Electrical computers and digital processing systems: support – Data processing protection using cryptography – Tamper resistant
Reexamination Certificate
1997-04-14
2001-08-07
Swann, Tod (Department: 2132)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Tamper resistant
C713S193000, C713S152000, C380S052000
Reexamination Certificate
active
06272637
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to secured microcircuits, and more particularly to a method and apparatus for providing access protection in a microcontroller interfaced with a memory block.
2. Description of the Related Art
Controlling access to program and data information is a highly desirable objective for users in many sensitive applications. One of the more effective methods by which such access control is presently effectuated involves encrypting the program and data information that is stored in a memory block and using a suitable processor circuit to execute the application program in plain-text. Clearly, this approach requires that the processor circuit be able to receive the encrypted program and data bytes from the memory block, decipher the encrypted program and data bytes into plain-text, execute the machine instructions, and subsequently, encrypt the results that need to be written back to the memory block.
It can be appreciated that in the access control approach described above, the electrical signals asserted on the communication paths, that is, data and address buses, between the processor circuit and the memory block are in the encrypted form so as to thwart an unauthorized attempt to gain access to the contents of the memory block. Because the sequential instructions of an ordinary program or data table are stored non-sequentially in the memory block, it would be virtually impossible for an attacker to disassemble op-codes of the program or to convert encrypted program and data information back into their true representation.
To further enhance the security of the user application program during reset and interrupt handling, some improved approaches provide for a “protected” memory area within the processor circuit for storage of reset and interrupt vector locations. The protected memory area may also be capable of storing initial portions of a user application. Moreover, tamper detection circuits, which are also typically provided in these improvements, are designed to generate signals to instantaneously erase the contents of this local memory area along with the contents of encryption keys used for encryption/de-encryption, should there be any unauthorized event such as, for example, micro-probing of the data or address buses.
It should be understood that notwithstanding the aforementioned developments, an encrypted application program may nevertheless be susceptible to being compromised by a persistent attacker who uses a brute “trial and error” approach based on the monitoring of the address and data buses and on the occurrence of such system events as resets.
An exemplary trial and error attack on an encrypted application program may be described as follows. The attacker can monitor the address bus following a reset and stop the data flow from the external memory block at an arbitrary address location, for example, A+0. Beginning at this address, the normal memory field can be replaced with an arbitrary number of bytes, for example, five bytes, supplied from an alternate memory source for addresses A+0 through A+4. Essentially, the idea is to continue to reset the processor circuit and inject different combinations of program bytes at various, “stopped” addresses until an observable change is detected outside the processor circuit, that is, on a port or a serial output pin. This approach focuses on finding an encrypted set of the first three program bytes at locations A+0 through A+2 which would be properly decoded as a three-byte instruction, such as for example the MOV PORT
1
, #XX instruction used in a 8051-compatible microcontroller, where #XX is an arbitrary “data” byte that is to be moved to Port
1
. The additional two bytes at locations A+3 and A+4 are required to allow time for the processor circuit to finish the transfer of the data (#XX) to the external Port
1
pins.
Once the MOV instruction to Port
1
is found, all variations of the third byte (that is, the #XX data byte) at address A+2 are then evaluated (using 256 resets) to totally decode the encrypted data field at the address A+2 by observing the plain-text data seen on the port. This, in effect, provides a total decryption of the data field at the address location A+2. Once A+2 is decoded, the trial and error method is restarted, but over the range of A+1 through A+6. It may be noted that this approach is somewhat easier for the later passes than the initial pass since the complete decoding for the data at the third byte in the 5-byte sequence (that is, A+2 of the initial sequence) is now known. As a result, the trial and error technique focuses on finding a single byte instruction for the address A+0 and looking for the MOV instruction at A+1. Because the previous decoding of A+2 gives the information required to encode the value of Port
1
address, no trial and error operations are required for this value. Once the MOV instruction and any single byte instruction at location A+0 are determined, it is possible to totally decode the data encryption associated with the contents of the location A+3. A single byte instruction at A+0 may easily be forced by trial and error because majority of the instructions associated with a processor circuit, for example, an 8051-compatible microcontroller, represent single byte instructions.
At this point, a third search is used to find a second single byte instruction for address location A+1. This search is done in connection with the previously determined encryption of A+2 and A+3. This, then, allows the proper decoding of the location A+4 by establishing the MOV Port
1
instruction with the “data” being the contents of A+4. It can be readily appreciated that decrypting A+4 allows all remaining sequential addresses to be directly determined without the need for a trial and error search. Thus, once a small block of an encrypted memory is totally decrypted, an attacker can force the processor circuit to do a total down-load of all encrypted memory locations to a port using MOV instructions.
It can be seen that the exemplary trial and error attack methodology described above is time-intensive and highly probabilistic. However, as can be appreciated, there may be applications where even a remote possibility of exposure cannot be tolerated. It is therefore desirable to have a mechanism to detect any type of unauthorized attempt to gain access to the contents of a memory block and to launch an evasive action that is completely immune to the attack. Furthermore, such a mechanism should be reliable, economically feasible, and yet conservative in execution time requirements.
SUMMARY OF THE INVENTION
In one aspect, the present invention is directed to a system of the type including a first circuit with an internal bus, which first circuit is capable of communicating with a second circuit via a data bus and an address bus, the system comprising means for sensing an unauthorized attempt to access the second circuit; and means for launching an evasive action, responsive to a signal generated by the sensing means. In the presently preferred exemplary embodiment, the second circuit of the system comprises an external memory, and the system further comprises an address path encryptor for encrypting signals asserted on the address bus using the contents of a first encryption key, a data path encryptor for encrypting signals asserted on the data bus using the contents of a second encryption key, and a secure memory block, disposed within the first circuit. In this embodiment, the presently preferred exemplary memory block is coupled to the internal bus. In one alternative embodiment, the sensing means comprises at least a counter for monitoring the number of uncompensated system resets; and at least a memory location for storing a reset threshold value. In a further embodiment, the sensing means comprises a reset-counter register, and a reset-threshold reg
Curry Stephen M.
Little Wendell L.
Loomis Donald W.
Dallas Semiconductor Corporation
Jenkens & Gilchrist, A Professional Corportion
Meislahn Douglas J.
Swann Tod
LandOfFree
Systems and methods for protecting access to encrypted... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Systems and methods for protecting access to encrypted..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Systems and methods for protecting access to encrypted... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2450724