WO2013004487A2 - Method for executing processing in a secure device - Google Patents

Method for executing processing in a secure device Download PDF

Info

Publication number
WO2013004487A2
WO2013004487A2 PCT/EP2012/061688 EP2012061688W WO2013004487A2 WO 2013004487 A2 WO2013004487 A2 WO 2013004487A2 EP 2012061688 W EP2012061688 W EP 2012061688W WO 2013004487 A2 WO2013004487 A2 WO 2013004487A2
Authority
WO
WIPO (PCT)
Prior art keywords
type
task
operations
hardware unit
secure device
Prior art date
Application number
PCT/EP2012/061688
Other languages
French (fr)
Other versions
WO2013004487A3 (en
Inventor
Karine Villegas
Olivier Pahaut
Original Assignee
Gemalto Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto Sa filed Critical Gemalto Sa
Publication of WO2013004487A2 publication Critical patent/WO2013004487A2/en
Publication of WO2013004487A3 publication Critical patent/WO2013004487A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • G06F21/755Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline, look ahead
    • G06F9/3877Concurrent instruction execution, e.g. pipeline, look ahead using a slave processor, e.g. coprocessor
    • G06F9/3879Concurrent instruction execution, e.g. pipeline, look ahead using a slave processor, e.g. coprocessor for non-native instruction execution, e.g. executing a command; for Java instruction set
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • G06F9/5044Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering hardware capabilities
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the invention relates to methods for executing processing in a secure device. More particularly, the present invention relates to methods for executing processing in a secure device including at least one computational hardware unit specialised in a particular computation type, "computational hardware unit” means a peripheral hardware unit hardwarily encoded in order to perform at least one type of particular operations. (Prior art)
  • a secure device is a device able to control access to the data contained therein. Such data can be of different nature and protected by multiple mechanisms such as the presentation of a secret code or the establishment of a secure session for communicating with the device.
  • Most secure devices have computational hardware means (or computational hardware units) able to perform complex operations. For example, some devices have a crypto-coprocessor designed for performing symmetric cryptography operations.
  • Such coprocessors are known to depend, as regards the running thereof, on the presence of a main microprocessor which actuates and controls their own running.
  • some devices have a crypto- coprocessor designed for performing asymmetric cryptography operations. Then secure devices most often have main microprocessor which manages all the operations to be performed.
  • the invention comes within this context. More particularly, the microprocessor delegates the operations to the computational hardware units which reside in the type of operation to be performed. For example, the microprocessor delegates the symmetric crypto-coprocessor the operations requiring calculations of the symmetric type .
  • the microprocessor relies on the asymmetric crypto-coprocessor for executing the operations requiring calculations of the asymmetric type. Such calculations sometimes require a long time for the complete execution of the processing which they are connected to.
  • the object of the invention is a method for executing processing in a secure device including a microprocessor.
  • the processing includes a task of a first type .
  • the first type corresponds to the operations executable by the microprocessor or by a component specifically designed for the first type.
  • the secure device includes a computational hardware unit specifically designed for executing operations of a second type.
  • the second type is different from the first one.
  • the method includes the steps of:
  • the first type is precisely and necessarily different from the second type.
  • the result obtained by an operation of the first type can be identical to the one obtained by an operation of the second type.
  • the invention relates to this particular situation.
  • the invention does not relate to the distribution of tasks over several resources having similar structures and able to perform the same operations. It relates to the utilisation of operations of a second type performed within a computational hardware unit for performing an operation of the first type.
  • the microprocessor is a main microprocessor managing the operations to be performed and delegating operations to the computational hardware unit for the second type of operations to be performed.
  • This structure has the advantage of centralising the management of operations in the activity of a single microprocessor which delegates the operations of the second type to the computational hardware unit.
  • Such structure corresponds to the one conventionally implemented within secure devices integrating particular functions enabling operations of a second type which are not executable by the main processor.
  • the computing hardware is available aboard the secure device.
  • the computing hardware unit is available aboard the secure device.
  • the computational hardware unit is a peripheral hardware unit of the main microprocessor within a same physical support.
  • the circuits of the computational hardware unit and those of the main microprocessor are thus integrated and are generally intricate with each other, within the same physical support.
  • the computational hardware unit is a crypto-coprocessor .
  • the invention is thus particularly valued with cryptography coprocessors.
  • the hardware nature of the crypto-coprocessors make them particularly valuable for an application of the invention.
  • these are computational hardware units in the meaning of the invention. They are not programmable and are hardwarily encoded in order to perform operations of the second type.
  • DSPs Digital Signal Processor
  • GPUs which, additionally, perform operations of the first type only.
  • these can work off-line. They are not available aboard any secure device. These are integrated circuit present on a graphic card and providing the computational functions for the display system. In addition, they are programmable. These are not computational hardware units in the meaning of the invention.
  • the step of selection may be preceded by a step of establishing a set of resources associated with the task, and the step of selection may consist in selecting only one resource among the resources of the set associated with the task.
  • the processing may include a plurality of tasks.
  • the secure device may include a second computational hardware unit specifically designed for executing operations of a third type; the third type being different from the first and second types.
  • the step of establishing a set of resources is performed for each one of the processing tasks, with each one of said resources including one or more computational hardware units.
  • the second type may be the symmetric cryptography type and the third type may be the asymmetric cryptography type.
  • At least two of the processing tasks may be executed in parallel.
  • the step of establishing the set of resources associated with a target task is carried out by taking into account at least one of the following criteria: the execution time of the target task, the memory requirements for executing the target task, and the security level required for executing the target task.
  • the step of selecting one resource may be performed in the secure device by taking into account a random factor.
  • Another object of the invention is a secure device including a microprocessor and able to execute processing including a task of a first type.
  • Said first type corresponds to the operations executable by the microprocessor or by a component specifically designed for the first type.
  • the secure device includes a computational hardware unit specifically designed for executing operations of a second type. Said second type is different from the first one.
  • the secure device includes:
  • selection means able to select only one resource among the set of resources associated with the task, with the selection means being able to assign the selected resource to the task
  • - delegating means able to trigger the execution of at least one of the operations of the second type of the computational hardware unit for executing the task.
  • the secure device may include identification means able to establish the set of resources associated with the task.
  • the identification means may take into account at least one of the following criteria for establishing the set of resources associated with a target task: the execution time of the target task, the memory requirements for executing the target task and the security level for executing the target task.
  • the selecting means may be able to take into account a random factor.
  • FIG. 1 schematically describes an exemplary architecture for a secure device according to the invention
  • the invention applies to all types of secure devices having a microprocessor and at least one computational hardware unit designed for performing operations of a particular type.
  • the computational hardware units are hardware components. More particularly, according to the invention, the computational hardware units are hardwarily encoded for performing particular operations.
  • a computational hardware unit can be designed for performing symmetric cryptography operations or for performing asymmetric cryptography operations, or integrity value calculation operations or random values generation operations.
  • This invention more particularly applies to chip cards, portable telephones, Machine-to- Machine components (known as "M2M components") and to PC tablets containing secure data.
  • M2M components Machine-to- Machine components
  • the use of a specialised computational hardware unit is diverted with respect to the use which it was originally designed for.
  • the secure device includes at least a specialised computational hardware unit which is designed for executing operations of a particular second type. Said second type is different from the first one.
  • the specialised computational hardware unit may be able to perform operations of the public key cryptography type. It should be noted that this computational hardware unit can also be able to perform operations of the first type, i.e. operations executable by the microprocessor.
  • operations of the second type are diverted from their functions.
  • the computational hardware unit may be able to perform operations in order to execute a permutation task. Then, according to the invention, a task of the first type can be executed by having at least one operation of the second type executed by the specialised computational hardware unit.
  • the microprocessor is not able to perform operations of the second type.
  • the secure device when the secure device includes two computational hardware units specialised in different types of operations, one of the computational hardware units can be used for executing a task corresponding to the type of the other computational hardware unit and vice versa.
  • FIG. 1 schematically describes an exemplary architecture for a secure device SD according to the invention.
  • the secure device is a chip card.
  • the secure device SD includes a working memory WM, a non volatile memory ME, a microprocessor MP, two computational hardware units Ul and U2 and a communication interface IN.
  • Such communication interface IN enables the secure device SD to converse with another device such as a reader, for example.
  • the working memory WM is of the RAM type.
  • the non volatile memory ME is preferably a flash memory and may be composed of one or several different memory components.
  • the non volatile memory ME includes an operating system OS and four means MO, Ml, M2 and M3.
  • the operating system may be of the exclusively native type or include a virtual machine such as a Java ® virtual machine, for example.
  • the computational hardware unit Ul is a DES ("Data
  • Encryption Standard intended to perform calculations for symmetric keys or according to symmetric algorithms.
  • the computational hardware unit Ul is able to execute operations of the symmetric cryptography type.
  • the computational hardware unit U2 is a Public Key coprocessor (also called PK for Public Key) intended to perform calculations for asymmetric keys or according to asymmetric algorithms.
  • the computational hardware unit U2 is able to execute operations of the asymmetric cryptography type.
  • the secure device SD is intended for executing processing composed of one or more tasks. For example, processing can consist in generating a series of symmetric keys. Executing a task requires a resource able to perform the required operations. Such resource may consist in one or more computational hardware units. Several resources may sometimes be identified as liable to execute the same task.
  • Processing TR is for example defined by one application installed in the device SD. Processing TR may also be defined by the operating system OS in order to respond to a command received via the interface IN.
  • the means MO is a storage means able to store a resource or a set of resources associated with a task.
  • the means Ml is a selection means able to select only one resource among the resources belonging to the set associated with a given task.
  • the means Ml is also able to assign the selected resource to the task involved .
  • the means M2 is an identification means able to establish a set of resources associated with a given task. Each resource includes one or more computational hardware units. In other words, the identification means M2 is able to associate a set of resources with each task of the processing.
  • the means M3 is a delegating means able to trigger the execution of at least one operation of each computational hardware units Ul and U2 own types.
  • the microprocessor MP is considered as a computational hardware unit whose particularity is not to be specialised.
  • the device SD of Figure 1 includes three computational hardware units which can form, separately or jointly, a resource available for executing a task.
  • the non volatile memory ME also includes two sets of resources El and E2 which are shown in greater details in the following figures.
  • Figure 2 shows an exemplary processing TR intended to be executed according to the method of the invention .
  • the processing TR includes two tasks Tl and T2 liable to be executed separately in the secure device SD of Figure 1.
  • the processing TR may include the generation of 20 random durations and the generation of three Triple-DES keys;
  • the processing TR includes a first task Tl consisting in producing a series of twenty durations of random sizes and a second task T2 consisting in generating symmetric keys .
  • Figure 3 shows exemplary sets of resources established according to the method of the invention.
  • a set of one or more resources is established for each one of the processing TR tasks.
  • a set El is identified for the task Tl.
  • This set El includes two resources Rl and R2.
  • the task Tl can be executed according to two possible alternatives: using the resource Rl, or using the resource R2.
  • the resource Rl is composed of the computational hardware unit U2 and the resource R2 is composed of the association of the computational hardware unit Ul and the microprocessor MP.
  • a set E2 is identified for the task T2.
  • the set E2 includes a single resource R3.
  • the task T2 can be executed according to only one possible configuration.
  • the resource R3 is composed of the computational hardware unit U2.
  • the step of identification of the sets of resources associated with each task can be carried out by taking into account one or several of the following criteria: the time required for the execution, by the computational hardware unit, the memory requirements and the desired security level.
  • the same task is executed by various computational hardware units in a time which depends on each unit's characteristics.
  • the size of the memory requirements corresponds to the size required in the various memories existing in the device SD.
  • the security level of the execution of a task varies according to the nature of the resource used.
  • the transfer of data between two memory areas using a main processor MP which would process the data 8 bits by 8 bits is less secure than the transfer of the same data using an asymmetric crypto-processor which processes the data, for example by 128-bit blocks.
  • dictionary attacks or « template attacks » are known which offer only 256 possible cases when processing a byte and can make it possible to find the value of the transferred byte.
  • this kind of attack can no longer be considered.
  • the diversion of the second type operation, here boolean operations on data blocks, in order to perform a data transfer, a first type task can easily be understood.
  • the computational hardware unit is designed for being able to carry out such required operations in cryptography. It is normally used for the cryptography tasks only.
  • the result of the task is the transfer of a set of data.
  • the result obtained is identical and performed by diverting the special resources of the crypto-processor for a task executable by operations of the first type.
  • Figure 4 shows an exemplary list of resources assigned to the execution of each task of the processing TR according to the method of the invention.
  • a single resource is selected for executing each task of the processing TR.
  • the task Tl is planned to be executed by the resource R2 and the task T2 is planned to be executed by the resource R3.
  • each random duration will be characterised by the generation of a random variable which the configuration of the DES Ul coprocessor will depend on (loading of keys, of data, configuration, number of executions
  • Each execution of a random duration shall be characterised by one or more calls to the DES Ul coprocessor with keys and variable data.
  • the advantage of such random delays consists in generating traces of leakage on side channels of the same type as those existing in the executions of symmetric algorithms.
  • they can be parallelized with executions performed by the microprocessor MP or by other resources of the device SD.
  • the generation of three Triple-DES keys can be carried out by the Public Key coprocessor U2.
  • the masked reference key can be taken and an arithmetic and/or logic and deterministic operation can be applied, for obtaining a data item whose size is equal to three times the size of the key of a Triple-DES.
  • K be the triple DES key
  • in size can be obtained using two multiplications supplied by the public key coprocessor U2.
  • the invention not only offers savings in execution time, but also in memory requirements.
  • the multiplication function among other arithmetic and/or logic operations, is already hardwarily defined in the coprocessor U2.
  • the functions of multiplication on large numbers well-known to cryptography specialists can here be used.
  • the calculation structure of arithmetic and/or logic operations defined within the computational hardware unit is different from the structure of all the other operations which, using the microprocessor or another type of coprocessor, would make it possible to generate fake keys. For example, this is the case for the Montgomery multiplication used for modular multiplications .
  • a first and a second different type of operations resulting in obtaining a data item with a size equal to three times the size of a key of a triple DES from the masked reference key can be distinguished .
  • the function of multiplication on large numbers just needs to be launched by the processor MP to obtain the execution of the first type task which is the generation of fake keys.
  • the function of multiplication on large numbers will operate on the numbers to be multiplied according to the hardwarily encoded operations intended for calculations on large numbers. The operation will be of a different type but the result will be identical.
  • the selection of resources for the tasks can be made randomly. Two executions of the same processing can thus be performed with different resources. The robustness of the execution of the processing is thus improved against attacks thanks to the changing signatures in terms of computational hardware units which are used, and as from such computational hardware units are actuated.
  • the selection of the resource to be used can be made at the last moment, i.e. dynamically, or when the secure device is about to launch the execution of the processing, or during the execution of the processing. For example, if the processing includes a large number of tasks, the selections of resources assigned to the last tasks can be made after the first tasks are executed.
  • Another particular characteristic of the invention is that it makes it possible to divert the use of a specialised computational hardware unit with respect to the use which it was originally designed for.
  • the first advantage thereof is that a computational hardware unit can be used more often than in the prior art. Without the invention, a computational hardware unit can be used only if a task of a matching type must be executed. This allows a better exploitation of the components existing in the secure device.
  • the second advantage is the jamming of the available information for a possible malicious attacker. As a matter of fact, it appears, from the outside, that a computational hardware unit dedicated to one type is actuated whereas the actually executed task is of a different type.
  • the processing can be distributed over a CRC (« Cyclic Redundancy Check ») coprocessor, a DES (« Data Encryption Standard ») coprocessor, an AES (« Advanced Encryption Standard ») coprocessor, a public key coprocessor or even a random number generator (also called « Random Generator » or RNG) available aboard the secure device.
  • CRC Cyclic Redundancy Check »
  • DES « Data Encryption Standard »
  • AES « Advanced Encryption Standard »
  • RNG Random Generator »
  • integrity check calculations can be carried out using arithmetic operations executed by a public key coprocessor, as a substitution for the conventional utilisation of the microprocessor.
  • Another exemplary diversion of computational hardware units is the generation of masks by a block symmetric enciphering hardware unit; such masks being intended for masking all or part of the keys.
  • Another unexpected exemplary operation of the computational hardware units is the generation of random durations by a DES coprocessor or an AES coprocessor or even a public key coprocessor.
  • An additional advantage of the invention is to facilitate the delegation in parallel of several tasks so as to reduce the global time required for executing the processing.
  • the microprocessor can then be relieved of some tasks and thus be available for managing the delegation of tasks to the other computational hardware units.
  • a processing composed of several operations can be executed by the secure device according to the invention as a processing composed of a single task grouping all the operations.
  • the secure transfer of a data buffer composed of several bytes must be copied from the non volatile memory ME to the working memory WM.
  • the transfer may include the following operations: generation of an index of the bytes to be transferred, and then the byte per byte transfer in a random order. This transfer can be executed by the microprocessor of the secure device.
  • an initial operation of a processing may be divided into several tasks able to be distributed over several different resources .
  • the invention also applies to any kind of devices including at least one computational hardware unit specialised in a particular type of operations, with this type of operations being different from the operations carried out by the main microprocessor.
  • the invention applies to all kinds of specialised computational hardware units so defined.

Abstract

The invention is a method for executing processing in a secure device containing a microprocessor. The processing includes a task of a first type. The first type corresponds to the operations executable by the microprocessor or by a component specifically designed for the first type. The secure device also includes a computational hardware unit specifically designed for executing operations of a second type. Said second type is different from the first one. The method includes the steps of: -selection of a resource associated with the task, with the resource including the computational hardware unit, -assignment of the selected resource to the task, and -execution of the task using the computational hardware unit by executing at least one of the operations of the second type, thus diverting the computational hardware unit (U1) with respect to the use which it was originally designed for.

Description

METHOD FOR EXECUTING PROCESSING IN A SECURE DEVICE
(Technical field of the invention)
The invention relates to methods for executing processing in a secure device. More particularly, the present invention relates to methods for executing processing in a secure device including at least one computational hardware unit specialised in a particular computation type, "computational hardware unit" means a peripheral hardware unit hardwarily encoded in order to perform at least one type of particular operations. (Prior art)
A secure device is a device able to control access to the data contained therein. Such data can be of different nature and protected by multiple mechanisms such as the presentation of a secret code or the establishment of a secure session for communicating with the device. Most secure devices have computational hardware means (or computational hardware units) able to perform complex operations. For example, some devices have a crypto-coprocessor designed for performing symmetric cryptography operations.
Such coprocessors are known to depend, as regards the running thereof, on the presence of a main microprocessor which actuates and controls their own running. Similarly, some devices have a crypto- coprocessor designed for performing asymmetric cryptography operations. Then secure devices most often have main microprocessor which manages all the operations to be performed. The invention comes within this context. More particularly, the microprocessor delegates the operations to the computational hardware units which specialise in the type of operation to be performed. For example, the microprocessor delegates the symmetric crypto-coprocessor the operations requiring calculations of the symmetric type . Similarly, the microprocessor relies on the asymmetric crypto-coprocessor for executing the operations requiring calculations of the asymmetric type. Such calculations sometimes require a long time for the complete execution of the processing which they are connected to.
Some improvements are required in the execution of the processing in a secure device.
(Invention)
The object of the invention is a method for executing processing in a secure device including a microprocessor. The processing includes a task of a first type . The first type corresponds to the operations executable by the microprocessor or by a component specifically designed for the first type. The secure device includes a computational hardware unit specifically designed for executing operations of a second type.
The second type is different from the first one. The method includes the steps of:
selection of a resource associated with the task, with the resource including the computational hardware unit specifically designed for executing second type operations,
- assignment of the selected resource to the task,
- execution of the task using the computational hardware unit by executing at least one of the operations of the second type, thus diverting the computational hardware unit with respect to the use which it was originally designed for.
According to the invention, the first type is precisely and necessarily different from the second type. However, it should be noted here that the result obtained by an operation of the first type can be identical to the one obtained by an operation of the second type. The invention relates to this particular situation.
The invention does not relate to the distribution of tasks over several resources having similar structures and able to perform the same operations. It relates to the utilisation of operations of a second type performed within a computational hardware unit for performing an operation of the first type.
It is thus particularly original, according to the invention, to have an operation of the second type performed in order to obtain the result of one or more operations of the first type. This means that the task usually performed by operations of the first type is performed by using operations of the second type, with such operations of the second type being diverted from their original use.
According to a particular characteristic, the microprocessor is a main microprocessor managing the operations to be performed and delegating operations to the computational hardware unit for the second type of operations to be performed.
This structure has the advantage of centralising the management of operations in the activity of a single microprocessor which delegates the operations of the second type to the computational hardware unit. Such structure corresponds to the one conventionally implemented within secure devices integrating particular functions enabling operations of a second type which are not executable by the main processor.
Thus, in an advantageous embodiment, the computing hardware is available aboard the secure device.
According to this characteristic, the computing hardware unit is available aboard the secure device. As regard electronic integration, this means that the computational hardware unit is a peripheral hardware unit of the main microprocessor within a same physical support. The circuits of the computational hardware unit and those of the main microprocessor are thus integrated and are generally intricate with each other, within the same physical support.
In a preferred embodiment, the computational hardware unit is a crypto-coprocessor .
The invention is thus particularly valued with cryptography coprocessors. The hardware nature of the crypto-coprocessors make them particularly valuable for an application of the invention. As a matter of fact, these are computational hardware units in the meaning of the invention. They are not programmable and are hardwarily encoded in order to perform operations of the second type.
They are available aboard the secure device. As a matter of fact, such structure is required for providing the security required for implementing cryptography operations. Besides, it is known that the crypto-coprocessors depend, as regards the running thereof, on the presence of a main microprocessor.
This is not the case with DSPs (Digital Signal Processor) or with GPUs, which, additionally, perform operations of the first type only. As a matter of fact, these can work off-line. They are not available aboard any secure device. These are integrated circuit present on a graphic card and providing the computational functions for the display system. In addition, they are programmable. These are not computational hardware units in the meaning of the invention.
Advantageously, the step of selection may be preceded by a step of establishing a set of resources associated with the task, and the step of selection may consist in selecting only one resource among the resources of the set associated with the task.
Advantageously, the processing may include a plurality of tasks. The secure device may include a second computational hardware unit specifically designed for executing operations of a third type; the third type being different from the first and second types. The step of establishing a set of resources is performed for each one of the processing tasks, with each one of said resources including one or more computational hardware units. Advantageously, the second type may be the symmetric cryptography type and the third type may be the asymmetric cryptography type.
Advantageously, at least two of the processing tasks may be executed in parallel.
Advantageously, the step of establishing the set of resources associated with a target task is carried out by taking into account at least one of the following criteria: the execution time of the target task, the memory requirements for executing the target task, and the security level required for executing the target task.
Advantageously, the step of selecting one resource may be performed in the secure device by taking into account a random factor.
Another object of the invention is a secure device including a microprocessor and able to execute processing including a task of a first type. Said first type corresponds to the operations executable by the microprocessor or by a component specifically designed for the first type. The secure device includes a computational hardware unit specifically designed for executing operations of a second type. Said second type is different from the first one. The secure device includes:
- means for storing a set of resources associated with said task, with one of the resources including the computational hardware unit,
- selection means able to select only one resource among the set of resources associated with the task, with the selection means being able to assign the selected resource to the task, and
- delegating means able to trigger the execution of at least one of the operations of the second type of the computational hardware unit for executing the task.
Advantageously, the secure device may include identification means able to establish the set of resources associated with the task.
Advantageously, the identification means may take into account at least one of the following criteria for establishing the set of resources associated with a target task: the execution time of the target task, the memory requirements for executing the target task and the security level for executing the target task.
Advantageously, the selecting means may be able to take into account a random factor.
(Brief description of the figures)
Other characteristics and advantages of the present invention will appear more clearly when reading the embodiments described hereinafter.
Four figures are appended to these embodiments.
- Figure 1 schematically describes an exemplary architecture for a secure device according to the invention,
- Figure 2 schematically describes an exemplary processing intended to be executed according to the method of the invention,
- Figure 3 schematically describes exemplary sets of resources established according to the method of the invention, and - Figure 4 schematically describes an exemplary list of resources assigned to the execution of each task of the processing according to the method of the invention . (Detailed description of embodiments of the invention)
The invention applies to all types of secure devices having a microprocessor and at least one computational hardware unit designed for performing operations of a particular type. The computational hardware units are hardware components. More particularly, according to the invention, the computational hardware units are hardwarily encoded for performing particular operations. For example, a computational hardware unit can be designed for performing symmetric cryptography operations or for performing asymmetric cryptography operations, or integrity value calculation operations or random values generation operations. This invention more particularly applies to chip cards, portable telephones, Machine-to- Machine components (known as "M2M components") and to PC tablets containing secure data.
According to one particular characteristic of the invention, the use of a specialised computational hardware unit is diverted with respect to the use which it was originally designed for.
Within the scope of the invention, all the operations executable by the microprocessor of the secure device are considered as belonging to a first type. The secure device includes at least a specialised computational hardware unit which is designed for executing operations of a particular second type. Said second type is different from the first one. For example, the specialised computational hardware unit may be able to perform operations of the public key cryptography type. It should be noted that this computational hardware unit can also be able to perform operations of the first type, i.e. operations executable by the microprocessor. However, according to the invention, operations of the second type are diverted from their functions.
For example, the computational hardware unit may be able to perform operations in order to execute a permutation task. Then, according to the invention, a task of the first type can be executed by having at least one operation of the second type executed by the specialised computational hardware unit. On the other hand, the microprocessor is not able to perform operations of the second type.
Similarly, according to the invention, when the secure device includes two computational hardware units specialised in different types of operations, one of the computational hardware units can be used for executing a task corresponding to the type of the other computational hardware unit and vice versa.
Figure 1 schematically describes an exemplary architecture for a secure device SD according to the invention. In this example, the secure device is a chip card. This example is not restrictive. The secure device SD includes a working memory WM, a non volatile memory ME, a microprocessor MP, two computational hardware units Ul and U2 and a communication interface IN. Such communication interface IN enables the secure device SD to converse with another device such as a reader, for example.
The working memory WM is of the RAM type. The non volatile memory ME is preferably a flash memory and may be composed of one or several different memory components. The non volatile memory ME includes an operating system OS and four means MO, Ml, M2 and M3.
The operating system may be of the exclusively native type or include a virtual machine such as a Java ® virtual machine, for example.
The computational hardware unit Ul is a DES ("Data
Encryption Standard") coprocessor intended to perform calculations for symmetric keys or according to symmetric algorithms. The computational hardware unit Ul is able to execute operations of the symmetric cryptography type.
The computational hardware unit U2 is a Public Key coprocessor (also called PK for Public Key) intended to perform calculations for asymmetric keys or according to asymmetric algorithms. The computational hardware unit U2 is able to execute operations of the asymmetric cryptography type.
The secure device SD is intended for executing processing composed of one or more tasks. For example, processing can consist in generating a series of symmetric keys. Executing a task requires a resource able to perform the required operations. Such resource may consist in one or more computational hardware units. Several resources may sometimes be identified as liable to execute the same task.
Processing TR is for example defined by one application installed in the device SD. Processing TR may also be defined by the operating system OS in order to respond to a command received via the interface IN.
The means MO is a storage means able to store a resource or a set of resources associated with a task.
The means Ml is a selection means able to select only one resource among the resources belonging to the set associated with a given task. The means Ml is also able to assign the selected resource to the task involved .
The means M2 is an identification means able to establish a set of resources associated with a given task. Each resource includes one or more computational hardware units. In other words, the identification means M2 is able to associate a set of resources with each task of the processing.
The means M3 is a delegating means able to trigger the execution of at least one operation of each computational hardware units Ul and U2 own types.
According to the invention, the microprocessor MP is considered as a computational hardware unit whose particularity is not to be specialised. Thus the device SD of Figure 1 includes three computational hardware units which can form, separately or jointly, a resource available for executing a task. In Figure 1, the non volatile memory ME also includes two sets of resources El and E2 which are shown in greater details in the following figures.
Figure 2 shows an exemplary processing TR intended to be executed according to the method of the invention .
The processing TR includes two tasks Tl and T2 liable to be executed separately in the secure device SD of Figure 1. For example, the processing TR may include the generation of 20 random durations and the generation of three Triple-DES keys; In this case, the processing TR includes a first task Tl consisting in producing a series of twenty durations of random sizes and a second task T2 consisting in generating symmetric keys .
Figure 3 shows exemplary sets of resources established according to the method of the invention. As per the method according to the invention, a set of one or more resources is established for each one of the processing TR tasks. A set El is identified for the task Tl. This set El includes two resources Rl and R2. In other words, the task Tl can be executed according to two possible alternatives: using the resource Rl, or using the resource R2. In the example of Figure 3, the resource Rl is composed of the computational hardware unit U2 and the resource R2 is composed of the association of the computational hardware unit Ul and the microprocessor MP.
A set E2 is identified for the task T2. The set E2 includes a single resource R3. In other words, the task T2 can be executed according to only one possible configuration. In the example of Figure 3, the resource R3 is composed of the computational hardware unit U2.
The step of identification of the sets of resources associated with each task can be carried out by taking into account one or several of the following criteria: the time required for the execution, by the computational hardware unit, the memory requirements and the desired security level. The same task is executed by various computational hardware units in a time which depends on each unit's characteristics. The size of the memory requirements corresponds to the size required in the various memories existing in the device SD. Eventually, the security level of the execution of a task varies according to the nature of the resource used.
For example, the transfer of data between two memory areas using a main processor MP which would process the data 8 bits by 8 bits is less secure than the transfer of the same data using an asymmetric crypto-processor which processes the data, for example by 128-bit blocks. As a matter of fact, dictionary attacks or « template attacks » are known which offer only 256 possible cases when processing a byte and can make it possible to find the value of the transferred byte. When processing 128-bit blocks, this kind of attack can no longer be considered.
Then, for example, the 8 bits by 8 bits transfer is an operation of the first type. The OR,AND,XOR boolean operations acting on data blocks, of for example 128 bits, are second type operations which cannot be performed by the microprocessor MP. In fact, these operations will be used for carrying out the transfer of data by operating, for example, the « Xor » function: InputMessage Xor 0x00...00 = InputMessage, or the « AND » function: InputMessage AND 0xFF...FF = InputMessage, or the « OR » function: InputMessage OR InputMessage = InputMessage. The diversion of the second type operation, here boolean operations on data blocks, in order to perform a data transfer, a first type task, can easily be understood. The computational hardware unit is designed for being able to carry out such required operations in cryptography. It is normally used for the cryptography tasks only.
Here the result of the task is the transfer of a set of data. The result obtained is identical and performed by diverting the special resources of the crypto-processor for a task executable by operations of the first type.
Figure 4 shows an exemplary list of resources assigned to the execution of each task of the processing TR according to the method of the invention.
As per the method according to the invention, a single resource is selected for executing each task of the processing TR. Thus, in the example of Figure 4, the task Tl is planned to be executed by the resource R2 and the task T2 is planned to be executed by the resource R3.
Then the generation of the series of twenty durations of random sizes (i.e. task Tl) can be performed by the couple consisting in the association of the DES Ul coprocessor and microprocessor MP. Each random duration will be characterised by the generation of a random variable which the configuration of the DES Ul coprocessor will depend on (loading of keys, of data, configuration, number of executions
Each execution of a random duration shall be characterised by one or more calls to the DES Ul coprocessor with keys and variable data. The advantage of such random delays consists in generating traces of leakage on side channels of the same type as those existing in the executions of symmetric algorithms. In addition, they can be parallelized with executions performed by the microprocessor MP or by other resources of the device SD.
And the generation of three Triple-DES keys (i.e. task T2) can be carried out by the Public Key coprocessor U2. In this case, the masked reference key can be taken and an arithmetic and/or logic and deterministic operation can be applied, for obtaining a data item whose size is equal to three times the size of the key of a Triple-DES. Let K be the triple DES key, an item of data 3x|K| in size can be obtained using two multiplications supplied by the public key coprocessor U2.
In this case, the invention not only offers savings in execution time, but also in memory requirements. As a matter of fact, the multiplication function, among other arithmetic and/or logic operations, is already hardwarily defined in the coprocessor U2.
The functions of multiplication on large numbers well-known to cryptography specialists can here be used. The calculation structure of arithmetic and/or logic operations defined within the computational hardware unit is different from the structure of all the other operations which, using the microprocessor or another type of coprocessor, would make it possible to generate fake keys. For example, this is the case for the Montgomery multiplication used for modular multiplications .
Here again, a first and a second different type of operations resulting in obtaining a data item with a size equal to three times the size of a key of a triple DES from the masked reference key, can be distinguished .
More precisely, the functions of multiplication on large numbers only exist on asymmetric crypto- coprocessors , contrary to the operations existing in the main microprocessor or in the other coprocessors. The operations of multiplication on large numbers belong to the second type operations of the coprocessor U2.
Thus the function of multiplication on large numbers just needs to be launched by the processor MP to obtain the execution of the first type task which is the generation of fake keys. The function of multiplication on large numbers will operate on the numbers to be multiplied according to the hardwarily encoded operations intended for calculations on large numbers. The operation will be of a different type but the result will be identical.
No particular code programming the main microprocessor is needed for generating such keys in the operating system since functionalities already integrated in the equipment are used. This has the advantage of reducing the size of the operating system OS and thus to free some space in the non volatile memory of the secure device.
Advantageously, the selection of resources for the tasks can be made randomly. Two executions of the same processing can thus be performed with different resources. The robustness of the execution of the processing is thus improved against attacks thanks to the changing signatures in terms of computational hardware units which are used, and as from such computational hardware units are actuated.
More particularly, the selection of the resource to be used can be made at the last moment, i.e. dynamically, or when the secure device is about to launch the execution of the processing, or during the execution of the processing. For example, if the processing includes a large number of tasks, the selections of resources assigned to the last tasks can be made after the first tasks are executed.
Another particular characteristic of the invention is that it makes it possible to divert the use of a specialised computational hardware unit with respect to the use which it was originally designed for. The first advantage thereof is that a computational hardware unit can be used more often than in the prior art. Without the invention, a computational hardware unit can be used only if a task of a matching type must be executed. This allows a better exploitation of the components existing in the secure device.
The second advantage is the jamming of the available information for a possible malicious attacker. As a matter of fact, it appears, from the outside, that a computational hardware unit dedicated to one type is actuated whereas the actually executed task is of a different type.
With the invention, all kinds of hardware components can be used for executing the processing. For example, the processing can be distributed over a CRC (« Cyclic Redundancy Check ») coprocessor, a DES (« Data Encryption Standard ») coprocessor, an AES (« Advanced Encryption Standard ») coprocessor, a public key coprocessor or even a random number generator (also called « Random Generator » or RNG) available aboard the secure device.
With the invention, integrity check calculations can be carried out using arithmetic operations executed by a public key coprocessor, as a substitution for the conventional utilisation of the microprocessor.
Another exemplary diversion of computational hardware units is the generation of masks by a block symmetric enciphering hardware unit; such masks being intended for masking all or part of the keys.
Another unexpected exemplary operation of the computational hardware units is the generation of random durations by a DES coprocessor or an AES coprocessor or even a public key coprocessor.
An additional advantage of the invention is to facilitate the delegation in parallel of several tasks so as to reduce the global time required for executing the processing. The microprocessor can then be relieved of some tasks and thus be available for managing the delegation of tasks to the other computational hardware units.
This advantage illustrates the fact that it becomes more difficult to build a clone of the device containing the invention. As a matter of fact, the clone shall not be usable since it does not have all the available resources able to perform the same tasks, in the same way, within a very limited time.
Advantageously, a processing composed of several operations can be executed by the secure device according to the invention as a processing composed of a single task grouping all the operations. Let us consider, for example, the secure transfer of a data buffer composed of several bytes. Such buffer must be copied from the non volatile memory ME to the working memory WM. Without the invention, the transfer may include the following operations: generation of an index of the bytes to be transferred, and then the byte per byte transfer in a random order. This transfer can be executed by the microprocessor of the secure device.
With the invention, all these operations can be considered as a single task which can be delegated to the Public Key crypto-coprocessor (i.e. the computational hardware unit U2) which is able to perform the transfer of all the bytes in the buffer at once. Such an embodiment also has the advantage of improving the security level of the data transfer as regards side channel attacks and of reducing the time required for executing the target processing.
According to an alternative solution, an initial operation of a processing may be divided into several tasks able to be distributed over several different resources .
Although the above mentioned examples relate to chip cards, the invention also applies to any kind of devices including at least one computational hardware unit specialised in a particular type of operations, with this type of operations being different from the operations carried out by the main microprocessor. The invention applies to all kinds of specialised computational hardware units so defined.

Claims

1. A method for executing a processing (TR) in a secure device (SD) , with the secure device (SD) including a microprocessor (MP) , and the processing (TR) including a task (Tl) of a first type, with said first type corresponding to the operations executable by the microprocessor (MP) or by a component specifically designed for the first type, with the secure device (SD) including a computational hardware unit (Ul) specifically designed for executing operations of a second type, with said second type being different from the first type,
characterised in that the method comprises the following steps:
- selection of a resource (Rl) associated with the task (Tl), with the resource including the computational hardware unit (Ul),
- assignment of the selected resource (Rl) to the task (Tl),
- execution of the task (Tl) using the computational hardware unit (Ul) by executing at least one of the operations of the second type, thus diverting the computational hardware unit (Ul) with respect to the use which it was originally designed for.
2. A method according to claim 1, wherein the microprocessor is a main microprocessor (MP) managing the operations to be performed and delegating operations to the computational hardware unit (Ul) for the second type of operations to be performed.
3. A method according to one of the preceding claims, wherein the computing hardware unit (Ul) is available aboard the secure device.
4. A method according to one of claims 1 to 3, wherein the computing hardware unit (Ul) is a crypto- coprocessor.
5. A method according to one of the preceding claims, wherein the step of selection is preceded by a step of establishing a set (El) of resources (Rl, R2) associated with the task (Tl), and wherein the step of selection consists in selecting only one resource among the resources (Rl, R2) of the set (El) associated with the task (Tl) .
6. A method according to claim 5, wherein the processing (TR) includes a plurality of tasks (Tl, T2), wherein the secure device (SD) includes a second computational hardware unit (U2) specifically designed for executing operations of a third type, with said third type being different from the first and second types, and wherein the step of establishing a set (El, E2) of resources (Rl, R2, R3) is performed for each one of the processing (TR) tasks (Tl, T2), with each one of said resources (Rl, R2, R3) including one or more computational hardware units (Ul, U2) .
7. A method according to claim 6, wherein the second type is the symmetric cryptography type and the third type is the asymmetric cryptography type.
8. A method according to any one of claims 6 or
7, wherein at least two of the processing tasks (TR) are executed in parallel.
9. A method according to any one of the preceding claims, wherein the step of establishing the set of resources associated with a target task is carried out by taking into account at least one of the following criteria: the execution time of the target task, the memory requirements for executing the target task, and the security level required for executing the target task .
10. A method according to any one of the preceding claims, wherein the step of selecting a resource is performed in the secure device (SD) by taking into account a random factor.
11. A secure device (SD) including a microprocessor (MP) , with said secure device (SD) being able to execute processing (TR) including a task (Tl) of a first type, with said first type corresponding to the operations executable by the microprocessor (MP) or by a component specifically designed for the first type, with the secure device (SD) including a computational hardware unit (Ul) specifically designed for executing operations of a second type, with said second type being different from the first type,
characterised in that the secure device (SD) includes :
- means for storing (MO) a set (El) of resources
(Rl, R2) associated with said task (Tl), with one of the resources including the computational hardware unit (Ul) ,
selection means (Ml) able to select only one resource among the set (El) of resources (Rl, R2 ) associated with the task (Tl), and able to assign the selected resource to the task (Tl),
delegating means (M3) able to trigger the execution of at least one of the operations of the second type of the computational hardware unit (Ul) for executing the task (Tl) thus diverting the specialised computational hardware unit (Ul) with respect to the use which it was originally designed for.
12. A secure device (SD) according to claim 11 including identification means (M2) able to create the set (El) of resources associated with the task (Tl) .
13. A secure device (SD) according to claim 12, wherein the identification means (M2) takes into account at least one of the following criteria for establishing the set of resources associated with a target task: the execution time of the target task, the memory requirements for executing the target task and the security level for executing the target task.
14. A secure device (SD) according to any one of claims 11 to 13, wherein the selection means (Ml) is able to take into account a random factor.
PCT/EP2012/061688 2011-07-06 2012-06-19 Method for executing processing in a secure device WO2013004487A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP11305869A EP2544115A1 (en) 2011-07-06 2011-07-06 Method for running a process in a secured device
EP11305869.7 2011-07-06

Publications (2)

Publication Number Publication Date
WO2013004487A2 true WO2013004487A2 (en) 2013-01-10
WO2013004487A3 WO2013004487A3 (en) 2013-03-07

Family

ID=46317415

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/061688 WO2013004487A2 (en) 2011-07-06 2012-06-19 Method for executing processing in a secure device

Country Status (2)

Country Link
EP (1) EP2544115A1 (en)
WO (1) WO2013004487A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3136645A1 (en) * 2015-08-27 2017-03-01 Gemalto Sa Mixed hardware and software instructions for cryptographic functionalities implementation

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6789147B1 (en) * 2001-07-24 2004-09-07 Cavium Networks Interface for a security coprocessor
US8332865B2 (en) * 2008-02-21 2012-12-11 International Business Machines Corporation Adjunct processor load balancing
US20100125740A1 (en) * 2008-11-19 2010-05-20 Accenture Global Services Gmbh System for securing multithreaded server applications

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3136645A1 (en) * 2015-08-27 2017-03-01 Gemalto Sa Mixed hardware and software instructions for cryptographic functionalities implementation
WO2017032495A1 (en) * 2015-08-27 2017-03-02 Gemalto Sa Mixed hardware and software instructions for cryptographic functionalities implementation
US11232213B2 (en) 2015-08-27 2022-01-25 Thales Dis France Sa Mixed hardware and software instructions for cryptographic functionalities implementation

Also Published As

Publication number Publication date
EP2544115A1 (en) 2013-01-09
WO2013004487A3 (en) 2013-03-07

Similar Documents

Publication Publication Date Title
US10431123B2 (en) Method for testing and hardening software applications
TWI604380B (en) Asymmetrically masked multiplication
KR102182894B1 (en) USER DEVICE PERFORMING PASSWROD BASED AUTHENTICATION AND PASSWORD Registration AND AUTHENTICATION METHOD THEREOF
US8918768B2 (en) Methods and apparatus for correlation protected processing of data operations
US9898623B2 (en) Method for performing an encryption with look-up tables, and corresponding encryption apparatus and computer program product
EP2876593B1 (en) Method of generating a structure and corresponding structure
WO2018063604A1 (en) Return address encryption
SE1350203A1 (en) Device encryption process and process for unsafe environments
US20210284703A1 (en) Encryption device and operation method thereof
EP3266146A2 (en) Side channel analysis resistant architecture
Guneysu et al. Dynamic intellectual property protection for reconfigurable devices
CN109391469B (en) Method and device for implementing safety function in control field
US10110375B2 (en) Cryptographic device and secret key protection method
CN109598105A (en) A kind of microcontroller is safely loaded with the method, apparatus, computer equipment and storage medium of firmware
Garcia et al. Wirelessly lockpicking a smart card reader
KR102419505B1 (en) Method and system for authentication of a storage device
RU2710670C2 (en) Cryptographic system and method
WO2013004487A2 (en) Method for executing processing in a secure device
US20100250962A1 (en) Electronic token comprising several microprocessors and method of managing command execution on several microprocessors
EP3913509A1 (en) Method to secure computer code
CN108121917B (en) Method and system for circuit protection
US11061996B2 (en) Intrinsic authentication of program code
CN114510216A (en) Method, device and equipment for storing data
CN101281574B (en) Technical method preventing software protecting equipment being unlawfully shared
US10459848B2 (en) Method for optimising memory writing in a device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12727880

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12727880

Country of ref document: EP

Kind code of ref document: A2