As is conventional in this specific technical field, secure tokens are available as integrated circuit cards incorporating security software and specifically designed to retain secret data and information. Secure tokens can also have programmable language, such as Java, enabling them to run applications. Secure or cryptographic tokens or cards include a protected storage area and a non-protected storage area. The protected area can only be accessed using a pin code created at the secure token creation, but that can be changed by the user.
The cryptographic token is normally used to store a secret key and to calculate a cryptographic algorithm using such a secret key on some input data that is received from an outside source. The result of the calculation is sent back to the outside source (external word) that uses such a calculation for completing an authentication procedure.
As may be understood, the authentication procedure is a weakness of the security relating to cryptographic tokens or cards since a tampering attack may be performed during this procedure to access the secret information stored in the token or card. The prior art already provides various approaches for anti-tampering methods for reacting against possible attacks to cryptographic token and smart card storing secret information such as the secret keys used by the token in the security operation.
The prior art techniques focus the attention on countermeasures against power analysis and electromagnetic analysis attacks by trying to make it difficult for an attack based on analysis of the power and/or the electromagnetic emission during the manipulation of sensitive information. Some of the countermeasures can be implemented either in the algorithm code or at the hardware level and mainly try to obscure the sensitive information observable from the power traces and from the electromagnetic emissions.
Typically these countermeasures include adding noise on the power absorbed by the card or introducing random delay in the code execution. The random delay reduces the correlation between different traces and makes the attack more difficult.
Other countermeasures to counteract such attacks are based on the masking of the sensitive information during the elaboration via random transformation. However, these techniques are specifically designed for protecting the implementation of the algorithm but they do not give any protection to the logic on which the algorithm is founded. In other words, no matter how good and complex the algorithm may be, it becomes weaker over time as the computation power available to an attacker increases and the algorithm become well known and studied by the attackers. Moreover, the countermeasures against power and electromagnetic analysis implemented in the algorithm code are often implementation dependent and cannot be applied to all cryptographic algorithms in the same manner.
Another countermeasure approach to reduce the risks of attacks to a cryptographic token or Smart Card is known as authentication Counter. An authentication counter tries to limit the number of security enforcing procedures that the system can perform in all the system life. It addresses both attacks oriented to break the cryptographic logical and mathematics and attacks mining the implementation. However, this countermeasure is no more effective in many cases since the number of executions of security procedures to break the system is typically minor compared to the total number of executions in the lifecycle of the system.
A further approach is disclosed in the U.S. Pat. No. 4,879,645 relating to a data processing device with high security of stored programs. This document teaches to detect an input command for the cryptographic token or card and to count the number of times this input command is executed; however, this approach does not take into consideration the possibility of assigning a ponder value to such an input command.
Other techniques to increase the security procedure are based on the use of session keys evaluated each time a cryptographic elaboration is required. Even if this technique may be considered more efficient when compared to the previously cited prior art techniques, it is relatively complex to be implemented and this is due to the fact that the cryptographic token and the other primary circuit portions involved in the security operation store not only a common master key but also a common state should be used to elaborate the session keys that have to always be synchronized.