Patent Grant
7634640
The invention relates to a data processing apparatus having an execution unit and a flow controller which has a program counter.
Such data processing apparatuses are known in the form of microcontrollers, for example. The execution unit handles arithmetic and logic instructions. The operands involved are either located in the data and address registers or are applied via an internal bus. The flow controller normally comprises an instruction decoder and a program counter. The program counter calls the instructions in the program successively. The instruction decoder then triggers the steps required for executing the instructions.
When a program starts, the program counter is set to a start address. This address is transferred to a memory via an address bus. A read signal transferred on a control bus prompts the content of the memory area in question to appear on a data bus and to be stored in the instruction decoder. The instruction decoder then triggers the operations required for executing the instruction. Following execution of the instruction, the instruction decoder sets the program counter to the address of the next instruction.
The instruction which is executed next is thus always dependent on the address which is in the program counter.
This key function of the program counter is exploited by hackers when attacking chip cards and security ICs. The attackers attempt to disrupt the components involved in program execution such that the intended program sequence is altered and the microcontroller executes a code other than the intended one. Such unwanted changing of the program flow is referred to as “jumping” the microcontroller. In order to prompt the microcontroller to be jumped, attackers attempt to increase the clock frequency or to inject interference onto the clock line or the supply voltage lines.
In order to prevent such an attack, which results in the microcontroller being jumped, it is known practice to provide a plurality of sensors which detect an excessive frequency or interference on the supply lines, for example. If, by way of example, the excessive frequency sensor responds because the microcontroller is being operated at an increased clock frequency, an attack is assumed and the microcontroller is subjected to a security reset. These sensors are relatively complex to implement, however, because they require analog circuit components.
It is an object of the invention to specify a data processing apparatus in which jumping is identified securely and easily.
The invention achieves this object by means of a data processing apparatus of the type mentioned initially which has a program counter sensor which is connected to a data bus and to the program counter. The program counter sensor has a logic unit that ascertains the address of an instruction which is to be executed next from data transferred via the data bus, and a comparator which compares the ascertained address with the content of the program counter and triggers an alarm signal if there is any discrepancy.
An advantage of the invention is that it is not necessary to provide a plurality of complex sensors which indirectly ascertain the risk of jumping by detecting interference which can result in jumping. Instead, the means for ascertaining the address of an instruction which is to be executed next, which means operate in parallel with the program counter, are used to ascertain the address of the next instruction independently of the program counter. During a correct mode of operation, the ascertained address has to match the content of the program counter.
It is particularly advantageous if both the data on the data bus and the content of the program counter are processed with a delay. This prevents interference generated by attackers from affecting either the program counter or the program counter sensor.
It is therefore also particularly advantageous if the program counter sensor is produced using a different circuit technology than the flow controller with the program counter. The effect achieved by this is that the sensitivity to interference and the response to interference differ.
The inventive program counter sensor can be manufactured particularly easily and inexpensively, since it can be constructed just from logic components and no analog components are required. Another advantage in this context is that the program counter sensor can be hidden in the normal logic and is thus protected against any physical attack. In addition, such a sensor is much easier to test than a sensor with analog components.
The invention is explained in more detail below using an exemplary embodiment.
The single FIGURE shows a schematic illustration of a microcontroller with an inventive program counter sensor.
The left-hand half of
The right-hand half of
In line with the invention, the new program counter value is thus ascertained in parallel by the program counter sensor 20. The content of the program counter simulation 23 is then compared with the content of the program counter 4 in a comparator 24. In the exemplary embodiment in
In order to identify instructions, the logic unit 22 continually checks the transferred data 15 to determine whether they contain instructions and whether these have new values for the program counter or the program counter simulation 23. As soon as an instruction is identified which contains an address for an instruction which is to be executed next (e.g. a jump instruction), the address of the new instruction is stored in the program counter simulation 23. If the identified instruction does not bring about any explicit alteration of the program counter, that is to say if a linear program flow exists, then the address stored in the program counter simulation 23 is incremented on the basis of the instruction length and thus points to the linearly next instruction which is to be executed, as also occurs in the flow controller 2 for the program counter 4.
If the comparator 24 establishes that the compared contents of the program counter simulation 23 and of the program counter 4 differ, it outputs an alarm signal 25. This can subsequently be used to implement a security reset for the data processing apparatus. Alternatively, it would be possible to take other countermeasures, triggered by the alarm signal 25.
The schematic illustration of
On the other hand, it is advantageous for the program counter sensor 20 to be produced using different circuit technology than the actual program counter 4, because this ensures that these components react differently to interference.
| Number | Date | Country | Kind |
|---|---|---|---|
| 102 40 088 | Aug 2002 | DE | national |
This application is a continuation of International Patent Application Serial No. PCT/DE2003/002430, filed Jul. 18, 2003, which published in German on Mar. 18, 2004 as WO 2004/023274, and is incorporated herein by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5241547 | Kim | Aug 1993 | A |
| 5357627 | Miyazawa et al. | Oct 1994 | A |
| 5408645 | Ikeda et al. | Apr 1995 | A |
| 5592613 | Miyazawa et al. | Jan 1997 | A |
| 5649225 | White et al. | Jul 1997 | A |
| 5724563 | Hasegawa | Mar 1998 | A |
| 5838896 | Han | Nov 1998 | A |
| 5903718 | Marik | May 1999 | A |
| 6360310 | Au | Mar 2002 | B1 |
| 6363453 | Esposito et al. | Mar 2002 | B1 |
| 6378078 | Ushijima | Apr 2002 | B1 |
| 7043717 | Matsumoto et al. | May 2006 | B2 |
| Number | Date | Country |
|---|---|---|
| 0 897 151 | Feb 1999 | EP |
| 05-035613 | Feb 1993 | JP |
| 08-016434 | Jan 1996 | JP |
| 10063541 | Mar 1998 | JP |
| Number | Date | Country | |
|---|---|---|---|
| 20050182990 A1 | Aug 2005 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | PCT/DE03/02430 | Jul 2003 | US |
| Child | 11070843 | US |
