Nothing Special   »   [go: up one dir, main page]

EP1602017A2 - Method for using a microprocessor and a microprocessor system - Google Patents

Method for using a microprocessor and a microprocessor system

Info

Publication number
EP1602017A2
EP1602017A2 EP04709578A EP04709578A EP1602017A2 EP 1602017 A2 EP1602017 A2 EP 1602017A2 EP 04709578 A EP04709578 A EP 04709578A EP 04709578 A EP04709578 A EP 04709578A EP 1602017 A2 EP1602017 A2 EP 1602017A2
Authority
EP
European Patent Office
Prior art keywords
program
jump
command
microprocessor
random bit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04709578A
Other languages
German (de)
French (fr)
Inventor
Berndt Gammel
Steffen Sonnekalb
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=32920746&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=EP1602017(A2) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Infineon Technologies AG filed Critical Infineon Technologies AG
Publication of EP1602017A2 publication Critical patent/EP1602017A2/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • G06F21/755Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack

Definitions

  • the present invention relates to a method for operating a microprocessor and a microprocessor arrangement according to the independent claims 1 and 9.
  • DPA Differential Power Analysis
  • Programs always have several program or code sequences that are independent of one another and whose order in processing is interchangeable.
  • the program flow was previously used to protect against the above types of attacks randomly changed by software. For example, command sequences were interchanged by permutation, redundant command sequences were inserted or several different code sequences that lead to the same result were introduced.
  • this requires the use of a random generator that generates undeterminable random bits that are software-evaluated at corresponding branch points within the program, for example in order to branch to the corresponding code sequence in the case of a jump instruction.
  • Another method of protection against this type of attack is a randomly controlled program delay, in which dummy code sequences, the execution time of which is determined with the aid of a random generator, are inserted into the current program code.
  • a method known from published WO / 9963419 describes the control of a "wait-state connection" of a circuit by a random generator, the operation of the circuit being stopped or restarted as a function of the number generated by the random generator, and thus uniform processing cycles be prevented.
  • the object of the invention is to provide a method for operating a microprocessor or a microprocessor arrangement with which adequate security is ensured with minimal program expenditure.
  • This object is achieved by a method or a microprocessor arrangement in which at least one program Branch and / or program delay is provided, which is random bit-controlled for the modulation of a program run and implemented as a hardware-based command.
  • the modulation of a program sequence is controlled in an advantageous manner in that, for example, a bit randomly generated by a pseudo-random generator with a non-determinable bit of a real one generated physical
  • Random generator is linked to a random bit, which is used by the hardware-based instructions of the microprocessor in order to randomly execute program branches and / or program delays.
  • Instructions are advantageously introduced which have a variable execution time by randomly changing the runtime of the instructions via the parameters assigned to the instructions, which, for example, indicate operating cycles. Commands can also be inserted into the program flow which carry out an empty operation and have no influence on the result of a code sequence.
  • Randomly controlled program branches are advantageously implemented by jump commands with at least one jump target.
  • the jump is carried out or not depending on the value of a random bit.
  • the sequence of the code sequences to be processed can be varied in a random bit-controlled manner.
  • the destination addresses do not necessarily have to be processed if they achieve the same result. If these code sequences have, for example, different runtime profiles, the time behavior for achieving a result when the program is run again cannot be determined, so that the attack methods described above do not produce any usable information.
  • a jump instruction (“jumble") is implemented, the jump instruction specifying a jump destination:
  • the jump is carried out or not. If, for example, the random bit is set, ie has the value "1”, the jump operation to address "address1" is carried out, where code sequence 2 is processed and then the common code sequence "common code sequence” is processed under address “address2" becomes. Code sequence 1 can include a dummy operation here that has no influence on the result. In the event that the random bit is not set, ie has the value "0”, the jump to address "adressl” is not carried out, but the program flow is linear with the code sequence "code sequence 1" and subsequent jump to address "address2" continued. In the next exemplary embodiment, a jump instruction (“jumble") is implemented, the jump instruction branching into three jump destinations:
  • the sequence of processing the code sequences "code sequence 1, code sequence 2 and code sequence 3" at the addresses “addrl, addr2 and addr3" of the jump destinations can be interchanged, since they are not functionally dependent on one another.
  • the code sequences equivalent to the result to be achieved do not necessarily all have to be processed, so that an address can be jumped to under random bit control, under which the corresponding code sequence is processed and the program sequence is then continued under the address "address4".
  • the fact that the code sequences have different runtime behavior and that each time the program is run again jumps to a different address it is not possible to analyze the data obtained by interception processes.
  • the random bit-controlled sequence when all code sequences have to be processed also does not provide any usable data.
  • the following exemplary embodiment shows a jump command with two possible jump targets, which is implemented as a "jumblecall" call command and implements a context change by a jump: Jumblecall ⁇ addl>, ⁇ addr2>
  • the command can be executed either to one or to both jump destinations.
  • a "return" command is executed which restores the previous context.
  • the random bit-controlled parameters ⁇ n> and ⁇ m> specify the upper and lower limits of possible operation cycles, so that a variable run length of the command is achieved. In order to achieve a variable execution time of a command, whereby the parameters can be assigned to any command, only one parameter could also be specified as an upper limit. If the parameters have the value "0”, the command is executed in an optimal period. If the parameters have a value other than "0", up to ⁇ n> or ⁇ m> cycles are required to execute this command.
  • the command "jumpleadd" of the following exemplary embodiment can also be used for all commands:
  • This command also extends the execution time randomly.
  • the parameters determining the runtime of a command do not necessarily have to be specified for each individual command. These parameters can be stored in a configuration register, which is accessed, for example, using a configuration command "jumple_config ⁇ opl> ⁇ op2>.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Executing Machine-Instructions (AREA)
  • Microcomputers (AREA)

Abstract

The invention relates to a method for using a microprocessor consisting of at least one program branching and/or program delay which are regulated by random bits in order to modulate a program flow, implemented and stored in the form of a material command. The inventive method is characterised in that a program runtime for each program run is different each time with respect to the runtime of the previous programs. A microprocessor system for carrying out said method is also disclosed.

Description

Beschreibung description
Verfahren zum Betreiben eines Mikroprozessors und eine Mikro- prozessoranordnungMethod for operating a microprocessor and a microprocessor arrangement
Die vorliegende Erfindung betrifft ein Verfahren zur Betreiben eines Mikroprozessors und eine Mikroprozessoranordnung gemäß der nebengeordneten Patentansprüche 1 und 9.The present invention relates to a method for operating a microprocessor and a microprocessor arrangement according to the independent claims 1 and 9.
Bei Programmen in Sicherheitsanwendungen, die auf einem Mikroprozessor programmiert werden, besteht generell die Möglichkeit, durch Auswertung von Befehlsfolgen geheime Informationen, wie beispielsweise Schlüssel, auszuspähen.In programs in security applications that are programmed on a microprocessor, there is generally the possibility of spying on secret information, such as keys, by evaluating command sequences.
Es gibt verschiedene Möglichkeiten derartige Schaltungen für Sicherheitsanwendungen anzugreifen. Bei sogenannten "Side- Channel-Attacks" wird beispielsweise die Stromaufnahme oder die elektromagnetische Emission der Schaltung erfaßt, wenn ein bestimmter Vorgang in der Schaltung abläuft . Aus dem zeitlichen Verlauf, insbesondere dem zeitlichen Bezug derThere are various ways of attacking such circuits for safety applications. In so-called "side-channel attacks", for example, the current consumption or the electromagnetic emission of the circuit is detected when a specific process takes place in the circuit. From the temporal course, in particular the temporal reference of the
Stromaufnahme oder der elektromagnetischen Emission kann beispielsweise auf den verwendeten Schlüssel geschlossen werden.Current consumption or the electromagnetic emission can be deduced, for example, from the key used.
Differential Power Analysis (DPA) ist ein bekanntes Angriffs- Szenario für Sicherheits-CPUs. Bei einem solchen Angriff wird eine Folge von Befehlen eines Programms und deren Auswirkungen in der Schaltung mittels statistischer Auswertungen der Kennlinien des Stromverbrauchs ermittelt. Aus diesen Auswertungen lassen sich detaillierte Rückschlüsse über das ausge- führte Programm gewinnen. Das Erfassen der elektromagnetischen Emission ist unter der Bezeichnung DEMA ("Differential Electro-Magnetic Analysis") bekannt.Differential Power Analysis (DPA) is a known attack scenario for safety CPUs. In the case of such an attack, a sequence of commands from a program and their effects in the circuit are determined by means of statistical evaluations of the characteristic curves of the power consumption. From these evaluations, detailed conclusions can be drawn about the program implemented. The detection of the electromagnetic emission is known under the name DEMA ("Differential Electro-Magnetic Analysis").
Programme weisen immer mehrere Programm- bzw. Codesequenzen auf, die unabhängig voneinander sind und deren Reihenfolge in der Abarbeitung vertauschbar ist. Zum Schutz gegen oben genannte Art von Angriffen wurde bisher der Programmablauf softwaremäßig zufallsgesteuert verändert. Hierbei wurden beispielsweise Befehlsfolgen durch Permutation vertauscht, redundante Befehlsfolgen eingefügt oder mehrere verschiedene Codesequenzen, die zum gleichen Ergebnis führen, eingeführt. Dies erfordert jedoch den Einsatz eines Zufallsgenerators, der nicht bestimmbare Zufallsbits generiert, die an entsprechenden Verzweigungspunkten innerhalb des Programms Software- mäßig ausgewertet werden, um beispielsweise bei einem Sprung- Befehl in die entsprechende Codesequenz zu verzweigen.Programs always have several program or code sequences that are independent of one another and whose order in processing is interchangeable. The program flow was previously used to protect against the above types of attacks randomly changed by software. For example, command sequences were interchanged by permutation, redundant command sequences were inserted or several different code sequences that lead to the same result were introduced. However, this requires the use of a random generator that generates undeterminable random bits that are software-evaluated at corresponding branch points within the program, for example in order to branch to the corresponding code sequence in the case of a jump instruction.
Ein weiteres Verfahren zum Schutz gegen diese Art von Angriffen ist eine zufallsgesteuerte Programmverzögerung, bei der Dummy-Codesequenzen, deren Ausführungsdauer mit Hilfe eines Zufallsgenerators bestimmt wird, in den laufenden Programmco- de eingefügt werden.Another method of protection against this type of attack is a randomly controlled program delay, in which dummy code sequences, the execution time of which is determined with the aid of a random generator, are inserted into the current program code.
Ein aus der veröffentlichten WO/9963419 bekanntes Verfahren beschreibt die Ansteuerung eines "Wait-State-Anschlusses" einer Schaltung durch einen Zufallsgenerator, wobei in Abhän- gigkeit der durch den Zufallsgenerator erzeugten Zahl der Betrieb der Schaltung angehalten oder wieder aufgenommen wird und dadurch einheitliche Verarbeitungszyklen unterbunden werden.A method known from published WO / 9963419 describes the control of a "wait-state connection" of a circuit by a random generator, the operation of the circuit being stopped or restarted as a function of the number generated by the random generator, and thus uniform processing cycles be prevented.
Nachteilig bei den oben genannten Verfahren ist es, daß die Programmgröße zunimmt, die Laufzeit des Programms verlängert wird, die Performance sinkt und ein erhöhter Stromverbrauch zu verzeichnen ist.It is disadvantageous in the above-mentioned methods that the program size increases, the program runtime is extended, the performance decreases and an increased power consumption is recorded.
Ausgehend von diesem Stand der Technik liegt der Erfindung die Aufgabe zugrunde, ein Verfahren zum Betreiben eines Mikroprozessors bzw. eine Mikroprozessoranordnung vorzusehen, mit denen eine ausreichende Sicherheit bei minimalem Programmaufwand gewährleistet ist.On the basis of this prior art, the object of the invention is to provide a method for operating a microprocessor or a microprocessor arrangement with which adequate security is ensured with minimal program expenditure.
Diese Aufgabe wird durch ein Verfahren bzw. eine Mikroprozessoranordnung gelöst, bei denen zumindest eine Programmver- zweigung und/oder Programmverzögerung vorgesehen ist, die zur Modulation eines Programmablaufs Zufallsbit-gesteuert und als hardwarebasierender Befehl implementiert ist.This object is achieved by a method or a microprocessor arrangement in which at least one program Branch and / or program delay is provided, which is random bit-controlled for the modulation of a program run and implemented as a hardware-based command.
Da der Programmablauf durch die Reihenfolge der Befehle und deren bei der Ausführung benötigte Laufzeit bestimmt ist, wird die Modulation eines Programmablaufs in vorteilhafter Weise dadurch gesteuert, daß beispielsweise ein über einen Pseudo-Zufallsgenerator zufällig erzeugtes Bit mit einem er- zeugten nicht bestimmbaren Bit eines echten physikalischenSince the program sequence is determined by the order of the commands and their runtime required for the execution, the modulation of a program sequence is controlled in an advantageous manner in that, for example, a bit randomly generated by a pseudo-random generator with a non-determinable bit of a real one generated physical
Zufallsgenerators zu einem Zufallsbit verknüpft wird, welches von den hardwarebasierenden Befehlen des Mikroprozessors genutzt wird, um zufällig Programmverzweigungen und/oder Pro- grammverzδgerungen auszuführen.Random generator is linked to a random bit, which is used by the hardware-based instructions of the microprocessor in order to randomly execute program branches and / or program delays.
In vorteilhafter Weise werden Befehle eingeführt, die eine variable Ausführungszeit aufweisen, indem die Laufzeit der Befehle über die den Befehlen zugeordnete Parameter, die beispielsweise Operationszyklen angeben, zufällig verändert wer- den. Es können ebenso Befehle in den Programmablauf eingefügt werden, die eine Leer-Operation ausführen und keinen Einfluß auf das Ergebnis einer Codesequenz haben.Instructions are advantageously introduced which have a variable execution time by randomly changing the runtime of the instructions via the parameters assigned to the instructions, which, for example, indicate operating cycles. Commands can also be inserted into the program flow which carry out an empty operation and have no influence on the result of a code sequence.
Zufallsgesteuerte Programmverzweigungen werden in vorteilhaf- ter Weise durch Sprung-Befehle mit mindestens einem Sprungziel realisiert . Der Sprung wird dabei in Abhängigkeit des Wertes eines Zufallsbits durchgeführt oder nicht durchgeführt. Bei einem Sprungbefehl mit mindestens zwei Sprungzielen, mit unter den Zieladressen unabhängig voneinander abzu- arbeitenden Codesequenzen, kann Zufallsbit-gesteuert die Reihenfolge der abzuarbeitenden Codesequenzen variiert werden. Die Zieladressen müssen nicht zwingend alle abgearbeitet werden, wenn sie das gleiche Ergebnis erzielen. Weisen diese Codesequenzen beispielsweise unterschiedliche Laufzeitprofile auf, ist das Zeitverhalten zur Erzielung eines Ergebnisses bei einem erneuten Programmdurchlauf nicht bestimmbar, so daß die vorab beschriebenen Angriffsmethoden keine verwertbaren Informationen erzielen.Randomly controlled program branches are advantageously implemented by jump commands with at least one jump target. The jump is carried out or not depending on the value of a random bit. In the case of a jump instruction with at least two jump destinations, with code sequences to be processed independently of one another under the destination addresses, the sequence of the code sequences to be processed can be varied in a random bit-controlled manner. The destination addresses do not necessarily have to be processed if they achieve the same result. If these code sequences have, for example, different runtime profiles, the time behavior for achieving a result when the program is run again cannot be determined, so that the attack methods described above do not produce any usable information.
Nachfolgend wird die Erfindung anhand von Ausführungsbeispie- len näher erläutert .The invention is explained in more detail below on the basis of exemplary embodiments.
Im nachfolgenden ersten Ausführungsbeispiel wird ein Sprungbefehl ("jumble") implementiert, wobei der Sprungbefehl ein Sprungziel spezifiziert:In the first exemplary embodiment below, a jump instruction ("jumble") is implemented, the jump instruction specifying a jump destination:
Jumble <adressl>Jumble <addressl>
code sequence 1 goto address 2 adressl:code sequence 1 goto address 2 adressl:
code sequence 2 adress2 :code sequence 2 address2:
common code sequencecommon code sequence
In Abhängigkeit des Wertes des Zufallsbits wird der Sprung ausgeführt oder nicht ausgeführt. Ist beispielsweise das Zufallsbit gesetzt, weist also den Wert "1" auf, wird die Sprung-Operation zu Adresse "adressl" ausgeführt, wo die Codesequenz 2 abgearbeitet wird und anschließend unter der Adresse "adress2" die gemeinsame Codesequenz "common code sequence" bearbeitet wird. Die Codesequenz 1 kann hier eine Dummy-Operation beinhalten, die keinen Einfluß auf das Ergeb- nis hat. Für den Fall, daß das Zufallsbit nicht gesetzt ist, also den Wert "0" aufweist, wird der Sprung zu Adresse "adressl" nicht ausgeführt, sondern der Programmablauf linear mit der Codesequenz "code sequence 1" und anschließendem Sprung zu Adresse "adress2" fortgesetzt. Im nächsten Ausführungsbeispiel ist ein Sprungbefehl ("jumble") implementiert, wobei der Sprungbefehl in drei Sprungziele verzweigt :Depending on the value of the random bit, the jump is carried out or not. If, for example, the random bit is set, ie has the value "1", the jump operation to address "address1" is carried out, where code sequence 2 is processed and then the common code sequence "common code sequence" is processed under address "address2" becomes. Code sequence 1 can include a dummy operation here that has no influence on the result. In the event that the random bit is not set, ie has the value "0", the jump to address "adressl" is not carried out, but the program flow is linear with the code sequence "code sequence 1" and subsequent jump to address "address2" continued. In the next exemplary embodiment, a jump instruction ("jumble") is implemented, the jump instruction branching into three jump destinations:
Jumble <addrl>, <addr2>, <addr3>Jumble <addrl>, <addr2>, <addr3>
addrl : code sequence 1 goto addr 4 addr2 : code sequence 2 goto addr 4 addr3 : code sequence 3 goto addr 4 addr4 : common code sequenceaddrl: code sequence 1 goto addr 4 addr2: code sequence 2 goto addr 4 addr3: code sequence 3 goto addr 4 addr4: common code sequence
Die Reihenfolge der Abarbeitung der Codesequenzen "code sequence 1, code sequence 2 und code sequence 3" unter den Adressen "addrl, addr2 und addr3 " der Sprungziele kann vertauscht werden, da sie funktionell nicht voneinander abhängig sind. Die vom zu erzielenden Ergebnis gleichwertigen Codesequenzen müssen nicht zwingend alle abgearbeitet werden, so daß Zufallsbit-gesteuert eine Adresse angesprungen werden kann, unter der die entsprechende Codesequenz abgearbeitet wird und anschließend unter der Adresse "adress4" der Pro- grammablauf fortgesetzt wird. Dadurch, daß die Codesequenzen unterschiedliche Laufzeitverhalten aufweisen und bei jedem erneuten Programmdurchlauf an eine andere Adresse gesprungen wird, ist eine Analyse der durch Abhδrverfahren gewonnenen Daten nicht möglich. Auch die Zufallsbit-gesteuerte Reihen- folge bei einer notwendigen Abarbeitung aller Codesequenzen liefert keine verwertbaren Daten.The sequence of processing the code sequences "code sequence 1, code sequence 2 and code sequence 3" at the addresses "addrl, addr2 and addr3" of the jump destinations can be interchanged, since they are not functionally dependent on one another. The code sequences equivalent to the result to be achieved do not necessarily all have to be processed, so that an address can be jumped to under random bit control, under which the corresponding code sequence is processed and the program sequence is then continued under the address "address4". The fact that the code sequences have different runtime behavior and that each time the program is run again jumps to a different address, it is not possible to analyze the data obtained by interception processes. The random bit-controlled sequence when all code sequences have to be processed also does not provide any usable data.
Das folgende Ausführungsbeispiel zeigt einen Sprungbefehl mit zwei möglichen Sprungzielen, der als Call-Befehl "jumblecall" implementiert ist und durch einen Sprung einen Kontextwechsel realisiert : Jumblecall <addl>, <addr2>The following exemplary embodiment shows a jump command with two possible jump targets, which is implemented as a "jumblecall" call command and implements a context change by a jump: Jumblecall <addl>, <addr2>
some codesome code
addrl : code sequence 1 returnaddrl: code sequence 1 return
some codesome code
addr2 : code sequence 2 returnaddr2: code sequence 2 return
Zufallsbit-gesteuert kann in diesem Beispiel der Befehl entweder zu einem oder zu beiden Sprungzielen ausgeführt werden. Um nach Abarbeitung einer Codesequenz das Unterprogramm zu verlassen, wird ein Befehl "return" ausgeführt, der den vorherigen Kontext wieder herstellt .In this example, random bit-controlled, the command can be executed either to one or to both jump destinations. In order to exit the subroutine after processing a code sequence, a "return" command is executed which restores the previous context.
Das folgenden Ausführungsbeispiel zeigen einen Befehl, der einen Leer-Operation "jumplenop" ausführt:The following embodiment shows a command that performs an empty operation "jumplenop":
jumplenop <n>,<m>jumplenop <n>, <m>
Die Zufallsbit-gesteuerten Parameter <n> und <m> spezifizieren hier die Ober- und Untergrenze möglicher Operationszyklen, so daß eine variable Lauflänge des Befehls erzielt wird. Zur Erzielung einer variablen Ausführungszeit eines Befehls, wobei die Parameter einem beliebigen Befehl zugeordnet werden können, könnte auch lediglich ein Parameter als Obergrenze angegeben werden. Weisen die Parameter den Wert "0" auf, so wird der Befehl in einem optimalen Zeitraum durchgeführt . Weisen die Parameter einen von "0" verschiedenen Wert auf, werden bis zu <n> oder <m> Takte benötigt, um diesen Befehl auszuführen. Der Befehl "jumpleadd" des nachfolgenden Ausführungsbeispiels ist ebenso für alle Befehle anwendbar:The random bit-controlled parameters <n> and <m> specify the upper and lower limits of possible operation cycles, so that a variable run length of the command is achieved. In order to achieve a variable execution time of a command, whereby the parameters can be assigned to any command, only one parameter could also be specified as an upper limit. If the parameters have the value "0", the command is executed in an optimal period. If the parameters have a value other than "0", up to <n> or <m> cycles are required to execute this command. The command "jumpleadd" of the following exemplary embodiment can also be used for all commands:
jumpleadd R , Ryjumpleadd R, Ry
Mit Hilfe dieses Befehls wird die Ausführungszeit ebenfalls zufällig verlängert.This command also extends the execution time randomly.
Generell müssen die die Laufzeit eines Befehls bestimmenden Parameter nicht zwingend für jeden einzelnen Befehl spezifiziert werden. Diese Parameter können in einem Konfigurations- register hinterlegt werden, auf das über beispielsweise einen Konfigurationsbefehl "jumple_config <opl> <op2> zugegriffen wird.In general, the parameters determining the runtime of a command do not necessarily have to be specified for each individual command. These parameters can be stored in a configuration register, which is accessed, for example, using a configuration command "jumple_config <opl> <op2>.
Das vorab beschriebene Verfahren bezieht sich nicht nur auf die ausgeführten Beispiele. Sie sollen vielmehr verdeutlichen, daß Programmverzögerungen und Programmverzweigungen zur Modulation eines Programmablaufs in beliebiger Variation imp- lementiert werden können. The procedure described above does not only refer to the examples given. Rather, they are intended to clarify that program delays and program branches for modulating a program sequence can be implemented in any variation.

Claims

Patentansprüche claims
1. Verfahren zum Betreiben eines Mikroprozessors, g e k e n n z e i c h n e t d u r c h das Vorsehen von zumindest einer Programmverzweigung und/oder Programmverzögerung, die zur Modulation eines Programmablaufs Zufallsbit-gesteuert und als hardwarebasierender Befehl implementiert ist.1. A method for operating a microprocessor, the provision of at least one program branch and / or program delay which is randomly bit-controlled and implemented as a hardware-based command for modulating a program sequence.
2. Verfahren nach Anspruch 1, d a d u r c h g e k e nn z e i c h n e t, daß eine Programmverzδgerung mittels hardwarebasierender Befehle mit zufällig variierender Laufzeit erzielt wird.2. The method of claim 1, d a d u r c h g e k e nn z e i c h n e t that a program delay is achieved by means of hardware-based commands with randomly varying runtime.
3. Verfahren nach Anspruch 2, d a d u r c h g e k e n n z e i c h n e t, daß die zufällig variierende Laufzeit durch den Befehlen zugeordneten Zufallsbit-gesteuerten Parameter, die die Laufzeit eines Befehls festlegen, bestimmt ist.3. The method of claim 2, d a d u r c h g e k e n n z e i c h n e t that the randomly varying transit time is determined by the random bit-controlled parameters associated with the commands that determine the runtime of a command.
. Verfahren nach Anspruch 3 , d a d u r c h g e k e n n z e i c h n e t, daß die die Laufzeit bestimmenden Parameter der Befehle durch ein dem Mikroprozessor zugeordnetes Konfigurationsregister fest vorgegeben sind., Method according to claim 3, so that the parameters of the commands determining the runtime are fixedly predetermined by a configuration register assigned to the microprocessor.
5. Verfahren nach Anspruch 1 , d a d u r c h g e k e n n z e i c h n e t, daß eine Programmverzweigung mittels eines hardwarebasierenden Sprung-Befehls mit einem Sprungziel erzielt wird und daß das Zufallsbit bestimmt, ob ein Sprung ausgeführt wird oder nicht .5. The method of claim 1, d a d u r c h g e k e n n z e i c h n e t that a program branch is achieved by means of a hardware-based jump instruction with a jump target and that the random bit determines whether a jump is executed or not.
6. Verfahren nach Anspruch 1 , d a d u r c h g e k e n n z e i c h n e t, daß eine Programmverzweigung mittels eines hardwarebasierenden Sprung-Befehls mit zumindest zwei Sprungzielen erzielt wird und daß das Zufallsbit bestimmt, in welcher Reihenfolge die Sprungziele angesprungen werden.6. The method according to claim 1, characterized in that a program branching is achieved by means of a hardware-based jump instruction with at least two jump targets and that the random bit determines the order in which the jump targets are jumped to.
7. Verfahren nach Anspruch 6, d a d u r c h g e k e n n z e i c h n e t, daß die Sprungziele willkürlich zum Zeitpunkt der Ausführung des Sprung-Befehls bestimmt werden.7. The method of claim 6, d a d u r c h g e k e n n z e i c h n e t that the jump targets are determined arbitrarily at the time of execution of the jump command.
8. Verfahren nach einem der Ansprüche 1 bis 7, d a d u r c h g e k e n n z e i c h n e t, daß die Zufallsbit-gesteuerte Programmverzweigung und/oder Programmverzögerung sicherstellt, dass bei jedem Durchlauf eines bestimmten Programms eine jeweils von vorhergehenden Programmdurchläufen verschiedene Ausführungsdauer des Programms bewirkt wird.8. The method according to any one of claims 1 to 7, so that the random bit-controlled program branching and / or program delay ensures that each execution of a specific program causes a program execution time that is different from previous program runs.
9. Mikroprozessoranordnung, g e k e n n z e i c h n e t d u r c h zumindest einen hardwarebasierenden Befehl, der eine Zufalls- bit-gesteuerte Programmverzweigung und/oder Programmverzögerung zur Modulation eines Programmablaufs bewirkt. 9. Microprocessor arrangement, at least one hardware-based instruction, which causes a random bit-controlled program branching and / or program delay for modulating a program sequence.
EP04709578A 2003-03-12 2004-02-10 Method for using a microprocessor and a microprocessor system Withdrawn EP1602017A2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE10310781A DE10310781A1 (en) 2003-03-12 2003-03-12 Method for operating a microprocessor and a microprocessor arrangement
DE10310781 2003-03-12
PCT/DE2004/000241 WO2004081971A2 (en) 2003-03-12 2004-02-10 Method for using a microprocessor and a microprocessor system

Publications (1)

Publication Number Publication Date
EP1602017A2 true EP1602017A2 (en) 2005-12-07

Family

ID=32920746

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04709578A Withdrawn EP1602017A2 (en) 2003-03-12 2004-02-10 Method for using a microprocessor and a microprocessor system

Country Status (4)

Country Link
US (1) US20060101513A1 (en)
EP (1) EP1602017A2 (en)
DE (1) DE10310781A1 (en)
WO (1) WO2004081971A2 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006038879A1 (en) 2006-08-18 2008-02-21 Giesecke & Devrient Gmbh Thread executing method for use in portable data medium i.e. smart card, involves recognizing that filling operation is executed for selected threads by central entity and replenishing effective processing time of threads on reference time
EP2234031A1 (en) * 2009-03-24 2010-09-29 SafeNet, Inc. Obfuscation
GB2494731B (en) 2011-09-06 2013-11-20 Nds Ltd Preventing data extraction by sidechannel attack
US10432511B2 (en) 2015-03-12 2019-10-01 Nec Corporation Method for forwarding data in a network, forwarding element for forwarding data, and a network for forwarding data

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999063696A1 (en) * 1998-06-03 1999-12-09 Cryptography Research, Inc. Using unpredictable information to minimize leakage from smartcards and other cryptosystems

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4408507A1 (en) * 1994-03-14 1995-09-28 Heidelberg Instruments Mikrotechnik Gmbh Lithographic process
IL110181A (en) * 1994-06-30 1998-02-08 Softchip Israel Ltd Microprocessor device and peripherals
US5732138A (en) * 1996-01-29 1998-03-24 Silicon Graphics, Inc. Method for seeding a pseudo-random number generator with a cryptographic hash of a digitization of a chaotic system
US6009543A (en) * 1996-03-01 1999-12-28 Massachusetts Institute Of Technology Secure software system and related techniques
FR2745924B1 (en) * 1996-03-07 1998-12-11 Bull Cp8 IMPROVED INTEGRATED CIRCUIT AND METHOD FOR USING SUCH AN INTEGRATED CIRCUIT
CA2258338C (en) * 1999-01-11 2009-02-24 Certicom Corp. Method and apparatus for minimizing differential power attacks on processors
US6349393B1 (en) * 1999-01-29 2002-02-19 International Business Machines Corporation Method and apparatus for training an automated software test
FR2818772A1 (en) * 2000-12-21 2002-06-28 Bull Cp8 METHOD OF SECURING A LOGIC OR MATHEMATICAL OPERATOR IMPLANTED IN A MICROPROCESSOR ELECTRONIC MODULE, AND THE ASSOCIATED ELECTRONIC MODULE AND THE ON-LINE SYSTEM
JP2003018143A (en) * 2001-06-28 2003-01-17 Mitsubishi Electric Corp Information processor
US6764808B2 (en) * 2002-02-27 2004-07-20 Advanced Micro Devices, Inc. Self-aligned pattern formation using wavelenghts

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999063696A1 (en) * 1998-06-03 1999-12-09 Cryptography Research, Inc. Using unpredictable information to minimize leakage from smartcards and other cryptosystems

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
J IRWIN ET AL: "Instruction stream mutation for non-deterministic processors", APPLICATION-SPECIFIC SYSTEMS, ARCHITECTURES AND PROCESSORS, 2002. PROC EEDINGS. THE IEEE INTERNATIONAL CONFERENCE ON 17-19 JULY 2002, 1 December 2001 (2001-12-01), XP055263776, ISBN: 978-0-7695-1712-4, Retrieved from the Internet <URL:http://www.cs.bris.ac.uk/Publications/Papers/1000604.pdf> [retrieved on 20160408] *

Also Published As

Publication number Publication date
WO2004081971A3 (en) 2005-03-31
DE10310781A1 (en) 2004-09-30
WO2004081971A2 (en) 2004-09-23
US20060101513A1 (en) 2006-05-11

Similar Documents

Publication Publication Date Title
DE10000503A1 (en) Data processing device and method for its operation
EP1611510B1 (en) Controlled execution of a program used for a virtual machine on a portable data carrier
WO2000070620A1 (en) Memory array with address scrambling
EP3387636B1 (en) Cryptographic algorithm having a key-dependent masked computing step (sbox call)
EP1602017A2 (en) Method for using a microprocessor and a microprocessor system
EP1468518B1 (en) Device and method for generating a command code for a cryptogram
DE69934707T2 (en) COUNTER-MEASUREMENT DEVICE IN AN ELECTRONIC COMPONENT TO CARRY OUT A CYCLO ALGORITHM WITH SECRETARY KEY
DE102005057104A1 (en) Smart card for use in finance field, has current transforming block coupled to central processing unit, and generating amounts of dummy currents before and after amount of current consumed by corresponding security operations
DE10254658A1 (en) Microcontroller and associated method for processing the programming of the microcontroller
DE102015209120A1 (en) Computing device and operating method for this
DE19709975C2 (en) Microcomputer
EP1481327A1 (en) Method for replacing the content of a data storage unit
EP1892639B1 (en) Secure program code execution
DE602004001293T2 (en) Program integrity check by means of statistics
DE602005003258T2 (en) Control of the execution of an algorithm by an integrated circuit
DE10103222B4 (en) Semiconductor memory device and program discrimination system
DE10254657A1 (en) Microcontroller and associated method for processing the programming of the microcontroller
DE69909118T9 (en) DEVICE AND METHOD FOR SECURING AN INTEGRATED CIRCUIT
DE60220793T2 (en) Scrambling a calculation using a modular function
WO2021148123A1 (en) Method and devices for operating an electrical or electronic apparatus
DE102018006313A1 (en) Procedure with safe-error-defense measure
EP0977160B1 (en) Method and data processing device for the reliable execution of instructions
EP1031081B1 (en) Program-controlled unit and method
EP0184023A1 (en) Method and apparatus for the protection against unauthorized operation of protected programmes in a microcomputer
DE19960047B4 (en) Method and unit for secure information handling in a cryptographic information processing system

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20050912

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): DE FR

17Q First examination report despatched

Effective date: 20071128

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: INFINEON TECHNOLOGIES AG

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20180922