Protection against integrity violation is becoming more and more important. This also applies to security controllers, secure memories, radio frequency identification devices (RFID) as well as many other devices which require protection against integrity violation that is for example caused by physical attacks. In the following, the term “attack” means extracting a secret or manipulating data for the benefit of an attacker.
To this purpose, integrity violation comprises inducing faults during the execution of a program on the security controller, secure memory, RFID device, etc., or during operation of a finite state machine (FSM) on the respective device. Faults can be induced by several means, for example by voltage spikes, laser light, ionizing radiation, probe needles, etc. One of a variety of examples of inducing faults comprises disturbing an address pointer to an output buffer during an output operation in such a way that the address pointer points to the storage location of a secret key used to both encrypt and decrypt messages. Such an attack would result in the output routine sending the secret key out of the device instead of sending the contents of the output buffer as intended.
In a further example, integrity violation is initiated by manipulating a program counter in such a way that a programming routine for a non-volatile memory is called, instead of calling some other routine as intended. This example of integrity violation results to important data might be overwritten with values under the control of the respective attacker.
Protection mechanisms like access right flags in memory management units are used to protect against integrity violation. Protection levels (kernel, user, etc.) are known as well as data redundancy, redundant operations, etc. However, these protection mechanisms have been subjected to integrity violation, too.