1. Field of the Invention
The present invention relates to the field of processors executing series of instructions or operation codes on data.
The present invention more specifically relates to a processor used to execute a process of authentication, authorization or the like. More generally, the present invention applies to any program for which it is desired to guarantee that the execution (sequencing) of the program (instruction series) is not modified.
2. Discussion of the Related Art
In this type of application, a critical moment is when the processor must decide whether a specific operation is authorized. In an example of application to bank cards, this is, for example, the user authentication by means of the typed code, to allow a bank transaction.
To authorize or not access to a secure routine, the veracity of a condition is tested. According to the result of the test, access to the subsequent part of the process is authorized.
A weakness of such processes is linked to the risk of program traps, that is, of forcing the program to skip one or several instructions. Such a trap may be performed, for example, by sending a temporary current peak onto the processor supply for a short time (known as a “glitch”). A trap may be fraudulent or incidental. Attempts of fraudulent traps most often appear when the program has started a loop operation or is stopped on a blocking instruction, due to an authentication default.
Be there an incidental or intentional cause, a trap of a program executed by a processor is particularly disturbing when it is a security application.
The instruction sequencing is generally obtained by means of an instruction counter (called the program counter) associated with the program execution processor. Conventionally, to detect a trap attempt, the program counter rating the processor operation is doubled. By providing two program counters having different implementations and the respective outputs of which undergo a wired coherence test before starting the next instruction to be executed by the processor, some traps can be avoided. Indeed, on a current pulse attack, also known as a fault injection, there are great odds for the results provided by the two program counters to be different.
A disadvantage of this solution is that it is complex to implement.