The present invention relates to an apparatus for checking an error detection functionality of a data processing means, particularly in the field of chip cards or smartcards, which are used, for example, in sensitive fields and can thus be subject to attacks.
In sensitive areas concerning security, manifold technical protective measures are employed. These protective measures enable, for example, users to access certain computer systems, authorized persons to be permitted access to certain areas closed to the public, or also to access secured information, such as private keys within the scope of a public key cryptography method, bank data, or credit card information. The authorized user, i.e. for example the authorized user of a computer system or also a person authorized to access a non-public area, for example, often obtains a chip card with a security controller identifying the user as authorized to a security system. A security controller is a microcontroller that may for example be employed on a chip card for monitoring security functions.
Such security systems and security circuits, for example including chip cards, are already subject to attacks due to the value of the goods, information and privileges they protect, which are to be fended off by various countermeasures on the part of the security circuits. The functionality or functional efficiency of the countermeasures has previously been checked by so-called UmSLC modules (UmSLC=User Mode Sensor Life Control). Apart from corresponding supply circuits and evaluation circuits, the central components of the countermeasures have previously been sensors, which are to recognize the attacks. Among the sensors are voltage sensors, frequency sensors, temperature sensors and light sensors, for example. In order to check the functionality of the countermeasures, i.e. the functionality of the various sensors, their supply circuits, and the associated evaluation circuits, the sensors and/or their associated components were adjusted or stimulated by the UmSLC module such that an alarm was triggered. However, the triggered alarm was not judged as an attack, in other words, this alarm was not switched effectively, but it was only checked whether it was generated at all. If the alarm did not take place within the scope of such a test, the UmSLC module assumed a manipulative attack having rendered the sensor inoperative. In such a case, the UmSLC module itself can generate and output an alarm signal, which may lead to the security controller of a chip card and/or the CPU (central processing unit) of the security controller being stopped, sensitive information being destroyed or deleted, or a reset of the security controller being caused.
New countermeasures are now no longer or no longer exclusively based on analog sensors, which detect changes in the environmental conditions or in the operating conditions, respectively, of the respective security components (for example of a security controller), but also comprise logic measures supposed to detect changes of the information. Conventional UmSLC modules therefore no longer meet these requirements.
Data processing means, such as they can be used on a microcontroller or on a chip card, comprise one or several calculating means or arithmetic logic units (ALU). Such an arithmetic logic unit or ALU can be protected against errors by an error detection functionality or error detection function, respectively, according to the prior art. The error detection functions can be realized here, for example, based on checking parity bits, which means a parity-check, or another implementation of an error detection code (EDC). Alternatively or additionally, a second arithmetic logic unit or second ALU, respectively, can calculate or process the same or altered, for example inverted data in parallel, which are then compared with the results of the first ALU in a further step.
Within an attack on the data processing means, an attacker can, for example, try, to interfere with the error detection functionality by a physical attack, for example by deliberately etching back selected areas of the chip comprising the data processing means, and by applying electrical voltages or voltage pulses to certain areas of the chip. Thereby, the attacker can, for example, manipulate the flow of the calculation such that these manipulations will no longer be detected. As a consequence, for example, the result of a calculation, a logic connection or a count can be manipulated such that a microcontroller, which the chip also comprises, can, for example, be caused to reveal actually secret data. The above-described sensors are basically suitable for detecting a corresponding attack on the error detection functionality of the data processing means, but these sensors are always only sensitive to a certain set of attacks.