessor card as an anti-tearing mechanism are known. They use for example, as shown on figure 2, the transaction buffer 10; the transaction buffer 10 is located in the non volatile memory 7 and acts as log for the writes to be made. The known atomic write process may consist of the following sequence (refer to figure 3):

After opening the atomic session (step A), for each write (step B), the process consists in creating (step C) an entry in the write log of the transaction buffer 10 comprising the control data (Control Data) (address

AdM , Adr2, Adr3 length of useful data, L1 , L2, L3 ) and the useful data (Data) (Datai , Data2, Data3, ...) (see figure 2).

When closing the atomic session (step D)1 the process validates the transaction buffer to indicate that it contains an atomic write sequence. The method then consists in reading (steps E, G) each entry in the log and making, then checking the corresponding write, repeating each incorrect write (step F). Then in step H, the method invalidates the transaction buffer to indicate that it contains no atomic write sequence.

If the writes of the atomic sequence are interrupted, the process resumes at step E as long as the transaction buffer has not been invalidated.

This type of atomic write process protects against an interruption in the atomic session in progress: it guarantees that either the writes recorded in the write log of the transaction buffer are ignored and none of the writes recorded is made if the session has not been closed; or all the writes recorded in the log of the transaction buffer are made if the session has been closed.

However, this type of process does not protect against disturbances in system operation which allow the session to continue: one of the writes planned in the atomic session could be prevented without being detected by the atomicity mechanism.

The method according to this invention therefore consists in combining the known atomic data write process with the write of a write indicator. The indicator is entered in the write log. The data and indicator writes are made atomic...

The mode of realisation of this invention described below and illustrated on figure 4 combines the atomicity process like that described above and a counter acting as indicator of the successive writes in non volatile memory during a command, and for example a counter of the number of writes which is incremented on each new write.

As shown on figure 5, according to one form of realisation of the invention, the value (Counter) of the write counter (C1 , C2, C3) in EEPROM is included in the block of control data of the write log of the atomicity process (Control Data). According to another form of realisation illustrated on figure 6, the value of the write counter is included in the atomicity data of the write log of the atomicity process (Atomicity Data). For each new write in the atomic session, the counter is incremented (step C- figure 4) and the control and atomicity data are updated in the same block, under the protection of a checksum (CKS1 , CKS2, CKS3 on figure 5 or CKS on figure 6, depending on the form of realisation) on part or all of the data (step C). The counter is incremented on each new write in the atomic session. The atomicity process guarantees that once the atomic session has been closed, all the writes recorded in the log will be made completely. This mode of realisation guarantees that each incrementation of the counter is atomic with the corresponding write in the log. When closing the atomic session in progress, each incrementation of the counter during the atomic session corresponds to a write actually made when closing the atomic session.

As shown on figure 4 therefore, after opening the atomic session, on each new write, i.e. on each new entry in the write log of the transaction buffer 10, the counter is incremented (step C). Depending on the form of realisation, the new value of the counter is written with the control data of the entry concerned (C1 , figure 5) or in the atomicity data (Ci, figure 6). The value of the counter before opening the atomic session is stored in the atomicity data (C, figure 6). When closing the atomic session, the value of the counter is compared with the expected value and if they match and the other checks planned in the known atomic write processes are also correct, the buffer is validated. The value of the counter C before opening the session is then assigned the value of the counter at closure.

This form of realisation implementing a counter provides a means of checking during program execution and/or when closing the atomic session that the writes planned in the log have been made by comparing the actual value of the counter with the expected value.

The method according to the invention consists in incrementing said counter and making each atomic write simultaneously. If an attack occurs during the write, the write will not be made correctly, the counter will not be incremented and the value of the counter will be different from the expected value; the attack is therefore detected and a specific action is carried out by the program or the processor. Two methods can be used to make the recording of a new write in the write log of the transaction buffer and the incrementation of the write counter in non volatile memory atomic: the counter is placed in the same block as all or some of the control and/or atomicity data and/or the useful data of the atomicity process; and/or the counter and all or some of the control and/or atomicity data and/or the useful data are protected by the same checksum which validates this write, either of the two methods alone is sufficient to guarantee atomicity. The writes in the non volatile memory 7 of type EEPROM generally encountered in smart cards, are made in blocks (usually 64 or 128 bytes). All the bytes programmed in a given block are written simultaneously, making the write of several bytes in the same block atomic. The programming duration is the same, whether for a single byte in the block or for all bytes in the block, of the order of 1 to 5 ms. This duration must be multiplied by the number of blocks to be written.

Atomicity can be achieved by using this intrinsic property of EEPROM. By placing the proof indicator of a write in the same block as the data to be written in the write log, if the proof indicator is present we can be certain that the data has actually been written.

Placing the write counter in the same block as the control and/or atomicity data and/or the useful data of the atomicity process helps improve the performance of the protection mechanism. No extra block writes are required, which helps to limit the number of writes.

The method according to the invention consists according to the second method in calculating a checksum (CKS1 , CKS2, CKS3 on figure 5, CKS on figure 6) on the value of the counter and on all or some of the control and/or atomicity data and/or the useful data and making the write in the log simultaneously and in writing the value obtained for the checksum in the log. The method according to the invention then consists in verifying the checksum by comparing it with the precalculated value written in memory. Note that the checksum may concern the indicator and all or some of the useful data, and/or one or more items of atomicity data and/or one or more items of control data depending on the form of realisation chosen. The protection of the write counter and of the control data by a checksum guarantees the efficiency of the mechanism with any non volatile memory and for example with memory types other than EEPROM.

Claims

1- Method to secure the write in storage means (7) of an electronic assembly comprising information processing means, said method comprising an atomic write process to write data recorded in a write log, characterised in that it consists in checking a sequence of atomic writes in said storage means by setting in said write log one or more indicators in memory as proof of one or more successive writes recorded in said log.
2- Method according to claim 1 , characterised in that it consists in making the write of the data in the log and that of the indicator are atomic.
3- Method according to claim 1 or 2, characterised in that it consists in protecting said indicator and the data in the write log with the same checksum when writing said indicator and said data.
4- Method according to one of claims 1 to 3, characterised in that the atomicity of the writes is increased by using a property of some memories according to which the writes are made in blocks, said indicator being placed in the same block as the data to be written in the log.
5- Method according to one of claims 1 to 4, characterised in that it consists in setting said indicator by incrementing a counter on each new write.
6- Method according to claim 5, characterised in that it consists in placing the value of said counter in the same block of data to be written as the control and/or atomicity data and/or the useful data of the write log.
7- Method according to one of claims 1 to 6, characterised in that it consists in triggering an action if the write of said data is not made. 8- Electronic module including information processing means and storage means containing a program to be executed and a write log recording the writes of an atomic write process, characterised in that the information processing means include means, when executing the program, to set in said write log one or more indicators in memory as proof of one or more successive writes recorded in said log.
9- Card characterised in that it comprises the electronic module according to claim 8.
10- Computer program comprising program code instructions to execute the steps of the method according to one of claims 1 to 7 when said program is run in an electronic assembly.
PCT/IB2005/003476 2004-12-13 2005-11-21 Method to secure writing in memory against attacks by radiation or other means WO2006064318A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP04292970.3 2004-12-13
EP20040292970 EP1670000A1 (en) 2004-12-13 2004-12-13 Method for securing writing in memory against attacks by rays or other methods

Publications (1)

Publication Number Publication Date
WO2006064318A1 true true WO2006064318A1 (en) 2006-06-22

Family

ID=34931596

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/003476 WO2006064318A1 (en) 2004-12-13 2005-11-21 Method to secure writing in memory against attacks by radiation or other means

Country Status (2)

Country Link
EP (1) EP1670000A1 (en)
WO (1) WO2006064318A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8468294B2 (en) 2009-12-18 2013-06-18 Sandisk Technologies Inc. Non-volatile memory with multi-gear control using on-chip folding of data
US8842473B2 (en) 2012-03-15 2014-09-23 Sandisk Technologies Inc. Techniques for accessing column selecting shift register with skipped entries in non-volatile memories
US8897080B2 (en) 2012-09-28 2014-11-25 Sandisk Technologies Inc. Variable rate serial to parallel shift register
US9076506B2 (en) 2012-09-28 2015-07-07 Sandisk Technologies Inc. Variable rate parallel to serial shift register
US9224502B1 (en) 2015-01-14 2015-12-29 Sandisk Technologies Inc. Techniques for detection and treating memory hole to local interconnect marginality defects
US9269446B1 (en) 2015-04-08 2016-02-23 Sandisk Technologies Inc. Methods to improve programming of slow cells
US9342446B2 (en) 2011-03-29 2016-05-17 SanDisk Technologies, Inc. Non-volatile memory system allowing reverse eviction of data updates to non-volatile binary cache
US9490035B2 (en) 2012-09-28 2016-11-08 SanDisk Technologies, Inc. Centralized variable rate serializer and deserializer for bad column management
US9564219B2 (en) 2015-04-08 2017-02-07 Sandisk Technologies Llc Current based detection and recording of memory hole-interconnect spacing defects
US9748001B2 (en) 2009-07-06 2017-08-29 Sandisk Technologies Llc Bad column management with bit information in non-volatile memory systems
US9934872B2 (en) 2014-10-30 2018-04-03 Sandisk Technologies Llc Erase stress and delta erase loop count methods for various fail modes in non-volatile memory

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4507751A (en) * 1982-06-21 1985-03-26 International Business Machines Corporation Method and apparatus for logging journal data using a log write ahead data set
US5532463A (en) * 1993-05-26 1996-07-02 Solaic (Societe Anonyme) Process for making secure the writing of sensitive data into the EEPROM data storage memory of a memory card and a memory card for use in the process
FR2742893A1 (en) * 1995-12-20 1997-06-27 Schlumberger Ind Sa Writing to re-writable memory e.g. memory card, smart card or non-contact card
US5715431A (en) * 1993-04-13 1998-02-03 Mondex International Limited Tamper proof security measure in data writing to non-volatile memory

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4507751A (en) * 1982-06-21 1985-03-26 International Business Machines Corporation Method and apparatus for logging journal data using a log write ahead data set
US5715431A (en) * 1993-04-13 1998-02-03 Mondex International Limited Tamper proof security measure in data writing to non-volatile memory
US5532463A (en) * 1993-05-26 1996-07-02 Solaic (Societe Anonyme) Process for making secure the writing of sensitive data into the EEPROM data storage memory of a memory card and a memory card for use in the process
FR2742893A1 (en) * 1995-12-20 1997-06-27 Schlumberger Ind Sa Writing to re-writable memory e.g. memory card, smart card or non-contact card

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"WRITE ATOMICITY WITH STORAGE HARDWARE" IBM TECHNICAL DISCLOSURE BULLETIN, IBM CORP. NEW YORK, US, vol. 33, no. 2, 1 July 1990 (1990-07-01), pages 422-425, XP000123669 ISSN: 0018-8689 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9748001B2 (en) 2009-07-06 2017-08-29 Sandisk Technologies Llc Bad column management with bit information in non-volatile memory systems
US8468294B2 (en) 2009-12-18 2013-06-18 Sandisk Technologies Inc. Non-volatile memory with multi-gear control using on-chip folding of data
US9342446B2 (en) 2011-03-29 2016-05-17 SanDisk Technologies, Inc. Non-volatile memory system allowing reverse eviction of data updates to non-volatile binary cache
US8842473B2 (en) 2012-03-15 2014-09-23 Sandisk Technologies Inc. Techniques for accessing column selecting shift register with skipped entries in non-volatile memories
US8897080B2 (en) 2012-09-28 2014-11-25 Sandisk Technologies Inc. Variable rate serial to parallel shift register
US9490035B2 (en) 2012-09-28 2016-11-08 SanDisk Technologies, Inc. Centralized variable rate serializer and deserializer for bad column management
US9076506B2 (en) 2012-09-28 2015-07-07 Sandisk Technologies Inc. Variable rate parallel to serial shift register
US9934872B2 (en) 2014-10-30 2018-04-03 Sandisk Technologies Llc Erase stress and delta erase loop count methods for various fail modes in non-volatile memory
US9224502B1 (en) 2015-01-14 2015-12-29 Sandisk Technologies Inc. Techniques for detection and treating memory hole to local interconnect marginality defects
US9269446B1 (en) 2015-04-08 2016-02-23 Sandisk Technologies Inc. Methods to improve programming of slow cells
US9564219B2 (en) 2015-04-08 2017-02-07 Sandisk Technologies Llc Current based detection and recording of memory hole-interconnect spacing defects

Also Published As

Publication number Publication date Type
EP1670000A1 (en) 2006-06-14 application

Similar Documents

Publication Publication Date Title
US4734568A (en) IC card which can set security level for every memory area
US7168065B1 (en) Method for monitoring program flow to verify execution of proper instructions by a processor
US5991519A (en) Secure memory having multiple security levels
US4246638A (en) Method and apparatus for controlling usage of a programmable computing machine
US5754762A (en) Secure multiple application IC card using interrupt instruction issued by operating system or application program to control operation flag that determines the operational mode of bi-modal CPU
US6751716B2 (en) Semiconductor storage device, control device, and electronic apparatus
US5293610A (en) Memory system having two-level security system for enhanced protection against unauthorized access
US20050108532A1 (en) Method and system to provide a trusted channel within a computer system for a SIM device
US20080005510A1 (en) Compression Method for Managing the Storing of Persistent Data From a Non-Volatile Memory to a Backup Buffer
US20080209550A1 (en) Method For Detecting and Reacting Against Possible Attack to Security Enforcing Operation Performed by a Cryptographic Token or Card
US20090013122A1 (en) Transaction Method for Managing the Storing of Persistent Data in a Transaction Stack
US20040123132A1 (en) Enhancing data integrity and security in a processor-based system
Mostowski et al. Malicious code on Java Card smartcards: Attacks and countermeasures
WO2001033317A1 (en) Assuring data integrity via a secure counter
Barbu et al. Attacks on java card 3.0 combining fault and logical attacks
US20030056070A1 (en) Secure write blocking circuit and method for preventing unauthorized write access to nonvolatile memory
US7418602B2 (en) Memory card
US5367149A (en) IC card and method of checking personal identification number of the same
US20060112436A1 (en) Protection of a microcontroller
US20080148001A1 (en) Virtual Secure On-Chip One Time Programming
EP1507185A1 (en) Method and device for protecting against unauthorized access to a secure routine
US7844828B2 (en) Method to secure the execution of a program against attacks by radiation or other
US20080320253A1 (en) Memory device with circuitry for writing data of an atomic transaction
US7681050B2 (en) Secure and replay protected memory storage
US20080229425A1 (en) Secure Terminal, a Routine and a Method of Protecting a Secret Key

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct app. not ent. europ. phase

Ref document number: 05803775

Country of ref document: EP

Kind code of ref document: A1