Such electronic devices correspond (although not exclusively) to circuit boards or to any electronic device comprising or connected to at least one circuit board, such as a smart card, for which good security against external intrusion is required.
To ensure that such cards provide good security, an end-of-life transition mechanism is activated upon detection of a certain number of critical errors.
The end-of-life transition process for this type of device, particularly smart cards, appears problematic, however, because such a process conventionally relies on a process of writing to non-volatile reprogrammable memory, generally EEPROM memory, in order to modify the data and block the applications.
Such a process appears vulnerable, because it is detectable outside the card due to the strong draw of current caused by the write to reprogrammable memory.
A malicious third party therefore has ample opportunity to prevent the execution of such a process, by cutting off the power to the device or to the card.
To improve this situation, FR 07 08242 and PCT/FR2008/052106 propose ensuring that the end-of-life transition process for such an electronic device occurs within a random period after the critical error event which triggered the end-of-life transition, while masking from third parties the write to non-volatile memory corresponding to the end-of-life transition, which in practice prevents any covert channel attack.
In this technique, the writing of an end-of-life transition state variable to the non-volatile memory of an electronic device is masked by obscuring this write operation within the normal operation of the application program executed by the electronic device.
In practice, the operation of writing a variable to non-volatile memory always consists of two successive phases: a deletion phase, which sets the variable to an empty value (“empty value” is understood to mean a predefined default value on which a user of the non-volatile memory has no influence, such as “00”, “FF” or some other value), then an actual write phase, during which a non-empty value (meaning a value distinct from the empty value) is assigned to the variable in the space dedicated to it within the non-volatile memory. The writing of an end-of-life transition state variable to the non-volatile memory of an electronic device, as specified in the prior art mentioned above, also falls under this rule.
Each of these phases of deleting and writing which constitute the operation of writing a variable to non-volatile memory requires a certain amount of processing time and consumes a certain amount of electrical energy, approximately similar in both cases.