1. Field of the Invention
The present disclosure generally relates to electronic circuits and, more specifically, to the control of the integrity of ciphered data.
The present disclosure more specifically applies to the protection of the privacy and of the integrity (or authenticity) of the content of a memory external to an integrated circuit considered as secure.
2. Discussion of the Related Art
Electronic circuits manipulating data considered as having to remain confidential (not directly accessible by an unauthorized user) and to keep their integrity or authenticity (not modifiable by an unauthorized circuit) generally contain elements for storing these data in an area considered as secure, that is, from which the signals are not exploitable to discover the manipulated data. However, for bulk reasons, the manipulated data or the programs are generally stored in memories external to the secure area, be the memory integrated or not in a same circuit as the secure area.
It is often insufficient to content oneself with a protection of the data by a ciphering before storage into the memory. In particular, the data may then be sensitive to so-called replay attacks which intercept the ciphered data on the data buses between the secure area and the memory, to send them back slightly modified and see how the secure processor behaves. Such attacks enable, by making several successive assumptions, to discover the secret (secret key or used algorithm) of the manipulated data.
To remedy this vulnerability, an additional information (tag) is added to the data stored in the memory. This tag is a random number added to the data before ciphering, and which is stored in the external memory together with the result of the ciphering.
The use of random tags completing the data before ciphering takes up space in the memory. Further, this lengthens the data processing time.