1. Technical Field
The present disclosure relates to a countermeasure method for protecting sensitive data circulating in an electronic microcircuit, against attacks which aim is to discover these data. It also relates to a microcircuit portable device such as a chip card, implementing the method.
2. Description of the Related Art
Sensitive data may be in particular encryption or decryption keys, and more generally cryptographic data used or elaborated during cryptographic calculations, such as intermediate data of such calculations, and identifiers desired to be kept secret.
Microcircuit devices using sensitive data are sometimes subjected to attacks which aim is to determine these data. Among the known attacks, the attacks of SPA (Simple Power Analysis) or DPA (Differential Power Analysis) type consist in taking numerous current and voltage measures coming in and going out of the microcircuit during a program execution or data processing by the microcircuit, with different input data. The measures obtained are used by a statistical analysis to deduce therefrom protected data, processed or used by the microcircuit. For the same aim, the attacks of EMA (Electromagnetic Analysis) and DEMA (Differential Electromagnetic Analysis) type are based on the analysis of the electromagnetic radiation emitted by the microcircuit.
Attacks by fault injection are also known, which consist in introducing disturbances into the microcircuit when it executes for example sensitive algorithms such as cryptographic algorithms, or which aim is to trigger the execution of a downloading routine emitting on a port the data it memorizes. Such disturbance may be made by applying to the microcircuit one or more brief flashes for example by a laser beam, or one or more voltage peaks to one of the contacts thereof.
So as to fight against these attacks, which are various by nature, numerous solutions, very different from one another, have been brought. The disclosure more particularly relates those which aim is to detect attacks by fault injection.
Various detection techniques have been implemented so as to fight against these attacks. Thus, it is known to duplicate in a microcircuit the circuits to be protected, and to compare the data supplied by the duplicated circuits. If a difference appears in the data supplied, it means that the microcircuit has been subjected to an attack by fault injection. This detection technique reveals to be demanding in terms of circuit size and electrical consumption.
It is also known to insert into a microcircuit several local detectors reacting to a lighting flash by supplying an active detection signal. This solution does not really allow sensitive circuits of the microcircuit to be protected from a fault injection, unless a great number of local detectors are provided, which induce a significant additional cost in terms of circuit size and electrical consumption.