1. Field of the Invention
The present invention generally relates to digital processing circuits and, more specifically, to microprocessors capable of executing so-called secured tasks, that is, manipulating digital quantities intended to remain secret. These may be, for example, ciphering tasks using public key (asymmetrical) or secret key (symmetrical) mechanisms.
The present invention more specifically applies to digital data processing systems using at least two operating systems, among which is a secured operating system.
The present invention more specifically aims at the protection of a system sharing a time counter, against attacks by interpretation of the time for processing digital quantities to be protected. Such attacks are most often designated as timing attacks.
2. Discussion of the Related Art
FIG. 1 very schematically shows in the form of blocks a first example of application of the present invention to a controlled broadcasting system (for example, of subscriber television type). Signals received by an antenna 1 (for example, a satellite antenna) are decoded by a decoder 2 (STB for “Set Top Box”) to be displayed on a television set 3. Decoder 2 contains digital processing circuits among which is at least one processor capable of executing deciphering tasks from a key integrated to the decoder or contained in a support, for example, a smart card readable by the decoder. Decoder 2 is capable of hosting not only secured applications linked to the decoding but also applications and/or an operating system which are not secured for, for example, presentation of the user interface of the screen, some game programs, etc.
FIG. 2 shows a second example of application of the present invention to a mobile phone 10, provided with a screen 11 and a keyboard 12. A secured exploitation system concerns, for example, the system for managing the rights of access to the communication network (for example, telephone) while a non secured operating system concerns, for example, the processing of images taken by an objective lens comprised by device 10, or any other program requiring no protection for execution.
Another example, not shown, of application of the present invention relates to personal microcomputers capable of operating under two different operating systems, one being considered as secured.
FIG. 3 very schematically shows, in the form of blocks, the conventional operation of a central processing unit 20 (CPU) of a processor of the type to which the present invention applies. In FIG. 3, the hardware (HW) and software (SW) layers have been separated by dotted lines 30.
From a hardware point of view, central processing unit 20 comprises a timer 23 clocked by a clock signal CLK and in charge of synchronizing the operation of the entire system. Timer 23 is considered as secured, in that the information that it contains on the number of used clock cycles is not directly accessible from the outside of the circuit.
A first operating system (block 31, OS1) considered as secured uses time counter 23 when it needs executing tasks which are assigned thereto. In certain cases, the first operating system directly uses counter 23 as a sequencer. In other cases, a register 21 defining a counter COUNT1 is used as a sequencer dedicated to the first exploitation system. This counter (COUNT1) is incremented at rate CLK of timer 23. A second operating system (block 32, OS2) considered as non-secured also uses timer 23 to update a counter COUNT2 stored in a register 22. Exploitation system 31 is considered as secured because the content of its clock register 21 is not accessible by the other exploitation system. Exploitation system 32 is considered not to be secured because the content of its clock register 22 are accessible by the two operating systems.
The making of central processing unit 20 available for one or the other of the operating systems is managed by a mechanism of hardware resource sharing according to various access priority rules. The clock registers dedicated to the different operating systems (especially that of the non-secured system) may be in the software layer.
FIGS. 4A, 4B, 4C, 4D, and 4E illustrate, in timing diagrams, an arbitrary example of distribution of the tasks between the two operating systems of FIG. 3, illustrating the problem of timing attacks. FIG. 4A shows clock signal CLK. FIG. 4B illustrates periods of activity of first operating system OS1. FIG. 4C illustrates periods of activity of second operating system OS2. FIG. 4D illustrates the content of timer 23 which is identical to that of clock register 21 (COUNT1) if existing. FIG. 4E illustrates the content of clock register 22 (COUNT2).
It is arbitrarily assumed that first operating system OS1 holds the lead during cycles i−5 and i−3 (FIG. 4D), that the second operating system holds the lead during cycles i−2 and i, and that a task critical from the point of view of security of the manipulated data is executed by the first operating system between cycles i+1 and i+n−1, the lead being returned to the second operating system from cycle i+n.
As illustrated in FIG. 4E, the content of register 22 just before time t0 when first system OS1 takes the lead for the critical task is i and this content, when the lead is returned thereto, is i+n. Since the content of register 22 is accessible, the number n of clock cycles for which the first operating system has held the lead for the execution of the critical tasks is thus available, even if the content of register 21 or of counter 23 is not accessible. Now, this number of cycles may be exploited to determine the value of the manipulated quantities, the time necessary to process a bit at state one being different from the time necessary to process a bit at state zero.
An example of timing attacks on an AES algorithm is described in article “Cache-timing attacks on AES” of Daniel J. Bernstein (Department of Mathematics, Statistics, and Computer Science—The University of Illinois—Chicago, Apr. 14, 2005, XP007901095).
A known solution to solve this problem is described in U.S. Pat. No. 5,994,917 and comprises the introduction of a pseudo-random character into the clock signal frequency. This amounts to providing two clocks different in hardware terms in the central processing unit, each clock being respectively assigned to one of the operating systems.
A problem is that the forming of a hardware clock dedicated to each operating system is not always possible.