[go: up one dir, main page]

WO2009101483A1 - Semiconductor device and method for storing data - Google Patents

Semiconductor device and method for storing data Download PDF

Info

Publication number
WO2009101483A1
WO2009101483A1 PCT/IB2008/050560 IB2008050560W WO2009101483A1 WO 2009101483 A1 WO2009101483 A1 WO 2009101483A1 IB 2008050560 W IB2008050560 W IB 2008050560W WO 2009101483 A1 WO2009101483 A1 WO 2009101483A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
memory
semiconductor device
control logic
memory location
Prior art date
Application number
PCT/IB2008/050560
Other languages
French (fr)
Inventor
Anton Rozen
Asaf Ashkenazi
Dan Kuzmin
Michael Priel
Original Assignee
Freescale Semiconductor, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Freescale Semiconductor, Inc. filed Critical Freescale Semiconductor, Inc.
Priority to PCT/IB2008/050560 priority Critical patent/WO2009101483A1/en
Publication of WO2009101483A1 publication Critical patent/WO2009101483A1/en

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C19/00Digital stores in which the information is moved stepwise, e.g. shift registers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C21/00Digital stores in which the information circulates continuously
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C7/00Arrangements for writing information into, or reading information out from, a digital store
    • G11C7/24Memory cell safety or protection circuits, e.g. arrangements for preventing inadvertent reading or writing; Status cells; Test cells

Definitions

  • TITLE SEMICONDUCTOR DEVICE AND METHOD FOR STORING DATA
  • the invention relates to a method and apparatus for storing data, and more particularly to a method and apparatus for securely storing data, such as security key data.
  • a security key to control an operation and/or access to secured application execution, such as used within Point of Sale terminals and Digital Rights Management (DRM).
  • DRM Digital Rights Management
  • a key may specify a particular transformation of 'plaintext' into 'ciphertext', or vice versa during a decryption operation.
  • FIG. 1 illustrates an example of a semiconductor device according to some embodiments of the invention.
  • FIG. 2 illustrates an example of a method for storing data in memory according to some embodiments of the invention.
  • FIG. 3 illustrates an example of a semiconductor device according to an alternative embodiment of the invention.
  • Embodiments of the invention will be described in terms of storing security key data.
  • Embodiments of the invention propose a method and apparatus for storing data in memory.
  • the memory comprises a plurality of memory locations for storing the data; such that the data may be routinely relocated from one memory location to another memory location.
  • the hereinafter 'routine' relocation of data is envisaged as encompassing a periodic or intermittent relocation of data based on some rule or algorithm, and in particular to provide protection against unauthorized reading of data form memory.
  • data relocation can be not only from flipflop (FF) to FF, but also within standard memory devices that include memory cells.
  • the semiconductor device 100 may comprise memory element 1 10 and may comprise control logic 120 arranged to control storage of the data in the memory element 1 10.
  • the memory element 1 10 may comprise a plurality of memory locations 130.
  • the control logic 120 may be arranged to routinely relocate the data from one memory location 130 to another memory location 130.
  • the data to be stored may comprise security key data, the secrecy of which is required to be maintained.
  • IR infra-red
  • the routine relocation of data from one memory location to another memory location means that the ability to identify memory locations storing security key data may be substantially reduced, significantly impeding any attempt to determine security key data.
  • protection may be provided against infrared (IR) data detection techniques, since IR data revealing requires some time to accumulate IR-emission information from a silicon device. Moving security key data bits from location to location at a rate faster than that which will allow IR-emission information to be accumulated substantially thwarts such attempts to determine security key data.
  • IR infrared
  • the memory element 110 comprises volatile memory.
  • the memory element 1 10 may comprise a plurality of flip-flop bistable multivibrators, where each flip-flop may be arranged to store one bit of data. In this manner, in a case where a 128 bit security key is stored in the memory element 110, the security key may be stored using 128 flip-flops.
  • control logic 120 may comprise a state-machine, for example implemented using CMOS logic. Such a state- machine may be clock-controlled. As previously mentioned, the control logic 120 is arranged to control the storage of the data in the memory element 110, and to routinely relocate the data from one memory location to another memory location.
  • the control logic 120 may be operably coupled to a Clock Source/Clock Generator 140 located within the semiconductor device 100, and may be arranged to periodically relocate the data from one memory location 130 to another memory location 130 based on say a clock signal received from the Clock Source/Clock Generator 140.
  • the control logic 120 may be arranged to relocate the data at a rate of several KHz. - A -
  • the semiconductor device 100 may further comprise clock monitoring circuitry 160, operably coupled to the Clock Source/Clock Generator 140, which may be arranged to detect tampering of the Clock Source/Clock Generator 140.
  • the clock monitoring circuitry 160 may comprise an independent internal ring-oscillator.
  • the clock monitoring circuitry 160 is operably coupled to the control logic 120, and arranged to provide an indication to the control logic 120 when tampering of the Clock Source/Clock Generator 140 has been detected.
  • the control logic 120 may be further arranged, upon detection of any tampering of the Clock Source/Clock Generator 140, to cause the data to be erased from the memory element 110.
  • control logic 120 may cause the power supply 150 to the memory element 1 10 to be interrupted.
  • control logic 120 may cause all flip-flops of the memory element 110 to be set to the same value, either T or O'. In this manner, if an unauthorised person attempts to halt, or slow down the relocation of the data by tampering with the Clock Source/Clock Generator 140, such tampering may be detected by the clock monitoring circuitry 160, and the data subsequently erased.
  • control logic 120 may be arranged to associate the plurality of memory locations 130 within a chain, and to relocate the data from one memory location 130 to another memory location 130 by shifting the data to the next memory location 130 in the chain.
  • FIG. 1 For example, for the embodiment illustrated in FIG. 1 , four memory locations 130 are illustrated, and designated FFO to FF3, and have been associated within a looped chain of FFO, FF3, FF1 , FF2, FFO, FF3, etc.
  • the control logic 120 identifies the next memory location within the chain, which for the illustrated embodiment would be FF3, and relocates the data by shifting it along the chain. As a result, for the illustrated embodiment, the data would be relocated to memory location FF3.
  • control logic 120 may be arranged to relocate the data based on a more complex location algorithm.
  • a location algorithm may determine in which direction data is to be shifted along the chain. In this manner, the direction in which the data is shifted may be varied, for example substantially randomly, making the location of the data within the memory element 110 more difficult to predict.
  • memory locations 130 may be associated in a more complex arrangement than a linear chain.
  • each memory location 130 comprises a flip-flop
  • the output of each flip-flop may be connectable to the input of each other flip-flop.
  • the control logic 120 may be arranged to control to which input the output of each flip-flop is connected during relocation of the data.
  • the control logic 120 may relocate data according to any form of suitable relocation algorithm.
  • substantially non-repeating location patterns for data storage may be implemented, providing improved protection against dynamic IR data detection.
  • the control logic 120 retains information relating to the location(s) of the data bits, in order for the data to be retrieved when required, and to enable the control logic 120 to relocate the data.
  • data to be stored may comprise a plurality of data bits.
  • the data comprises 128 bits.
  • each memory location 130 within the memory element 1 10 may be capable of storing a plurality of data bits, for example all 128 bits of data in the case of a 128-bit security key, and the control logic 120 may be arranged to relocate all 128 bits of data from one memory location 130 to another memory location 130.
  • data to be stored in the memory element 1 10 may be divided up and stored within multiple memory locations 130.
  • the data may be divided into four blocks of 32 bits, each 32-bit block being stored within a memory location 130.
  • the control logic 120 may be arranged to relocate all four 32-bit blocks synchronously from their current memory locations 130 to new memory locations.
  • the control logic 120 may relocate all four of the 32-bit blocks of data by synchronously shifting each block to the next respective memory location 130 in the chain.
  • the control logic 120 may relocate blocks of data individually, and at different times.
  • each memory location 130 may comprise a single flip-flop component for storing a single bit of data.
  • the control logic 120 may be arranged to relocate individual bits of data.
  • the memory locations 130 are provided within a single memory element 1 10. However, as will be appreciated by a skilled artisan, the memory locations 130 may be provided within a plurality of memory elements without detracting from the memory arrangement described herein.
  • the memory may comprise a plurality of memory locations for storing the data.
  • the method may comprise routinely relocating the data from one memory location to another memory location.
  • the method 200 starts at step 210 with the receipt of a clock signal.
  • step 210 the receipt of a clock signal.
  • step 220 it is determined whether any tampering of the source of the clock signal has been detected. If it is determined that tampering of the source of the clock signal has been detected, the method moves to step 230 and the data is erased, and the method ends. However, if it is determined that tampering of the source of the clock signal has not been detected, the method moves on to step 240.
  • step 240 it is determined whether the data is to be relocated.
  • the data may be relocated on a periodic basis, whereby the period is defined by a specific number of clock cycles.
  • a counter which indicates a number of times that a clock signal has been received, and thereby the number of clock cycles that have occurred. If the counter value is less than a predetermined value, sufficient clock cycles have not occurred, and therefore it is determined that the data is not to be relocated.
  • step 250 where the counter is incremented, and the method continues.
  • step 240 if the counter value is equal to the predetermined value, in step 240, sufficient clock cycles have occurred, and therefore it is determined that the data is to be relocated. Accordingly, the method moves to step 260.
  • step 260 the (or each) new memory location to which the data is to be relocated is determined. For example, a plurality of memory locations may be associated within a chain, and relocating the data may comprise shifting data to the next respective memory location in the chain.
  • step 260 may comprise identifying the next memory location in the chain.
  • a more complex location algorithm may be used to determine the new memory location.
  • step 270 the data is relocated.
  • step 280 the counter is reset, and the method ends, for this particular cycle.
  • the semiconductor device 300 may comprise memory element 310 and may comprise control logic 320, which may be arranged to control storage of data in the memory element 310.
  • the memory element 310 may comprise a plurality of memory locations 330, such that the control logic 320 may be arranged to routinely relocate the data from one memory location 130 to another memory location 330.
  • the control logic 320 may be operably coupled to a Clock Source/Clock Generator
  • the Clock Source/Clock Generator 340 located within the semiconductor device 300, and may be arranged to periodically relocate the data from one memory location 330 to another memory location 330 based on, say, a 32KHz clock signal received from the Clock Source/Clock Generator 340. It is envisaged in one example of an embodiment of the invention that the Clock Source/Clock Generator 340 may also comprise clock monitor logic.
  • the semiconductor device 300 may further comprise clock monitoring circuitry 360, operably coupled to the Clock Source/Clock Generator 340, and arranged to detect tampering of the Clock Source/Clock Generator 340.
  • clock monitoring circuitry 360 operably coupled to the Clock Source/Clock Generator 340, and arranged to detect tampering of the Clock Source/Clock Generator 340.
  • the memory element 310 may comprise a plurality of dummy memory locations 335 for storing dummy data, and the control logic 320 may be further arranged to routinely relocate the dummy data from one dummy memory location 335 to another dummy memory location 335. In this manner, the relocation of dummy data acts as a disruption to attempts to discover the actual data stored in memory locations 130, thereby providing additional data protection.
  • Dummy memory locations 335 may be geometrically located between (real) data memory locations 330, to further obfuscate the stored data.
  • additional randomiser logic 135 is incorporated and operably coupled to control logic 320.
  • the randomiser logic 135 may be arranged to randomize an initial state / location of the key (where the first state in the state machine is unknown, and/or randomize each state machine key location transition (for example, suppress transition according to a random bit). In this manner, uncertainty and/or randomness is added to the key location.
  • the method and apparatus for storing data aim to provide at least the advantage of improved protection against IR data detection techniques.
  • the invention may also be implemented in a computer program for running on a computer system, at least including code portions for performing steps of a method according to the invention when run on a programmable apparatus, such as a computer system or enabling a programmable apparatus to perform functions of a device or system according to the invention.
  • program as used herein, is defined as a sequence of instructions designed for execution on a computer system.
  • a program, or computer program may include a subroutine, a function, a procedure, an object method, an object implementation, an executable application, an applet, a servlet, a source code, an object code, a shared library/dynamic load library and/or other sequence of instructions designed for execution on a computer system.
  • the computer program may be provided on a data carrier, such as a CD- rom or diskette, stored with data loadable in a memory of a computer system, the data representing the computer program.
  • the data carrier may include, for example and without limitation, any number of the following: magnetic storage media including disk and tape storage media; optical storage media such as compact disk media (e.g., CD ROM, CD R, etc.) and digital video disk storage media; nonvolatile memory storage media including semiconductor-based memory units such as FLASH memory, EEPROM, EPROM, ROM; ferromagnetic digital memories; MRAM; volatile storage media including registers, buffers or caches, main memory, RAM, etc.; and data transmission media including computer networks, point-to-point telecommunication equipment, and carrier wave transmission media, just to name a few.
  • Such computer readable media may be permanently, removably or remotely coupled to an information processing system.
  • the aforementioned memory system can be applied by a semiconductor manufacturer to any semiconductor device architecture supporting an improved method and apparatus for storing data. It is further envisaged that, for example, a semiconductor manufacturer may employ the aforementioned design in a stand-alone device, or application-specific semiconductor device (ASIC) and/or any other sub-system element employing an integrated circuit to support an improved method and apparatus for storing data.
  • a semiconductor manufacturer may employ the aforementioned design in a stand-alone device, or application-specific semiconductor device (ASIC) and/or any other sub-system element employing an integrated circuit to support an improved method and apparatus for storing data.
  • ASIC application-specific semiconductor device
  • aspects of the invention may be implemented in any suitable form including hardware, software, firmware or any combination of these.
  • the elements and components of an example of an embodiment of the invention may be physically, functionally and logically implemented in any suitable way. Indeed, the functionality may be implemented in a single unit or integrated circuit (IC), in a plurality of units or ICs or as part of other functional units.
  • IC integrated circuit
  • embodiments of the invention have been described in connection with the topologies in the figures, it is not intended to be limited to the specific form set forth herein. Rather, the scope of the invention is limited only by the accompanying claims. Additionally, although a feature may appear to be described in connection with particular embodiments, one skilled in the art would recognize that various features of the described embodiments may be combined in accordance with the invention. In the claims, the term 'comprising' does not exclude the presence of other elements or steps.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A semiconductor device (100) comprises at least one memory element (1 10) for storing data, and control logic (120) arranged to control the storage of the data in the at least one memory element (110). The at least one memory element (110) comprises a plurality of memory locations (130) for storing the data. The control logic (120) is arranged to routinely relocate the data from one memory location (130) to another memory location (130). In this manner, the semiconductor device may be protected from infrared security key data tampering.

Description

TITLE: SEMICONDUCTOR DEVICE AND METHOD FOR STORING DATA
Field of the Invention The invention relates to a method and apparatus for storing data, and more particularly to a method and apparatus for securely storing data, such as security key data.
Background of the Invention
In the field of modern cryptography, it is known to use a security key to control an operation and/or access to secured application execution, such as used within Point of Sale terminals and Digital Rights Management (DRM). By way of example, in an encryption operation, a key may specify a particular transformation of 'plaintext' into 'ciphertext', or vice versa during a decryption operation.
It is often difficult to keep the details of a security system, and in particular its algorithms, secret. Thus, the security of an encryption system, in most cases, relies on some security key being kept secret. Consequently, the ability to maintain the secrecy of a security key is therefore of great importance within any security system. Accordingly, significant steps have been taken to ensure the secrecy of security keys stored within memory elements of devices. One well known technique for maintaining the secrecy of a security key stored in memory is for the security key to be stored in volatile memory, which requires power to maintain the stored information. In this manner, if the power supply to the memory is interrupted, for example caused by physical tampering of the memory element's semiconductor device packaging, the security key information is lost. As a result, an un- authorised person attempting to discover the security key information, by way of physical tampering of the memory element, is substantially thwarted.
A problem with existing key-guarding solutions such as this is that, with the development of infra-red (IR) tools and the like, it has become possible to determine transistor states within semiconductor device packages, without a need for physical tampering. IR radiation (photon emission) can strongly indicate the transistor state within a semiconductor device. By locating the IR source, and associating its location with a specific transistor, the information held by, for example, a flip-flop within a memory element may be determined. As a consequence, by identifying memory locations storing security key information, security key information may be determined without a need for physical tampering of the memory element. This problem is often further compounded since security key information is often stored within dedicated semiconductor devices, which are typically small in size. As a result, identifying the location of transistors storing security key information, and determining their state is particularly achievable with available IR tools. Summary of the Invention
In accordance with aspects of the invention, there is provided a semiconductor device and a method for storing data in memory as defined in the appended Claims. Specific embodiments of the invention are set forth in the dependent claims.
These and other aspects of the invention will be apparent from and elucidated with reference to the embodiments described hereinafter.
Brief Description of the Drawings Further details, aspects and embodiments of the invention will be described, by way of example only, with reference to the drawings.
FIG. 1 illustrates an example of a semiconductor device according to some embodiments of the invention.
FIG. 2 illustrates an example of a method for storing data in memory according to some embodiments of the invention.
FIG. 3 illustrates an example of a semiconductor device according to an alternative embodiment of the invention.
Description of Embodiments Embodiments of the invention will be described in terms of storing security key data.
Although embodiments of the invention will be described in terms of security key data, it will be appreciated that the memory arrangement herein described may be embodied in any apparatus that incorporates data storage, and in particular secure data storage.
Embodiments of the invention propose a method and apparatus for storing data in memory. The memory comprises a plurality of memory locations for storing the data; such that the data may be routinely relocated from one memory location to another memory location.
For clarity purposes only, the hereinafter 'routine' relocation of data, is envisaged as encompassing a periodic or intermittent relocation of data based on some rule or algorithm, and in particular to provide protection against unauthorized reading of data form memory. Furthermore, for clarity purposes only, it is envisaged that data relocation can be not only from flipflop (FF) to FF, but also within standard memory devices that include memory cells.
Referring now to FIG. 1 , there is illustrated an example of a semiconductor device 100 according to an example of an embodiment of the invention. The semiconductor device 100 may comprise memory element 1 10 and may comprise control logic 120 arranged to control storage of the data in the memory element 1 10. The memory element 1 10 may comprise a plurality of memory locations 130. The control logic 120 may be arranged to routinely relocate the data from one memory location 130 to another memory location 130. In accordance with an example of an embodiment of the invention, the data to be stored may comprise security key data, the secrecy of which is required to be maintained. As previously mentioned, a problem with prior art key-guarding techniques is that, with the development of infra-red (IR) tools and the like, it has become possible to determine transistor states within semiconductor device packages, without the need for physical tampering. By locating the IR source, and associating its location with a specific transistor, the information held by, for example, a flip-flop within a memory element may be determined. As a consequence, by identifying memory locations storing security key data, security key data may be determined without the need for physical tampering of the memory element. However, for the semiconductor device 100 of the FIG. 1 , the routine relocation of data from one memory location to another memory location means that the ability to identify memory locations storing security key data may be substantially reduced, significantly impeding any attempt to determine security key data. In this manner, protection may be provided against infrared (IR) data detection techniques, since IR data revealing requires some time to accumulate IR-emission information from a silicon device. Moving security key data bits from location to location at a rate faster than that which will allow IR-emission information to be accumulated substantially thwarts such attempts to determine security key data.
In accordance with an example of an embodiment of the invention, the memory element 110 comprises volatile memory. In this manner, if a power supply 150 to the memory element 110 is interrupted, for example caused by physical tampering of the semiconductor device 100, the data may be lost. As a result, an un-authorised person attempting to discover the data by way of physical tampering of the memory element 1 10 is substantially thwarted. The memory element 1 10 may comprise a plurality of flip-flop bistable multivibrators, where each flip-flop may be arranged to store one bit of data. In this manner, in a case where a 128 bit security key is stored in the memory element 110, the security key may be stored using 128 flip-flops.
In one example of an embodiment of the invention, the control logic 120 may comprise a state-machine, for example implemented using CMOS logic. Such a state- machine may be clock-controlled. As previously mentioned, the control logic 120 is arranged to control the storage of the data in the memory element 110, and to routinely relocate the data from one memory location to another memory location. For the illustrated embodiment, the control logic 120 may be operably coupled to a Clock Source/Clock Generator 140 located within the semiconductor device 100, and may be arranged to periodically relocate the data from one memory location 130 to another memory location 130 based on say a clock signal received from the Clock Source/Clock Generator 140. For example, the control logic 120 may be arranged to relocate the data at a rate of several KHz. - A -
The semiconductor device 100 may further comprise clock monitoring circuitry 160, operably coupled to the Clock Source/Clock Generator 140, which may be arranged to detect tampering of the Clock Source/Clock Generator 140. For example, the clock monitoring circuitry 160 may comprise an independent internal ring-oscillator. For the illustrated embodiment, the clock monitoring circuitry 160 is operably coupled to the control logic 120, and arranged to provide an indication to the control logic 120 when tampering of the Clock Source/Clock Generator 140 has been detected. In this manner, the control logic 120 may be further arranged, upon detection of any tampering of the Clock Source/Clock Generator 140, to cause the data to be erased from the memory element 110. For example, in a case where the memory element 110 comprises volatile memory, the control logic 120 may cause the power supply 150 to the memory element 1 10 to be interrupted. Alternatively, the control logic 120 may cause all flip-flops of the memory element 110 to be set to the same value, either T or O'. In this manner, if an unauthorised person attempts to halt, or slow down the relocation of the data by tampering with the Clock Source/Clock Generator 140, such tampering may be detected by the clock monitoring circuitry 160, and the data subsequently erased.
In accordance with one example of an embodiment of the invention, the control logic 120 may be arranged to associate the plurality of memory locations 130 within a chain, and to relocate the data from one memory location 130 to another memory location 130 by shifting the data to the next memory location 130 in the chain.
For example, for the embodiment illustrated in FIG. 1 , four memory locations 130 are illustrated, and designated FFO to FF3, and have been associated within a looped chain of FFO, FF3, FF1 , FF2, FFO, FF3, etc. In the case where the data is stored in memory location FFO, when the control logic is required to relocate the data, the control logic 120 identifies the next memory location within the chain, which for the illustrated embodiment would be FF3, and relocates the data by shifting it along the chain. As a result, for the illustrated embodiment, the data would be relocated to memory location FF3.
In an alternative example of an embodiment of the invention, the control logic 120 may be arranged to relocate the data based on a more complex location algorithm. For example, such a location algorithm may determine in which direction data is to be shifted along the chain. In this manner, the direction in which the data is shifted may be varied, for example substantially randomly, making the location of the data within the memory element 110 more difficult to predict.
Alternatively, memory locations 130 may be associated in a more complex arrangement than a linear chain. For example, in a case where each memory location 130 comprises a flip-flop, the output of each flip-flop may be connectable to the input of each other flip-flop. Here, the control logic 120 may be arranged to control to which input the output of each flip-flop is connected during relocation of the data. In this manner, the control logic 120 may relocate data according to any form of suitable relocation algorithm. In particular, substantially non-repeating location patterns for data storage may be implemented, providing improved protection against dynamic IR data detection. As will be appreciated by a skilled artisan, the control logic 120 retains information relating to the location(s) of the data bits, in order for the data to be retrieved when required, and to enable the control logic 120 to relocate the data.
In accordance with one example of an embodiment of the invention, data to be stored may comprise a plurality of data bits. For example, in the case of a 128-bit security key, the data comprises 128 bits. Accordingly, each memory location 130 within the memory element 1 10 may be capable of storing a plurality of data bits, for example all 128 bits of data in the case of a 128-bit security key, and the control logic 120 may be arranged to relocate all 128 bits of data from one memory location 130 to another memory location 130.
Alternatively, in accordance with an alternative example of an embodiment of the invention, data to be stored in the memory element 1 10 may be divided up and stored within multiple memory locations 130. For example, in the case of a 128-bit security key, the data may be divided into four blocks of 32 bits, each 32-bit block being stored within a memory location 130. In this manner, the control logic 120 may be arranged to relocate all four 32-bit blocks synchronously from their current memory locations 130 to new memory locations. For example, in the case where the control logic 120 associates the memory locations 130 within a chain, the control logic 120 may relocate all four of the 32-bit blocks of data by synchronously shifting each block to the next respective memory location 130 in the chain. Alternatively, the control logic 120 may relocate blocks of data individually, and at different times.
In a yet further alternative example of an embodiment of the invention, each memory location 130 may comprise a single flip-flop component for storing a single bit of data. In this manner, the control logic 120 may be arranged to relocate individual bits of data.
For the illustrated embodiment, the memory locations 130 are provided within a single memory element 1 10. However, as will be appreciated by a skilled artisan, the memory locations 130 may be provided within a plurality of memory elements without detracting from the memory arrangement described herein.
Referring now to FIG. 2, there is illustrated an example of a method 200 for storing data in memory in accordance with an example of an embodiment of the invention. The memory may comprise a plurality of memory locations for storing the data. The method may comprise routinely relocating the data from one memory location to another memory location. The method 200 starts at step 210 with the receipt of a clock signal. Next, in step
220, it is determined whether any tampering of the source of the clock signal has been detected. If it is determined that tampering of the source of the clock signal has been detected, the method moves to step 230 and the data is erased, and the method ends. However, if it is determined that tampering of the source of the clock signal has not been detected, the method moves on to step 240.
In step 240, it is determined whether the data is to be relocated. For example, the data may be relocated on a periodic basis, whereby the period is defined by a specific number of clock cycles.
For the illustrated embodiment, it is determined whether the data is to be relocated based on a counter, which indicates a number of times that a clock signal has been received, and thereby the number of clock cycles that have occurred. If the counter value is less than a predetermined value, sufficient clock cycles have not occurred, and therefore it is determined that the data is not to be relocated.
Accordingly, the method moves to step 250, where the counter is incremented, and the method continues. However, if the counter value is equal to the predetermined value, in step 240, sufficient clock cycles have occurred, and therefore it is determined that the data is to be relocated. Accordingly, the method moves to step 260. In step 260, the (or each) new memory location to which the data is to be relocated is determined. For example, a plurality of memory locations may be associated within a chain, and relocating the data may comprise shifting data to the next respective memory location in the chain.
Accordingly, step 260 may comprise identifying the next memory location in the chain. Alternatively, a more complex location algorithm may be used to determine the new memory location. Next, in step 270, the data is relocated. Finally, in step 280, the counter is reset, and the method ends, for this particular cycle.
Referring now to FIG. 3, there is illustrated an example of a semiconductor device 300 according to an alternative example of an embodiment of the invention. The semiconductor device 300 may comprise memory element 310 and may comprise control logic 320, which may be arranged to control storage of data in the memory element 310. The memory element 310 may comprise a plurality of memory locations 330, such that the control logic 320 may be arranged to routinely relocate the data from one memory location 130 to another memory location 330. The control logic 320 may be operably coupled to a Clock Source/Clock Generator
340 located within the semiconductor device 300, and may be arranged to periodically relocate the data from one memory location 330 to another memory location 330 based on, say, a 32KHz clock signal received from the Clock Source/Clock Generator 340. It is envisaged in one example of an embodiment of the invention that the Clock Source/Clock Generator 340 may also comprise clock monitor logic. The semiconductor device 300 may further comprise clock monitoring circuitry 360, operably coupled to the Clock Source/Clock Generator 340, and arranged to detect tampering of the Clock Source/Clock Generator 340. In accordance with the example of the alternative embodiment illustrated in FIG. 3, the memory element 310 may comprise a plurality of dummy memory locations 335 for storing dummy data, and the control logic 320 may be further arranged to routinely relocate the dummy data from one dummy memory location 335 to another dummy memory location 335. In this manner, the relocation of dummy data acts as a disruption to attempts to discover the actual data stored in memory locations 130, thereby providing additional data protection. Dummy memory locations 335 may be geometrically located between (real) data memory locations 330, to further obfuscate the stored data.
In accordance with a yet further example of an embodiment of the invention, in order to further restrict a potential attacker from identifying sufficient key material information, for example based on periodical measurements of specific FFs, additional randomiser logic 135 is incorporated and operably coupled to control logic 320. The randomiser logic 135 may be arranged to randomize an initial state / location of the key (where the first state in the state machine is unknown, and/or randomize each state machine key location transition (for example, suppress transition according to a random bit). In this manner, uncertainty and/or randomness is added to the key location.
It will be understood that the method and apparatus for storing data, as described above, aim to provide at least the advantage of improved protection against IR data detection techniques. The invention may also be implemented in a computer program for running on a computer system, at least including code portions for performing steps of a method according to the invention when run on a programmable apparatus, such as a computer system or enabling a programmable apparatus to perform functions of a device or system according to the invention. The term "program," as used herein, is defined as a sequence of instructions designed for execution on a computer system. A program, or computer program, may include a subroutine, a function, a procedure, an object method, an object implementation, an executable application, an applet, a servlet, a source code, an object code, a shared library/dynamic load library and/or other sequence of instructions designed for execution on a computer system. The computer program may be provided on a data carrier, such as a CD- rom or diskette, stored with data loadable in a memory of a computer system, the data representing the computer program. The data carrier may include, for example and without limitation, any number of the following: magnetic storage media including disk and tape storage media; optical storage media such as compact disk media (e.g., CD ROM, CD R, etc.) and digital video disk storage media; nonvolatile memory storage media including semiconductor-based memory units such as FLASH memory, EEPROM, EPROM, ROM; ferromagnetic digital memories; MRAM; volatile storage media including registers, buffers or caches, main memory, RAM, etc.; and data transmission media including computer networks, point-to-point telecommunication equipment, and carrier wave transmission media, just to name a few. Such computer readable media may be permanently, removably or remotely coupled to an information processing system.
It will be appreciated by a skilled artisan that the invention is independent from any particular memory type used, and the usage of specific memory types in the described embodiments are only for illustrative purposes.
In particular, it is envisaged that the aforementioned memory system can be applied by a semiconductor manufacturer to any semiconductor device architecture supporting an improved method and apparatus for storing data. It is further envisaged that, for example, a semiconductor manufacturer may employ the aforementioned design in a stand-alone device, or application-specific semiconductor device (ASIC) and/or any other sub-system element employing an integrated circuit to support an improved method and apparatus for storing data.
It will be appreciated that any suitable distribution of functionality between different functional units or controllers or logic or memory elements, may be used without detracting from the embodiments herein described. Hence, references to specific functional devices or elements are only to be seen as references to suitable means for providing the described functionality, rather than indicative of a strict logical or physical structure or organization.
Aspects of the invention may be implemented in any suitable form including hardware, software, firmware or any combination of these. The elements and components of an example of an embodiment of the invention may be physically, functionally and logically implemented in any suitable way. Indeed, the functionality may be implemented in a single unit or integrated circuit (IC), in a plurality of units or ICs or as part of other functional units. Although embodiments of the invention have been described in connection with the topologies in the figures, it is not intended to be limited to the specific form set forth herein. Rather, the scope of the invention is limited only by the accompanying claims. Additionally, although a feature may appear to be described in connection with particular embodiments, one skilled in the art would recognize that various features of the described embodiments may be combined in accordance with the invention. In the claims, the term 'comprising' does not exclude the presence of other elements or steps.
Furthermore, although individual features may be included in different claims, these may possibly be advantageously combined, and the inclusion in different claims does not imply that a combination of features is not feasible and/or advantageous. Also, the inclusion of a feature in one category of claims does not imply a limitation to this category, but rather indicates that the feature is equally applicable to other claim categories, as appropriate.
Furthermore, the order of features in the claims does not imply any specific order in which the features must be performed and in particular the order of individual steps in a method claim does not imply that the steps must be performed in this order. Rather, the steps may be performed in any suitable order. In addition, singular references do not exclude a plurality. Thus, references to 'a', 'an', 'first', 'second' etc. do not preclude a plurality.

Claims

Claims
1. A semiconductor device (100) comprising at least one memory element (110) for storing data, and control logic (120) arranged to control a storage of data in the at least one memory element (110); the at least one memory element (110) comprising a plurality of memory locations (130) for storing the data and which control logic (120) is arranged to routinely relocate the data from one memory location (130) to another memory location (130).
2. The semiconductor device (100) of Claim 1 wherein the data comprises security key data.
3. The semiconductor device (100) of Claim 1 or Claim 2 wherein the at least one memory element (110) comprises volatile memory.
4. The semiconductor device (100) of any preceding Claim wherein the memory element (110) comprises at least one flip-flop bistable multivibrator.
5. The semiconductor device (100) of any preceding Claim wherein the control logic (120) is arranged to associate the plurality of memory locations (130) within a chain, and to relocate the data from one memory location (130) to another memory location (130) by shifting the data to a subsequent memory location (130) in the chain.
6. The semiconductor device (100) of any preceding Claim wherein the control logic (120) is arranged to relocate the data from one memory location to another memory location (130) based on a location algorithm.
7. The semiconductor device (100) of any preceding Claim wherein the control logic (120) is operably coupled to a Clock Source (140), and is arranged to periodically relocate the data from one memory location (130) to another memory location (130) based on a clock signal received from the Clock Source (140).
8. The semiconductor device (100) of Claim 7 wherein the semiconductor device (100) comprises clock monitoring circuitry (160), operably coupled to the Clock Source (140), and arranged to detect tampering of the Clock Source (140).
9. The semiconductor device (100) of Claim 8 wherein the clock monitoring circuitry (160) is operably coupled to the control logic (120) such that the control logic (120), upon detection of tampering of the Clock Source (140) by the clock monitoring circuitry (160), causes the data to be erased from the at least one memory element (1 10).
10. The semiconductor device (100) of any preceding Claim wherein the at least one 5 memory element (110) further comprises a plurality of dummy memory locations (370) for storing dummy data.
11. The semiconductor device (100) of Claim 10 wherein the control logic (120) is further arranged to routinely relocate the dummy data from one dummy memory location (380)0 to another dummy memory location (380).
12. The semiconductor device (100) of any preceding Claim wherein the control logic (120) is operably coupled to randomiser logic (335) arranged to randomise a routine relocation of the data. 5
13. The semiconductor device (100) of any preceding wherein the control logic comprises a state machine.
14. A method (200) for storing data in memory, the memory comprising a plurality of o memory locations for storing the data; wherein the method comprises routinely relocating the data (270) from one memory location to another memory location.
15. A computer program product loadable in a memory of a programmable apparatus, 5 which computer program product includes program code portions for executing one or more steps of the method claimed in claim 14 when run by said programmable apparatus.
PCT/IB2008/050560 2008-02-15 2008-02-15 Semiconductor device and method for storing data WO2009101483A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2008/050560 WO2009101483A1 (en) 2008-02-15 2008-02-15 Semiconductor device and method for storing data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2008/050560 WO2009101483A1 (en) 2008-02-15 2008-02-15 Semiconductor device and method for storing data

Publications (1)

Publication Number Publication Date
WO2009101483A1 true WO2009101483A1 (en) 2009-08-20

Family

ID=39485183

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2008/050560 WO2009101483A1 (en) 2008-02-15 2008-02-15 Semiconductor device and method for storing data

Country Status (1)

Country Link
WO (1) WO2009101483A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2488583A (en) * 2011-03-03 2012-09-05 Nds Ltd Preventing unauthorized access to data stored in non-volatile memories
RU2601465C2 (en) * 2011-06-08 2016-11-10 Акцо Нобель Кемикалз Интернэшнл Б.В. Method for production of paper and cardboard

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6792528B1 (en) * 2000-05-17 2004-09-14 Chien-Tzu Hou Method and apparatus for securing data contents of a non-volatile memory device
US7003673B1 (en) * 1998-12-11 2006-02-21 Cp8 Technology Method for storing and operating on data units in a security module and associated security module
EP0908810B1 (en) * 1997-10-10 2006-03-01 General Instrument Corporation Secure processor with external memory using block chaining and block re-ordering

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0908810B1 (en) * 1997-10-10 2006-03-01 General Instrument Corporation Secure processor with external memory using block chaining and block re-ordering
US7003673B1 (en) * 1998-12-11 2006-02-21 Cp8 Technology Method for storing and operating on data units in a security module and associated security module
US6792528B1 (en) * 2000-05-17 2004-09-14 Chien-Tzu Hou Method and apparatus for securing data contents of a non-volatile memory device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2488583A (en) * 2011-03-03 2012-09-05 Nds Ltd Preventing unauthorized access to data stored in non-volatile memories
US8760954B2 (en) 2011-03-03 2014-06-24 Cisco Technology Inc. Protection of stored data using optical emitting elements
RU2601465C2 (en) * 2011-06-08 2016-11-10 Акцо Нобель Кемикалз Интернэшнл Б.В. Method for production of paper and cardboard

Similar Documents

Publication Publication Date Title
Da Rolt et al. Test versus security: Past and present
US7185249B2 (en) Method and apparatus for secure scan testing
EP2257906B1 (en) A method for protecting a cryptographic module and a device having cryptographic module protection capabilities
Chiu et al. A secure test wrapper design against internal and boundary scan attacks for embedded cores
WO2010134192A1 (en) Electronic device, key generation program, recording medium, and key generation method
GB2520387A (en) Data storage in persistent memory
WO2011018414A2 (en) Physically unclonable function with tamper prevention and anti-aging system
US20050251708A1 (en) Microprocessor comprising error detection means protected against an attack by error injection
US10771062B1 (en) Systems and methods for enhancing confidentiality via logic gate encryption
TWI783531B (en) Method performed by a system-on-chip integrated circuit device and a computer apparatus
CN1650180A (en) Secure scan
Chen et al. Hardware protection via logic locking test points
US9510200B2 (en) Electronic device and a computer program product
WO2009101483A1 (en) Semiconductor device and method for storing data
US20050041803A1 (en) On-device random number generator
CN107016292A (en) Electronic circuit for preventing eavesdropping by power analysis and method for preventing eavesdropping
JP4435593B2 (en) Tamper resistant information processing equipment
US8707443B2 (en) Circuit with testable circuit coupled to privileged information supply circuit
KR20230144611A (en) Secure Cryptographic Coprocessor
US7848518B2 (en) Stable disc controller ID from unstable comparator outputs
US20080104396A1 (en) Authentication Method
US9601201B2 (en) Irreproducible and re-emergent unique structure or pattern identifier manufacturing and detection method, system, and apparatus
US9195857B2 (en) Computational system
Kumar et al. On Enhancing the Security of Streaming Scan Network Architecture
Pathak et al. Preventing Data Leakage by Trojans in Commercial and ASIC Applications Using TDM and DES Encryption and Decryption

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08710056

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08710056

Country of ref document: EP

Kind code of ref document: A1