Such data processing apparatuses are known in the form of microcontrollers, for example. The execution unit handles arithmetic and logic instructions. The operands involved are either located in the data and address registers or are applied via an internal bus. The flow controller normally comprises an instruction decoder and a program counter. The program counter calls the instructions in the program successively. The instruction decoder then triggers the steps required for executing the instructions.
When a program starts, the program counter is set to a start address. This address is transferred to a memory via an address bus. A read signal transferred on a control bus prompts the content of the memory area in question to appear on a data bus and to be stored in the instruction decoder. The instruction decoder then triggers the operations required for executing the instruction. Following execution of the instruction, the instruction decoder sets the program counter to the address of the next instruction.
The instruction which is executed next is thus always dependent on the address which is in the program counter.
This key function of the program counter is exploited by hackers when attacking chip cards and security ICs. The attackers attempt to disrupt the components involved in program execution such that the intended program sequence is altered and the microcontroller executes a code other than the intended one. Such unwanted changing of the program flow is referred to as “jumping” the microcontroller. In order to prompt the microcontroller to be jumped, attackers attempt to increase the clock frequency or to inject interference onto the clock line or the supply voltage lines.
In order to prevent such an attack, which results in the microcontroller being jumped, it is known practice to provide a plurality of sensors which detect an excessive frequency or interference on the supply lines, for example. If, by way of example, the excessive frequency sensor responds because the microcontroller is being operated at an increased clock frequency, an attack is assumed and the microcontroller is subjected to a security reset. These sensors are relatively complex to implement, however, because they require analog circuit components.