1. Field of the Invention
The present invention relates to a device and a method for the detection of a change of the data of a dataset which may for example be applied in the processing or storing of data in a data processing system for securing data integrity.
2. Description of Related Art
In many application scenarios it is desirable to protect stored data from the access of unauthorized persons, which is why the same are encryptedly stored in a memory. In particular, security applications today require the protection of data by an encryption unit. Apart from that it has to be guaranteed that read data is correct, i.e. that the same was not changed before reading. Data may for example be changed during its transfer via a bus system or during its retention time in the memory by randomly occurring errors like the toggling of an individual bit. Further, also the protection of data processing units against misconduct (by attacks on the data processing unit) gains evermore importance. An attacker who wants to affect the security of a data processing system by an attack will willfully change stored data and in doing so usually change more than one bit of a data word which was stored or transmitted via a bus. In addition to the encryption of the data it is also required to detect a random or willfully caused change of data.
The encryption of data before storing or before transferring the same via a bus system, respectively, is here performed by an encryption unit (MED) which encrypts individual data words of a fixed, system-dependent word length into encrypted data words of the same word length according to a cryptographic algorithm.
Due the necessity to detect data changes and correct individual bit errors, up to now an error correction polynomial (ECC polynomial; ECC=error correction code) or another error correction method based on a redundancy formation is applied to the already encrypted data. By the application of the error correction mechanisms after the encryption by the encrypting MED, the MED itself is generally not protected, or has to be examined by expensive additional hardware, respectively. In addition, for the implementation of the error correction a dedicated extra hardware is required after the encryption. By the method applied so far, the required hardware is thus clearly increased regarding its extent and the current consumption of a data processing means is increased by the additional hardware, respectively, which is among others to be prevented with regard to a possible use in mobile terminal devices.
The German patent application 10 2005 001953.6 describes a method and a device in which the redundancy information, i.e. the error correction information, is formed by a bit-wise exclusive-OR operation of the individual data words of a dataset even before the encryption of the data words by the MED. The error code word or the redundancy information, respectively, in this method comprises the same word length as the data words and the MED. In the method described in DE 10 2005 001953.6, the error code word may be transmitted or stored, respectively, in an encrypted or non-encrypted way together with the data words of a dataset, whereby the detection of changes of the data when transferring or storing the same is enabled and the change of one of the data words of a dataset by one individual bit may be corrected. The method proposed in DE 10 2005 001953.6 has the disadvantage, however, that without changing the hardware no error codes smaller than the data width or the word length of the MED, respectively, may be generated. This is in particular disadvantageous if the individual protection requirements might already be achieved using a lower bit count of the error code. In order to achieve a lower bit count of the error code, either massive changes have to be performed at the encryption unit, or the actually superfluous bits of the error code have to be stored together with the data words, which clearly increases the memory requirements. This is for example a disadvantage for mobile applications or applications in the embedded area where often only limited memory space is available.
In the existing solutions, thus in the implementation of an error correction code or a flexible adaptation of the scope of protection to the security requirements, a significant change or expansion of the existing hardware is necessary.