Patent Application
20080071522
The invention is explained below using exemplary embodiments with reference to the drawing, in which:
First of all, the basic cycle of the inventive method will be illustrated using a simple exemplary embodiment. A first transformation T1 is used to generate a sequence S2 of data words from a first data word X1. In the case illustrated, the sequence S2 comprises precisely one second data word X2.
The second data word X2 is converted into a third data word X3 by means of a second transformation T2. In this case, a prescribed relationship exists between the third data word X3 and the first data word X1. Ideally, “prescribed relationship” means that the third data word X3 is identical to the first data word X1. This is the case when the second transformation T2 is a reverse transformation of the first transformation T1.
A check K is used to check whether a prescribed relationship exists between the third data word X3 and a comparison data word VX. In this case, the comparison data word VX is the first data word X1. If the second transformation T2 is the reverse function of the first transformation T1, this involves a check for identity between the first data word X1 and the third data word X3. If the third data word X3 and the first data word X1 do not have the prescribed relationship, or these data words are not identical, an alarm function ALARM is performed.
The alarm function ALARM may be in many different forms and is also dependent on the use of the method. Details in this regard can be found in the description of the circuit arrangement.
In these cases, it is no longer necessarily possible to associate with each individual one of the second data words X2 in the sequence S2 distinctly with the first data word X1. Since the set of possible data words which is intended for the arithmetic and logic unit is smaller, the same second data words X2 are converted into different possible sequences S2 which are respectively associated with a first data word X1. This means that a single data word X2 is no longer distinctly associated with the first data word X1, but rather the sequence S2 comprising a plurality of second data words X2 as a whole.
Depending on the first data word X1, the number of second data words X2 in the relevant sequence S2 may vary. It is also conceivable for the sequence S2 to comprise just a single second data word X2.
The second transformation T2 is used to convert each of the second data words X2 into a third data word X3. There is no guarantee that the first data word X1 can be inferred from an individual, second data word X2 within the sequence S2. This means that after the second transformation T2 the first and one of the third data words X3 are not necessarily in a distinct relationship. It is not necessarily possible to infer the underlying first data word X1 from a third data word X3. However, it is possible, by way of example, to infer a set of possible first data words X1 from the third data word X3. In this case, the error recognition is restricted. The check K then checks whether the original first data word X1 is contained in the set of possible first data words which is obtained after the second transformation T2. If this is not the case, it is possible to infer an error. If the set of possible first data words does comprise the original first data word X1, on the other hand, two possibilities are conceivable. The transmission was error-free or, if the transmission produced an error, this error resulted in a set of possible first data words which likewise comprises the original first data word X1.
An example is intended to illustrate the problem. It is assumed that the program code contains an instruction “ADD-SHIFT” as first data word X1. “ADD-SHIFT” adds two register addresses and shifts the resultant address by one bit. In addition, an instruction “ADD-LOAD” is assumed to be provided as a further first data word X1, which involves two register addresses being added and the resultant address being passed to the system in order to load a data item from this address. The first transformation T1 converts the instruction “ADD-SHIFT” into a sequence S2 containing an “ADD” instruction and a “SHIFT” instruction as second data words X2. The instruction “ADD-LOAD” is converted into a sequence S2 containing an “ADD” instruction and a “LOAD” instruction as second data words X2. In both sequences S2, the “ADD” instruction appears first of all as the first of the second data words X2. If just this second data word X2 in the two sequences S2 is considered, it is not possible to distinguish whether the underlying first data word X1 is the instruction “ADD-SHIFT” or “ADD-LOAD”. The first data word X1 can be inferred only from “ADD”. The second data word X2 can originate either from the first data word “ADD-SHIFT” or from the first data word “ADD-LOAD”. In this example, an error can be inferred from “ADD” only if the first data word X1 is neither “ADD-SHIFT” nor “ADD-LOAD”.
To increase the safety of the method, each second data word X2 is attributed information I after the first transformation T1, so that the resultant second data word X2 can be distinctly associated with the first data word X1.
In the example above, by way of example, the second data word X2 “ADD” has a bit, “0” or “1”, added to it from which it is possible to tell whether the first data word X1 is an “ADD-SHIFT” instruction or an “ADD-LOAD” instruction. By way of example, an “ADD0” is transformed into an “ADD-SHIFT”, and an “ADD1” is transformed into an “ADD-LOAD”. Each of the third data words X3 is thus distinctly in a prescribed relationship with the underlying first data word X1. This means that it is also possible to use the second transformation T2 to output a third data word X3 which can be distinctly associated with the first data word X1. The check K checks the prescribed relationship. If the relationship does not exist, an alarm function ALARM is performed.
Advantageously, the third data words X3 are identical to the first data word X1. Since identical third data words X3 are generated from a first data word X1 using different second data words X2, the second transformation T2 is not a unique depiction. In this exemplary embodiment too, the first data word X1 is the comparison data word VX.
For safety reasons, each second data word X2 in the sequence S2 should be converted into a respective third data word X3, which are compared with the relevant comparison data word VX, in this case the first data word X1. Alternatively, it is conceivable to subject just a portion of the second data words X2 to the second transformation T2 and to check them.
In this exemplary embodiment, the second transformation T2 is chosen such that it is not a reverse transformation of the first transformation T1. In this case, the third data words X3 do not match the first data word X1. To be able to perform a check K for identity nevertheless, the first data word X1 is subjected to a third transformation T3. The third transformation T3 is chosen such that it delivers the same result as the string comprising the first and second transformations T1, T2.
In the extreme case, the first, second and third transformations T1, T2, T3 can be chosen such that the second transformation T2 is identity, i.e. the input and the output of the transformation are the same. This would be equivalent to omitting the circle T2 in
To match the first data words X1 provided for data processing in the memory MEM, a first transformation device DEC is provided which matches the first data words X1 in a program code to the instruction set in the arithmetic and logic unit CPU. This corresponds to the first transformation T1 outlined above. The architecture of the arithmetic and logic unit and of the first transformation device DEC may, as one alternative, be chosen such that it is a “RISC” architecture, in which each first data word X1 is attributed a sequence S2 containing precisely one second data word X2. It may also be a CISC architecture, in which the first data word X1 is converted into a sequence S2 comprising a plurality of second data words X2. The number of second data words X2 in the sequence S2 may vary. A sequence S2 containing just one second data word X2 is also conceivable in this context.
The data are loaded from the memory MEM via a plurality of buffer stages.
To verify whether the second data word X2 provided for the arithmetic and logic unit CPU is correct in the second buffer device 2, or has been manipulated on the way there, a second transformation device R1 and a checking device COMP are provided. The checking device COMP is coupled both to the second buffer 2 via the second transformation device R1 and to the first buffer 1. The second transformation device R1 is designed to convert the second data word X2 into the third data word X3.
The checking device COMP is designed to check an applied data word and an applied comparison data word VX against one another for a prescribed relationship. Normally, this involves a comparison for identity between the applied third data word X3 and the first data word X1 as comparison data word VX. If the two data words to be checked are not identical or linked in a defined manner, an alarm function ALARM is performed.
In the second transformation device R1, the data word is transformed from the second buffer 2. This transformation corresponds to the second transformation T2. It is advantageously chosen such that this is a reverse function for the first transformation T1 provided by the first transformation device DEC. If no attack or transmission error has occurred, the third data word X3, which is present at the output of the second transformation device R1 and is passed to the checking device COMP, is identical to the first data word X1. In the case of data errors which are random or caused by manipulations, the first and third data words X1, X3 no longer have a prescribed relationship, since the errors within the context of the first and/or second transformations T1, T2 lead to subsequent errors or are caused by the attack during the transformation itself. Since the first and second transformations T1, T2 differ, it is difficult to make the attack such that both transformations are manipulated in coordinated fashion, that data alterations remain unnoticed or that their consequences are removed for the transformations. During an extended attack, for example using light, both transformations deliver different errors which are detected during the comparison.
Producing the hardware implementation of the reverse function in the second transformation device R1 is frequently a difficulty. In these cases, it is not possible to design the second transformation device R1 such that the original first data word X1 is present at its output again. In such cases, only a partial reverse transformation is performed in the second transformation device R1, the result of which is the third data word X3. The still outstanding portion of the reverse function is moved to the path between the first buffer 1 and the checking device COMP. For this, the third transformation device R2 is provided. R2 is designed such that it is used to produce the third transformation T3. This means that ideally the same data word is present at the output of the third transformation device R2 as at the output of the second transformation device R1. Alternatively, the data words may also be in a different, prescribed relationship. These data words are compared with one another in the checking device COMP.
In the extreme case, the second transformation device R1 may be in a very simple form or may be dispensed with completely, so that the second buffer 2 would be connected directly to the checking device COMP. This corresponds to the identity as second transformation T2. In such cases, the third transformation T3, which is provided via the third transformation device R2, is advantageously the same as the first transformation T1, which is executed in the first transformation device DEC. The same transformation is therefore executed on two paths. This refinement of the circuit arrangement has the drawback that it is naturally possible for an identical attack to be made on two identically working devices, which results in the same errors, so that manipulation would remain undetected in the checking device COMP. In the embodiments described above, two or even three different transformation devices DEC, R1, R2 are provided on which different, coordinated attacks would need to be made in order for these attacks to remain undetected.
The first transformation device DEC and the second transformation device R1 both in
If the third data word X3 cannot be associated distinctly, that is to say that a plurality of possible first data words can be associated with the third data word X3, the checking device COMP establishes merely whether the association is conclusive. Alternatively, the first transformation device DEC, for example by virtue of an internal device 3, is in a form such that information I is added to the second data word X2, so that the first data word X1 and the comparison data word VX, be it the first data word X1 or its transformed form X1″, can be put into a distinct relationship. In this case, the second transformation device R1 also delivers a third data word X3, which corresponds distinctly to the first data word X1 or to its transformed form X1′ at the output of the third transformation device R2. It is also conceivable for the information I to be provided by a separate device, coupled to or in parallel with the first transformation device DEC.
As regards the reaction of the circuit arrangement to an alarm function ALARM which may need to be executed, it should be noted that these may be in a wide variety of forms. They depend both on the safety concept and on the architecture of the circuit arrangement. By way of example, it is conceivable for an alarm signal to be output, for the circuit arrangement to be shut down, for the circuit arrangement to be shut down and started up again, or for the erroneous data word to be subjected to repeat data processing.
In addition, it should be noted that the inventive method is not just limited to conventional circuit arrangements for the actual data processing. It is also conceivable to use it to protect access to a memory device. In this case, a check is carried out to determine whether the requested data word has been manipulated in the course of the request and the upload.
| Number | Date | Country | Kind |
|---|---|---|---|
| DE 102005012632.4 | Mar 2005 | DE | national |
