Various electronic devices, e.g. mobile telecommunication terminals, portable computers and PDAs, require access to security related components such as application programs, cryptographic keys, cryptographic key data material, intermediate cryptographic calculation results, passwords, authentication means for externally downloaded data etc. Typically, it is necessary that these components, and the processing of them, is kept secret within the electronic device. Ideally, they shall be known by as few people as possible since a device possibly can be tampered with if its security related components are known. Access to these types of components might aid an attacker which has a malicious intent to manipulate a terminal.
Therefore, a secure execution environment is introduced in which environment a processor within the electronic device is able to access the security related components. Access to the secure execution environment, processing in it and exit from it should be carefully restricted. Prior art hardware comprising this secure environment is often enclosed within tamper resistant packaging. It should not be possible to probe or perform measurements and tests on this type of hardware which could result in the revealing of security related components and the processing of them.
The device architecture described hereinabove is not perfectly resistant to security attacks. It is, for example, desirable to offer enhanced protection against attackers of software that executes outside the secure execution environment. When the operating system of a device is booted, it is relatively simple to ensure that the proper software is started, since specifically developed protected application software is employed for these and other purposes, and the execution of these protected applications is strictly controlled. However, during subsequent execution, an attacker may make attempts to modify “normal” software application using various methods, and possible modifications of any software executing in the device should be prevented.
Protection of data and program code is highly desirable, since a malicious person may try to access sensitive data in the device in case this person is given access to the device, for example by stealing it. It may also be the case that a Digital Rights Management (DRM) system is implemented in the device. This DRM system stores copyright protected contents and associated digital rights that determine what type of access a user has to the content. The DRM system is thus used to protect the content from being accessed by an unauthorized user, misused and/or wrongly distributed. Since the contents and the rights have an economical value, the user may become tempted to try to access the contents by bypassing DRM control functions. Clearly, many different scenarios can be envisaged in which an attacker may attempt to manipulate a device.
A typical attack made is an attack referred to as the “modified-chip attack”. In the modified-chip (“mod-chip”) attack, an attacker attaches a small chip into the target device architecture. The mod-chip then modifies signals and/or data in the device architecture to manipulate the device. The complexity of mod-chips covers a broad range, from designs containing a simple microprocessor and associated software to highly complex designs incorporating field programmable gate arrays (FPGA) containing thousands of logic gates. Given an unlimited amount of time and sophisticated hardware/software, a skilled attacker may crack just about any system, and it may in practice be very difficult to secure a system against such brute force attacks. However, an acceptable security level of a system is, in most cases, a level where the security measures that are taken prevents an attacker from cracking the system, due to the fact that the required complexity of the mod-chips makes the design and production of the mod-chips prohibitively expensive. Thus, even though it may be virtually impossible to secure systems against brute force attacks which utilize highly sophisticated hardware/software, the systems shall be resistant to attacks which use less complex and hence less expensive modchips.
In the prior art, typical measures that have been taken to secure systems or devices include, for example, to impede access to system/device buses. Program code should be protected both during execution and when the code is stored in system memory. However, problems relating to device security still remains.