The present invention relates to a semiconductor integrated circuit, and in particular, is suitably applicable to measures against a fault attack for the purpose of fraudulent acquisition or falsification of confidential information.
There is a fault attack utilizing a malfunction of a security microcontroller for the purpose of acquisition or falsification of confidential information stored in e.g. the microcontroller for handling the confidential information. The malfunction is caused by the application of an abnormal voltage or an abnormal frequency clock, a laser irradiation attack, etc. The laser irradiation attack can cause a fault at a local region, which is an extreme threat among fault attacks; accordingly, there has recently been increasing importance of measures against the laser attack.
There are adopted the placement of a light detector, circuit duplexing, data error detection utilizing an error detection code (e.g., parity), and the like as measures against the laser attack. As for the placement of the light detector, a light detection element is disposed in a semiconductor chip where the microcontroller for handling confidential information is formed, thus directly detecting laser irradiation. As for the circuit duplexing, in a simple example, two storage elements such as flip-flops are provided, and the same data is inputted to the two storage elements. When the data is read out, the two outputs are compared. If the outputs do not match, it is determined that a fault attack has been made. There are a variety of duplexing units ranging from the above simple example to an example of duplexing an entire CPU (Central Processing Unit). As for the error detection, an error detection code such as parity is calculated beforehand based on data to be stored. When the stored data is read again, an error correction code is calculated again and compared with the stored code. If the codes do not match, it is determined that a fault attack has been made.
Japanese Unexamined Patent Publication No. 2010-161405 (Patent Document 1) discloses light detectors based on SRAM (Static Random Access Memory) memory cells comprised of six transistors (FIG. 1) and shows an embodiment of dispersedly disposing light detectors in the memory mat of SRAM (FIG. 4 etc.). Further, Patent Document 1 discloses an embodiment (FIG. 13, paragraphs 0089 to 0094) of disposing light detectors in a cell array configuring a logic circuit such as CPU and a D-type flip-flop (FIG. 15, paragraphs 0096 to 0097) incorporating a light detection circuit.
Japanese Unexamined Patent Publication No. 2011-165732 (Patent Document 2) discloses a light detection circuit based on a CMOS (Complementary Metal-Oxide-Semiconductor) inverter. A light receiving unit is provided on the inverter, where a malfunction is caused by light irradiation and detected.
Japanese Unexamined Patent Publication No. 2008-198700 (Patent Document 3) discloses a light detector of thyristor structure. The light detector is configured by forming a PNPN junction by a P well, an N well, and impurity diffused layers formed in the respective wells, and can be formed in a small area 10 μm square for example (FIG. 3, paragraph 0029).
Japanese Unexamined Patent Publication No. 2009-289104 (Patent Document 4) discloses a security device which compares responses obtained from the processing of the same command in duplexed cores including memories and CPUs, determines that it is under fault attack if the results do not match, and executes error processing.
Japanese Unexamined Patent Publication No. 2009-187438 (Patent Document 5) discloses a technique for protecting a program by an error detection code in an IC card including a CPU for executing a program stored in a non-volatile memory. For each instruction code, EDC (Error Detecting Code) is calculated, added, and stored beforehand in the non-volatile memory. At the time of readout by the CPU for execution, EDC is calculated again and compared with the stored EDC. If the EDCs do not match, it is determined that a fault attack is being made.