Smart cards, as a particular embodiment of electronic devices, were initially conceived to enhance the security of distributed systems. Applications of smart cards include, for example, calling cards, identification cards, medical cards, transaction cards (credit/debit bank, store, restaurant, etc.) and security cards. All of these applications require sensitive and confidential data to be processed within the smart card.
As can be seen from FIG. 1, which is labelled as “Prior Art”, an electronic device 10 conventionally includes a Central Processing Unit (CPU) 12, which is the primary controller/processor of the electronic device 10. The CPU 12 can optionally include a large number of internal registers 13, as, for instance, in RISC (Reduced Instruction Set Computer) processors.
The electronic device 10 also includes a volatile memory in the form of a Random Access Memory (RAM) 14, Read Only Memory (ROM) 16, Electrically-Erasable Programmable Read Only Memory (EEPROM) 18 and optionally Cache Memory 15, all coupled to the CPU 12. For a better understanding of the following description, the term volatile memory used hereafter may include RAM, Internal Registers and/or Cache Memories.
An Input/Output (I/O) device, such as a terminal 20, allows the smart card 10 to share data with a distributed system (not shown), by controlling Inputs/Outputs to and from the electronic device 10, via the CPU 12. The smart card 10 includes an I/O port (not shown) for transferring data to and from the Input/Output device 20.
The CPU 12 processes instructions to manage data stored in the electronic device and includes a program that ensures protection against access to the sensitive and/or confidential data contained and processed in the smart card 10 by non-authorized entities, such as, for example, hackers. Indeed, in many instances, the sensitive and/or confidential information contained or processed in the device is of significant value (financial or otherwise) to its owner.
It has been found that some breaches were left, in protection of data, against various kinds of attacks such as the so-called “side channel attacks” that include, for example, “Power Analysis” and “Radio Frequency (RF) Analysis”.
Power Analysis is based on measurement of power consumption during the processing of confidential binary coded information in a smart card. RF Analysis consists in intercepting and analyzing the radio frequency emitted during the transfer of confidential data. These two types of attacks use either the variation of energy consumption or the variation of emitted RF radiation during processing of the confidential data. Knowing one of these variations makes it mathematically possible to retrieve the confidential data.
Indeed, conventional secure programs used in electronic devices comprise a means to temporarily store confidential data in the volatile memory at a given predetermined memory location since, for performance purposes, it has been found to be preferable to work with fixed memory locations. Hence, only the confidential data might be changing in the storing and reading process since the memory location does not change. In such cases, when the CPU is processing confidential data, for example when confidential data is transferred from the CPU to the volatile memory, hackers may attempt to retrieve the confidential data using “side channel analysis” or another similar attack.
Conventional algorithms used for allocating memory in device 10, such as Dynamic Memory Management (DMM), are not sufficient to properly protect against attacks the confidential data processed therein. Indeed, conventional DMM algorithms are predictable, since they follow conventional rules. Therefore, if a given process is executed twice and under the same conditions, the same memory allocation should be expected. FIG. 2, which is labelled as “prior art” illustrates a dedicated area 19 where confidential data 21, having a size k, is stored.