Technical Field
The present disclosure generally relates to electronic circuits and, more specifically, to circuits comprising a digital processing unit capable of manipulating ciphering or authentication keys.
The present disclosure more specifically relates to the protection of ciphering or authentication keys contained in an integrated circuit provided with calculation means, for example, an integrated circuit card or the like.
Description of the Related Art
The protection of ciphering or authentication keys contained in an electronic circuit against hacking attempts is a recurring problem in cryptography. In particular, it is often desired to protect one or several so-called native initial or primary keys stored in a non-volatile memory of a circuit on manufacturing thereof, more specifically in a customizing phase which ends the manufacturing process. The aim of this protection especially is to avoid problems linked to a so-called key revocation phenomenon in which the key is considered as no longer secure and is no longer used. If this key is an initial key of the circuit, the latter need to then be considered as unusable. To avoid this, a key derivation mechanism is often used, such that only keys derived from this initial or master key are used. If one of the derived keys is no longer reliable, the circuit can then generate a new one. Another countermeasure against hacking attempts comprises using temporary keys transmitted by a distant trusted element and stored in a circuit RAM (for a short-time use or a use in which the circuit remains powered) or in a reprogrammable non-volatile memory (for a longer use or a use extending over several powering periods). Such temporary keys may also be derived by the circuit from an identifier transmitted by the distant element.
For example, in a toll television application, a control word, used to decipher a video flow on the receiver side, is obtained (derived) from temporary keys contains in an integrated circuit card. Such so-called diffusion temporary keys are obtained after a process of secured exchanges between the access provider and the receiver during which the keys are either directly downloaded, or themselves derived from the integrated circuit card of the receiver based on an identifier transmitted by the access provider. The diffusion keys are the same for several users and are only used by the transmitter for a given time period (for example, one month).
A problem is linked to the fact that diffusion keys are widely used in normal use. They are thus very exposed to attacks. Indeed, attacks aiming at hacking keys are most often based on a recurrent analysis calling the keys a great number of times.
Further, the high frequency of use of diffusion keys by the receiver to obtain the control words (generally every few seconds or tens of seconds) makes it impossible to consider a mechanism requiring an exchange with the access provider for each use of the diffusion key. Accordingly, the same key can be used by several users without the access provider noticing. This results in so-called cardless attacks, that is, in the use of diffusion keys by users which do not own the dedicated integrated circuit card. Further, current Internet-type calculation and communication means enable, due to the processing rapidity, several network-connected users to use the same diffusion key without adversely affecting the media display on their respective terminals. These types of attacks are known as sharing attacks.
In another example of application to payment integrated circuit cards, for example, complying with the so-called EMV standard, session keys are used and derived from a basic key contained in an integrated circuit card which should desirably be protected from possible hacking attempts.
In another example still of application to printer cartridges, for example, of inkjet or laser type, it may be desirable to ensure that the cartridges used by a given printer effectively are authorized cartridges, that is, cartridges certified by the manufacturer. In such an application, the hacking of authentication keys contained in an electronic circuit attached to the ink cartridge or to the printer for example enables reusing a same cartridge refilled too many times.
US 2007/003062 discloses a method for distributing a key in a wireless communication system wherein a key is ciphered by another key.
U.S. Pat. No. 7,036,018 discloses an integrated circuit wherein a ciphering key is erased after a duration that is independent from the circuit power supply. This patent provides a time counter that is incremented or decremented independently from the power supply of the circuit, and provides the triggering of the key erasement at the end of the count. A drawback of such a solution is that a hacker observing the states of a register storing the counter can avoid the erasing of the key by disturbing the operation of the circuit between the detection of the threshold attained by the count register and the erasement operation.