Smart security management in secure devices

International audienceAmong other threats, secure components aresubjected to physical attacks whose aim is to recoverthe secret information they store. Most of the work carried out to protect these components generally consistsin developing protections (or countermeasures) takenone by one. But this “countermeasure-centered” approach drastically decreases the performance of the chipin terms of power, speed and availability. In order toovercome this limitation, we propose a complementaryapproach: smart dynamic management of the whole setof countermeasures embedded in the component. Threemain specifications for such management are requiredin a real world application (for example, a conditionalaccess system for Pay-TV): it has to provide capabilities for the chip to distinguish between attacks and normal use cases (without the help of a human being andin a robust but versatile way); it also has to be basedon mechanisms which dynamically find a trade-off between security and performance; all these mecanismshave to be formalized in a way that is clearly understandable by the designer. In this article, a prototype implementing such a security management system isdescribed. The solution is based on a double-processorarchitecture: one processor embeds a representative setof countermeasures (and mechanisms to define their parameters) and executes the application code. The second processor, on the same chip, applies a given securitystrategy, but without requesting sensitive data from thefirst processor. The chosen strategy is based on fuzzylogic reasoning to enable the designer to describe, using a fairly simple formalism, both the attack paths andthe normal use cases. A proof of concept has been proposed for the smart card part of a conditional accessfor Pay-TV, but it could be easily fine-tuned for otherapplications