Circuit arrangements for data processing essentially comprise an arithmetic and logic unit and a memory. The memory, to be more precise an “external memory”, is used to store and provide program data. The program data are processed by the arithmetic and logic unit. This involves instruction words contained in the program data being executed by the arithmetic and logic unit. If appropriate, the arithmetic and logic unit generates control instructions in the course of the processing, and these are used to check and control further components in the circuit arrangement.
Besides the external memory, which is designed to store large volumes of data, the circuit arrangement comprises a further, internal memory, which is smaller and allows faster access. Data required for data processing are loaded into the internal memory so that they are available to the arithmetic and logic unit more quickly. For processing, the arithmetic and logic unit accesses the data provided in the internal memory. Between the internal memory and the arithmetic and logic unit there is frequently a decoding apparatus which is used to transform the stored instruction words into instruction words which can be processed by the arithmetic and logic unit directly. This makes sense to the extent that the instruction words stored in the internal memory do not necessarily have to be matched to the individual instruction set and to the architecture of the arithmetic and logic unit. This matching of the instruction words is performed by the decoding apparatus.
In chip card controllers, the external memory is frequently protected by an upstream cryptographical unit. In this case, the data are stored in the external memory in encrypted form. The cryptographical unit is used to decrypt data for loading and to encrypt data for storage. However, this means that only the external memory is protected against unauthorized reading. In addition, the use of error-correcting coding when storing the data allows errors or data manipulation to be identified and corrected if appropriate.
As soon as the data have been loaded from the external memory for processing, they are no longer protected and can be manipulated by an attack along the route to the arithmetic and logic unit. It is likewise conceivable for there to be errors in the hardware which result in changes to the data. Correct processing of the data in the arithmetic and logic unit is then no longer ensured. By way of example, manipulations include specifically irradiating the circuit arrangement with a laser, which results in changes to bits. In addition, data signals can be monitored by tapping, or altered, by placing contact needles onto their data paths. This practice is also called “probing”.
The aim of previously used protective measures in hardware and software is to make attacks more difficult or to correct errors. Some security concepts involve errors not being prevented but rather being identified, and suitable countermeasures being initiated for an identified error. Examples of protective measures which may be mentioned here are the aforementioned use of error-correcting codes in a cryptographical unit and bus encryption methods for the data path between the external memory and the arithmetic and logic unit. All of these protective measures relate only to portions of the circuit arrangement and therefore restrict the protected area. With previously known methods, the protection against the actual processing of the data ends even before the arithmetic and logic unit. It would be desirable to protect the data which are to be processed, if possible, from the memory up to their actual processing within the arithmetic and logic unit.
To limit complexity, it would be advantageous if the scope of protection can vary, so that, by way of example, only particularly important routines or sensitive data are protected. This flexibility is not provided in the aforementioned protective measures, but rather these measures protect all the data to the same extent.