WO2008093257A2 - Method of protecting against attacks and circuit therefor - Google Patents
Method of protecting against attacks and circuit therefor Download PDFInfo
- Publication number
- WO2008093257A2 WO2008093257A2 PCT/IB2008/050203 IB2008050203W WO2008093257A2 WO 2008093257 A2 WO2008093257 A2 WO 2008093257A2 IB 2008050203 W IB2008050203 W IB 2008050203W WO 2008093257 A2 WO2008093257 A2 WO 2008093257A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- circuit
- address
- memory module
- validation
- memory
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C8/00—Arrangements for selecting an address in a digital store
- G11C8/20—Address safety or protection circuits, i.e. arrangements for preventing unauthorized or accidental access
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C29/00—Checking stores for correct operation ; Subsequent repair; Testing stores during standby or offline operation
- G11C29/02—Detection or location of defective auxiliary circuits, e.g. defective refresh counters
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C29/00—Checking stores for correct operation ; Subsequent repair; Testing stores during standby or offline operation
- G11C29/02—Detection or location of defective auxiliary circuits, e.g. defective refresh counters
- G11C29/024—Detection or location of defective auxiliary circuits, e.g. defective refresh counters in decoders
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C7/00—Arrangements for writing information into, or reading information out from, a digital store
- G11C7/24—Memory cell safety or protection circuits, e.g. arrangements for preventing inadvertent reading or writing; Status cells; Test cells
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C29/00—Checking stores for correct operation ; Subsequent repair; Testing stores during standby or offline operation
- G11C29/04—Detection or location of defective memory elements, e.g. cell constructio details, timing of test signals
- G11C2029/0409—Online test
Definitions
- the invention relates to a method of protecting against unauthorized attacks on data contained in memories or in memory modules and to a circuit of a memory module.
- So-termed smart card chips have data stored thereon which are secret in part and which represent important and confidential information serving, for example, for identification and/or for the authorization of processes. Such data may be used, for example, for access to locations or services. Thus, for example, a door opener may be authorized to afford an owner of a smart card containing certain data access to a restricted area through a reading of the access data. Another possibility is, for example, to authorize and carry out money transactions or to control financial assets on the basis of a smart card.
- the secret data should accordingly not be accessible to outsiders, otherwise these data could be improperly used.
- key data which serve for coding and decoding information that is transmitted to external destinations, should be safeguarded against unauthorized access.
- WO 2004/049349 A2 in this connection describes a protection mechanism against light attacks during inactive phases in a reading process.
- WO 2004/046927 Al discloses a special redundant storage of data.
- 2004/047172 Al discloses an electronic circuit for fending off attacks by means of light.
- a memory cell can be selected by means of address decoding by address decoders, whereupon the contents of said cell are read in a memory access operation.
- An attack on these address decoders which cannot always be effectively prevented or even spotted by the above protection mechanisms, may result in a plurality of memory cells, an incorrect memory cell, or no memory cell at all being selected.
- object of the present invention to provide a method by which an attack on address decoders can be reliably recognized.
- Another object of the invention is to provide a circuit capable of recognizing such attacks.
- the circuit according to the invention presents a memory module that comprises a memory matrix, a column decoder, and a line decoder, the circuit of the memory module in addition comprising a validation circuit, wherein said validation circuit is capable of reconstructing an address from selection signals and comparing this address with the original address or carrying out a plausibility test, whereupon a validation signal can be given if the addresses match or the plausibility thereof is established. It is particularly advantageous if the selection signal is a signal applied to the memory matrix of the memory module.
- the validation circuit comprises its own read amplifier which renders possible a simultaneous reading.
- the object as regards the method is achieved by the characteristic features of claim 5.
- the method is a method of protecting against unauthorized attacks on data contained in memories or in a memory module, with data being stored in a memory module, which memory module comprises a memory matrix for the storage of data, and with a column decoder and a line decoder, wherein the circuit of the memory module in addition comprises a validation circuit, which validation circuit reconstructs an address from selection signals and compares this address with the original address or carries out a plausibility test, whereupon a validation signal is given if the addresses match or the plausibility thereof is established. It is useful in this connection if the selection signal is a signal applied to the memory matrix of the memory module.
- the present invention thus relates to a method of verifying a decoded address during a memory access operation, preferably in real time, so as to recognize any attacks on the address decoder.
- the invention also relates to a method of reliably recognizing such attacks.
- Fig. 1 shows a memory module
- Fig. 2 shows a circuit arrangement according to the prior art
- Fig. 3 shows a circuit arrangement according to the invention
- Fig. 4 is a block diagram of a circuit for clarifying the procedure according to the method.
- Fig. 1 diagrammatically shows a memory module 1 in the form of a block diagram.
- the memory module is formed here by a memory matrix A, 2, a column decoder CD, 3, and a line decoder RD, 4.
- the circuit of the memory module 1 is complemented by a validation circuit V, 5.
- the validation circuit V, 5 reconstructs through calculation an address from the selection signals supplied to the matrix A, 2 and either compares this address with the original address adr or carries out a plausibility test, issuing a validity signal va in the case of a match or plausibility, as applicable.
- the reference “data” is used for the data input and/or data output and the reference “adr" for the input for the addresses.
- Fig. 2 shows an example of a circuit for a decoder test according to the prior art.
- the circuit 10 essentially consists of a memory cell 11, in which e.g. a word can be stored, a ROM cell 12 for the decoder test, and a read amplifier 13.
- the memory circuit 10 here is a circuit that can be programmed comparatively slowly only. Such circuits often comprise special circuit arrangements for testing the address decoding function in order to reduce the testing time.
- a fixedly coded data word R is selected by the line decoder along with the other data in an extra column in each of the n lines of the memory, cf. signal wl, which can be read out in a special testing mode via the original read path, cf. the control signal test.
- This word may, but need not necessarily, have the same word width w as the data words proper.
- Fig. 3 shows a circuit according to the invention, wherein an additional circuit is modified according to the invention such that, during normal reading via the read amplifier S, 13 having an output value dout, this fixedly coded word R is read out simultaneously via its own read amplifier T, 14 for the test bus which has an output value tout.
- a conclusion can be drawn from this word as to the actually selected line.
- a line can be identified from the output value by the read amplifier in this manner. Said conclusion may be unequivocal or may at least be sufficient for a plausibility test.
- a comparison with the address applied to the module then renders it possible to generate a validity signal; in the case of an unequivocal result the reconstructed address itself may also be supplied as additional information, if so desired.
- the reference wl here represents the line selection and bl the bit line, tbl the test bus bit line, tl the test bus, dout the data outputs, and tout the data output for the address validation code.
- a validation circuit is constructed for the column decoder, which circuit tests the decoded column of the m columns during the read access.
- the circuit according to the invention serves to protect the memory module provided therewith. Any memory module that contains security-sensitive or secret data may advantageously be protected from attacks in principle.
- the present invention offers a highly efficient method by which it can be ensured that only those memory cells that are wanted are actually read out in that the decoded address is subjected to a validity test or the original address is reconstructed for the purpose of comparison. It can be applied to all memories organized in matrix form such as, for example, RAM, ROM, EEPROM, and Flash.
- Fig. 4 shows a block diagram 20 in which block 21 represents the input of selection signals or data.
- an address is reconstructed from these data or selection signals.
- this address is compared with the original address and/or a plausibility test is carried out.
- a validity signal will be given in block 24.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
- For Increasing The Reliability Of Semiconductor Memories (AREA)
Abstract
The invention relates to a method and to a circuit having a memory module (1) that comprises a memory matrix (2), a column decoder (3), and a line decoder (4), the circuit of the memory module in addition comprising a validation circuit (5), wherein said validation circuit (5) is capable of reconstructing an address from selection signals and comparing this address with the original address or carrying out a plausibility test, whereupon a validation signal can be given if the addresses match or the plausibility thereof is established.
Description
Method of protecting against attacks and circuit therefor
Field for the invention
The invention relates to a method of protecting against unauthorized attacks on data contained in memories or in memory modules and to a circuit of a memory module.
State of the art
So-termed smart card chips have data stored thereon which are secret in part and which represent important and confidential information serving, for example, for identification and/or for the authorization of processes. Such data may be used, for example, for access to locations or services. Thus, for example, a door opener may be authorized to afford an owner of a smart card containing certain data access to a restricted area through a reading of the access data. Another possibility is, for example, to authorize and carry out money transactions or to control financial assets on the basis of a smart card.
The secret data should accordingly not be accessible to outsiders, otherwise these data could be improperly used. In particular key data, which serve for coding and decoding information that is transmitted to external destinations, should be safeguarded against unauthorized access.
Various possibilities are known for obtaining access to such data that are to be protected, for example through malfunctions in the access from the outside to the memory or through direct manipulations of the electronic circuit, whereby memory access can be purposely changed so as to obtain access to the data that are to be protected. In such a case it is also possible that other physical addresses are affected, which will lead to a compromising malfunctioning program stream.
Access to memories of security-sensitive circuits can be protected against purposeful attacks by means of protection mechanisms. WO 2004/049349 A2 in this connection describes a protection mechanism against light attacks during inactive phases in a reading process. WO 2004/046927 Al discloses a special redundant storage of data. WO
2004/047172 Al discloses an electronic circuit for fending off attacks by means of light.
A memory cell can be selected by means of address decoding by address decoders, whereupon the contents of said cell are read in a memory access operation. An attack on these address decoders, which cannot always be effectively prevented or even
spotted by the above protection mechanisms, may result in a plurality of memory cells, an incorrect memory cell, or no memory cell at all being selected.
Short description of the invention, object, solution, advantages It is an object of the present invention to provide a method by which an attack on address decoders can be reliably recognized. Another object of the invention is to provide a circuit capable of recognizing such attacks.
According to the invention, the object as regards the circuit is achieved by the characteristic features of claim 1. The circuit according to the invention presents a memory module that comprises a memory matrix, a column decoder, and a line decoder, the circuit of the memory module in addition comprising a validation circuit, wherein said validation circuit is capable of reconstructing an address from selection signals and comparing this address with the original address or carrying out a plausibility test, whereupon a validation signal can be given if the addresses match or the plausibility thereof is established. It is particularly advantageous if the selection signal is a signal applied to the memory matrix of the memory module.
It is also useful if an attack can be identified on the basis of a deviation between the reconstructed address and the original address.
It is highly advantageous, moreover, if the validation circuit comprises its own read amplifier which renders possible a simultaneous reading.
According to the invention, the object as regards the method is achieved by the characteristic features of claim 5. According to this claim, the method is a method of protecting against unauthorized attacks on data contained in memories or in a memory module, with data being stored in a memory module, which memory module comprises a memory matrix for the storage of data, and with a column decoder and a line decoder, wherein the circuit of the memory module in addition comprises a validation circuit, which validation circuit reconstructs an address from selection signals and compares this address with the original address or carries out a plausibility test, whereupon a validation signal is given if the addresses match or the plausibility thereof is established. It is useful in this connection if the selection signal is a signal applied to the memory matrix of the memory module. It is also useful if an attack can be identified on the basis of a deviation between the reconstructed address and the original address.
The present invention thus relates to a method of verifying a decoded address during a memory access operation, preferably in real time, so as to recognize any attacks on the address decoder. The invention also relates to a method of reliably recognizing such attacks.
Advantageous further embodiments are described in the dependent claims.
Short description of the drawings
The invention will be described in more detail below with reference to an embodiment and the accompanying drawings, in which:
Fig. 1 shows a memory module;
Fig. 2 shows a circuit arrangement according to the prior art; Fig. 3 shows a circuit arrangement according to the invention; and Fig. 4 is a block diagram of a circuit for clarifying the procedure according to the method.
Preferred embodiment of the invention
Fig. 1 diagrammatically shows a memory module 1 in the form of a block diagram. The memory module is formed here by a memory matrix A, 2, a column decoder CD, 3, and a line decoder RD, 4. According to the invention, the circuit of the memory module 1 is complemented by a validation circuit V, 5. The validation circuit V, 5 reconstructs through calculation an address from the selection signals supplied to the matrix A, 2 and either compares this address with the original address adr or carries out a plausibility test, issuing a validity signal va in the case of a match or plausibility, as applicable. The reference "data" is used for the data input and/or data output and the reference "adr" for the input for the addresses.
Fig. 2 shows an example of a circuit for a decoder test according to the prior art. The circuit 10 essentially consists of a memory cell 11, in which e.g. a word can be stored, a ROM cell 12 for the decoder test, and a read amplifier 13. The memory circuit 10 here is a circuit that can be programmed comparatively slowly only. Such circuits often comprise special circuit arrangements for testing the address decoding function in order to reduce the testing time. For this purpose, a fixedly coded data word R is selected by the line decoder along with the other data in an extra column in each of the n lines of the memory, cf. signal wl,
which can be read out in a special testing mode via the original read path, cf. the control signal test. This word may, but need not necessarily, have the same word width w as the data words proper.
Fig. 3 shows a circuit according to the invention, wherein an additional circuit is modified according to the invention such that, during normal reading via the read amplifier S, 13 having an output value dout, this fixedly coded word R is read out simultaneously via its own read amplifier T, 14 for the test bus which has an output value tout. Thus a conclusion can be drawn from this word as to the actually selected line. A line can be identified from the output value by the read amplifier in this manner. Said conclusion may be unequivocal or may at least be sufficient for a plausibility test. A comparison with the address applied to the module then renders it possible to generate a validity signal; in the case of an unequivocal result the reconstructed address itself may also be supplied as additional information, if so desired. The reference wl here represents the line selection and bl the bit line, tbl the test bus bit line, tl the test bus, dout the data outputs, and tout the data output for the address validation code.
In an equivalent manner, a validation circuit is constructed for the column decoder, which circuit tests the decoded column of the m columns during the read access. The circuit according to the invention serves to protect the memory module provided therewith. Any memory module that contains security-sensitive or secret data may advantageously be protected from attacks in principle. The present invention offers a highly efficient method by which it can be ensured that only those memory cells that are wanted are actually read out in that the decoded address is subjected to a validity test or the original address is reconstructed for the purpose of comparison. It can be applied to all memories organized in matrix form such as, for example, RAM, ROM, EEPROM, and Flash. Fig. 4 shows a block diagram 20 in which block 21 represents the input of selection signals or data. In block 22, an address is reconstructed from these data or selection signals. In block 23, this address is compared with the original address and/or a plausibility test is carried out. In the case in which the addresses match and/or a plausibility of the address is established a validity signal will be given in block 24.
Claims
1. A circuit having a memory module (1) that comprises a memory matrix (2), a column decoder (3), and a line decoder (4), the circuit of the memory module in addition comprising a validation circuit (5), wherein said validation circuit (5) is capable of reconstructing an address from selection signals and comparing this address with the original address or carrying out a plausibility test, whereupon a validation signal can be given if the addresses match or the plausibility thereof is established.
2. A circuit as claimed in claim 1, characterized in that the selection signal is a signal applied to the memory matrix of the memory module.
3. A circuit as claimed in claim 1 or 2, characterized in that an attack can be identified on the basis of a deviation between the reconstructed address and the original address.
4. A circuit as claimed in any one of the preceding claims, characterized in that the validation circuit comprises a read amplifier.
5. A method of protecting against unauthorized attacks on data contained in memories or in a memory module, with data being stored in a memory module (1), which memory module comprises a memory matrix (2) for the storage of data, and with a column decoder (3) and a line decoder (4), wherein the circuit of the memory module in addition comprises a validation circuit (5), which validation circuit (5) reconstructs an address from selection signals and compares this address with the original address or carries out a plausibility test, whereupon a validation signal is given if the addresses match or the plausibility thereof is established.
6. A method as claimed in claim 5, characterized in that the selection signal is a signal applied to the memory matrix of the memory module.
7. A method as claimed in claim 5 or 6, characterized in that an attack can be identified on the basis of a deviation between the reconstructed address and the original address.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP07001951.8 | 2007-01-30 | ||
EP07001951 | 2007-01-30 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008093257A2 true WO2008093257A2 (en) | 2008-08-07 |
WO2008093257A3 WO2008093257A3 (en) | 2008-10-30 |
Family
ID=39523547
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2008/050203 WO2008093257A2 (en) | 2007-01-30 | 2008-01-21 | Method of protecting against attacks and circuit therefor |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2008093257A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3010822A1 (en) * | 2013-09-17 | 2015-03-20 | Inside Secure | MEMORY CIRCUIT COMPRISING MEANS FOR DETECTING AN ERROR INJECTION |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4912710A (en) * | 1988-02-29 | 1990-03-27 | Harris Corporation | Self-checking random access memory |
US20060156193A1 (en) * | 2004-11-30 | 2006-07-13 | Nicolas Demange | Error test for an address decoder of a non-volatile memory |
US20070002616A1 (en) * | 2005-06-15 | 2007-01-04 | Stmicroelectronics S.A. | Memory protected against attacks by error injection in memory cells selection signals |
-
2008
- 2008-01-21 WO PCT/IB2008/050203 patent/WO2008093257A2/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4912710A (en) * | 1988-02-29 | 1990-03-27 | Harris Corporation | Self-checking random access memory |
US20060156193A1 (en) * | 2004-11-30 | 2006-07-13 | Nicolas Demange | Error test for an address decoder of a non-volatile memory |
US20070002616A1 (en) * | 2005-06-15 | 2007-01-04 | Stmicroelectronics S.A. | Memory protected against attacks by error injection in memory cells selection signals |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3010822A1 (en) * | 2013-09-17 | 2015-03-20 | Inside Secure | MEMORY CIRCUIT COMPRISING MEANS FOR DETECTING AN ERROR INJECTION |
WO2015040304A1 (en) * | 2013-09-17 | 2015-03-26 | Inside Secure | Memory circuit comprising means for detecting an error injection |
Also Published As
Publication number | Publication date |
---|---|
WO2008093257A3 (en) | 2008-10-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US4408119A (en) | Individualized portable object such as a credit card | |
JP2009505266A (en) | Circuit device having non-volatile memory module and method for recording attacks on non-volatile memory module | |
KR20090046910A (en) | Verifying data integrity in a data storage device | |
KR20010029573A (en) | Nonvolatile semiconductor memory device | |
CN112446054A (en) | Memory authentication | |
US5793683A (en) | Wordline and bitline redundancy with no performance penalty | |
US5740403A (en) | Process circuit & system for protecting an integrated circuit against fraudulent use | |
US5841786A (en) | Testing of memory content | |
JP2008152549A (en) | Memory device, and password storage method for memory device | |
WO2005052946A1 (en) | Embedded memory with security row lock protection | |
CN109686389B (en) | Memory device and method for verifying memory access | |
US4712177A (en) | Circuit for a cord carrier having a memory and an access control unit for secure data access | |
US6735697B1 (en) | Circuit arrangement for electronic data processing | |
US20080028128A1 (en) | Memory access controller and method for memory access control | |
JP4920680B2 (en) | A device that protects memory against attacks caused by error injection | |
WO2008093257A2 (en) | Method of protecting against attacks and circuit therefor | |
USRE42144E1 (en) | Non-volatile memory comprising means for distorting the output of memory cells | |
US6249456B1 (en) | Secured EEPROM memory comprising means for the detection of erasure by ultraviolet radiation | |
US9111649B2 (en) | Tamper resistant semiconductor device with access control | |
JP2006507592A (en) | Circuit arrangement with non-volatile memory module and method of recording light attack on non-volatile memory module | |
US7806319B2 (en) | System and method for protection of data contained in an integrated circuit | |
US20130291130A1 (en) | Protection of Memory Field Using Illegal Values | |
TWI750073B (en) | Semiconductor device with security function and security method thereof | |
US20060282683A1 (en) | Flash array read, erase, and program security | |
RU2216046C2 (en) | Circuit layout and method for authenticating memory area content |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08702474 Country of ref document: EP Kind code of ref document: A2 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 08702474 Country of ref document: EP Kind code of ref document: A2 |