Microprocessor comprising error detection means protected against an attack by error injection

US 7,584,386 B2
Filed: 04/21/2005
Issued: 09/01/2009
Est. Priority Date: 04/21/2004
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring an execution of a sequence of instruction codes in an integrated circuit comprising a central processing unit provided for executing such instruction codes, the method comprising:

storing an expected signature associated with the sequence of instructions prior to execution of the sequence of instructions;

during the execution of the sequence, producing current cumulative signatures that vary according to logic signals taken off in the integrated circuit, until, at an end of the execution of the sequence, a final cumulative signature is obtained;

during the execution of the sequence, producing an error signal having an active value by default and remaining on the active value while the current cumulative signature is different from the expected signature;

masking the error signal for a time interval corresponding substantially to a presumed duration of execution of the sequence; and

unconditionally lifting the masking of the error signal when the time interval expires.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for monitoring the execution of a sequence of instruction codes in an integrated circuit comprising a central processing unit provided for executing such instruction codes. In one embodiment, the method comprises producing current cumulative signatures during the execution of a sequence, until a final cumulative signature is obtained, producing an error signal having a value active by default while the current cumulative signature is different to an expected signature, measuring a predetermined time interval that is substantially longer than the presumed duration of execution of the sequence, masking the error signal during the measurement of the time interval, and lifting the masking of the error signal when the time interval expires.

69 Citations

View as Search Results

51 Claims

1. A method for monitoring an execution of a sequence of instruction codes in an integrated circuit comprising a central processing unit provided for executing such instruction codes, the method comprising:
- storing an expected signature associated with the sequence of instructions prior to execution of the sequence of instructions;
  
  during the execution of the sequence, producing current cumulative signatures that vary according to logic signals taken off in the integrated circuit, until, at an end of the execution of the sequence, a final cumulative signature is obtained;
  
  during the execution of the sequence, producing an error signal having an active value by default and remaining on the active value while the current cumulative signature is different from the expected signature;
  
  masking the error signal for a time interval corresponding substantially to a presumed duration of execution of the sequence; and
  
  unconditionally lifting the masking of the error signal when the time interval expires.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1 wherein the time interval is measured by a timer that is activated by the central processing unit before a start of the execution of the sequence and which sends a signal that changes value when the timer has finished measuring the time interval, and wherein the error signal is masked by a logic circuit that is transparent or non-transparent in relation to the error signal according to a value of the signal sent by the timer.
  - 3. The method according to claim 1 wherein a subsequent current cumulative signature is produced in synchronization with a clock signal according to a previous current cumulative signature and to deterministic address, control or data logic signals involved in the execution of the sequence.
  - 4. The method according to claim 3 wherein the clock signal which paces the production of the current cumulative signatures is a clock signal of the central processing unit, and wherein a current cumulative signature is produced at each clock cycle of the central processing unit, during the execution of the sequence.
  - 5. The method according to claim 1 wherein:
    - the logic signals according to which the current cumulative signatures are produced comprise at least one of;
      
      an address signal applied to peripheral elements of the central processing unit;
      
      a signal for controlling the peripheral elements;
      
      a signal indicative of operations in progress;
      
      a signal indicative of data forming operands; and
      
      a signal indicative of instruction codes; and
      
      a signal is excluded from a calculation of a cumulative signature if it is not deterministic during the clock cycle during which the signature is produced.
  - 6. The method according to claim 1 wherein the current cumulative signatures are produced by means of a hard-wired logic signature calculation circuit comprising parallel inputs linked to points of the integrated circuit, and wherein inputs of the signature calculation circuit are inhibited by means of a configurable hard-wired logic masking circuit, for excluding non-deterministic signals.
  - 7. The method according to claim 6 wherein the inputs of the signature calculation circuit are connected to a data bus, to an address bus, and to a control bus, which conveys signals for controlling peripheral elements of the central processing unit.
  - 8. The method according to claim 1 wherein the production of the current cumulative signatures is performed by means of a linear feedback shift register.
  - 9. The method of claim 1 wherein the sequence of instruction codes is part of a program containing additional sequences of instructions, the additional instructions including instructions for storing the expected signature in a memory.

10. An integrated circuit comprising:
- a central processing unit for executing a program comprising instruction codes; and
  
  means for monitoring an execution of at least one sequence of instruction codes in the program, the sequence comprising at least one instruction code, the monitoring means comprising;
  
  a signature calculation circuit for producing current cumulative signatures that vary according to logic signals of the integrated circuit, the signature calculation circuit supplying, at an end of the execution of the sequence, a final cumulative signature;
  
  means for storing an expected signature prior to execution of the sequence of instruction codes;
  
  a timer for measuring a time interval;
  
  means for producing an error signal having an active value by default as soon as the execution of the sequence starts, and remaining on the active value while the current cumulative signature is different to the expected signature; and
  
  means for masking the error signal during the measurement of the time interval by the timer, and unconditionally lifting the error signal when the time interval expires.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The integrated circuit according to claim 10 wherein the means for masking the error signal comprises a logic circuit receiving the error signal at one input and a signal supplied by the timer at another input, the logic circuit being transparent or non-transparent in relation to the error signal according to a value of the signal supplied by the timer.
  - 12. The integrated circuit according to claim 10 wherein the means for producing an error signal comprises:
    - a comparator receiving the current cumulative signatures at one input and the stored expected signature at another input; and
      
      a memory element for supplying the error signal, configured to deactivate the error signal when an output of the comparator indicates an equality of signatures.
  - 13. The integrated circuit according to claim 10 wherein the means for producing an error signal comprises:
    - a comparator receiving the current cumulative signatures at one input and the stored expected signature at another input, the output of which supplies the error signal; and
      
      means for executing an instruction for deactivating the signature calculation circuit.
  - 14. The integrated circuit according to claim 10 wherein the signature calculation circuit comprises parallel inputs linked to points of the integrated circuit through which pass at least one of address, control and data logic signals involved in the execution of the sequence and wherein a configurable hard-wired logic masking circuit is coupled to the inputs of the signature calculation circuit for inhibiting the inputs likely to receive non-deterministic signals during the execution of the sequence.
  - 15. The integrated circuit according to claim 14, wherein the configurable masking circuit comprises a register for receiving a string of bits forming a binary mask.
  - 16. The integrated circuit according to claim 10 wherein the signature calculation circuit comprises inputs linked to points of the integrated circuit through which pass at least one of:
    - an address signal applied to peripheral elements of the central processing unit;
      
      a signal for controlling the peripheral elements;
      
      a signal indicative of operations in progress;
      
      a signal indicative of data forming operands; and
      
      a signal indicative of an instruction code.
  - 17. The integrated circuit according to claim 10 wherein the signature calculation circuit comprises inputs linked to:
    - a data bus;
      
      an address bus; and
      
      a control bus, on which signals for controlling peripheral elements of the central processing unit pass.
  - 18. The integrated circuit according to claim 10 wherein the signature calculation circuit is paced by a clock signal of the central processing unit, and calculates a current cumulative signature at each clock cycle by replacing each previous signature with a new signature, in a register for storing the current signature.

19. A computer-readable memory medium containing a sequence of instructions for controlling an integrated circuit, the sequence including instructions for causing the integrated circuit to:
- store an expected final cumulative signature associated with a secured sequence of instructions in the sequence of instructions;
  
  store a value corresponding to an expected duration of an execution of the secured sequence of instructions; and
  
  subsequently execute the secured sequence of instructions.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The computer-readable memory medium of claim 19 wherein the sequence of instructions further includes instructions for causing the integrated circuit to select deterministic signals for use in producing a current cumulative signature during execution of the secured sequence of instructions.
  - 21. The computer-readable memory medium of claim 20 wherein the selected deterministic signals comprise at least one of an address signal, a control signal and a data logic signal.
  - 22. The computer-readable memory medium of claim 20 wherein the selected deterministic signals comprise at least one of:
    - an address corresponding to a peripheral device;
      
      a signal for controlling a peripheral device;
      
      a signal corresponding to an operation in progress; and
      
      a signal indicative of a data operand.
  - 23. The computer-readable memory medium of claim 19, wherein the sequence of instructions further includes instructions for causing the integrated circuit to:
    - start generating a current cumulative signature; and
      
      stop generating a current cumulative signature.

24. An integrated circuit, comprising:
- a processor for executing a sequence of instruction codes;
  
  a memory to store a known signature associated with a secured sequence of instruction codes in the sequence of instruction codes;
  
  a signature production module configured to produce cumulative signatures during the execution of the sequence of instructions;
  
  an error detector coupled to the signature production module and configured to generate an error signal when a current cumulative signature is different from the known signature; and
  
  an error masking module configured to mask the error signal generated by the error detector when the current cumulative signature is expected to be different from the known signature.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The integrated circuit of claim 24, further comprising:
    - a data bus;
      
      a control bus;
      
      an address bus; and
      
      a signal masking module coupled between the signature production module and the data bus, the control bus and the address bus, wherein the signal masking module is configured to mask non-deterministic signals on the data bus, the control bus and the address bus.
  - 26. The integrated circuit of claim 24, further comprising a peripheral device wherein the signature production circuit is configured to monitor deterministic signals related to the peripheral device.
  - 27. The integrated circuit of claim 26 wherein the peripheral device is a cryptographic calculation module.
  - 28. The integrated circuit of claim 24 wherein the error detector comprises:
    - a register configured to store the known signature;
      
      a comparator configured to compare the stored known signature to an output of the signature production module and to produce a match signal when the output of the signature production module is equal to the stored known signature; and
      
      a flip-flop for producing the error signal and coupled to the comparator, wherein the flip-flop is configured to produce an active error signal by default and to deactivate the error signal in response to receipt of a match signal from the comparator.
  - 29. The integrated circuit of claim 24, further comprising:
    - a switch module configured to control the signature production module, wherein the error detector comprises;
      
      a register configured to store the known signature; and
      
      a comparator configured to compare the stored known signature to an output of the signature production module and to produce an active error signal when the output of the signature production module is different from the stored known signature.
  - 30. The integrated circuit of claim 24, further comprising:
    - an error management module coupled to the error masking module.

31. A method of detecting error injection during execution of a sequence of instruction codes by an integrated circuit, comprising:
- masking an error signal;
  
  activating the error signal;
  
  executing the sequence of instruction codes;
  
  generating a cumulative signature during execution of the sequence of instruction codes;
  
  deactivating the error signal when a cumulative signature is equal to a known final cumulative signature; and
  
  lifting the mask when the cumulative signature is expected to be equal to the known final cumulative signature.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
- - 32. The method of claim 31 wherein the generating a cumulative signature comprises monitoring deterministic signals in the integrated circuit.
  - 33. The method of claim 32 wherein the monitoring deterministic signals includes monitoring a signal on a data bus.
  - 34. The method of claim 32 wherein the monitoring deterministic signals includes monitoring a signal on an address bus.
  - 35. The method of claim 32 wherein the monitoring deterministic signals includes monitoring a signal on a control bus.
  - 36. The method of claim 32 wherein the monitoring deterministic signals includes monitoring a signal related to a peripheral device.
  - 37. The method of claim 36 wherein the peripheral device comprises a cryptographic calculation module.
  - 38. The method of claim 32 further comprising:
    - identifying a deterministic signal to be monitored based on an instruction in the sequence of instructions.
  - 39. The method of claim 31 wherein lifting the mask comprises lifting the mask after a period of time has elapsed.

40. A system comprising:
- a smart card; and
  
  an electronic device coupled to the smart card, wherein the system includes an integrated circuit, the integrated circuit comprising;
  
  a processor for executing a sequence of instruction codes;
  
  a memory to store a known signature associated with a secured sequence of instructions in the sequence of instruction codes;
  
  a signature production module configured to produce a current cumulative signature during execution of the secured sequence of instructions;
  
  an error detection module coupled to the signature production module and configured to produce an error signal based on a comparison of the current cumulative signature with the known signature; and
  
  an error masking module coupled to the error detection module and configured to mask the error signal until the cumulative signature is expected to be equal to the known signature.
- View Dependent Claims (41, 42, 43, 44, 45, 46)
- - 41. The system of claim 40 wherein the integrated circuit is included in the smart card.
  - 42. The system of claim 40 wherein the integrated circuit is included in the electronic device.
  - 43. The system of claim 40 wherein the electronic device is a set top box.
  - 44. The system of claim 40 wherein the electronic device is a cellular device.
  - 45. The system of claim 40 wherein the signature production module is further configured to monitor a deterministic signal in the integrated circuit.
  - 46. The system of claim 40 wherein the known signature is an expected final cumulative signature associated with the secured sequence of instructions.

47. An integrated circuit, comprising:
- means for executing a sequence of instructions;
  
  means for producing a current cumulative signature during execution of the sequence of instructions;
  
  means for comparing the current cumulative signature with an expected signature, the expected signature being known prior to execution of the sequence of instructions; and
  
  means for masking an output of the means for comparing the current cumulative signature with the expected signature.
- View Dependent Claims (48, 49, 50, 51)
- - 48. The integrated circuit of claim 47 wherein the means for producing a current cumulative signature comprises means for monitoring a deterministic signal in the integrated circuit.
  - 49. The integrated circuit of claim 47 wherein the expected signature is an expected final signature.
  - 50. The integrated circuit of claim 47 wherein the means for producing a current cumulative signature comprises:
    - a masking circuit coupled to a plurality of buses;
      
      a configuration register coupled to the masking circuit and to the plurality of buses;
      
      a signature calculation module coupled to the masking circuit; and
      
      a signature register coupled to the signature calculation module.
  - 51. The integrated circuit of claim 47 wherein the means for masking an output of the means for comparing comprises:
    - a masking circuit;
      
      a timer coupled to the masking circuit and configured to deactivate the masking circuit after an expected execution time for the execution of the sequence of instructions has expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stmicroelectronics France (STMicroelectronics NV)
Original Assignee
STMicroelectronics SA (STMicroelectronics NV)
Inventors
Berard, Nicolas, Bancel, Frederic
Primary Examiner(s)
Beausoliel; Robert
Assistant Examiner(s)
Lottich; Joshua P

Application Number

US11/111,046
Publication Number

US 20050251708A1
Time in Patent Office

1,594 Days
Field of Search

714/21, 714/45, 714/732
US Class Current

714/45
CPC Class Codes

G06F 21/52 during program execution, e...

G06F 21/71 to assure secure computing ...

Microprocessor comprising error detection means protected against an attack by error injection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Microprocessor comprising error detection means protected against an attack by error injection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links