Integrated circuit chips may comprise circuits considered as sensitive in view of the data that they manipulate, for example encryption or authentication keys, signatures etc. Such information should remain secret, in other words it should not be communicated to third parties or non-authorized circuits.
A common technique for pirating information manipulated by an integrated circuit includes detecting zones of the circuit involved during the processing that uses the information. For this, the circuit is activated or otherwise placed in an operational environment, and data (for example an encrypted message) is inputted for processing by the circuit. During the processing, the surface of the circuit is swept by a laser to inject faults in the functioning of the circuit. The output of the circuit is analyzed in parallel to determine the zone (the physical location) of the circuit involved in the processing of the sensitive data. Once the zone or zones have been localized, the pirate concentrates attacks (by fault injection) on these zones to discover the secret information (the algorithm itself or the keys), for example, by an analysis of the outputs or by side channel attacks, for example by statistical analysis of the circuit's power consumption.
FIG. 1 illustrates schematically, in block form, an integrated circuit chip 100 comprising circuit blocks 102 and 104, which are sensitive in view of the security of the data they manipulate, for example storing encryption keys. A common attack includes powering-up the circuit, applying certain data signals at the circuit input pins, and then blindly scanning the chip with a laser beam, to disrupt its functioning. In particular, the impact points (symbolized by points 106 in FIG. 1) of the laser beam bring about a change in the state of a logic circuit which results in a modification of the output data of the circuit. By correlating the scanned regions with the data obtained, a pirate can locate the circuit portions which implement the functions manipulating the sensitive data, and then concentrate subsequent attacks on this zone in order to discover the manipulated secret data.
To defend against laser attacks, the integrated circuit 100 comprises detection circuits 108, for example distributed regularly across the surface of the circuit. As soon as one of these detection circuits is hit by a laser beam, a counter-measure is triggered. Such a counter measure generally includes interrupting the operation of the circuit, for example, by performing a reset to reactivate the circuit. A counter can also be incremented after each detected attack, such that the integrated circuit can be disabled definitively once a threshold has been reached, for example by blowing a fuse.
The fault detection circuits 108 may take different forms. They may perform a redundant calculation by two different paths, and verify that there is coherence between the obtained results. If one of the paths is subject to a laser attack, the detector detects a non-coherence between the results. Other detection circuits monitor a signal derived from a clock signal.
The objective of a laser scan is to obtain a map of sensitive zones (either because they manipulate secret data, or because they contain a detector), in order to then position fault injection attacks.
Assuming that the integrated circuit is equipped with a mechanism for definitively and irreversibly disabling the circuit, the higher the number of detectors across the surface of the circuit, the higher the number of units (circuits) which will be needed by a pirate in order to locate the sensitive zones. Thus, the interest to a pirate of “an attack” depends on the number of integrated circuits that will need to be sacrificed in order to discover the secrets. However, the higher the number of detectors 108, the larger the circuit and the smaller the effective surface area available of implementing the functions for which the circuit is intended.
There is thus a problem in improving the protection of chips from fault injection attacks, without increasing the chip area.