Microprocessor comprising signature means for detecting an attack by error injection

US 20050268163A1
Filed: 04/21/2005
Published: 12/01/2005
Est. Priority Date: 04/21/2004
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring execution of a sequence of instruction codes in an integrated circuit having a central processing unit provided for executing such instruction codes, the method comprising:

during the execution of the sequence, taking off at various points of the integrated circuit, at least one of deterministic address, control and data logic signals involved in the execution of the sequence, and producing current cumulative signatures using the deterministic logic signals and in synchronization with a clock signal, each current cumulative signature varying according to a previous cumulative signature and to the deterministic logic signals, until, at an end of the execution of the sequence, a final cumulative signature is obtained; and

comparing the final cumulative signature with an expected signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for monitoring the execution of a sequence of instruction codes in an integrated circuit comprising a central processing unit provided for executing such instruction codes. Current cumulative signatures are produced using deterministic address, control or data logic signals involved in the execution of the sequence and taken off at various points of the integrated circuit. A final cumulative signature is compared with an expected signature and an error signal is produced if the two signatures are not identical. Particularly useful to secure integrated circuits for smart cards.

45 Citations

View as Search Results

48 Claims

1. A method for monitoring execution of a sequence of instruction codes in an integrated circuit having a central processing unit provided for executing such instruction codes, the method comprising:
- during the execution of the sequence, taking off at various points of the integrated circuit, at least one of deterministic address, control and data logic signals involved in the execution of the sequence, and producing current cumulative signatures using the deterministic logic signals and in synchronization with a clock signal, each current cumulative signature varying according to a previous cumulative signature and to the deterministic logic signals, until, at an end of the execution of the sequence, a final cumulative signature is obtained; and
  
  comparing the final cumulative signature with an expected signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1 wherein the clock signal which paces the production of the current cumulative signatures is a clock signal of the central processing unit, and wherein a current cumulative signature is produced at each clock cycle of the central processing unit, during the execution of the sequence.
  - 3. The method according to claim 1 wherein the at least one deterministic signal comprises at least part of one of:
    - an address corresponding to a peripheral element of the central processing unit;
      
      a signal for controlling the peripheral element;
      
      a signal indicative of an operation in progress;
      
      a signal indicative of data forming operands; and
      
      a signal indicative of data forming instruction codes, and wherein a signal is excluded from the calculation of a cumulative signature if it is not deterministic during the clock cycle during which the signature is produced.
  - 4. The method according to claim 1 wherein the current cumulative signatures are produced by a hard-wired logic signature calculation circuit comprising parallel inputs linked to points of the integrated circuit through which deterministic and non-deterministic logic signals pass, and wherein inputs of the signature calculation circuit are inhibited when the corresponding logic signals are not deterministic.
  - 5. The method according to claim 4 wherein inputs of the signature calculation circuit are inhibited by a configurable hard-wired logic masking circuit.
  - 6. The method according to claim 4 wherein the inputs of the signature calculation circuit are connected to a data bus, to an address bus, and to a control bus conveying signals for controlling peripheral elements of the central processing unit.
  - 7. The method according to claim 1 wherein the producing cumulative signatures is performed by a linear feedback shift register.
  - 8. The method according to claim 1, further comprising the steps of:
    - during the execution of the sequence, producing an error signal having an active value by default while the current cumulative signature is different from an expected signature;
      
      masking the error signal for a predetermined time interval corresponding substantially to a presumed duration of execution of the sequence; and
      
      unconditionally lifting the masking of the error signal when the predetermined time interval expires.

9. An integrated circuit comprising:
- a central processing unit for executing a program comprising instruction codes;
  
  means for monitoring execution of at least one sequence of instruction codes comprising at least one instruction code, the monitoring means comprising;
  
  a signature calculation circuit comprising parallel inputs linked to various points of the integrated circuit through which at least one of deterministic address, control or data logic signals involved in the execution of the sequence pass, the signature calculation circuit being arranged for producing current cumulative signatures that vary according to the deterministic signals, until a final cumulative signature is obtained at an end of the execution of the sequence; and
  
  a configurable hard-wired logic masking circuit for inhibiting the inputs of the signature calculation circuit which are capable of receiving non-deterministic signals during the execution of the sequence; and
  
  means for comparing the final cumulative signature with an expected signature.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The integrated circuit according to claim 9 wherein the configurable hard-wired logic masking circuit comprises a register at least write-accessible for receiving a string of bits forming a binary mask.
  - 11. The integrated circuit according to claim 9 wherein the signature calculation circuit comprises inputs linked to points of the integrated circuit through which pass at least part of one of:
    - an address signal corresponding to peripheral elements of the central processing unit;
      
      signals for controlling the peripheral elements;
      
      signals indicative of operations in progress;
      
      signals indicative of data forming operands; and
      
      signals indicative of data forming instruction codes.
  - 12. The integrated circuit according to claim 9 wherein the signature calculation circuit comprises:
    - inputs linked to a data bus;
      
      inputs linked to an address bus; and
      
      inputs linked to a control bus on which signals for controlling peripheral elements of the central processing unit pass.
  - 13. The integrated circuit according to claim 9, further comprising:
    - a timer for measuring a predetermined time interval;
      
      means for producing an error signal having an active value by default while the current cumulative signature is different from the expected signature; and
      
      means for masking the error signal during the measurement of the time interval by the timer, and unconditionally lifting the error signal when the time interval expires.
  - 14. The integrated circuit according to claim 13 wherein the means for producing an error signal comprises:
    - a comparator having an output which supplies the error signal, and receiving the current cumulative signature at one input and the expected signature at another input; and
      
      memory means for supplying the error signal, arranged for deactivating the error signal when the output of the comparator indicates an equality of signatures; and
      
      wherein the means for masking the error signal comprises;
      
      a logic circuit for masking the error signal, receiving the error signal at one input and a signal supplied by the timer at another input, the masking logic circuit being transparent or non-transparent in relation to the error signal according to a value of the signal sent by the timer.
  - 15. The integrated circuit according to claim 9 wherein the signature calculation circuit is paced by a clock signal of the central processing unit, and calculates a current cumulative signature at each clock cycle, by replacing each previous signature with a new signature, in a register for storing the current cumulative signature.

16. A computer-readable memory medium containing a sequence of instructions for controlling an integrated circuit, the sequence including instructions for causing the integrated circuit to:
- store an expected final cumulative signature;
  
  select deterministic signals for use in producing a current cumulative signature during execution of the sequence of instructions; and
  
  mask a selected signal when the selected signal is not deterministic.
- View Dependent Claims (17, 18, 19)
- - 17. The computer-readable memory medium of claim 16 wherein the selected deterministic signals comprise at least part of an address signal, a control signal and a data logic signal.
  - 18. The computer-readable memory medium of claim 16 wherein the selected deterministic signals comprise at least part of one of:
    - an address corresponding to a peripheral device;
      
      a signal for controlling a peripheral device;
      
      a signal corresponding to an operation in progress; and
      
      a signal indicative of a data operand.
  - 19. The computer-readable memory medium of claim 16 wherein the selected signals are deterministic during at least one cycle of execution of the sequence of instructions.

20. An integrated circuit, comprising:
- a processor for executing a sequence of instruction codes;
  
  a signature production module configured to monitor deterministic signals in the integrated circuit during execution of the sequence of instruction codes and to produce a current cumulative signature based on the monitored deterministic signals;
  
  an error detection module coupled to the signature production module and configured to produce an error signal based on a comparison of the current cumulative signature with an expected final cumulative signature; and
  
  a signal masking module coupled to the signature production module and configured to mask non-deterministic signals.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The integrated circuit of claim 20, further comprising:
    - a data bus;
      
      a control bus; and
      
      an address bus wherein the signal masking module is coupled between the signature production module and the data bus, the control bus and the address bus, and the signal masking module is configured to mask non-deterministic signals on the data bus, the control bus and the address bus.
  - 22. The integrated circuit of claim 20, further comprising a peripheral device wherein the signature production circuit is configured to monitor deterministic signals related to the peripheral device.
  - 23. The integrated circuit of claim 22 wherein the deterministic signals related to the peripheral device include at least one of:
    - an address corresponding to the peripheral device; and
      
      a signal for controlling the peripheral device.
  - 24. The integrated circuit of claim 22 wherein the peripheral device is a cryptographic calculation module.
  - 25. The integrated circuit of claim 20 wherein the error detection module is configured to compare the current cumulative signature with the expected final cumulative signature after execution of the sequence of instruction codes is complete.
  - 26. The integrated circuit of claim 20 wherein the error detection module is configured to compare the current cumulative signature with the expected final signature during execution of the sequence of instruction codes.
  - 27. The integrated circuit of claim 20 wherein the error detection module comprises:
    - a comparator;
      
      an error masking module coupled to the comparator and configured to mask an output of the comparator when the current cumulative signature is not expected to be equivalent to the expected final cumulative signature.
  - 28. The integrated circuit of claim 20, further comprising:
    - an error management module coupled to the error detection module.

29. A method of monitoring execution of a sequence of instruction codes by an integrated circuit, comprising:
- executing the sequence of instruction codes;
  
  masking non-deterministic signals;
  
  monitoring deterministic signals in the integrated circuit during execution of the sequence of instruction codes;
  
  producing a current cumulative signature based on the monitored deterministic signals; and
  
  comparing the current cumulative signature with an expected signature.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 30. The method of claim 29 wherein the monitoring deterministic signals includes monitoring a signal on a data bus.
  - 31. The method of claim 29 wherein the monitoring deterministic signals includes monitoring a signal on an address bus.
  - 32. The method of claim 29 wherein the monitoring deterministic signals includes monitoring a signal on a control bus.
  - 33. The method of claim 29 wherein the monitoring deterministic signals includes monitoring a signal related to a peripheral device.
  - 34. The method of claim 33 wherein the peripheral device comprises a cryptographic calculation module.
  - 35. The method of claim 29 wherein the comparing the cumulative signature to the expected signature occurs when the cumulative signature is expected to be equal to the expected signature.
  - 36. The method of claim 29, further comprising:
    - generating an error signal based on the comparison of the current cumulative signature to the expected signature; and
      
      masking the error signal.
  - 37. The method of claim 36, wherein the error signal is masked until the current cumulative signature is expected to be equal to the expected signature.
  - 38. The method of claim 36 further comprising:
    - lifting the error signal mask after a period of time has elapsed.
  - 39. The method of claim 29 further comprising:
    - identifying a deterministic signal to be monitored based on an instruction in the sequence of instructions.

40. A system comprising:
- a smart card; and
  
  an electronic device coupled to the smart card, wherein the system includes an integrated circuit, the integrated circuit comprising;
  
  a processor for executing a sequence of instruction codes;
  
  a masking module configured to mask non-deterministic signals during execution of the sequence of instructions;
  
  a signature production module configured to monitor deterministic signals in the integrated circuit during execution of the sequence of instruction codes and to produce a current cumulative signature based on the monitored deterministic signals; and
  
  an error detection module coupled to the signature production module and configured to produce an error signal based on a comparison of the current cumulative signature with an expected final cumulative signature.
- View Dependent Claims (41, 42, 43, 44)
- - 41. The system of claim 40 wherein the integrated circuit is including in the smart card.
  - 42. The system of claim 40 wherein the integrated circuit is included in the electronic device.
  - 43. The system of claim 40 wherein the electronic device is a set top box.
  - 44. The system of claim 40 wherein the electronic device is a cellular device.

45. An integrated circuit, comprising:
- means for executing a sequence of instructions;
  
  means for producing a current cumulative signature based on monitored deterministic signals generated during execution of the sequence of instructions; and
  
  means for comparing the current cumulative signature with an expected signature.
- View Dependent Claims (46, 47, 48)
- - 46. The integrated circuit of claim 45, further comprising:
    - means for masking an output of the means for comparing the current cumulative signature with an expected signature.
  - 47. The integrated circuit of claim 45 wherein the expected signature is an expected final signature.
  - 48. The integrated circuit of claim 45 wherein the means for producing a current cumulative signature comprises:
    - a masking module coupled to a plurality of buses;
      
      a configuration register coupled to the masking module and to the plurality of buses;
      
      a signature calculation module coupled to the masking module; and
      
      a signature register coupled to the signature calculation module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
STMicroelectronics SA (STMicroelectronics NV)
Original Assignee
STMicroelectronics SA (STMicroelectronics NV)
Inventors
Berard, Nicolas, Bancel, Frederic

Granted Patent

US 7,904,775 B2
Time in Patent Office

Days
Field of Search
US Class Current

714/11
CPC Class Codes

G06F 21/52 during program execution, e...

G06F 21/71 to assure secure computing ...

Microprocessor comprising signature means for detecting an attack by error injection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Microprocessor comprising signature means for detecting an attack by error injection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links