The invention relates to a process for the secure processing of a sensitive logical element in a storage register containing several words, each formed of several logical elements, and a security module implementing this process.
The term xe2x80x9csecurity modulexe2x80x9d should be understood either in its conventional sense, in which it designates a device whose purpose in a communication or information network is to be held by an authority supervising the network and to store, in protected fashion, secret and fundamental parameters of the network such as cryptographic keys, or more simply, as designating a device allocated to various users of the network allowing each of them to have access to the latter, this latter device also being capable of holding secret parameters. The security module could take the form of a portable object of the chip card type.
It is known that a hacker is capable or reading or altering information contained in the information storage means of a security module, particularly in the memories of electronic chips, using an electronic microscope or radiation producing means, depending on the circumstance. He can also deduce certain information by carefully studying the electric current consumption of the information storage means. However, in order to be effective, he must not only access the stored information, but also identify the function of this information in the operation of the security module.
In the known art, the information is stored in the storage means at dedicated and immutable locations. The result is that a hacker is capable in certain cases of discovering the presence of a piece of information that is always the same at a given location, and of connecting this information with a particular function. He can then knowledgeably affect the execution of the process in the security module.
The primary object of the invention is to offer a process for the secure processing of a sensitive logical element in a storage register that makes it much more difficult to discover the function assigned to this sensitive logical element.
To this end, the process according to the invention is characterized in that it comprises the steps consisting of:
defining a first auxiliary word containing several logical elements randomly defining the position of a sensitive word among the words of the storage register, which is intended to store said sensitive logical element, and within this sensitive word, the position of the sensitive logical element among the logical elements of this word, the other words of the storage register constituting decoy words;
using the first auxiliary word to select said sensitive word and to store the sensitive logical element in its position within this sensitive word.
According to an improvement, the process according to the invention is characterized in that it comprises the steps consisting of:
defining a first auxiliary word containing several logical elements randomly defining the position of a sensitive word among the words of the storage register, which is intended to store said sensitive logical element, and within this sensitive word, the position of the sensitive logical element among the logical elements of this word, the other words of the storage register constituting decoy words;
defining a second auxiliary word containing several logical elements randomly defining, for each decoy word in particular, the position of a decoy logical element among the logical elements of this word;
successively considering each of the words of the storage register and randomly assigning for this word a value to the logical elements of the second auxiliary word, and in the event that this word is a decoy word, using the second auxiliary word to store the decoy logical element in its position, and in the event that this word is the sensitive word, using the first auxiliary word to store the sensitive logical element in its position.