The invention generally relates to digital circuits, and in particular to methods, systems, and computer program products for calibrating a digital sensor configured to protect a target digital circuit by triggering an alarm.
The correctness of computations in a digital circuit depends on several physical and environmental parameters generally referred to as “operating conditions”. Improper operating conditions may lead to a digital circuit outputting partially or totally bogus results and/or internal states. Since this phenomenon is produced by out-of-specifications operating conditions, they are often out of the designer's scope and may yield unexpected behavior.
Attackers willing to gain control of sensitive assets from a targeted digital circuit such as a smartcard, a microprocessor, an ASIC (acronym for Application-Specific Integrated Circuit) or a FPGA (acronym for Field Programmable Gate Array) may use crafted out-of-specifications operating conditions to trigger a more or less loosely controlled unexpected behavior. This behavior may be characterized by the disclosure of sensitive assets such as cryptographic keys, the failure of one or more sensitive functions such as updating a sensitive value in a non-volatile memory, or the failure of an access control policy which results for example in granting access without correct credentials.
Protecting embedded systems against such attacks has thus become paramount for many applications requiring protection of sensitive assets.
As shown in FIG. 1, a digital circuit 1 mainly comprise previous memory elements 10 and next memory elements 12 interconnected by combinatorial standard cells 11. The memory elements 10 and 12 are responsible for storing input, intermediate and output values, and the combinatorial standard cells 11 are responsible for computing the value to be stored in the next memory elements 12, taking as input values the signals stored in the previous memory elements 10. Combinatorial standard cells include memory less logic gates that may implement Boolean functions such as invertors, or, and, xor. Other combinatorial standard cells may include buffers whose function is to amplify and/or delay some data path.
The memory elements 10 and 12 may be updated synchronously. The synchronization is generally achieved by means of a special signal referred to as the clock signal 13, for example by using its rising edge as a trigger event.
In order for the memory elements 10 and 12 to correctly sample a value, the value must be set and stable for some delay at the memory element input port before the clock rising edge (this delay is referred to as the “setup time”). Additionally, the memory element input signal must also be kept stable for some delay after the trigger event or clock rising edge (this delay is referred to as the “hold time”).
The logic standard cells 12 between the memory elements form a set of data path. Every data path displays a propagation delay corresponding to the time required for a change of an input signal to be propagated through the standard cells 12 to the output of the data path. The data path displaying the greatest propagation delay represents the critical path.
Violation of the setup time is a common source of faulty computations in digital circuits and one of the common techniques exploited by attackers for performing fault injection. Setup time violation may arise because the propagation delay in the data path is too long for the modifications to be propagated and stable early enough before the clock rising edge.
In order to address this threat, a digital sensor architecture for protecting a digital circuit has been proposed by N. Selmane, S. Bhasin, S. Guilley, T. Graba and J.-L. Danger in “WDDL is Protected Against Setup Time Violation Attacks”, FDTC 2009 and still improved in the article “Security evaluation of application-specific integrated circuits and field programmable gate arrays against setup time violation attacks” by N. Selmane, S. Bhasin, S. Guilley and J.-L. Danger in IET Information Security 2010. FIG. 2 illustrates such digital sensor 2. The digital sensor 2 comprises a digital circuit having an input memory element 20 for storing a reference data, a data path 22 for propagating the reference data and an output memory element 23 for storing the data propagated through the data path 22. The computation is deemed successful if the reference data correctly arrives from the input memory element 20 to the output memory element in time for being sampled, that is to say within less than a clock cycle. Such a digital circuit may be further used to detect abnormal operating conditions. Such a circuit is built with the same logic elements than any other digital circuits. It is therefore also sensitive to out-of-specifications operating conditions. For example, if the temperature increases above a given threshold, the propagation delays of the combinatorial gates in the digital sensor data path 22 will increase to the point where the data reaches the output memory element 23 after the clock rising edge. This late arrival may induce a faulty state in the output memory element 23 with respect to the reference signal. This faulty state can be detected by comparison of the values in the memory element 20 and 23 and further used to generate an alarm.
To protect the target digital circuit, the digital sensors triggers the alarm based on an alarm threshold selected arbitrarily in broad intervals. Accordingly, the target digital circuit operates with a much lower clock frequency than what it is really capable of handling, which results in low circuit performances.