1. Field of the Invention
The present invention relates to an attack-resistant implementation method and, more particularly to an attack-resistant information processing apparatus and the like of an IC card or the like providing high security.
2. Description of the Prior Art
An IC card is an apparatus that stores personal information which is inhibited from being rewritten without authorization, encrypts data with secret keys (secret information), and decrypts cryptograms. The IC card itself has no power but it is supplied with power to become ready for operation when inserted in an IC card reader/writer. Upon becoming ready for operation, the IC card receives a command sent from the reader/writer and performs data transfer and other processing according to the command. General descriptions of IC card are provided in Jun-ichi Mizusawa, “IC Card,” published by Ohm-sha, edited by the Institute of Electronics, Information and Communication Engineers—IEICE.
The IC card comprises an IC card chip 102 mounted on a card 101, as shown in FIG. 1. As shown in the drawing, generally, the IC card has a supply voltage pin Vcc, a ground pin GND, a reset pin RST, an input-output pin I/O, and a clock pin CLK, which are positioned according to the ISO7816 specifications. Through these pins, the IC card is supplied with power from the reader/writer and performs data communications with the reader/writer (see W. Rankl and Effing, “SMARTCARD HANDBOOK,” John Wiley: Sons, 1997, pp. 41).
The configuration of the IC card chip is basically the same as that of normal microcomputers. The IC card chip, as shown in FIG. 2, comprises a central processing unit (CPU) 201, a memory device 204, an I/O port 207, and a coprocessor 202 (optional). The CPU 201 performs logical operations and arithmetic operations, and the memory device 204 stores programs and data. The I/O port performs communications with the reader/writer. The coprocessor fast performs encryption processing or arithmetic operations necessary for encryption processing, e.g., special operation devices for performing residue operations of RAS encryption and encryption devices that perform round processing of DES encryption. Many processors for IC cards have no coprocessor. A data bus 203 is a bus for connecting devices.
The memory device 204 comprises ROM (Read Only Memory), RAM (Random Access Memory), and EEPROM (Electrical Erasable Programmable Read Only Memory). ROM is a memory whose contents cannot be modified and which primarily stores programs. RAM is a memory whose contents can be freely modified, but its stored contents are lost when power supply is stopped. If the IC card is removed from the reader/writer, since power supply is stopped, RAM contents are not retained. EEPROM retains its contents even if power supply is stopped. It is used to store data to be modified and retained even if the IC card is removed from the reader/writer. For example, the number of prepaid operations by a prepaid card is retained in EEPROM since it is modified each time it is used, and the data must be retained even if the reader/writer is removed.
Since the IC card seals programs and important information in the IC card chip, it is used to store and encrypt important information in the card. Conventionally, the difficulty of decrypting IC cards has been thought to be the same as that of decrypting encryption algorithms. However, the observation and analysis of the power consumption of the IC card during performing encryption processing, the contents of the encryption processing and secret keys could be more easily estimated or decrypted than decrypting the encryption algorithms. The power consumption is measured by measuring power supplied from the reader/writer. The details of the method for an authorized decryption are given in John Wiley; sons company W. Rankl; W. Effing, “Smart Card Handbook”, 8.5.1.1 “Passive protect mechanism”, page 263, in which such risks are described.
The CMOS constituting the IC card chip consumes power when an output state changes from 1 to 0 or from 0 to 1. Particularly in the data bus 203, large power flows when the value of a bus changes from 1 to 0 or from 0 to 1 due to the power of a bus driver and the capacitance of wirings and transistors connected to the wirings. For this reason, the observation of power consumption indicates which portion in the IC card chip is operating.
FIG. 3 shows a waveform of power consumption in one cycle of the IC card chip. Depending on the data processed, power waveforms differ as shown in 301 and 302. Such a difference occurs depending on data flowing through the bus 203 and the data processed in the central processing unit 201.
The coprocessor 202 can perform residue operations of, e.g., 512 bits in parallel with the CPU. Therefore, the power consumption waveforms different from CPU power consumption waveforms are observed for a long time. By observing the characteristic waveforms, the number of operations of the coprocessor is easily measured. If the number of operations of the coprocessor has a relationship with secret keys, the secret keys could be estimated from the number of operations of the coprocessor.
If operation contents of the coprocessor have peculiarities depending on secret keys, the peculiarities reflect the power consumption, and the secret keys could be estimated.
The same is also true for the CPU. Since the bit values of encryption keys are definite, by changing data to be processed and observing power consumption, influence of the bit values of secret keys could be observed. Secret keys could be estimated by statistically processing these waveforms of power consumption.