Among other threats, secure components are subjected to physical attacks whose aim
is to recover the secret information they store. Most of the work carried out to protect
these components generally consists in developing protections (or countermeasures)
taken one by one. But this ``countermeasure-centered'' approach drastically decreases
the performance of the chip in terms of power, speed and availability. In order to
overcome this limitation, we propose a complementary approach: the smart dynamic
management of the whole set of countermeasures embedded in the component. Two
main specifications for such management are required in a real world application (for
example, a conditional access system for Pay-TV): it has to provide capabilities for the
chip to distinguish between attacks and normal use cases (without the help of a human
being and in a robust but versatile way); it also has to be based on mechanisms which
dynamically find a trade-off between security and performance.
In this article, a prototype which enables such management of security is described.
The solution is based on a double-processor architecture: one processor embeds a
representative set of countermeasures (and mechanisms to parameterize them) and
executes the application code. The second processor, on the same chip, applies a
given security strategy, but without requesting sensitive data from the first processor.
The chosen strategy is based on fuzzy logic reasoning to enable the designer to
describe, using a fairly simple formalism, both the attack paths and the normal use
cases. A proof of concept has been proposed for the smart card part of a conditional
access for Pay-TV, but it could easily be fine-tuned for other applications.