Adaptive systems and procedures for defending a processor against transient fault attacks

US 10,380,341 B2
Filed: 04/01/2016
Issued: 08/13/2019
Est. Priority Date: 04/01/2016
Status: Active Grant

First Claim

Patent Images

1. A method operational on a processor device, comprising:

detecting transient faults within the processor device wherein the transient faults occur within the processor device;

counting a number of the detected transient faults within a tracking interval;

continuously devoting an amount of processor device resources to transient fault defense;

adaptively adjusting a control parameter in response to the detected transient faults to adaptively control the amount of processor device resources devoted to transient fault defense compared to an amount of processor device resources devoted to other operations, the control parameter adaptively adjusted to change a clock signal of the processor device to therefore vary time localization of at least one processor device resource relative to the detected transient faults; and

disabling the processor device when the count of detected transient faults exceeds a threshold during the tracking interval.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various features pertain to defending a smartphone processor or other device from a transient fault attack. In one example, the processor is equipped to detect transient faults using a fault detection system and to adaptively adjust a control parameter in response to the transient faults, where the control parameter controls a physical operation of the processor (such as by gating its clock signal) or a functional operation of the fault detection system (such as a particular Software Fault Sensor (SFS) employed to detect transient faults). In some examples, in response to each newly detected fault, the detection system is controlled to consume more processor time to become more aggressive in detecting additional faults. This serves to quickly escalate fault detection in response to an on-going attack to promptly detect the attack so that the device can be disabled to prevent loss of sensitive information, such as security keys or passcodes.

13 Citations

42 Claims

1. A method operational on a processor device, comprising:
- detecting transient faults within the processor device wherein the transient faults occur within the processor device;
  
  counting a number of the detected transient faults within a tracking interval;
  
  continuously devoting an amount of processor device resources to transient fault defense;
  
  adaptively adjusting a control parameter in response to the detected transient faults to adaptively control the amount of processor device resources devoted to transient fault defense compared to an amount of processor device resources devoted to other operations, the control parameter adaptively adjusted to change a clock signal of the processor device to therefore vary time localization of at least one processor device resource relative to the detected transient faults; and
  
  disabling the processor device when the count of detected transient faults exceeds a threshold during the tracking interval.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the processor device resources include a transient fault defense system configured to adaptively adjust the control parameter, where the transient fault defense system includes one or more of a transient fault resistance system, the transient fault detection system and a transient fault reaction system, and wherein adaptively adjusting the control parameter is performed to control one or more of the transient fault resistance system, the transient fault detection system, and the transient fault reaction system.
  - 3. The method of claim 1, wherein the control parameter is adaptively adjusted to more aggressively respond to more frequent transient faults and less aggressively respond to less frequent transient faults.
  - 4. The method of claim 1, wherein adaptively adjusting the control parameter comprises:
    - detecting an amount of time since a last transient fault;
      
      adjusting the control parameter to increase an amount of time allocated by the processor device to transient fault defense processes compared to an amount of time allocated by the processor device to other processes, if a new transient fault is detected within a tracking interval; and
      
      adjusting the control parameter to decrease the amount of time allocated by the processor device to transient fault defense processes compared to the amount of time allocated by the processor device to other processes, if a new transient fault is not detected within a tracking interval.
  - 5. The method of claim 1, wherein the control parameter controls one or more of:
    - a percentage of processor device resources devoted to transient fault defense;
      
      a frequency with which components used for fault defense are periodically activated by the processor device;
      
      a duration of execution of components used for fault defense;
      
      a threshold used for transient fault detection and/or transient fault attack detection;
      
      a threshold used by a peripheral sensor connected to the processor device for transient fault attack detection;
      
      a particular fault detection procedure used to detect a next fault; and
      
      /ora timing of at least one process running on the processor device relative to at least one other process.
  - 6. The method of claim 1, wherein adaptively adjusting the control parameter comprises:
    - tracking an amount of time since a last transient fault;
      
      increasing a percentage of time devoted by the processor device to defensive countermeasures, if a new transient fault is detected within a tracking interval; and
      
      decreasing the percentage of time devoted by the processor device to defensive countermeasures, if a new transient fault is not detected within a tracking interval.
  - 7. The method of claim 6, wherein the percentage of time devoted by the processor device to defensive countermeasures is increased only if a number of new transient faults detected within the tracking interval exceeds a lower threshold.
  - 8. The method of claim 6, wherein the percentage of time devoted by the processor device to defensive countermeasures is increased during the tracking interval in proportion to a number of new transient faults detected within the tracking interval.
  - 9. The method of claim 6, wherein the percentage of time devoted by the processor device to defensive countermeasures is increased to a maximum countermeasure level, if the number of new transient faults detected within the tracking interval reaches a middle threshold.
  - 10. The method of claim 6, wherein the processor device is disabled if the number of new transient faults detected within the tracking interval reaches a top threshold.
  - 11. The method of claim 1, wherein the processor device is incorporated into at least one of a smartphone, a video player, an entertainment unit, a navigation device, a communications device, a mobile phone, a music player, a personal digital assistant, a fixed location terminal, a tablet computer, and/or a laptop computer.

12. A processor device, comprising:
- a communication interface;
  
  a processing circuit coupled to the communication interface, the processing circuit configured todetect transient faults within the processor device wherein the transient faults occur within the processor device;
  
  count a number of the detected transient faults within a tracking interval;
  
  continuously devoting an amount of processor device resources to transient fault defense;
  
  adaptively adjust a control parameter of the processor device in response to the transient faults to adaptively control the amount of processor device resources devoted to transient fault defense compared to an amount of processor device resources devoted to other operations, the control parameter adaptively adjusted to change a clock signal of the processor device to therefore vary time localization of at least one processor device resource relative to the detected transient faults; and
  
  disable the processor device when the count of detected transient faults exceeds a threshold during the tracking interval.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The processor device of claim 12, wherein the processor device resources include a transient fault defense system configured to adaptively adjust the control parameter, where the transient fault defense system includes one or more of a transient fault resistance system, the transient fault detection system, and a transient fault reaction system.
  - 14. The processor device of claim 12, wherein the processing circuit is configured to adaptively adjust the control parameter to more aggressively respond to more frequent transient faults and less aggressively respond to less frequent transient faults.
  - 15. The processor device of claim 12, wherein the processing circuit is configured to adaptively adjust the control parameter by:
    - detecting an amount of time since a last transient fault;
      
      adjusting the control parameter to increase an amount of time allocated by the processor device to transient fault defense processes compared to an amount of time allocated by the processor device to other processes, if a new transient fault is detected within a tracking interval; and
      
      adjusting the control parameter to decrease the amount of time allocated by the processor device to transient fault defense processes compared to the amount of time allocated by the processor device to other processes, if a new transient fault is not detected within a tracking interval.
  - 16. The processor device of claim 12, wherein the control parameter is configured to control one or more of:
    - a percentage of processor device resources devoted to transient fault defense;
      
      a frequency with which components used for transient fault defense are periodically activated by the processor device;
      
      a duration of execution of components of the fault defense;
      
      a threshold used for transient fault detection and/or for transient fault attack detection;
      
      a threshold used by a peripheral sensor connected to the processor device for transient fault attack detection;
      
      a particular fault detection procedure used to detect a next fault; and
      
      /ora timing of at least one process running on the processor device relative to at least one other process.
  - 17. The processor device of claim 12, wherein the processing circuit is configured to adaptively adjust the control parameter by:
    - tracking an amount of time since a last transient fault;
      
      increasing a percentage of time devoted by the processor device to defensive countermeasures, if a new transient fault is detected within a tracking interval; and
      
      decreasing the percentage of time devoted by the processor device to defensive countermeasures, if a new transient fault is not detected within a tracking interval.
  - 18. The processor device of claim 17, wherein the processing circuit is configured to increase the percentage of time devoted by the processor device to defensive countermeasures only if a number of new transient faults detected within the tracking interval exceeds a lower threshold.
  - 19. The processor device of claim 17, wherein the processing circuit is configured to increase the percentage of time devoted by the processor device to defensive countermeasures during the tracking interval in proportion to a number of new transient faults detected within the tracking interval.
  - 20. The processor device of claim 19, wherein the processing circuit is configured to increase the percentage of time devoted by the processor device to defensive countermeasures to a maximum countermeasure level, if the number of new transient faults detected within the tracking interval reaches a middle threshold.
  - 21. The processor device of claim 19, wherein the processing circuit is configured to disable the processor device if the number of new transient faults detected within the tracking interval reaches a top threshold.
  - 22. The processor device of claim 12, wherein the processor device is incorporated into at least one of a smartphone, a video player, an entertainment unit, a navigation device, a communications device, a mobile phone, a music player, a personal digital assistant, a fixed location terminal, a tablet computer, and/or a laptop computer.

23. A processor device, comprising:
- means for detecting transient faults within the processor device wherein the transient faults occur within the processor device;
  
  means for counting a number of the detected transient faults within a tracking interval;
  
  means for continuously devoting an amount of processor device resources to transient fault defense;
  
  means for adaptively adjusting a control parameter of the processor device in response to the transient faults to adaptively control the amount of processor device resources devoted to transient fault defense compared to an amount of processor device resources devoted to other operations, the control parameter adaptively adjusted to change a clock signal of the processor device to therefore vary time localization of at least one processor device resource relative to the detected transient faults; and
  
  disabling the processor device when the count of detected transient faults exceeds a threshold during the tracking interval.
- View Dependent Claims (24, 25)
- - 24. The processor device of claim 23, wherein the means for adaptively adjusting the control parameter adaptively adjusts the control parameter to more aggressively respond to more frequent transient faults and to less aggressively respond to less frequent transient faults.
  - 25. The processor device of claim 23, wherein the means for adaptively adjusting the control parameter comprises:
    - means for detecting an amount of time since a last transient fault;
      
      means for adjusting the control parameter to increase an amount of time allocated by the processor device to transient fault defense processes compared to an amount of time allocated by the processor device to other processes, if a new transient fault is detected within a tracking interval; and
      
      means for adjusting the control parameter to decrease the amount of time allocated by the processor device to transient fault defense processes compared to the amount of time allocated by the processor device to other processes, if a new transient fault is not detected within a tracking interval.

26. A non-transitory machine-readable storage medium having one or more instructions which when executed by a processing circuit causes the processor device to:
- detect transient faults within the processor device wherein the transient faults occur within the processor device;
  
  count a number of the detected transient faults within a tracking interval;
  
  continuously devote an amount of processor device resources to transient fault defense;
  
  adaptively adjust a control parameter for transient fault defense of the processor device in response to the transient faults to adaptively control the amount of processor device resources devoted to transient fault defense compared to an amount of processor device resources devoted to other operations, the control parameter adaptively adjusted to change a clock signal of the processor device to therefore vary time localization of at least one processor device resource relative to the detected transient faults; and
  
  disable the processor device when the count of detected transient faults exceeds a threshold during the tracking interval.
- View Dependent Claims (27, 28)
- - 27. The machine-readable storage medium of claim 26, further having one or more instructions which when executed by the processing circuit causes the processing circuit to adaptively adjust the control parameter to more aggressively respond to more frequent transient faults and less aggressively respond to less frequent transient faults.
  - 28. The machine-readable storage medium of claim 26, further having one or more instructions which when executed by the processing circuit causes the processing circuit to:
    - detect an amount of time since a last transient fault;
      
      adjust the control parameter to increase an amount of time allocated by the processor device to transient fault defense processes compared to an amount of time allocated by the processor device to other processes, if a new transient fault is detected within a tracking interval; and
      
      adjust the control parameter to decrease the amount of time allocated by the processor device to transient fault defense processes compared to the amount of time allocated by the processor device to other processes, if a new transient fault is not detected within a tracking interval.

29. A method operational on a processor device, comprising:
- detecting transient faults within the processor device wherein the transient faults occur within the processor device;
  
  continuously devoting an amount of processor device resources to detecting the transient faults; and
  
  adaptively adjusting a clock signal of the processor device in response to the transient faults to selectively gate clock cycles by selectively skipping clock cycles.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. The method of claim 29, wherein the clock signal is adaptively adjusted by applying a hash code to select clock cycles of the clock signal to selectively skip.
  - 31. The method of claim 30, wherein the hash code is randomly or pseudorandomly generated.
  - 32. The method of claim 29, wherein the clock signal is adaptively adjusted to control a ratio of gated clock cycles to non-gated clock cycles.
  - 33. The method of claim 29, wherein adaptively adjusting the clock signal comprises:
    - detecting an amount of time since a last transient fault;
      
      adjusting the control parameter to increase a number of gated clock cycles, if a new transient fault is detected within a tracking interval; and
      
      adjusting the control parameter to decrease the number of gated clock cycles, if a new transient fault is not detected within a tracking interval.
  - 34. The method of claim 29, wherein the processor device is incorporated into at least one of a smartphone, a video player, an entertainment unit, a navigation device, a communications device, a mobile phone, a music player, a personal digital assistant, a fixed location terminal, a tablet computer, and/or a laptop computer.

35. A processor device, comprising:
- a communication interface; and
  
  a processing circuit coupled to the communication interface, the processing circuit configured todetect transient faults within the processor device wherein the transient faults occur within the processor device;
  
  count a number of the detected transient faults within a tracking interval;
  
  continuously devoting an amount of processor device resources to detecting the transient faults;
  
  adaptively adjust a clock signal of the processor device in response to the transient faults to selectively gate clock cycles by selectively skipping clock cycles; and
  
  disable the processor device when the number of the detected transient faults exceeds a threshold during the tracking interval.
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. The processor device of claim 35, wherein the processing circuit is further configured to adaptively adjust the clock signal by applying a hash code to select clock cycles of the clock signal to selectively skip.
  - 37. The processor device of claim 36, wherein the processing circuit is further configured to randomly or pseudorandomly generate the hash code.
  - 38. The processor device of claim 35, wherein the processing circuit is further configured to adaptively adjust the clock signal to control a ratio of gated clock cycles to non-gated clock cycles.
  - 39. The processor device of claim 35, wherein the processing circuit is configured to adaptively adjust the clock signal by:
    - detecting an amount of time since a last transient fault;
      
      adjusting the control parameter to increase a number of gated clock cycles, if a new transient fault is detected within a tracking interval; and
      
      adjusting the control parameter to decrease the number of gated clock cycles, if a new transient fault is not detected within a tracking interval.
  - 40. The processor device of claim 35, wherein the processor device is incorporated into at least one of a smartphone, a video player, an entertainment unit, a navigation device, a communications device, a mobile phone, a music player, a personal digital assistant, a fixed location terminal, a tablet computer, and/or a laptop computer.

41. A processor device, comprising:
- means for detecting transient faults within the processor device wherein the transient faults occur within the processor device;
  
  means for counting a number of the detected transient faults within a tracking interval;
  
  means for continuously devoting an amount of processor device resources to detecting the transient faults;
  
  means for adaptively adjusting a clock signal of the processor device in response to the transient faults to selectively gate clock cycles by selectively skipping clock cycles; and
  
  means for disabling the processor device when the number of the detected transient faults exceeds a threshold during the tracking interval.

42. A non-transitory machine-readable storage medium having one or more instructions which when executed by a processing circuit processor device causes the processing circuit processor device to:
- detect transient faults within the processor device wherein the transient faults occur within the processor device;
  
  count a number of the detected transient faults within a tracking interval;
  
  continuously devote an amount of processor device resources to detecting the transient faults;
  
  adaptively adjust a clock signal of the processor device in response to the transient faults to selectively gate clock cycles by selectively skipping clock cycles; and
  
  disable the processor device when the number of the detected transient faults exceeds a threshold during the tracking interval.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Benoit, Olivier Jean, Tamagno, David
Primary Examiner(s)
Gracia, Gary S

Application Number

US15/089,379
Publication Number

US 20170286680A1
Time in Patent Office

1,229 Days
Field of Search

714E1123, 714 2, 714 61, 714 20, 714 30, 726 22, 726 23
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/75   by inhibiting the analysis ...

G09C 1/00   Apparatus or methods whereb...

H04L 9/004   for fault attacks

Adaptive systems and procedures for defending a processor against transient fault attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive systems and procedures for defending a processor against transient fault attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links