1. Field of the Invention
The present invention relates to data processing units and, in particular, to data processing units requiring a processing of data or addresses at a high security level which is protected against physical attacks and interception.
2. Description of Prior Art
In calculating and/or processing security-relevant data, use is made of microprocessors or security tokens or other data processing units requiring a processing of data at a high security level which is protected against physical attacks and interception. Cache and buffer memories, register sets as well as transmission paths, for example in the form of buses, on microprocessors, represent regular structures on a chip which are easy to identify. Thus they represent preferred points of attack. Attacks may consist in intercepting by means of pin attacks or in a current-profile analysis.
By means of encryption methods, external memories, buffer memories and buses can be effectively protected, so that the data processed, such as user data or programs, are moved and stored on the entire chip preferably only in an encrypted form.
FIG. 10 depicts a diagrammatic overview of a calculating unit.
The calculating unit comprises an arithmetic-logic unit (ALU) 800 as a central unit. A minimal ALU, which is able to perform an operation with two operands, requires two input buses A, B (802, 804) and an output bus Z (806). Both input buses and the output bus of the ALU 800 are connected to a central bus F (808). Two further buses D, E (810, 812) are also typically connected to the central bus 808, the bus 810 being connected to a cache M2 (814) which in turn is connected to an external memory M1 (818) via a memory bus C (816). In addition, in the embodiment shown in FIG. 10, register sets M3 (820) are provided for a calculating unit, which register sets comprise registers wherein ALU input data or ALU output data may be stored which (initially) are not intended to get into the cache 814 or into the external memory 818, or which are not to be loaded from the register sets into the external memory until the end of a relatively long calculation.
In a calculating unit performing security-critical calculations, the data is encrypted before being stored in the various memories M1 to M3. In addition, in order to prevent an attack on the bus lines 802, 804, 806, 810, 812, and 816, it is also favorable that the data be transmitted via these bus lines in an encrypted form. In this case, two decryption circuits DEC (DEC=decrypt) 822, 824 precede the two ALU inputs to decrypt the operands present on the buses A, B, such as data or addresses that are to be processed by the ALU 800, before processing them. To be able to protect the result of the ALU operation as well, an encryption device ENC (ENC=encrypt) 826 follows the output of the ALU 800, so that encrypted data is present on the buses 802, 804, 806.
Even though this concept is able to effectively suppress attacks on bus lines, such as, for example, the central bus 808 as well as the memory buses 810, 812, 816, it is, however, disadvantageous in that unprotected clear-text data is present between the two decryption circuits 822, 824 and the encryption circuit 826, so that even though it is rendered more difficult for an attacker to find out where the ALU 800 is in the calculating unit, the attacker nevertheless has an easy job once he or she has localized the decryption devices, since clear-text data is present at the outputs of the decryption devices 822 and 824.
On the other hand, the data must be decrypted, since the ALU operations, which may be present, for example, in the form of an arithmetic basic operation, such as AND, OR, XOR, NAND, NOR, NOT or ADD, cannot simply be performed on encrypted data since the encryption and decryption operations and the basic operation generally do not commutate, which will lead to a distortion of the results. In order to secure this security leak nevertheless, it is usually preferred to place the decryption devices 822, 824 and the encryption device 826 as closely as possible to the ALU 800, so that the transmission lines on which the clear-text data runs become as short as possible, so as to undermine attacks in this manner. Alternatively, the transmission lines on which clear-text data is transmitted may be “hidden” in the chip using technological measures, for example using specific doping profiles or using a plurality of dummy lines so that it is rendered difficult, again, for an attacker to actually find out on which lines clear-text data is transmitted, whereas no data at all, or only diversion, or fake, data, is transmitted on the dummy lines.
These conventional measures for protecting the calculating unit against attacks are problematic in that they require additional outlay and limit the freedom in designing the ALU. A limitation of the freedom of design is disadvantageous in particular if the ALU is to be a high-performance ALU that has to perform a plurality of calculations, in particular, for example, calculations of long numbers. In order to keep the calculating time within reasonable limits nevertheless, the ALU should be designed in a performance-optimized manner. Of course, a client will expect a high level of security from any security system. At the same time, however, the client also expects tolerably long, and preferably short, calculating times. Short calculating times are important for a security system to be accepted on the market, since long calculating times in a security identification will be considered very annoying on the part of the client.