Known methods detect a reading error by performing the following steps:
a) storing of a first copy of the data item in a first area of an electronic memory and storing of a second copy of the data item in a second area of an electronic memory, in response to a request to read the data item:
b) reading of the values of the first and second copies of the data item in the first and second areas respectively,
c) comparing the read values of the first and second copies of the data item,
d) if the read values of the first and second copies are identical, then no error in the reading of this data item is detected.
An area of memory or memory area is an electronic memory or part of an electronic memory divided into several memory blocks. Each memory block is intended to contain a data item. Typically, a memory block is a page or a single multiple of a page. A page is the smallest number of octets that can be written in a single writing operation. Thus, even if the stored data item in a page has a smaller size than the page, the totality of the page is considered to be occupied by this data item and it is not possible to store any additional data in this page.
The prior art relating to these known methods is for example disclosed in the following patent applications: GB 2 404 261, US 2006 053308, WO 2008 23297, US 2007 0033417, US 2005 0160310, US2008/140962A1 and US2009/113546A1.
The known methods aim only to protect against the consequences of a fault of a memory block. Thus, if the values of the first and second copies are different, then an error is signalled and corrective measures are triggered. One of the conventional corrective measures consists of correcting the value of the stored data item. However, these methods also detect an error in the reading of the data item. In the case of an error in the reading of the data, the absence of equality between the values of the first and second copies of the data item does not stem from corruption of the data stored in the memory areas but from an error during the process of reading these data. Here, the terms corruption or corrupted data are used when the physically stored value of this data item is erroneous because of a fault in a memory block. Thus, although the stored values of the first and second copies are perfectly identical, in step c) above, it is observed that the values are different. For example, a reading error can be provoked by a disturbance of the signals of the reading bus or by a corruption of the copied data in a non-volatile memory after having been read in a non-volatile memory area.
The known methods do not distinguish between these two types of error and systematically launch the same corrective measure after the detection of an error. Typically, the corrective measure consists of correcting the erroneous value. However, in the case of a reading error, such a correction is useless and translates into a waste of computer resources such as the time for a microprocessor to implement this method.
In the field of security processors, there is also another good reason to distinguish between these two types of error. A security processor is an electronic processor that is reinforced to be as resistant as possible to hackers. It is therefore generally used to house confidential data. Now, a conventional attack against a security processor consists of corrupting the stored data to provoke an unpredicted behaviour of the security processor, which can reveal part or all of the confidential data that it contains. However, it is easier for the hackers to provoke a reading error than to corrupt stored data. When the hacker deliberately provokes reading errors by using voltage peaks or a laser beam or otherwise, it is said that the security processor is the victim of a reading attack. Thus, in the context of security processors, a reading error makes it possible to detect an attempt at cryptanalysis quite certainly whereas a fault in a memory block can be an accidental fault caused, for example, by aging.