REVERSE ENGINEERING DETECTION METHOD ON A PROCESSOR USING AN INSTRUCTION REGISTER AND CORRESPONDING INTEGRATED CIRCUIT
20220197644 · 2022-06-23
Inventors
Cpc classification
G06F21/79
PHYSICS
G06F21/52
PHYSICS
International classification
G06F9/30
PHYSICS
G06F9/32
PHYSICS
Abstract
Method for detecting the linear extraction of information in a processor using an instruction register for storing an instruction includes an operation code. The method includes monitoring the instructions successively stored in the instruction register including decoding the operation codes, determining the number of consecutive operation codes encoding incremental branches, and generating a detection signal if the number is greater than or equal to a detection threshold.
Claims
1. A method, comprising: monitoring instructions successively stored in an instruction pointer register of a processor, the monitoring comprising systematic and routine reading and decoding of operation codes of the instructions; determining a number of consecutive operation codes corresponding to an encoding of incremental branch instructions during the monitoring; generating a detection signal in response to determining that the number of consecutive operation codes is greater than or equal to a threshold; and detecting a linear extraction of information attack on the processor in response to the generating of the detection signal.
2. The method of claim 1, wherein determining the number of consecutive operation codes comprises comparing decoded operation codes to a list comprising operation codes corresponding to skip branch instructions.
3. The method of claim 2, wherein the list comprising operation codes corresponding to skip branch instructions includes a jump instruction, an operation code encoding a procedure call instruction, and an operation code encoding a procedure return instruction.
4. The method of claim 1, wherein determining the number of consecutive operation codes comprises: determining that a first decoded operation code corresponds to an encoding of an incremental branch instruction during the monitoring; decrementing a value of a counter in response to the determining that the first decoded operation code corresponds to the encoding of the incremental branch instruction, a value of the counter initially set to a value of the threshold, the generating the detection signal in response to determining that the number of consecutive operation codes is greater than or equal to the threshold comprising generating the detection signal in response to the value of the counter equaling zero; determining that a second decoded operation code corresponds to an encoding of a skip branch instruction during the monitoring of the instructions; and resetting the value of the counter to the threshold in response to determining that the second decoded operation code corresponds to the encoding of the skip branch instruction.
5. The method of claim 1, wherein a value of the threshold is selected in conjunction with an implementation of a source code such that consecutive incremental branch instructions are executed during a normal execution of the source code by the processor.
6. The method of claim 1, further comprising forcing a memory address of a next reading operation of the processor to be directed to memory locations having non-confidential content in response to the generating of the detection signal.
7. The method of claim 6, further comprising resetting values of the instruction pointer register to a value of the instruction pointer register before the generating of the detection signal or commanding access to memory locations having the non-confidential content.
8. An integrated circuit comprising a processor, the processor comprising: an instruction pointer register configured to store instructions, one or more instructions comprising an operation code; a detector circuit configured to monitor instructions successively stored in the instruction pointer register, the monitoring comprising systematic and routine reading and decoding of operation codes of the instructions; a counter circuit configured to determine a number of consecutive operation codes corresponding to an encoding of incremental branch instructions during the monitoring; and a generator circuit configured to generate a detection signal in response to determining that the number of consecutive operation codes is greater than or equal to a threshold, wherein the processor is configured to detect a linear extraction of information attack on the processor in response to the generating of the detection signal.
9. The integrated circuit of claim 8, wherein determining the number of consecutive operation codes by the counter circuit comprises comparing decoded operation codes to a list comprising operation codes corresponding to skip branch instructions.
10. The integrated circuit of claim 9, wherein the list comprising operation codes corresponding to skip branch instructions includes a jump instruction, an operation code encoding a procedure call instruction, and an operation code encoding a procedure return instruction.
11. The integrated circuit of claim 8, wherein determining the number of consecutive operation codes comprises: determining that a first decoded operation code corresponds to an encoding of an incremental branch instruction during the monitoring; decrementing a value of a counter in response to the determining that the first decoded operation code corresponds to the encoding of the incremental branch instruction, a value of the counter initially set to a value of the threshold, the generating the detection signal in response to determining that the number of consecutive operation codes is greater than or equal to the threshold comprising generating the detection signal in response to the value of the counter equaling zero; determining that a second decoded operation code corresponds to an encoding of a skip branch instruction during the monitoring of the instructions; and resetting the value of the counter to the threshold in response to determining that the second decoded operation code corresponds to the encoding of the skip branch instruction.
12. The integrated circuit of claim 8, wherein a value of the threshold is selected in conjunction with an implementation of a source code such that consecutive incremental branch instructions are executed during a normal execution of the source code by the processor.
13. The integrated circuit of claim 12, wherein the processor further comprises a response circuit configured to force a memory address of a next reading operation of the processor to be directed to memory locations having non-confidential content in response to the generating of the detection signal.
14. The integrated circuit of claim 13, wherein the response circuit is further configured to reset values of the instruction pointer register to a value of the instruction pointer register before the generating of the detection signal or commanding access to memory locations having the non-confidential content.
15. The integrated circuit of claim 13, wherein the detector circuit and the response circuit comprise a logic circuit located in a glue logic type logic circuit region of the processor.
16. A processor, comprising: an instruction pointer register configured to store instructions, one or more instructions comprising an operation code; a detector circuit configured to monitor instructions successively stored in the instruction pointer register, the monitoring comprising systematic and routine reading and decoding of operation codes of the instructions; a counter circuit configured to determine a number of consecutive operation codes corresponding to an encoding of incremental branch instructions during the monitoring; and a generator circuit configured to generate a detection signal in response to determining that the number of consecutive operation codes is greater than or equal to a threshold, wherein the processor is configured to detect a linear extraction of information attack on the processor in response to the generating of the detection signal.
17. The processor of claim 16, wherein determining the number of consecutive operation codes by the counter circuit comprises comparing decoded operation codes to a list comprising operation codes corresponding to skip branch instructions.
18. The processor of claim 17, wherein the list comprising operation codes corresponding to skip branch instructions includes a jump instruction, an operation code encoding a procedure call instruction, and an operation code encoding a procedure return instruction.
19. The processor of claim 16, wherein determining the number of consecutive operation codes comprises: determining that a first decoded operation code corresponds to an encoding of an incremental branch instruction during the monitoring; decrementing a value of a counter in response to the determining that the first decoded operation code corresponds to the encoding of the incremental branch instruction, a value of the counter initially set to a value of the threshold, the generating the detection signal in response to determining that the number of consecutive operation codes is greater than or equal to the threshold comprising generating the detection signal in response to the value of the counter equaling zero; determining that a second decoded operation code corresponds to an encoding of a skip branch instruction during the monitoring of the instructions; and resetting the value of the counter to the threshold in response to determining that the second decoded operation code corresponds to the encoding of the skip branch instruction.
20. The processor of claim 16, wherein a value of the threshold is selected in conjunction with an implementation of a source code such that consecutive incremental branch instructions are executed during a normal execution of the source code by the processor.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
[0047] Other advantages and features of the disclosure will become apparent upon examining the detailed description of implementations and embodiments, which are in no way limiting, and of the appended drawings wherein:
[0048]
[0049]
[0050]
DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS
[0051]
[0052] The processor (CPU) includes a controller circuit (CU) and a circuit (IDEX) for decoding and executing instructions. In embodiments, the controller circuit (CU) includes a fetch address circuit (FA), an instruction register (IR), and an instruction pointer register (PC), which contains the memory address of the instruction being executed.
[0053] During a conventional operating cycle of the processor (CPU), the instruction register (IR) contains a current instruction containing an operation code, better known by the technical term “opcode.” The instruction register (IR) is coupled to the circuit (IDEX).
[0054] The operation code is a part of a machine language instruction that specifies an operation to be carried out by the processor. In addition to the operation code, most instructions also specify data to be processed, called operands.
[0055] The operation code of the current instruction is decoded by the decoding circuit to determine which operation to carry out. The decoding circuit is coupled to the fetch address circuit (FA), which calculates an address of the next instruction to be read as a function of the operation code of the current instruction. The cycle starts over, with the next instruction replacing the current instruction in the instruction register (IR).
[0056] The linear code extraction attempt can include altering the operating cycle of the processor (CPU) by attacking the instruction register (IR). The linear code extraction attempt can include a step wherein the instruction register (IR) is forced to store a corrupted instruction.
[0057] The corrupted instruction includes, for example, a “hack” operation code (i.e., an operation code imposed during the reverse engineering procedure) allowing for linear code extraction (i.e., an operation code configured to encode an incremental branch instruction).
[0058] An “incremental branch instruction” is understood as a current instruction, which, once processed by the processor, automatically causes a next instruction stored at a memory address directly consecutive to the memory address of the current instruction to be read. An incremental branch instruction uses an addressing mode wherein the next address to be read by the processor is defined relative to the address being read by, for example, specifying an amount by which the address being read must be incremented.
[0059] A plurality of incremental branch instructions executed in a row is known as linear reading of the memory by the CPU.
[0060] Incremental branch instructions are the opposite of skip branch instructions, which cause a skip to a memory address that is independent of the current address or of the last address read by the processor (CPU).
[0061] Skip branch instructions are, for example, instructions of the assembly language such as jump instructions, procedure call instructions, and return instructions after a procedure.
[0062] The processor (CPU) can be provided with an exhaustive list of the operation codes encoding skip branches. By contrast, no exhaustive list of the operation codes encoding incremental branches is typically provided.
[0063] More specifically, the processor (CPU) is configured to default to reading the next instruction stored at a memory address directly consecutive to a memory address of the current instruction when an operation code does not belong to the list of operation codes encoding skip branches.
[0064] The hack operation code thus aims to place the processor (CPU) into a default operating mode such that the processor (CPU) reads all of the addresses of the memory MEM1, . . . , MEMn in order.
[0065] In practice, the linear code extraction attempt can include a first implementation A1, using, for example, focused ion beams (FIB) on the instruction register (IR) to impose the hack operation code.
[0066] Alternatively, implementation A1 can include fault injection techniques to force the instruction register (IR) to impose the hack operation code. Such fault injection techniques provide for physically modifying the circuit (e.g., by adding/removing a connection) to impose a hack operation code in the instruction register (IR).
[0067] Moreover, the attempt can further include using a second implementation A2, for extracting logical values from memory. The second implementation A2 uses micro-sensors arranged on a channel on which data flows from the memory to the instruction register (IR), for example, directly on the data bus (B) coupling the instruction register (IR) to the memory. It is thus conventionally possible to read the source code linearly extracted from the memory and temporarily stored in the instruction register (IR).
[0068]
[0069] In embodiments, the detector circuit (DIR) is configured to report an attempted linear code extraction (LCE), as described with reference to
[0070] For example, the multiplexer selects the address whose value is equal to the address of the current instruction (AD) plus the size Cst of the current instruction (i.e., the number of memory addresses occupied by the current instruction).
[0071] The address of the next instruction is forced to be linearly related to the address of the current instruction, at the expense of other instruction addresses AD1, . . . , ADn that could theoretically also be selected and output from the multiplexer (MUX). Forcing the hack operation code into the instruction register (IR) results in a linear reading of the code from memory.
[0072] To implement the detection of this linear code extraction attempt, the detector circuit (DIR) includes a monitoring circuit configured to monitor the instructions successively stored in the instruction register (IR) and to decode the operation codes of the instructions. For example, the monitoring circuit is integrated into a part of the decoding circuit that receives the instructions and decodes the operation codes in the circuit (IDEX).
[0073] Moreover, the detector circuit (DIR) further includes a counter circuit configured to determine the number of consecutive operation codes encoding incremental branches. To this end, the counter circuit can, for example, include a counter, the current value of which is representative of the number of consecutive incremental branch instructions.
[0074] The linear extraction attempt is detected, for example, when the value of the counter indicates a number of consecutive incremental branch instructions greater than or equal to a detection threshold, and a detection signal is generated as a result.
[0075] In embodiments, the detector circuit (DIR) includes a generator circuit configured to output a detection signal if the number of consecutive incremental branch instructions is greater than or equal to the detection threshold.
[0076] Furthermore, the value of the detection threshold can be chosen in conjunction with a specific implementation of the source code contained in the memory. In embodiments, the choice of the value of the detection threshold and the implementation of the source code are configured to allow for the “normal” number of consecutively executed incremental branch instructions without triggering the detection signal.
[0077] In embodiments, normal operation of the microcontroller uses a normal number of incremental branch instructions that do not trigger the detection signal. Normal operation of the microcontroller is understood to mean the operation for which it was designed, for example, as specified in a manufacturer's user manual (commonly known as a datasheet).
[0078] To minimize the value of the threshold, skip branch instructions can be introduced, during the implementation of the source code, to adapt to the chosen detection threshold, to reduce the normal number of incremental branch instructions present in a row in the code.
[0079] The normal number of increments of a constant quantity can be obtained automatically by simulating the execution of the source code by the processor (CPU) or upon reading the source code.
[0080] Furthermore, a response is advantageously provided to the detection of the linear source code extraction attempt to protect the content of the memory not yet read during the linear code extraction attempt.
[0081] A response circuit, for example, included in the detector circuit (DIR), is configured to force the processor (CPU) to read memory addresses includes non-confidential content.
[0082] “Non-confidential content” is understood to mean information intended to be transmitted to a third party, which does not provide information that can be used within the scope of the reverse engineering method. The response circuit can, for example, have direct access to the control terminal of the multiplexer (MUX) and is configured to force an address ADn of a next instruction calculated by the fetch address circuit (FA).
[0083] Moreover, the detector circuit (DIR) and the response circuit can, for example, be integrated and “hidden” within the processor (CPU).
[0084] In embodiments, the detector circuit and response circuit are advantageously in a “glue logic”-type region. More specifically, techniques are known for hiding a logic circuit in such a region.
[0085] Thus, one specific advantage of integrating the detector circuit (DIR) among elements of a glue logic-type region is that it makes it difficult to corrupt the detector circuit (DIR).
[0086]
[0087] Step S2 includes producing a comparison Comp between the decoded operation codes OpC and a list of operation codes encoding skip branches. The comparison Comp is used to determine whether the current instruction is an incremental branch or a skip branch instruction.
[0088] For example, the comparison Comp can change the result of the comparison to the logical value 1 if the operation code of the current instruction belongs to the list of operation codes. Otherwise, the comparison Comp can change the result of the comparison to the logical value 0. The list of operation codes can, for example, include operation codes corresponding to a jump instruction Jmp, a procedure call instruction Cll, or a procedure return instruction Rtn.
[0089] Step S3 includes two different actions depending on the result of the comparison Comp of the previous step S2. On the one hand, if the operation code of the current instruction encodes an incremental branch instruction (i.e., if the result of the comparison Comp is equal to 0), then step S3 includes decrementing a value of a counter Cnt, previously set to the detection threshold Th.
[0090] Alternatively, the counter Cnt can be incremented up to the value of the detection threshold Th, in which case the value of the counter Cnt is previously set to zero.
[0091] On the other hand, if, conversely, the operation code of the current instruction encodes a skip branch instruction (i.e., if the result of the comparison Comp is equal to 1), then step S3 includes resetting the value of the counter to the detection threshold Th.
[0092] Step S4 includes reading the value of the counter Cnt. If the value of the counter Cnt is included between zero and the detection threshold Th, then the method returns to step S1 and waits for the next instruction to be stored in the instruction register (IR).
[0093] If the counter is decremented, when the value of the counter Cnt is equal to zero, then step S4 includes generating the detection signal LCEdetec where a value of the detection signal LCEdetec changes, for example, from the logical value 0 to the logical value 1.
[0094] Alternatively, if the counter is incremented, it is when the value of the counter Cnt is equal to the detection threshold Th that the detection signal LCEdetec changes from the logical value 0 to the logical value 1.
[0095] In both cases, when the detection signal LCEdetec is generated, the counter Cnt is reset.
[0096] Alternatively, the counting down (or counting up) of the counter Cnt can be carried out within a range of values included between two bounds arbitrarily offset from the zero point.
[0097] More specifically, a non-zero offset value can advantageously be chosen to offset the two bounds of the counter Cnt. This ensures that neither the start point nor the endpoint of the counter Cnt can be known in advance.
[0098] For example, the upper bound of the range can be chosen such that it is equal to the detection threshold plus an offset value, and the lower bound of the range can be chosen such that it is equal to the offset value. In this example, the counter is decremented from the upper bound to the lower bound, or incremented from the lower bound to the upper bound.
[0099] Moreover, in this alternative embodiment, the detection signal LCEdetec could also be generated if the value of the counter Cnt is not included between the lower bound and the upper bound. Such a generation can be used to oppose an attempt to force the values of the counter Cnt outside the two bounds.
[0100] This creates additional work that must be performed by a reverse engineering procedure and increases the complexity of the procedure, with the aim of making it non-profitable overall.
[0101] Although the description has been described in detail, it should be understood that various changes, substitutions, and alterations may be made without departing from the spirit and scope of this disclosure as defined by the appended claims. The same elements are designated with the same reference numbers in the various figures. Moreover, the scope of the disclosure is not intended to be limited to the particular embodiments described herein, as one of ordinary skill in the art will readily appreciate from this disclosure that processes, machines, manufacture, compositions of matter, means, methods, or steps, presently existing or later to be developed, may perform substantially the same function or achieve substantially the same result as the corresponding embodiments described herein. Accordingly, the appended claims are intended to include within their scope such processes, machines, manufacture, compositions of matter, means, methods, or steps.
[0102] The specification and drawings are, accordingly, to be regarded simply as an illustration of the disclosure as defined by the appended claims, and are contemplated to cover any and all modifications, variations, combinations, or equivalents that fall within the scope of the present disclosure.