The present invention relates to an information processing unit, and, more particularly, to a tamper-resistant system that provides for protection against unauthorized intrusion by persons attempting to obtain information available inside the system and protection against malfunctions of the type caused by electromagnetic waves, radiation, power glitches and other physical means, or system analysis aiming at obtaining the information.
In the present day, as electronic systems have become wide spread, diverse systems tend to radiate electromagnetic waves at various frequencies. Under these circumstances, various phenomena occur, such as a speaker that has been placed adjacent to a TV set causing distortion of the pictures displayed on the TV set. As typified by a computer installed in a motor vehicle, systems are required that will not fail to work properly even in environments where there is intense vibration and an unstable power supply, or that have means for ensuring recovery from irregular operations. In order to describe phenomena and systems of this type, terms such as ‘tamper evident’, ‘tamper response’, ‘tamper free’ (also referred to as tamper resistant) are used; and, these terms refer to detection of irregular operations, response after the detection, and resistance to irregular operations, respectively.
To serve their intended purposes successfully, electronic systems generally have operating margins that are preset to allow for factors that might cause malfunctions, such as noise in practical operation environments. A tamper-evident system has an appropriate means for storing a history indicating whether the system has been subjected to unexpected environments that might have generated malfunctions or not, so the administrator need not monitor the system constantly and can prescribe appropriate remedies for malfunctions just by checking the history periodically. A system with a tamper-response capability can observe system circumstances on its own to detect occurrences of unexpected circumstances that might cause malfunctions; and, if it detects such circumstances, it has a means for taking necessary actions, such as issuing an alarm. The administrator of this kind of system must check its operation only when alarms are issued. A tamper-free system is designed with sufficient care to prevent it from being subject to an irregular operating condition, and such a system can automatically recover even if it does become subject to an irregular operation.
If the word tamper is interpreted as referring to an action by a malicious person, a system that has a mechanism for protecting its components completely against attacks aimed at the components by such a malicious person can also be referred to as tamper-free. If a system, such as a banking terminal having a memory retaining secret information, is opened by unauthorized access, for example, this type of system itself can automatically erase or destroy the information retained in the memory to protect it from being accessed. A tamper-free system eliminates the necessity of monitoring by its administrator.
The word tamper used herein means either a change in the operating environment or an intentional attack made by a person with malicious intent.
Electronic systems tend to generate so-called malfunctions or fall into a suspended mode when the intensity of electromagnetic waves, radiation, temperature, vibration, or other factors exceed a range anticipated at the time of design. This tendency is caused by the fact that these systems operate both electrically and mechanically. In a system employing relatively few components, even if a simple full search is performed, the cost of identifying the causes of problems and of taking countermeasures in connection therewith is relatively low. If electronic components are combined with each other, however, it becomes difficult to check their types and methods completely; and, accordingly, it is extremely difficult to ensure that the system will not fail to function normally. Therefore, systems that must depend on many components to assure the security of the entire system require greater attention to their tamper-resistant capabilities. Examples of such systems include a microprocessor used in a central processing unit (CPU), which is a highly integrated semiconductor device having on the order of tens of thousands to millions of circuit elements, and an IC card with a CPU, memory cells, external interfaces and other electronic components integrated in a silicon chip only a few millimeters square or less. Conventionally, such systems are designed to operate with an implied guarantee that a higher level system can rely entirely on the security of its lower level systems, which means that there is a possibility that failures and malfunctions of the lower level system may cause the whole system to halt unexpectedly or fall into a malfunctioning state.
FIG. 1 is a schematic illustration of an IC card 101 that is equipped with a contact terminal area 102, through which information is exchanged between the inside and outside. The Vcc, RST, CLK, and I/O terminals receive power, reset signals, clock signals, and input and output signals, respectively. GND indicates a ground terminal. IC cards and other security-intensive cards use a central processing unit 201, as shown in FIG. 2, to perform cryptographic and other operations using a secret key. The IC card also includes a coprocessor 202 that is connected via a bus 203 to a memory 204, which further includes a program 205. Since an IC card provides a link between the inside and outside only through an I/O port 207 and data operated on in the CPU is not output to the outside, data 206 retained in secrecy in memory 204 has been considered to be highly secure. However, Biham and Shamir have proved that IC cards subject to external stresses, such as radiation and electromagnetic waves, may malfunction; and, accordingly, they allow acquisition of secret-key information used therein by observing the computed results. As they disclose in Differential Fault Analysis of Secret Key Cryptosystems (Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CYPTO'97, Springer-Ferlag, pp. 513 to 525, 1997), it is possible to cause partial errors in values in arithmetic and logic operations and identify a secret key used therein from the computed results. Therefore, only observing that a computer system in an IC card continues operating is not sufficient to assure the security of the IC card. It is necessary to check the component devices themselves to see if they are operating correctly as the system designer(s) intended.