The present disclosure relates to protection schemes to prevent reverse engineering of program code stored in electrical circuits.
Secure integrated circuit cards, commonly referred to as smart cards, can be of the form of an embedded integrated circuit hardware device that is small enough to fit into a user's pocket. Secure integrated circuit cards can be used in many situations where critical information must be stored and shared. For example, television set-top boxes that facilitate pay-per-view or video-on-demand features can use a secure integrated circuit card to supply user account information to a provider along with a request for access to features, and to subsequently decrypt encrypted digital video streams that can be provided in response to the request. As another example, a Subscriber Identity Module (SIM) card in a Global Systems for Mobile Communications (GSM) phone can be used to store a user's personal information, such as his or her phone book, device preferences, preferred network(s), saved text or voice messages and service provider information. A SIM card can allow a user, for example, to change handsets while retaining all of his or her information on the SIM card. Smart cards can be used in a variety of applications (e.g., electronic payment systems, including specialized auto-debit devices such as public transportation cards and personal identification documents, such as passports, drivers licenses, and medical identification cards).
Smart cards can be subject to attacks such as reverse engineering. In a reverse engineering attack, the goal of a hacker is to study embedded instructions (or “code”) in the smart card memory in order to clone the smart card functionality on an easily available programming device. Hardware countermeasures such as memory encryption and implanted read-only memories (ROMs) are commonly implemented on secure microcontrollers to prevent such code reverse engineering. However, the smart card's central processing unit (CPU) typically has unencrypted access to the entire program memory contents and can be manipulated to output the entire contents of memory. Once sensitive information has been extracted from a device, the information can be used for various nefarious purposes. For example, a hacker can obtain pay-per-view or video-on-demand services using another user's account; the hacker can access telecommunication services that are billed to another user; the hacker can steal another user's bank account funds; the hacker can steal another's identity; etc.