Data processing apparatus are used more and more for processing security-relevant data. One reason for that is the increasing spread of chip cards, whereupon personal data are stored, or which are used for performing financial transactions. Such chip cards comprise a chip, which is either powered by a terminal into which the chip card is inserted, or which has its own power supply in form of a battery. Alternatively, chip cards exist for contactless applications, which have no power supply themselves, but draw the energy for the operation from a surrounding electromagnetic field.
The encryption and decryption tasks performed by such data processing apparatus are typically cryptographical algorithms, which can protect secret data from attackers. If contemplating a cash card, for example, it naturally has to be made impossible that an attacker unauthorizedly increases the amount of money made available by the cash card. On the other hand, it also has to be made sure that a terminal, which debits a cash card, only debits the agreed amount, and not a higher amount at the expense of the owner of the chip card.
The security for such applications is typically supplied by the cryptographical algorithms, such as the RSA algorithm as an example for an unsymmetrical encryption method or the DES algorithm as an example for a symmetrical encryption method.
Possible attacks to such chip cards consist of testing all imaginable possibilities and evaluating the results obtained there from. These so-called ‘brute force’ attacks are typically warded off by using cryptographical algorithms together with long numbers, so that such an attack will take up astronomical times in order to be successful.
Alternative attacks to data processing apparatus for security relevant data consist of indirect measures. A data processing apparatus is put into operation, and, for example, the power consumption or the electromagnetic radiation or the time, which is needed for a task, is established. Then, the same task is performed, but with changed input data, and again, indirect data, such as the power consumption of the data processing apparatus, are measured. If this measure is repeated with different input data arbitrarily often, a lot of information can be obtained based on statistical evaluations from a data processing apparatus, which is not protected against such indirect attacks. One known representative of such indirect attacks is the differential power analysis or DPA, wherein information about the program flow of a task, which is processed by a data processing apparatus, will be obtained via statistical evaluation of the current profile or the power consumption, respectively.
It is a known measure against such indirect attacks that the data processing apparatus, which comprises one or typically several data processing modules, has a possibly constant, i.e. homogenous current consumption, even when no task is performed. The data processing apparatus typically comprises a CPU, one or several crypto-coprocessors, a random number generator, an input/output apparatus, which is also known as UART (UART=universal asynchronous receive transmit), a memory management system for managing the available memories, which can for example be organized as virtual memory, etc., as data processing modules.
Obviously, not all data processing modules are needed simultaneously during the processing of a task by the data processing apparatus. Typically, only one data processing module or, if a parallel operating mode exists, a few of the available data processing modules are needed at a time. Thus, the CPU is, for example, idle, when the CPU has requested an external memory access from the memory management module. The CPU can only continue its operation when the data requested from the external memory are provided to the CPU from the memory manager and the virtual memory system (VMS), respectively.
A data processing apparatus, which has no counter measures against a performance analysis, would consume a lot of power during the time the CPU operates, and then, it would consume relatively little power during the external memory access, and then, when the data have been provided to the CPU from the external memory, it would again consume a lot of power.
In certain secure applications it is a security leakage, when such information leaks out. Thus, the CPU is operated here such that it performs so-called dummy operations during the time the external memory access takes place, which have no significance for the actual task of the data processing apparatus, but which have the effect that the CPU also consumes power during the time when the CPU has actually nothing to do. A power profile homogenized by dummy operations of the data processing apparatus can thus no longer be easily “tapped” and is thus at least more secured against DPA attacks as a data processing apparatus without such measures.
A disadvantage of this security concept is the fact that the current consumption of the data processing apparatus is significantly higher than it actually needs to be. If the CPU does not perform any dummy operation at the time when it is not needed, such as, for example, during an external memory access, which means it consumes less power or is even placed into a sleep mode, where it consumes even less or no power at all, the power consumption of the data processing apparatus could be reduced significantly. A reduced power consumption is particularly preferred for data processing apparatus with their own battery in the sense of a long lifetime of the battery. On the other hand, the power consumption of a data processing apparatus represents a serious limitation even when the data processing apparatus is provided on a chip card for contactless applications. In such contactless applications, the energy, which the data processing apparatus needs for the operation, is only drawn from the surrounding RF field and is thus inherently limited.
Thus, the renunciation of dummy operations and even the introduction of a sleep mode for a data processing module, respectively, lead to an optimum solution with regard to the energy consumption, but to an insecurity with regard to indirect attacks, since a distinct current profile results, from which information about secret facts can be drawn.