1. Technical Field
The present disclosure relates to the protection of integrated circuits against attacks by error injection, and particularly to the protection of integrated circuits present in smart cards.
The present disclosure relates more particularly to a method for securing the execution of a program by a processor (microprocessor or microcontroller) of the chip.
2. Description of the Related Art
FIG. 1 shows an example of an integrated circuit IC for smart card or electronic tag. The integrated circuit IC comprises a microprocessor central processing unit UC, one or more non-volatile memories MEM1 (e.g., ROM, EEPROM, FLASH), one or more volatile memories MEM2 (e.g., RAM), an encryption circuit CRYCT enabling the integrated circuit to authenticate itself during a transaction, and an interface circuit INTCT enabling it to communicate with external smart card or electronic tag readers (EXT). The interface circuit INTCT can be of the contact type and comprise for example ISO 7816 contacts (e.g., clock, data, supply, ground contacts). The interface circuit INTCT can also be of the RFID contactless type (Radio Frequency Identification) and comprise an antenna coil RF or an antenna circuit UHF, modulation and demodulation circuits for modulating and demodulating incoming and outgoing data, a clock extractor circuit, etc. The central processing unit UC, the memories MEM1, MEM2 and the circuit CRYCT are linked to each other by a data bus DTB and an address bus ADB.
Secured integrated circuits, such as integrated circuits for smart cards, are the subject of various attacks by hackers who try to discover their structure and/or the secrets they contain. They are for example cryptography circuits of DES, AES, RSA, etc. type, microprocessors programmed to execute cryptography algorithms, register banks containing secret keys, etc.
The most advanced hacking methods currently involve injecting errors into an integrated circuit during the execution of so-called sensitive operations, such as authentication operations or operations of executing a cryptography algorithm for example.
Such attacks, referred to as attacks by error injection or fault injection, can occur during so-called sensitive calculation phases, such as during phases of calculating an identification code or during the reading of an encryption key in a memory. They enable, in combination with mathematical models and from false results obtained intentionally thanks to glitches, a secret element such as an encryption key or a password to be defined, the structure of a cryptography algorithm and/or the secret keys the algorithm uses to be deduced, etc.
In particular, localized attacks involve introducing glitches at a determined point of the circuit, for example by means of a laser beam or an X-ray beam. A localized attack can concern the supply voltage, a data or address path, or the clock signal of the integrated circuit.
Thus an attack can concern the data read in the program memory (bus DTB), and cause a modification of an instruction code passing through a data bus. The modified instruction code can be interpreted as a jump although the instruction read was not a jump instruction, or as another instruction although the instruction read was a jump instruction. Such a modification can also cause a modification of the operand associated with a jump instruction code, i.e., modify the destination address of the jump. The jump or the absence of jump thus caused is then final.
The attack can also concern the program memory read address, it can cause a jump in the absence of any jump instruction code. If the attack concerns the path of the program memory read addresses (bus ADB), the jump is fleeting and only relates to a single address read, since the program counter of the central processing unit is not modified, except if the instruction code read is a jump. If the attack causes a modification of the program counter, the jump is final.
When the jump is final, it can lead to the execution of a data discharge routine that is inaccessible in normal operation, or to checking procedures being bypassed.