1. Field of the Invention
The present invention relates to a method and apparatus for detecting fault attacks, and in particular to a method and apparatus for providing detection based on signatures.
2. Discussion of the Related Art
Integrated circuits may comprise circuitry that is considered sensitive in view of the security of the data it manipulates, such as authentication keys, signatures, etc., or in view of the algorithms it uses, such as encryption or decryption algorithms. Such information is desired to be kept secret, meaning that it should not be communicated to or otherwise be detectable by third parties or unauthorized circuits.
A common process for pirating information manipulated by an integrated circuit consists in detecting the zones of the circuit that are used during the processing of that information. For this, the circuit is activated or placed in a functional environment and data packets to be encoded are introduced at an input. While the data is being processed, the surface of the integrated circuit is swept by a laser to inject faults in the functioning of the circuit. By analyzing in parallel the outputs of the circuit, this enables the zones of the circuit that process the data to be determined. Having localized these zones, the pirate can concentrate attacks on these zones in order to determine the secret data being processed.
Signatures provide a way of protecting a circuit against fault attacks. A signature is generated based on one or more data values that will be used by an algorithm. A signature is then generated on the same data values after they have been used by the algorithm. A difference in the two signatures will indicate the occurrence of an attack. Once the detection circuit has detected such an attack, it can trigger a counter measure, such as resetting the circuit, and/or incrementing a counter, which renders the integrated circuit permanently inactive once a certain number of faults have been detected.
Side channel attacks are a different type of attack involving, for example, measuring the power consumption of a circuit. Blinding provides a way of protecting a circuit against side channel attacks. Blinding involves altering, in a non-destructive fashion, the inputs of an algorithm using a pseudo-random variable.
It would be desirable to provide circuits in which a same group of data values can be used to generate signatures to detect fault attacks and be blinded to make side channel attacks harder. However, there are difficulties in implementing effective circuits that combine these functions.