So called smartcard chips are carrying important information and/or data with which an authorization or identification of a user may be performed. With such cards an access to a place or service can be enabled as well as the administration of a bank account. The stored information must not be accessible from the outside to prevent an abuse. Especially the key data for encoding information to be transmitted have to be protected.
For an attack on the security it is known to use parameters like temperature, supply voltage, clock rate or a voltage peak and the radiation with light. By such attacks it is a goal to modify a content of a memory or to manipulate a read access. Also a stored program code may be attacked, since a disturbed program process could reveal secret information. To avoid this, a memory has to be protected against a manipulation of the read access and a change of data bits. At least such an attack has to be identified, so that for example an integrated circuit can react adequately with a restart or deactivation.
For this purpose are used frequently codes which can identify and/or correct an error. Such codes on the other hand need memory space for redundant data bits. For a considerable protection the relation of redundant bits and usable bits must be very high which results in an excessive need of space on an integrated circuit. Such methods for detecting errors are normally only efficient when dealing with huge data blocks. But such huge data blocks need more read access on a memory thereby reducing the performance what is not acceptable in the case of program codes.
Another possibility is the use of a well diode as a light detector as described in the WO 2004/047172 A1. Such a well diode is usually present in an integrated circuit. But this can be only done if the well is not disturbed in regular use.
Further the US 2005/0036383 A1 discloses a memory matrix whereas inactive lines of the memory matrix are used as light sensors for detecting an attack. If a line is in regular use it can not serve as a light detector. Also this detection can be only done at different places and/or times than that which shall be surveyed.
Finally the article: “Techniques to enhance the resistance of pre-charged busses to differential power analysis”, M. Alioto, M. Poli, S. Rocchi, V. Vignoli, 16th International Workshop on power and timing modelling, Optimization and Simulation, PATMOS 2006, Montpellier France, deals with methods of protection against SPA/DPA-attacks, namely a passive survey of an integrated circuit.
A read access on a memory is normally divided into two steps, a pre-conditioning of a memory matrix and a process of measuring. Often a data line is pre-charged onto a predetermined potential and then a change of voltage is monitored. According to the change of voltage a bit is interpreted as 0 (Zero) or 1 (One). Since the use of such a pre-charge is of fundamental importance for reading out data it is also of interest for attacks. A disturbance of the pre-charge may lead easily to erroneous read data.
With a pre-charge a predetermined voltage is applied to a data line. The foregoing logical status may affect the pre-charge. But in both possible cases the voltage is raising or falling monotone or it is in one case constant and in the other case raising or falling monotone.