1. Technical Field
The present invention relates to the field of secured data transmissions and more particularly to the securization of acknowledgements sent by a secured device in response to a message sent by another secured device.
The present invention particularly relates, but not exclusively, to the securization of a data transmission between an electrically erasable and programmable memory, for example an EEPROM or FLASH memory, and a device using the memory to store data.
2. Description of the Related Art
Various electronic equipment, such as printers, mobile telephones, PDA (Personal digital assistants) are capable of being equipped with a secured electrically erasable and programmable memory, to therein store sensitive data such as the serial number of the equipment, the version number of the operating system (OS) of the equipment, the references of the technical units (“technical platform”) with which the equipment is equipped, etc.
The present invention aims to perfect a classic technique of secured data transmission which will be briefly described in relation with FIGS. 1 and 2. FIG. 1 very schematically represents a secured memory M1 and a device D1 linked to the memory M1 by any data link, for example a wire link. FIG. 2 is a flowchart relating to steps described below.
The memory M1 and the device D1 are generally integrated circuits on a semiconductor chip and each have a random word generator RGEN and a cryptographic function FKs with a secret key Ks. The sequence of a communication, or session, between the device D1 and the memory M1 comprises an authentication phase, a phase of determining a session key, and a phase of conducting the session in which the device D1 and the memory M1 exchange data.
The authentication phase, preferably a mutual authentication, is similar to that occurring for example between a smart card and a smart card reader. It thus comprises a phase of the device D1 authenticating the memory M1 and a phase of the memory M1 authenticating the device D1.
To authenticate the memory M1, the device D1 generates a random word RD1 and then sends it to the memory M1. The memory M1 receives the random word RD1, transforms it by means of its cryptographic function, then sends the result FKs(RD1) to the device D1. The device D1 receives the result FKs(RD1), itself produces a result FKs(RD1)′ by means of its own cryptographic function, then compares the two results so as to make sure that the memory M1 holds the secrete key Ks.
The authentication of the device D1 by the memory M1 is similar to the authentication of the memory by the device, but the “roles” are reversed. The authentication of the device D1 thus involves a second random word RD2 which is generated by the memory M1.
Once these steps are completed, the device D1 and the memory M1 together define a session key SK. This session key is for example defined using the random words RD1, RD2 and according to a common determination rule, such as a deterministic key generation function for example. The device D1 and the memory M1 can also use a secret key table and each choose the same session key in their respective tables, according to a determined selection rule, for example depending on the value of the random words RD1, RD2.
The session comprises the device D1 sending messages and the memory M1 sending acknowledgements. The messages are for example commands for writing, reading or erasing the memory, commands for opening or closing sessions, etc. These messages can therefore comprise a write or read address and data to be written. The session is secured in a manner enabling data hacking to be countered, the most well-known attack being the so-called “man in the middle” attack. According to this attack scenario, a hacker intercepts and falsifies the exchanges so as to pass himself off as the device D1 or the memory M1.
Thus, the exchange of data is secured by associating to each message or each acknowledgement a signature which authenticates the message or acknowledgement, as described by the flow chart in FIG. 2.
It is assumed here that the device D1 must send a message MESS to the memory M1. The device D1 uses its cryptographic function to produce a signature S1 (step S10) of the type:S1=FKs(MESS,SK),which is obtained by applying the message MESS and a secret or temporary parameter like the session key SK to the input of the cryptographic function. The message MESS is then sent to the memory M1 together with the signature S1 (step S11).
The memory receives the message MESS (step S20) and produces, by means of its own cryptographic function, an internal signature S1′ (step S21) of the type:S1′=FKs(MESS,SK),which is therefore, in principle, identical to the signature S1.
The memory then compares the signatures S1 and S1′ (step S22) to authenticate the message received. If the two signatures are identical, the memory executes the command contained in the message (step not represented) and then prepares to send an acknowledgement ACK to attest to the proper receipt of the message and its proper execution (when the message is a write command for example; in the case of a read command the response will consist in sending the data read together with a signature).
For this purpose, the memory M1 again uses its cryptographic function to produce a signature S2 (step S23) from the acknowledgement ACK and the session key SK, the signature S2 thus being of the type:S2=FKs(ACK,SK).The acknowledgement ACK is then sent to the device D1 together with the signature S2 (step S24).
The device D1 receives the acknowledgement ACK and the signature S2 (step S12) and again uses its cryptographic function to produce an internal signature S2′ (step S13) of the type:S2′=FKs(ACK,SK),which is therefore, in principle, identical to the signature S2.
The device D1 then compares the signatures S2 and S2′ to authenticate the acknowledgement received (step S14). If the two signatures are identical, the message MESS is considered to be received and, according to the nature of the message, to be executed (write message for example).
This classic method, although it is effective to counter hacking, proves to be inconvenient as it requires two steps of cryptographic calculation to be conducted in the device D1 and two steps of cryptographic calculation in the memory M1. More precisely, each device D1, M1 performs a cryptographic calculation upon each transmission of a message and a cryptographic calculation upon each transmission of an acknowledgement. As the cryptographic calculations are not instantaneous and require a considerable number of clock cycles to be applied to the circuit executing the cryptographic function, they slow down the exchange of data. This is particularly the case when encryption circuits that are “optimized” in terms of occupied silicon surface and/or in terms of cost price are used. Such circuits have performances that are voluntarily limited, sometimes even degraded, to meet encumbrance and/or cost requirements. The number of clock cycles they need to produce a cryptographic code can be substantially increased compared to performance-optimized circuits. In this case, it is particularly desirable to reduce the number of cryptographic calculations.