This application claims priority to German Patent Application Serial No. 10 2012 108 981.7, which was filed Sep. 24, 2012, and is incorporated herein by reference in its entirety.
Various embodiments relate to an input/output module that can be used in data processing apparatuses, for example in security microcontrollers or smartcards. Various embodiments further relate to a method for checking the operation of such a data processing apparatus.
Many attacks against security microcontrollers have the aim of influencing the output of data such that not just permitted data but also other memory contents, such as secret keys or protected program code; are output. In order to achieve what is known as a “dump”, it is possible to manipulate the CPU or a peripheral controller, for example.
In order to counteract attacks, it is possible to provide sensors that can be used to detect the attack conditions. The security microcontroller can then be put into a safe state, for example in which the output of the data is interrupted, in good time. The sensors can for the most part be bypassed by improved attacks, however.
The executing modules or circuit portions of the security microcontroller can also be embodied on a redundant basis in order to detect manipulations on one of the portions during operation. When a manipulation is recognized, the security microcontroller can be put back into a safe state in good time. However, modern and future security microcontrollers have very many components involved in the data transmission. Every single component would need to be stored redundantly in order to safeguard the overall security of the product.
Various embodiments provide an input/output module, including: at least one input/output port for the input of data; a signature generator that is coupled to the input/output port and is set up to generate a signature for the data from the data; a reference input, wherein the reference input is set up for the application of a reference signature; and a comparator that is coupled to the signature generator and to the reference input, and is set up to output an alarm signal if the signature of the data on the input/output port differs from the reference signature.
In the drawings, like reference characters generally refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead generally being placed upon illustrating the principles of the invention. In the following description, various embodiments of the invention are described with reference to the following drawings, in which:
The following detailed description refers to the accompanying drawings that show, by way of illustration, specific details and embodiments in which the invention may be practiced.
The word “exemplary” is used herein to mean “serving as an example, instance, or illustration”. Any embodiment or design described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments or designs.
The word “over” used with regards to a deposited material formed “over” a side or surface, may be used herein to mean that the deposited material may be formed “directly on”, e.g. in direct contact with, the implied side or surface. The word “over” used with regards to a deposited material formed “over” a side or surface, may be used herein to mean that the deposited material may be formed “indirectly on” the implied side or surface with one or more additional layers being arranged between the implied side or surface and the deposited material.
In the detailed description which follows, reference is made to the appended figures, which form part of the description and which show specific embodiments in which the invention can be executed for the purpose of illustration. In this respect, directional terminology such as “at the top”, “at the bottom”, “at the front”, “at the rear”, “front”, “rear” etc. is used with reference to the orientation of the figure(s) described. Since components of embodiments can be positioned in a number of different orientations, the directional terminology is used for the purpose of illustration and is in no way restrictive. It goes without saying that other embodiments can be used and structural or logical changes made without departing from the scope of protection of the present invention. It goes without saying that the features of the various exemplary embodiments described herein can be combined with one another unless specifically stated otherwise. The following detailed description should therefore not be regarded as restrictive, and the scope of protection of the present invention is defined by the attached claims.
Within the context of this description, the terms “connected” and “coupled” are used to describe both direct and indirect connection, and also direct and indirect coupling.
In the figures, identical or similar elements are provided with identical reference symbols, insofar as this is expedient. For the sake of clarity, it is not possible to provide all elements in the figures with dedicated reference symbols. This applies particularly to elements that are identical to other elements. The description and reference symbols can thus apply in the same way to all elements that are shown in the same graphical manner.
The input/output module 108 may have a data port 116, an input/output port 118, a reference input 120 and an alarm output 122. It may have an interface module 110, a signature generator 113 and a comparator 114. The data port 116 may be coupled to the port of the processor 102 on which the data and/or commands D1 are provided or received by the processor 102. The input/output port 118 may have data D on it. The data D may be data or commands that are output by the input/output module 108, or the data processing apparatus 100. The data D may also be data or commands that are input into the input/output module 108, or into the data processing apparatus 100. The data D can be used for the data processing apparatus 100 to communicate with the outside world.
The reference input 120 can have a reference signature SR applied to it. The reference input 120 may be coupled to a memory 106, subsequently called “reference signature memory 106”. The reference signature memory 106 may store a reference signature SR. The reference input 120 may be coupled to the processor 102. The processor 102 can calculate the reference signature SR. The reference signature memory 106 may be part of the processor 102.
The alarm output 122 may be coupled to the processor 102. An alarm A may be forwarded to the processor 102. In the event of an alarm signal A, the processor 102 may take suitable measures against the attack.
The signature generator 113 may be coupled to the input/output port 118. It may take data D that are applied to the input/output 118 and generate a signature SD for the data D, subsequently called “data signature SD”.
The signature may be an algorithm that maps a volume of data of arbitrary magnitude onto a smaller volume of data of fixed magnitude, as a result of which an alteration in the volume of data of arbitrary magnitude has a very high likelihood of also altering the smaller volume of data. The algorithm may be chosen such that the calculation of the smaller volume of data from the volume of data of arbitrary magnitude is simple to perform. The algorithm may also be chosen such that it is almost impossible to generate a volume of data of arbitrary magnitude for a prescribed smaller volume of data. It may also be chosen such that it is almost impossible to alter the volume of data of arbitrary magnitude without simultaneously altering the smaller volume of data. It may also be chosen such that it is almost impossible to specify two volumes of data of arbitrary magnitude that result in the same smaller volume of data. By way of example, the signatures may be checksums that are produced by a hash function, for example.
The comparator 114 may be coupled to the signature generator 113 and to the reference input 120, as a result of which it can be supplied with the data signature SD and with the reference signature SR. The comparator 114 can output an alarm signal A on the alarm output 122 if the data signature SD differs from the reference signature SR.
The interface module 110 may be coupled to the input/output port 118. It may be coupled to the data port 116, for example via the data port 116. It may be coupled to the processor 102. The interface module 110 can condition the data D1 that are present on the data port 116 of the input/output module 108 for transmission outside the data processing apparatus 100. Similarly, the data D that are supplied to the data processing apparatus 100 from the outside may be conditioned for transmission to the processor 112 or for other further processing. The interface module 110 may have an input/output memory or data buffer 126. the input/output memory 126 may be coupled to the input/output port 118.
The interface module 110 may be a contactless interface. The contactless interface may comply with Standard ISO 14443.
The interface module 110 may be a universal asynchronous receiver transmitter (UART). A universal asynchronous receiver transmitter is used for asynchronously sending and receiving data via a data line. A clock signal is not required. The data to be transmitted or the data to be received are delivered to the UART usually in parallel form, for example via a parallel data bus.
The interface module 110 may be an I2C bus (inter-integrated circuit). The I2C bus is a serial master-slave data bus. It may be used internally in the device for communication between different circuit portions, e.g. of a processor 102. The I2C protocol may be used in the chip card domain, for example in a health insurance card, in order to read or write to the chip card using a card reader.
The interface module 110 may be a serial peripheral interface (SPI). The serial peripheral interface is a bus system for a synchronous serial data bus in which digital circuits can be connected to one another via three common lines on the basis of the master-slave principle. By way of example, it can be used for transmitting data between microcontrollers.
The interface module 110 may be a single wire protocol (SWP) interface. The single wire protocol is a specification that can be used to set up a connection between a SIM card and a near field communication chip (NFC) in a mobile telephone, for example.
The operation of the data processing apparatus 100 can be checked by calculating a data signature SD for data D that are output on an input/output port 118 by the data processing apparatus 100. The data signature SD can be compared with the associated reference signature SR. The reference signature SR may be calculated beforehand. It may be firmly prescribed. It may be a signature pertaining to data that are permitted and required to be output via the input/output port 118. The data may be called “reference data R”. Instead of one reference signature, a plurality of reference signatures SR may be used, calculated or stored.
If the data that are intended to be output on the input/output port 118 have been manipulated in any way on the path to output, for example by virtue of their content having been altered, or fewer or more data being output, or output of the data not being admissible or permitted, the data signature SD differs from the reference signature SR. An alarm signal A may be output at the alarm output 122, and the processor 102 may be notified that an attack or an error has occurred. The processor 102 may then take the necessary action, for example may terminate the data output on the input/output port 118 or put the data processing apparatus 100 into a safe state. Sensitive data, for example secret keys, may be erased in order to prevent them from being output.
The data processing apparatus 100 may be set up such that the data D are output to the input/output port 118 only if the data signature SD of the data D matches the reference signature SR. The data D may be buffer-stored in the input/output memory 126 during the calculation of the data signature SD and the comparison before they are output on the input/output port 118. Alternatively, data packets may be output directly on the input/output port 118, the data signature SD being calculated using the data packet applied to the input/output port 118 and, in the event of an attack or error, only the output of the next data packet being prevented.
Similarly, the operation of the data processing apparatus 100 may be checked when data D are input into the data processing apparatus 100. In this case, the data D may be data, parameters or commands, for example, that are intended to be processed further or executed by the processor 102 or the data processing apparatus 100.
The reference signature SR may in this case be a signature pertaining to a parameter, a parameter sequence, a command or a command sequence that is permitted to input via the input/output port 118, i.e. that, when processed further or executed, does not adversely affect the security or functionality of the data processing apparatus 100, for example as a result of data being output that are confidential. The reference signature SR may be calculated beforehand or may be fixed. It may be stored in the reference signature memory 106. It is also possible to calculate and store a multiplicity of reference signatures SR for different parameters, commands, commands with parameters, command sequences or command sequences with parameters that are permitted to be executed.
If the data signature SD corresponds to one of the stored reference signatures SR, the processor 102 may execute the data D or process them further. If the data signature SD does not correspond to one of the stored reference signatures SR, an alarm signal A may be output. The input of data D on the input/output port 118 to the data processing apparatus may be terminated. The data processing apparatus 100 may be transferred to a safe state. The processor 102 may be prohibited from executing further commands. Sensitive data, particularly from secret keys that are stored in the data processing apparatus 100, can be erased.
On account of the large amount of possible data, parameters, commands, commands with parameters, command sequences or command sequences with parameters that are permitted and that are stored in the reference signature memory 106, it may be advantageous for the reference signature SR to be calculated in real time by the processor 102. By way of example, for a state that the processor 102 is in, it may be possible for a certain type of command that is present on the input/output port 118 to be admissible. The processor 102 may calculate one or more reference signatures SR for data or commands that are admissible or that are permitted to be executed. The reference signature SR may be calculated while data D are present on the input/output port 118. In particular, some of the data D, for example the type of command or the number of parameters, may be included in the calculation of the reference signature SR too.
The data processing apparatus 100 may be set up such that the data D or commands that are present on the input/output port 118 are forwarded to the data processing apparatus 100, for example to the processor 102, by the input/output port 118 only if the data signature SD of the data D matches the reference signature SR. To this end, the interface module 110 may have an input/output memory 126 that is used to buffer-store the data D for calculation of the data signature SD and the comparison before said data are forwarded to the data processing apparatus 100.
The processor 102 may be coupled to the command signature module 124. It may be coupled to the interface module 110. The command signature module 124 may be coupled to the program memory 104. The input/output port 118 may be coupled to the command signature module 124.
The processor 102 may be a processor 102 as has been described in connection with
The program memory 104 may store data, parameters, instructions, commands, commands with parameters, command sequences, command sequences with parameters or programs, which are subsequently combined under the term “data D2”. The data D2 may first of all be forwarded to the command signature module 124 before being supplied to the processor 102. The command signature module 124 may check whether execution or further processing, subsequently combined under the term “handling”, of the data D2 by the processor 102 is permitted or admissible.
To this end, the command signature module 124 may have a signature generator, a comparator and a reference signature memory 106 that operate and are connected to one another in a similar or the same way as the signature generator 113, the comparator 114 and the reference signature memory 106 of the data processing apparatus 100 that has been described in connection with
Data, parameters, commands, commands with parameters, command sequences or command sequences with parameters for which execution or further processing by the processor 102 is admissible or permitted are subsequently called “reference data R”. Admissible or permitted is intended to mean that the execution or the further processing of the data D2 does not adversely affect the correct functionality of the data processing apparatus 100, for example by virtue of no data that are confidential being output on the input/output port 118.
The reference signature memory 106 may store one or more signatures pertaining to reference data R, subsequently called “reference signature SR”. The reference signature SR or a multiplicity of reference signatures SR may be fixed, may be calculated beforehand and may be stored in the reference signature memory 106.
The comparator may be coupled to the signature generator and to the reference signature memory 106, as a result of which it can be supplied with the data signature SD and with the reference signature SR. The comparator can may output an alarm signal A to the processor 102 if the data signature SD does not correspond to one of the stored reference signatures SR. Data D2 from the program memory 104 that have been manipulated in any way, for example by virtue of their content having been altered or fewer or more commands being output, have a different data signature SD than the reference signature SR which means that an attack can be recognized.
When an attack is recognized, the data processing apparatus 100 can then be transferred to a safe state. The processor 102 may be prohibited from executing further commands. Sensitive data, particularly from secret keys that are stored in the data processing apparatus 100, can be erased.
If the data signature SD corresponds to one of the stored reference signatures SR, the processor 102 can handle the data D2, for example continue to use them and execute their commands.
The reference signature can again, for the same reasons as have been cited in connection with the description of
The signatures may be signatures as have been described in connection with
Since the input/output port 118 is coupled to the command signature module 124, instead of the data D2 from the program memory 104 it is also possible to supply data D that are present on the input/output port 118 to the command signature module 124. The command signature module 124 can then check whether they are permitted or admissible. The reference signatures SR of the permitted or admissible data D on the input/output port 118 can be stored in the reference signature memory 106 of the command signature module 124. Hence, the command signature module 124 can be used not only for checking the data D2 from the program memory 104 but also for checking the data D that are present on the input/output port 118. As described in connection with
The command signature module 124 may to this end have a first operating state and a second operating state. In the first operating state, data D2 that come from the program memory 104 can be monitored. In the second operating state, data D that are present on the input/output port 118 may be monitored. As described in connection with
When an attack is recognized from the data D, the measures described in connection with
As described in connection with
Since the command signature module 124 undertakes the check on the data D, it is possible to dispense with an additional signature generator 113, an additional comparator 114 and an additional reference signature memory 106, as have been described in connection with the input/output module 108 in connection with
The calculation of the signatures, for example the data signature SD, from data D that are present on the input/output port 118 or from the data D2 that are present on the command signature module 124, or of the reference signatures SR, and the comparison of the data signatures SD with the reference signatures SR and the output of the alarm signal A may be controlled by a piece of operating software in the data processing apparatus 100. When the operating software is written, for example compiled, appropriate commands for the check can be incorporated to this end. The incorporation or insertion of the relevant commands can take place automatically in this case by means of a programming tool. It is also possible for the changeover of the command signature module between the first and second operating modes to be inserted into the operating software.
Although the components of the data processing apparatus 100 have been presented as separate components in the embodiments that have been described in connection with
Various embodiments specify an input/output module, a data processing apparatus and a method for checking the operation of a data processing apparatus that are able to be used to recognize attacks on a chip, for example a security microcontroller.
Various embodiments provide an input/output module, including: at least one input/output port for the input of data; a signature generator that is coupled to the input/output port and is set up to generate a signature for the data from the data; a reference input, wherein the reference input is set up for the application of a reference signature; and a comparator that is coupled to the signature generator and to the reference input, and is set up to output an alarm signal if the signature of the data on the input/output port differs from the reference signature.
In various embodiments, the reference input is coupled to a memory that stores the reference signature.
In various embodiments, the reference input is coupled to a processor, wherein the processor calculates the reference signature.
In various embodiments, the reference signature is a signature from data that are permitted to be output on the input/output port.
In various embodiments, the reference signature is a signature from data that are permitted to be handled by a processor.
In various embodiments, the signature of the data and the reference signature are hash values.
One development further includes an input/output memory, wherein the input/output memory is coupled to the input/output port.
One development further includes an interface module, wherein the interface module is coupled to the input/output port.
In various embodiments, the interface module is a universal asynchronous receiver transmitter, a contactless interface, particularly based on ISO 14443, an I2C bus, a serial peripheral interface, or a single wire protocol interface.
Various embodiments further provide a data processing apparatus, including a processor and at least one input/output module described above, wherein the processor is coupled to the input/output module.
One development of the data processing apparatus further includes a command signature module, including a signature generator and a comparator, wherein the signature generator and the comparator of the input/output module are implemented by the signature generator and the comparator of the command signature module.
In various embodiments, the command signature module has a first operating state and a second operating state and is set up to monitor data from a program memory in the first operating state, and to monitor data on the input/output port in the second operating state.
One development further includes a card body, wherein the data processing apparatus is arranged in the card body.
In addition, the invention provides a method for checking the operation of a data processing apparatus, including: calculation of at least one signature for data that are intended to be output by the data processing apparatus on an input/output port or for data that are intended to be input into the data processing apparatus on the input/output port, comparison of the signature of the data with a reference signature, and output of an alarm signal if the signature of the data differs from the reference signature.
In various embodiments, the reference signature is a signature pertaining to data that are permitted to be output via the input/output port.
In various embodiments, the reference signature is a signature pertaining to data that are permitted to be input via the input/output port.
In various embodiments, the reference signature is stored in a memory and is read from the memory for the comparison.
In various embodiments, the reference signature is calculated in real time by a processor while data are present on the input/output port.
In various embodiments, the data are output on the input/output port only if the signature of the data matches the reference signature.
In various embodiments, the data are input into the data processing apparatus on the input/output port only if the signature of the data matches the reference signature.
In various embodiments, output of the alarm signal involves at least one of the following steps being performed: termination of output of data on the input/output port from the data processing apparatus, termination of input of data on the input/output port to the data processing apparatus, transfer of the data processing apparatus to a safe state, and erasure of sensitive data, particularly of secret keys that are stored in the data processing apparatus.
In various embodiments, the calculation of the signature for data that are output or input on the input/output port and the comparison of the signature of the data with a reference signature are performed by a command signature module.
In various embodiments, the command signature module is changed over between the check on data that are output or input on the input/output port and the check on data from a command memory.
In various embodiments, the calculation of the signatures, the comparison of the signatures and the output of the alarm signal are controlled by a piece of operating software in the data processing apparatus.
In various embodiments, the command signature module is changed over by the operating software.
While the invention has been particularly shown and described with reference to specific embodiments, it should be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. The scope of the invention is thus indicated by the appended claims and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced.
Number | Date | Country | Kind |
---|---|---|---|
10 2012 108 981 | Sep 2012 | DE | national |
Number | Name | Date | Kind |
---|---|---|---|
5883956 | Le | Mar 1999 | A |
6931576 | Morrison et al. | Aug 2005 | B2 |
7360240 | King | Apr 2008 | B2 |
8359481 | Bancel | Jan 2013 | B2 |
8732860 | Marron | May 2014 | B2 |
8918679 | Janke | Dec 2014 | B2 |
20030140236 | Mueller | Jul 2003 | A1 |
20050066245 | Von Wendorff | Mar 2005 | A1 |
20070174622 | Romain | Jul 2007 | A1 |
20070226551 | Janke | Sep 2007 | A1 |
20100023747 | Asnaashari | Jan 2010 | A1 |
20110126085 | Teglia | May 2011 | A1 |
20130024938 | Marron | Jan 2013 | A1 |
20130055025 | Feix | Feb 2013 | A1 |
20130212407 | Walton | Aug 2013 | A1 |
Number | Date | Country |
---|---|---|
2336931 | Jun 2011 | EP |
2978268 | Jan 2013 | FR |
2979442 | Mar 2013 | FR |
Number | Date | Country | |
---|---|---|---|
20140090092 A1 | Mar 2014 | US |