1. Technical Field
The present disclosure relates to the protection of an integrated circuit chip against attacks aiming at obtaining protected confidential data.
2. Description of Related Art
In some secure devices such as payment cards, integrated circuits chips are likely to process and/or store critical data, for example, encryption keys. Such chips may be fraudulently manipulated to obtain protected confidential data.
Among known attacks, so-called “fault injection attacks” comprise intentionally disturbing the chip operation and analyzing the influence of the disturbances on its behavior. The attacker especially examines the influence of the disturbances on data such as output signals, the consumption, or response times. He is likely to infer from it, by statistic studies or the like, critical data such as algorithms implemented by the chip, and possibly encryption keys.
To intentionally cause anomalies in the circuits of a chip, an attack mode comprises bombarding chip areas with a laser beam while the chip is operating. Faults can thus be injected into certain memory cells and/or affect the behavior of certain components. Due to the presence of interconnection metal tracks on the front surface side of the substrate, laser attacks are often carried out on the rear surface of the chip. The attacker may provide a preliminary step of thinning of the chip substrate, which enables to minimize the beam attenuation by the substrate, and thus to improve the efficiency of the attack.
To avoid frauds, chips comprising an attack detection device coupled with a chip protection circuit have been provided. When an attack is detected, the protection circuit implements measures of protection, alienation, or destruction of the critical data. For example, it may be provided, when an attack is detected, to interrupt the power supply of the chip or to cause its resetting, to minimize the time during which the attacker can study the response of the chip to a disturbance.
Attack detection solutions may be logic. They for example comprise regularly introducing integrity tests into the calculations, to make sure that data have not been modified. Such solutions have the disadvantage of introducing additional calculation steps, thus increasing the chip response times. Further, integrity tests cannot detect all the disturbances caused by an attacker. The latter thus has room for maneuver to acquire critical data.
Other so-called physical attack detection solutions comprise sensors sensitive to temperature variations, to ultraviolet or X rays, enabling to detect suspicious activities. Like logic solutions, such solutions are not perfectly reliable. Indeed, before the attack detection, the attacker has room for maneuver to obtain critical data. Further, the implementation of such solutions is complex and increases the silicon surface area to form the chip.