1. Field of the Invention
The present invention generally relates to electronic circuits and, more specifically, to the checking of the integrity of programs on execution thereof by a circuit.
An example of application of the present invention relates to smart cards.
2. Discussion of the Related Art
FIG. 1 very schematically shows an example of a smart card 1 of the type to which the present invention applies. An integrated circuit chip 10 is inserted into plastic card 1 and is connected to electric contacts 3 for communication with a card reader, not shown. The card may also be provided with a contactless communication system (electromagnetic transponder).
FIG. 2 is a schematic block diagram illustrating components of an integrated circuit 10 of a smart card 1 of FIG. 1. Circuit or chip 10 comprises a central processing unit 11 (CPU), one or several non-volatile memory elements 12 (for example, of ROM type), one or several volatile storage elements 13 (for example, of RAM type). The different components of chip 10 communicate together and with an input/output device 14 (I/O) connected to contacts 3 by one or several data, address, and control buses 15. Most often, chip 10 comprises other functions 16 (FCT) formed for example of circuits performing cryptographic operations.
The programs stored, for example, in memory 12, are capable of being disturbed on execution thereof (trapped), be it incidentally or deliberately (hacking attempts).
Among attacks performed by hackers to obtain confidential data from chip 10, the present invention applies to so-called differential fault analysis attacks (DFA) which disturb the operation of circuit 10 for example by means of a radiation (laser, infrared, X-rays, etc.) or by any other means (for example, by acting on the component power supply). On execution of a program by central processing unit 11, a program trap (voluntary or incidental) may result in skipping one or several instructions of a cryptographic calculation, of an authenticity checking, of an integrity checking, etc.
FIG. 3 shows a detail of FIG. 2 illustrating the operation of central processing unit 11 in relation with a program contained, for example, in ROM 12. Central processing unit 11 sends an address ADD to memory 12 to extract therefrom instructions DATA of a program, as well as possible arguments of these instructions for execution. Generally, an amplifier 121 forming a buffer memory element (BUFFER) is present at the data output of memory 12 to temporarily store the instructions intended for the central processing unit. The presence of amplifier 121 is a weakness in terms of protection of the system against possible program trap attempts. Indeed, if the content of a non-volatile memory can be considered as secure since it is difficult to modify (especially in the case of a ROM set on manufacturing), the transfer of data (instructions and arguments) to central processing unit 11 for execution is a critical step since the data may be modified by of disturbing the buffer element (amplifier 121).
For example, a disturbance may result in having the opcode switch from 00 to FF in hexadecimal notation. Most of the time, such opcodes correspond to specific instructions. For example, in certain processors, a code 00 corresponds to a jump conditioned by the next argument. If the instruction extracted from the memory is an instruction for loading data to a specific address, the transformation of this instruction into 00 causes a jump, taking the arguments into account. According to another example, code FF corresponds to a load instruction based on the next arguments. A disturbance resulting in a code FF then transforms any instruction into a load instruction using the arguments. According to other examples, codes 00 and FF result in displacements of characters or other specific instructions.
In all cases, an undesired effect which most often generates a trap in the program is obtained.
The same type of disturbance is also disturbing if the instruction is present in a non-volatile memory, and more generally as soon as it is present in a storage element and/or between a memory plane, volatile or not, and an execution unit.
A solution would be to avoid opcodes 00 and FF on constitution of the programs. However, this would only transfer the problem to other possible opcodes. Indeed, although codes 00 and FF are the most easily obtained by a disturbance of amplifier 121, any other state modified with respect to the code read from the memory is likely to generate a program trap.
Mechanisms for checking the integrity of an executed code which execute a same program twice and check the matching between the obtained results at the end of the two executions are also known. A disadvantage is that such mechanisms act ex post facto and that there then remains a non-negligible risk for the hacker to have been able to exploit, during the trap, an erroneous result of the program.
Other countermeasures to trap attempts comprise calculating a signature based on executed program instructions to compare it with a reference signature calculated at the program storage. Here again, it is a mechanism ex post facto, the signature being only obtained at the end of the execution.