A nonvolatile memory contributes to high-speed boot of an information processing device, and low energy consumption by a normally-off function. However, in a term of data security, the nonvolatile memory may be attacked in a manner different from an attack on volatile memory.
For instance, when power to currently working information processing device is interrupted, data in the volatile memory of the device will disappear. Therefore, even if the volatile memory is physically accessed after the power down, data stored in the volatile memory before the power down cannot be thieved or falsified.
In contrast, a nonvolatile memory still store data even during power down. Accordingly, it is possible to remove the nonvolatile memory from an information processing device during the power down, thieve and falsify data therein using an external device, then return the nonvolatile memory to the information processing device, and restart the information processing device. As a result, an operation of the information processing device can be illegally changed. Such a memory attack will especially be significant threat to an information processing device used outside or at a location where a person can illegally access it.
As a countermeasure against illegal data falsifying, various verification techniques, such as hashing or Message Authentication Code (MAC), are used. In general, a hash value and a MAC value for verification target data are called verifiers. In data falsifying verification, it is determined whether verification target data is falsified according to whether a first verifier calculated at a first time based on the verification target data matches a second verifier calculated at a second time based on the verification target data. When a verifier is calculated for verification target data and verification is executed based on the verifier, the verification target data itself may be stored in a place where it may be falsified. However, it is necessary to store the verifier and a secret key in a secure place where neither of falsifying and reference is possible.