1. Field
The invention relates to a method and an apparatus for protecting a program against control flow manipulation and is used to detect an incorrect program flow.
2. Description of the Related Art
In safety-critical program applications, which operate on any desired hardware, there is the risk of an attacker trying to use external influences to deliberately interfere with the hardware that executes the program application and hence alter the normal program flow. A variation of the program flow in a cryptographic process may be sufficient to extract codes, which under normal conditions are stored securely in hardware, and hence compromise a cryptographic system.
FIG. 1 is used to illustrate the underlying problem.
FIG. 1 shows a flowchart for entering a password in a known data processing system. First, a user is prompted to enter a password. After the password has been entered, the password is checked for its correctness by the data processing system. If the password is correct, access to the resources of the data processing system is granted. If the password is incorrect, access to the data is denied.
The program represented as a flowchart in FIG. 1 is executed for example in a processor for processing program commands, which are written in any desired programming language. In the event of an attack on the hardware platform and/or the processor, at the time of processing the program command to check the password an attacker may manage to manipulate the program flow of the program in such a way that, despite entry of an incorrect password, access to the data is granted by the data processing unit, i.e. the program flow branches incorrectly.
For example, by laser flashes an attacker may deliberately temporally and spatially interfere with the processing of individual instructions and/or program commands in such a way that a control flow of the executed program is altered. In this case, for example individual jump instructions or calls of subroutines may be stopped.
A further possible attack is to bring about changes of calculated intermediate results.