This invention relates to integrated circuits, such as those employed in integrated circuit devices (e.g., smart cards, PC cards, cellular phones, pagers, and the like). More particularly, this invention relates to secure integrated circuits that are designed to prevent exposure of secrets from power analysis attacks.
Integrated circuit (IC) chips are ubiquitous today. Some IC chips are designed to protect confidential information or code. For example, smart cards are implemented with secure single-chip integrated circuits that are designed to hold secrets (e.g., cryptographic keys, passcodes, confidential information (financial account numbers), etc.) and to process data using the secrets. Secure chips are specially designed and manufactured to prohibit exposure of secrets as a result of reverse engineering techniques such as deconstructing the chip, layer-by-layer, to extract out data or program code in an effort to discover the secrets.
Differential power analysis is a non-intrusive form of attack on an integrated circuit chip. Rather than carefully peeling apart the circuit, a differential power analysis attack attempts to uncover internal secrets by measuring the power consumed by the chip during execution. The idea is that by knowing what instructions the chip might execute and simultaneously programming an identical chip with such instructions and monitoring power consumption, a person can determine what data is being manipulated by chip execution and thus extract out its secrets. More specifically, power analysis attacks exploit characteristic behaviors of transistor logic gates and software running on today""s smart cards and other cryptographic devices. The attacks are performed by monitoring the electrical activity of a device, then using advanced statistical methods to determine secret information (such as secret keys and user PINs) in the device. More information on differential power analysis is provided at the Web site www.cryptography.com.
To mitigate against a power analysis attack, chip manufacturers add mechanisms that prevent execution of certain instructions, or vary the execution time of individual instructions, or smooth power consumption of the chip. However, these mechanisms significantly complicate chip design and manufacturing, making the chip more complex and adding significant cost to the chip.
As another solution, software designers write code with an eye toward making it difficult for a party to extract secrets using power analysis. For instance, software designers ensure that all code executions take the same amount of time, or that the same instructions are performed in different orders. However, this solution is time consuming and results in slower and large code sets. Furthermore, it is hard to evaluate whether the software solutions are effective.
Accordingly, there is a need for a cost-effective approach for protecting IC chips from a power analysis attack.
This invention concerns an integrated circuit (IC) device that incorporates power analysis protection circuitry to mask the device""s normal power consumption. The circuitry randomly varies power fluctuations exhibited by the IC device to reduce any possible correlation between executing code and the data being manipulated by the IC device to thwart any attempt to extract secrets using an external power analysis attack.
In one implementation, the IC device has a processor and a memory. Voltage and ground contacts supply power to the processor and memory. The IC device is designed to protect a secret, which may be in the form of data stored in the memory (e.g., cryptographic key, a name, confidential data) or special instructions executed by the processor (e.g., confidential code instructions).
Normal operation of the integrated circuit device results in power fluctuations that are externally measurable on the voltage and ground lines. The IC device is equipped with power analysis protection circuitry that randomly varies the power fluctuations. The power analysis protection circuitry includes multiple current sinks coupled between the voltage line and the ground line and a random state generator to randomly turn on and off individual ones of the current sinks. The combination of activated current sinks introduces a new set of power fluctuations that have a different frequency, thereby masking the normal power fluctuations. This random variation of the measurable power output renders it very difficult for anyone to extract the secret using a power analysis attack.