SYSTEM FOR VERIFYING THE INTEGRITY OF A COMMUNICATION BETWEEN TWO CIRCUITS

专利摘要:
The invention relates to a method for verifying the integrity of a communication between a master circuit (SoC) and a slave circuit (DDR), comprising the steps of sending transactions from the master circuit to the slave circuit; updating a first multi-bit cyclic signature (20) from each transaction as present in the master circuit; updating a second multi-bit cyclic signature (22) of the same nature as the first, from each transaction as received in the slave circuit; and comparing a single bit (S) of the second cyclic signature with a bit of the same position of the first cyclic signature.
公开号:FR3038188A1
申请号:FR1556064
申请日:2015-06-29
公开日:2016-12-30
发明作者:Gilles Ries；Abdelaziz Goulahsen
申请人:STMicroelectronics Grenoble 2 SAS；
IPC主号:

专利说明:

[0001] BACKGROUND OF THE INVENTION The invention relates generally to the verification of the integrity of a communication between two circuits, and more particularly to the verification of integrity. data read and written by a bus in a DDR type memory. BACKGROUND FIG. 1 is a block diagram of a system implementing a DDR memory (of the English "Double Data Rate"). The DDR memory is connected to a circuit, for example a soC-on-chip system, by a standard memory bus B. The SoC circuit and the DDR memory are each connected to the bus B by an address interface A, an interface D data, and a CTRL command interface. In the DDR memory, the interfaces provide access to a memory plane MEM which can be associated with an ECC error correction circuit. Address interface A 15 is designed to receive one-way addresses over bus B, addresses that can be used to select memory cells in both read and write modes. The data interface D is bi-directional - it receives data from the bus B to be written into the memory and produces them by a channel W, and receives on a channel R data read from the memory and transmits it over the bus. Because the writes and reads in the DDR are not concurrent, the data can pass through the same lines of the bus B. The CTRL control interface carries various incoming and outgoing signals through respective channels W and R. More Information on DDR memory interfaces can be found in JEDEC standards. The interfaces A, D and CTRL on the SoC circuit side have symmetrical functions at the interfaces of the memory. In security applications, it is desired to guarantee the integrity of the data exchanged with a memory. For this we often use redundancy solutions that can significantly increase the silicon surface of the circuits. When using standard components, such as DDR memories, redundancy is often achieved by doubling the number of memories to store the data with a copy. SUMMARY There is generally provided a method of verifying the integrity of a communication between a master circuit and a slave circuit, comprising the steps of sending transactions from the master circuit to the slave circuit; updating a first multi-bit cyclic signature from each transaction as present in the master circuit; updating a second multibit cyclic signature, of the same nature as the first, from each transaction as received in the slave circuit; and comparing a single bit of the second cyclic signature with a bit of the same position of the first cyclic signature.
[0002] The method may include the steps of sending the transactions on a bus between the master circuit and the slave circuit; storing each transaction in a FIFO memory having a depth corresponding to the delay introduced by the bus; updating the first cyclic signature from the output of the FIFO memory; and transmitting to the master circuit the signature bit to be compared on a line of the bus.
[0003] The slave circuit may be a DDR type memory and the signature bit to be compared be transmitted by a DMI line of the memory bus. The first and second cyclic signatures may also be based on the data read from the DDR memory. The method may comprise, for each of the master and slave circuits, the steps of dividing the information of each transaction into several groups; associating with each group a respective generator of cyclic redundancy check code; at each transaction, generate the CRC codes in parallel; and producing the bit to be compared by an exclusive OR operation combining a single bit of each CRC code. The combined bits of the CRC codes may be low-order bits.
[0004] There is also provided a DDR type memory comprising a bus interface and a multi-bit cyclic signature calculation circuit connected to receive states of the bus interface, and to provide a single bit of the signature on a bus line. . The bus line on which the signature bit is supplied may be a DMI line. BRIEF DESCRIPTION OF THE DRAWINGS Embodiments will be set forth in the following description, given in a nonlimiting manner in relation to the appended figures among which: FIG. 1, previously described, is a schematic diagram of a system implementing a DDR-type memory; FIG. 2 is a block diagram of a system implementing a DDR type memory and integrating an embodiment of a circuit for verifying the integrity of the information exchanged with the memory; FIG. 3 is a timing diagram illustrating the operation of the integrity verification circuit in the context of an exemplary information exchange; and FIG. 4 schematically represents an embodiment of a CRC code generator that can be used in the system of FIG. 2.
[0005] DESCRIPTION OF EMBODIMENTS In some applications, it is not necessary to detect a data integrity defect at the instant it occurs. It is often enough that the lack of integrity is detected within a certain time after its occurrence. The delay depends on the degree of risk that the defect can cause.
[0006] Starting from this relaxed constraint, a particularly simple data integrity verification technique is proposed below. The technique will be described by way of example in the context of data exchanges with a DDR memory, but it may be used more generally to check the integrity of a communication between two circuits.
[0007] FIG. 2 shows a system implementing a DDR memory, similar to that of FIG. 1. In order to verify the integrity of the communications via the bus B, a signature generator 20 is connected in the SoC circuit, or master circuit, to calculate a signature on each transaction that the SoC circuit sends on the bus B. A second signature generator 22 is connected in the DDR memory, or slave circuit 25, to calculate a signature of the same nature as that of the generator 20, on each transaction as received by the memory on the bus B. The generators 20 and 22 can be clocked by a 2CK clock which is at a frequency double the frequency of the DDR memory. Indeed, a DDR memory processes a transaction at each edge of its clock, that is to say twice a period.
[0008] One could, to verify the integrity of the communication, compare the signatures 20 and 22 with each transaction. It is thus verified that the transaction received by the DDR memory 3038188 4 is the transaction sent by the SoC circuit. In case of inequality, an error could be injected on the lines of the bus, that of accidental or malicious way. To perform such a comparison, it would be necessary to transmit the entire signature 22 to the SoC circuit, which is not a realistic solution.
[0009] In fact, the generators 20 and 22 are designed to compute a cyclic signature, i.e., a recursive signature that is updated with each transaction and that preserves a history of previous transactions. The signature may be a cyclic redundancy code or CRC. Furthermore, as shown, a single bit S of the signature 22 is transmitted from the DDR to the SoC circuit to be compared at 24 to the same position bit of the signature 20. If the comparison fails, the comparator 24 is active. an error signal ERR. The signatures 20 and 22 can be reset by an RST signal, only once when the system is turned on, or from time to time during periods of inactivity on the bus B. With this configuration, as soon as an error occurs is introduced in a transaction, the signatures 20 and 22 begin to diverge rapidly in subsequent transactions. Admittedly, the two bits we chose to compare do not necessarily differ from the occurrence of the error, but they have a growing probability of deferring in subsequent transactions. This probability tends to 1 geometrically according to the relation 1-2 ', where n is the number of transactions from the one where the error occurred. Thus, after 30 transactions, we have a chance in a billion not to detect the error. At the rate of the transactions in a DDR memory, that is to say at more than 1 GHz, it is certain to detect the error in less than 30 ns, which is amply sufficient in many security applications. The position in the signatures of the bits (S) that we choose to compare does not matter.
[0010] Preferably, a position is chosen where the signatures vary most rapidly, generally on the low side in a CRC signature. The fact that there is only one bit to communicate between the circuits makes it easy to envisage the transmission of this bit by a dedicated line of the bus, or to use an existing line of a standardized bus. In some standard buses, specific lines may be free or have a function selected from several. In a DDR memory bus, among the CTRL command lines, two lines called DMI (Data Mask Invert) of the R channel are assigned to the two halves of the memory read data lines. In practice, the data bus comprises sixteen lines and two byte vehicles to which the two DMI bits are respectively allocated. When a byte to be transmitted comprises more than 1 than 0, it is inverted on transmission. The corresponding DMI line serves to signal this inversion by a 1. By thus systematically acting on the two bytes of the 5 data lines, it is possible to reduce the current consumption related to the data transmission by 40% on average. Two homologous DMI lines, of the W channel, play a symmetrical role in write mode in the memory. The DDR memory can be designed so that the function of one of the R channel DMI lines is "overloaded" with the transmission function of the S signature bit. In other words, the user can configure the function it wishes for the overloaded line: either it configures it to have the classic DMI function, or it configures it to transmit the signature bit S. The choice of the transmission function of the S bit is then done to the detriment of the DMI function for one of the data bytes. However, the function of the remaining DMI line can be changed to extend to both bytes of the data lines. In other words, the two bytes are inverted simultaneously before being transmitted when they together include more than eight bits to 1. This approach is only slightly less effective than using two DMI lines - it allows a average consumption decrease of 36% against 40%.
[0011] In many applications, signature generators 20 and 22 could be connected to account for only data lines D, sixteen lines in this case. However, to detect all error possibilities, signature generators are preferably connected to account for all lines that affect the data, namely, address lines A, data lines D, and the DMI lines 25 among the CTRL command lines. As shown, the signature generators can be connected to these lines by the inputs and outputs of the interfaces A, D, and CTRL, on the opposite side to the lines of the bus B, where the signals are clean. The line used to transmit the signature bit S, and possibly one of the DMI lines, may also be counted in the signature calculations.
[0012] In addition, the signature generator 22, in the DDR memory, may be designed to accommodate an error signal generated by the ECC error correction circuit, as shown. The ECC circuit is intended to automatically detect and correct internal errors of the MEM memory array. If it fails to correct an error, it produces an error signal that can be taken into account in some systems. In the present case, it is appropriate for such an ECC circuit signal to participate in the verification of data integrity. Then, on the SoC circuit side, the generator 5 receives at the same position a constant value ECCOK corresponding to an absence of error. The bus interfaces A, D, and CTRL, because they are generally designed to synchronize the signals of the bus B on clocks CK internal to the circuits, introduce a delay of at least one clock cycle. Thus, a transaction presented to the bus in the SoC circuit requires at least two cycles to reach the DDR memory. For the generators 20 and 22 to calculate a signature on the same values, the inputs of the generator 20 may be delayed by a FIFO memory 26 whose depth corresponds to the transit time of the bus B. More specifically, only the departing signals are delayed. (A addresses, D (W) write data, and CTRL (W) command lines for writing). Incoming signals are not delayed (read data D (W) and command lines CTRL (R) read). FIG. 3 is a timing diagram illustrating the operation of the circuit of FIG. 2 in the context of an example of a reading followed by a writing. The read transactions are represented in gray rectangles, and the write transactions are represented in white rectangles. The transactions are represented in different columns corresponding to different system elements indicated at the top of the column, and in different rows corresponding to times increasing from top to bottom. At a cycle t0, the SoC circuit presents the read transaction at the bus interfaces. The transaction contains the read address A0, no data D, and no control signal CTRL (at least no DMI signal taken into account in the signature calculation). The transaction is denoted (A0, 0, 0), reflecting the states of the lines A, D and CTRL. At a cycle t1, the transaction (A0, 0, 0) is pushed into the FIFO (FIFO IN) memory and is presented in parallel on the bus. The SoC circuit presents the write transaction, containing an Al address and DW1 data. The transaction is denoted (Al, DW1, CW1), where CW1 denotes the state of the control lines CTRL of the write channel W, in particular DMI lines.
[0013] At a cycle t2, the read transaction (A0, 0, 0) arrives in the DDR memory, where it causes the search of the data and is presented to the signature generator 22. The write transaction (Al, DW1, CW1) is pushed into the FIFO memory and appears in parallel on the bus.
[0014] At a cycle t3, in the DDR memory, the signature 22 is updated by the read transaction (A0, 0, 0). The value of the signature is noted SIGO-DDR. At the same time, the memory presents the data requested by the transaction (A0, 0, 0) on the bus interface in a response transaction noted (DRO, CR0) - DRO data on the R channel of the interface D, CR0 control signals on the R channel of the CTRL interface. Finally, the write transaction (Al, DW1, CW1) arrives in the memory. The transactions (Al, DW1, CW1) and (DRO, CR0) are presented to the signature generator 22. At a cycle t4, the bit to be compared of the signature SIGO-DDR, denoted SO, is presented on the bus, at the same time time as the response transaction (DRO, CR0). In the DDR memory, the signature 22 is updated by the transactions (Al, DW1, CW1) and (DRO, CR0). The new value of the signature is noted SIG1-DDR. On the SoC circuit side, the transaction (A0, 0, 0) is extracted from the FIFO memory and presented to the signature generator 20. At a cycle t5, the bit to be compared of the signature SIG1-DDR, denoted Si, is presented on the bus. In the SoC circuit, the generator 20 produces the SIGO-SoC signature updated by the transaction presented in the previous cycle, namely the transaction (A0, 0, 0) retrieved from the FIFO. The SO bit arrives in the SoC circuit and is compared to the bit of the same position of the SIGO-SoC signature. An inequality indicates that an integrity defect has occurred in the transaction (A0, 0, 0) or in at least one of the previous transactions. In the same cycle, the transaction (Al, DW1, CW1) is retrieved from the FIFO and presented to the signature generator 20 with the transaction (DRO, CR0) arriving in the SoC circuit. At a cycle t6, the signature 22 is updated in the SoC circuit by the transactions (Al, DW1, CW1) and (DRO, CR0) and takes a value denoted SIG1-SoC. The bit Si arrives in the circuit SoC and is compared to the bit of the same position of the signature SIG1-SoC.
[0015] This timing chart shows that certain signatures are calculated on values mixing transactions, such as the SIG1-SoC and SIG1-DDR signatures. What matters is that each transaction participates in a signature, either alone or with another transaction, and that the signatures on both sides of the bus are calculated on the same values. The FIFO memory here has a depth of two cycles, corresponding to the number of cycles necessary for a transaction to cross the bus in the example considered.
[0016] As previously indicated, the signature generators 20 and 22 may be CRC code generators. In the present application, it may be necessary to calculate a CRC code on the address lines A (at least 6 lines for an elementary DDR memory module), 16 lines of data in write (W), 16 lines of data in read (R), four DMI lines (write and read), and finally the status bit of the ECC circuit, a total of 43 bits. (Although the bus has only 16 lines of data, the data flows at twice the clock rate, so that 32 bits of data are processed at the clock rate.) In principle, a generator CRC code operates on serial-supplied bits. Since the frequency of a DDR memory may exceed 1 GHz, the CRC code generator 15 would have to operate at around 43 GHz, which is difficult to achieve with current technologies. A CRC code generator can be designed to process several bits in parallel, but in view of the complexity and the difficulties in the critical paths that this entails, this solution is limited in practice to about ten bits. The operating frequency of the generator would still be too high. FIG. 4 schematically represents an embodiment of a CRC code generator that can be used in the present application. The bits on which the signatures are to be calculated, 43 in the present example, are separated into several groups, here five groups of 8, 8, 9, 9, and 9 bits, respectively. Each group of bits is provided to an independent parallel CRC code generator, adapted to the number of bits in the group (eight or nine). An XOR exclusive OR gate receives a bit of each CRC code to provide the bit to be compared. The bit position of each CRC code may be arbitrary. Preferably one chooses a position whose value is likely to change quickly, so rather in the LSB weights.
[0017] The nature of the CRC codes is preferably chosen to provide a relatively high Hamming distance, for example a 32-bit CRC code.

权利要求:
Claims (6)
[0001]
REVENDICATIONS1. A method of verifying the integrity of a communication between a master circuit (SoC) and a slave circuit (DDR), comprising the following steps: - sending transactions from the master circuit to the slave circuit - updating a first multi cyclic signature bits (20) from each transaction as present in the master circuit; - Update a second multi-bit cyclic signature (22), of the same nature as the first, from each transaction as received in the slave circuit; and comparing a single bit (S) of the second cyclic signature with a bit of the same position of the first cyclic signature.
[0002]
2. Method according to claim 1, comprising the following steps: - sending the transactions on a bus (B) between the master circuit and the slave circuit; storing each transaction in a FIFO memory having a depth corresponding to the delay introduced by the bus; updating the first cyclic signature (20) from the output of the FIFO memory; and - transmitting to the master circuit the signature bit to be compared on a line of the bus.
[0003]
3. Method according to claim 2, wherein the slave circuit is a DDR type memory and the signature bit to be compared is transmitted by a DMI line of the memory bus.
[0004]
The method of claim 3, wherein the first and second cyclic signatures are also based on the data read from the DDR memory.
[0005]
5. Method according to claim 1, comprising the following steps for each of the master and slave circuits: dividing the information of each transaction into several groups; Associating with each group a respective generator of cyclic redundancy check (CRC) code; at each transaction, generate the CRC codes in parallel; and * produce the bit to be compared by an exclusive OR operation combining a single bit of each CRC code.
[0006]
The method of claim 5, wherein the combined bits of the CRC codes are least significant bits.

类似技术:

---

公开号 | 公开日 | 专利标题

---

FR3038188A1|2016-12-30|SYSTEM FOR VERIFYING THE INTEGRITY OF A COMMUNICATION BETWEEN TWO CIRCUITS

---

FR2827684A1|2003-01-24|MEMORY CONTROLLER HAVING 1X / MX WRITE CAPACITY

---

FR2687879A1|1993-08-27|Elasticity buffer for information/clock synchronisation, and data transmission system using such a buffer

---

EP0063972A1|1982-11-03|Method and device for resource allocation in a system comprising autonomous data processing units

---

FR2487561A1|1982-01-29|DYNAMIC MEMORY SYSTEM

---

FR2487548A1|1982-01-29|MEMORY SYSTEM WITH DIAGNOSTIC DEVICE

---

FR2737637A1|1997-02-07|SWITCHING MATRIX BETWEEN TWO MULTIPLEX GROUPS

---

WO2003038620A2|2003-05-08|Data storage method with error correction

---

FR2473753A1|1981-07-17|DEVICE FOR PROVIDING CORRECTED DATA GROUPS TO A DESTINATION CIRCUIT

---

FR2849228A1|2004-06-25|Data transfer device for linking two asynchronous systems communicating via a FIFO buffer memory, each system having a pointing register with associated primary and secondary phantom registers

---

FR2808904A1|2001-11-16|Memory access system for memory sub-systems, e.g. dual in line memory modules or DIMMS that allows faulty memory modules to be detected and exchanged without loss of data and without switching off the computer

---

EP0228528A1|1987-07-15|Apparatus for implementing a code with a small digital sum variation in a fast digital transmission, and coding method using such an apparatus

---

EP0020185B1|1983-11-23|Method and apparatus for the serial-parallel addition of a great number of words

---

EP1417582B1|2007-04-04|Electronic circuit assembly comprising means for decontaminating error-contaminated parts

---

FR3043477A1|2017-05-12|METHOD FOR SYNCHRONIZING DATA CONVERTERS BY A SIGNAL TRANSMITTED FROM CLOSE TO NEAR

---

EP0094040A2|1983-11-16|System for synchronous data transmission with the aid of a constant envelope amplitude-modulated carrier

---

EP0635786B1|1996-11-13|Device for storing data

---

EP0344052B1|1992-07-22|Modular memory

---

FR2717921A1|1995-09-29|Device for managing access conflict between a CPU and memories.

---

EP2215552B1|2012-04-18|Circuit comprising a microprogrammed machine for processing the inputs or the outputs of a processor so as to enable them to enter or leave the circuit according to any communication protocol

---

FR2900749A1|2007-11-09|METHOD AND DEVICE FOR SECURING THE MEMORY OF A COMPUTER AGAINST ERRORS DUE TO RADIATION

---

EP0400734A1|1990-12-05|Programmable binary signal delay device and application to an error correcting code device

---

EP0169089B1|1990-07-11|Elementary data processing device

---

EP3792771A1|2021-03-17|Programme test

---

EP3716523A1|2020-09-30|Method for synchronising digital data sent in series

同族专利:

---

公开号 | 公开日

---

US20160378580A1|2016-12-29|

---

FR3038188B1|2017-08-11|

---

US10114687B2|2018-10-30|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

US20090235113A1|2006-05-18|2009-09-17|Rambus Inc.|Memory error detection|

---

US20090183051A1|2008-01-14|2009-07-16|Qimonda Ag|Memory System with Cyclic Redundancy Check|

---

US20090187794A1|2008-01-22|2009-07-23|International Business Machines Corporation|System and method for providing a memory device having a shared error feedback pin|

---

US20130117641A1|2009-12-09|2013-05-09|Kuljit S. Bains|Method and system for error management in a memory device|WO2020169902A1|2019-02-22|2020-08-27|StmicroelectronicsSas|Transmission of linked data on an i2c bus|US5604754A|1995-02-27|1997-02-18|International Business Machines Corporation|Validating the synchronization of lock step operated circuits|

---

US7295882B2|2002-06-27|2007-11-13|International Business Machines Corporation|Method and apparatus for audible error code detection and identification|

---

US7584386B2|2004-04-21|2009-09-01|Stmicroelectronics Sa|Microprocessor comprising error detection means protected against an attack by error injection|

---

GB0427540D0|2004-12-15|2005-01-19|Ibm|A system for maintaining data|

---

US8892963B2|2005-11-10|2014-11-18|Advanced Micro Devices, Inc.|Error detection in high-speed asymmetric interfaces utilizing dedicated interface lines|

---

US7949931B2|2007-01-02|2011-05-24|International Business Machines Corporation|Systems and methods for error detection in a memory system|

---

EP2381265B1|2010-04-20|2013-09-11|STMicroelectronics Srl|System for performing the test of digital circuits|

---

US8560899B2|2010-07-30|2013-10-15|Infineon Technologies Ag|Safe memory storage by internal operation verification|DE112016006791B4|2016-06-07|2020-02-06|Mitsubishi Electric Corporation|Data processing device, data processing method and data processing program|

---

US10652024B2|2017-04-05|2020-05-12|Ciena Corporation|Digital signature systems and methods for network path trace|

---

GB2574614B|2018-06-12|2020-10-07|Advanced Risc Mach Ltd|Error detection in an interconnection network for an integrated circuit|

法律状态:
2016-05-24| PLFP| Fee payment|Year of fee payment: 2 |

---

2016-12-30| PLSC| Search report ready|Effective date: 20161230 |

---

2017-05-23| PLFP| Fee payment|Year of fee payment: 3 |

---

2018-05-25| PLFP| Fee payment|Year of fee payment: 4 |

---

2019-05-22| PLFP| Fee payment|Year of fee payment: 5 |

---

2021-03-12| ST| Notification of lapse|Effective date: 20210205 |

优先权:

---

申请号 | 申请日 | 专利标题

---

FR1556064A|FR3038188B1|2015-06-29|2015-06-29|SYSTEM FOR VERIFYING THE INTEGRITY OF A COMMUNICATION BETWEEN TWO CIRCUITS|FR1556064A| FR3038188B1|2015-06-29|2015-06-29|SYSTEM FOR VERIFYING THE INTEGRITY OF A COMMUNICATION BETWEEN TWO CIRCUITS|

---

US14/949,378| US10114687B2|2015-06-29|2015-11-23|System for checking the integrity of a communication between two circuits|