When executing a program, attacks for example by laser, glitch or electromagnetic radiation modify the instruction codes executed by the processor, e.g. converting any instruction codop into codop 00h (BRSET0 on 6805, NOP on 8051 and AVR): the program instructions are replaced by inoperative instructions. Consequently, certain sections of the code fail to execute or execute irregularly, for example the execution of inoperative instructions instead, of a security processing sequence, for example in an operating system for smart card. The attacks may disturb the processor operation and cause untimely jumps in the program memory.
This applicant filed a French patent application No. 0016724 on 21 Dec. 2000 concerning a method to secure the execution of a program stored in a microprocessor controlled electronic module, as well as the associated electronic module and integrated circuit card. The solution protected in said application consists in triggering interrupts intermittently and thereby diverting the program execution to protect against possible attacks. This solution offers a good probability of detecting and preventing the attacks by radiation. However, some attacks may not be detected, especially if the attack occurs briefly between two interrupts.
Amongst the known defences, another solution consists in setting flags in a byte of the RAM memory at regular intervals and in checking, at a particular point in the execution of the software, that all flags which should be set are actually set. Setting up this type of defence is tedious, however, since specific volatile memory areas must be allocated and processing added in the code to be protected, wherever this is required. In addition, since attacks of this type are becoming shorter and more precise, the known solutions are becoming less effective. Firstly, the attack may be short enough to have no effect on the setting of flags; execution of a section of the program may therefore be prevented in a way which is totally undetectable. Secondly, the flag verification software may itself be disturbed.
One purpose of this invention is to propose efficient protection even for very short attacks.
Another purpose of this invention is to propose a solution which could be implemented in the current components without adaptation, which consumes few resources and which does not reduce the performance of the assembly in which it is implemented.