Technical Field
The present technique relates to an apparatus and method for providing resilience to attacks on reset of the apparatus.
Description of the Prior Art
It is known to provide processing circuits which perform data processing operations using data that needs to be protected against unauthorised access. The data that needs protecting can take a variety of forms, but as a particular example it is known to provide processing circuits that perform encryption and decryption using particular encryption and decryption algorithms that make use of secret data such as a secret key. Such a secret key needs to be protected in order to avoid the encryption being circumvented. As another example, some processing circuitry will be able to operate in one or more privileged states where the data being manipulated in those states is not accessible from a user operating state. It is important to ensure that an attacker cannot gain entry to the privileged state of operation, in order to ensure that the security of the data being processed in the privileged state is maintained.
A number of techniques have been developed to seek to unlawfully access such secure data within a processing circuit such as an integrated circuit. For example, one known technique for seeking to access such secret data is differential power analysis (DPA). Such DPA techniques seek to extract secret data such as the earlier-mentioned secret key from observation of a power consumption characteristic of the processing circuitry for various different input data. On each reset of the apparatus, the attacker will seek to re-run the same processing operations using different input data and monitor a power consumption characteristic such as a current signature of the apparatus in order to determine how that power consumption characteristic changes for various different input data.
Since it is generally known what algorithms are being executed by the integrated circuit, it is possible to model the operation of the integrated circuit and thereby produce simulated current signatures for various different guesses of the secret key. Attempts can then be made to correlate the simulated current signatures for various guesses of the secret key with the actual current signatures observed in the circuit, in order to thereby seek to determine the secret key.
Another known mechanism for seeking to gain unlawful access to secret data within processing circuitry such as an integrated circuit is to inject transient faults in a systematic manner in order to seek to compromise the security of the apparatus. For example, the security of processor cores and cryptographic engines can potentially be compromised by injecting deliberate faults by attackers. Such an approach may for example be performed on a reset of the apparatus in order to seek to unlawfully gain access to the privileged state mentioned earlier, thereby allowing access to the secure data.
It would be desirable to provide an improved technique for providing resilience to such attacks performed on reset of an apparatus.