Abstract: Aspects of the disclosure relate to detecting and protecting against cybersecurity attacks using unprintable tracking characters. A computing platform may receive a character-limited message sent to a user device. Subsequently, the computing platform may detect that the character-limited message sent to the user device includes suspicious content. Then, the computing platform may generate a modified character-limited message by inserting one or more special characters into the character-limited message and cause transmission of the modified character-limited message to the user device. Next, the computing platform may receive, from the user device, a spam report that includes the modified character-limited message. Then, the computing platform may identify a presence of the one or more special characters included in the modified character-limited message and adjust one or more filters based on the identification.

Abstract: A method and system for generating an encrypted and authenticated message for authenticating a first component of an electronic device as the originator of the message are disclosed. The method and system comprise encrypting a block of information based on a key associated with a second component of the electronic device to generate an encrypted block of information; accessing, from a memory of the first component, a previous version of a dynamic unique key, the previous version of the dynamic unique key being at least partially based on a original unique key; generating a current version of the dynamic unique key based on the previous version of the dynamic unique key; generating a message authentication code based on the encrypted block of information and the current version of the first dynamic unique key; and transmitting, to the second component, the encrypted block of information and the message authentication code.

Abstract: The present disclosure describes systems, apparatuses, and methods for obfuscation-based intellectual property (IP) watermark labeling. One such method comprises identifying, by one or more computing processors, a specific net within an integrated circuit design that is likely to be used in a malicious attack; and adding additional nets to the integrated circuit design that add additional logic states to a finite state machine present in the integrated circuit design. The additional logic states comprise watermarking states for performing authentication of the integrated circuit design, in which a watermark digest can be captured upon application of secret key inputs to the additional nets. Other methods, systems, and apparatuses are also presented.

Abstract: Disclosed herein is a method of a communication device, wherein the communication device is configured to operate in connection with an access node associated with a wireless communication network. The method comprises receiving a first data packet comprising a write request for writing code and/or data to a non-volatile memory comprised in the communication device and determining whether a second data packet comprising an identifier associated with the first data packet is received. When it is determined that the second data packet comprising the identifier is received, the method comprises extracting the identifier from the second data packet, wherein the identifier is a radio access layer parameter, determining whether the identifier is trusted, determining whether the identifier is validated when it is determined that the identifier is trusted and accepting at least a subset of the write request when it is determined that the identifier is trusted and validated.

Abstract: There is provided a device of protecting an Integrated Circuit from perturbation attacks. The device includes a sensing unit configured to detect a perturbation attack, the sensing unit comprising a set of digital sensors comprising at least two sensors, the sensors being arranged in parallel. Each digital sensor provides a digitized bit output having a binary value, in response to input data, the sensing unit being configured to deliver at least one binary vector comprising a multi-bit value, the multi-bit value comprising at least two bit outputs provided by the set of digital sensors. The sensing device further comprising an analysis unit, the analysis unit being configured to receive at least one binary vector provided by the sensing unit, the analysis unit being configured to detect a perturbation attack from the at least one binary vector.

Abstract: A method to prevent a malicious attack on CPU subsystem (CPUSS) hardware is described. The method includes auto-calibrating tunable delay elements of a dynamic variation monitor (DVM) using an auto-calibration value computed in response to each detected change of a clock frequency (Fclk)/supply voltage (Vdd) of the CPUSS hardware. The method also includes comparing the auto-calibration value with a threshold reference calibration value to determine whether the malicious attack is detected. The method further includes forcing a safe clock frequency (Fclk)/safe supply voltage (Vdd) to the CPUSS hardware when the malicious attack is detected.

Abstract: A system includes a memory and at least one processor to set a network throughput level setting to a default network traffic rate in a computer network, begin a data protection operation at the network throughput level setting in the computer network, continually monitor the computer network and determine that a condition has occurred in the computer network, dynamically adjust the network throughput level setting in response to the condition by one of decreasing the network throughput level setting by a network traffic rate increment and increasing the network throughput level setting by the network traffic rate increment, and dynamically shape network or storage traffic for the data protection operation using the network throughput level setting.

Abstract: A computer-implemented method, comprising receiving, by a computer system, binary image data, the computer system configured to detect a pixel value in the binary image data to represent a non-machine language value related to the binary image data; determining, by the computer system, that the binary image data further comprises at least a pixel value that is altered in a manner to change the non-machine language value related to the binary image data when read by an image recognition system; and alerting, by the computer system, to the image recognition system to review the binary image data.

Abstract: One embodiment of the invention is directed to a computer-implemented method comprising, receiving a first request that includes a token associated with a first computing device to utilize a shared resource implemented by a federated network of computing devices. The method further comprises identifying that the first computing device is an unknown entity based in part on the token and one or more signature used to sign the token. The method further comprises transmitting, to a trust management system, a second request to authenticate the first computing device using the token. The method further comprises, receiving an authentication message that verifies the first computing device within an open trust network. The authentication message may be generated in response to the trust management system communicating with a plurality of registrar computers in the open trust network about the signatures associated with the token.

Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state including a PIN-attempt-failure count and a fuse count, read from off-die NV memory. During initialization, if the blown-fuse count is greater than TPM state fuse count, TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. A PIN is received for access, and if the TPM state PIN-attempt-failure count satisfies a policy, a fuse is blown and the blown-fuse count incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds and the PIN is correct, the TPM state PIN-attempt-failure count is cleared, but if the PIN is incorrect the TPM state PIN-attempt-failure count is incremented. TPM state fuse count is set equal to the blown-fuse count, and the TPM state is saved to off-die NV memory.

Abstract: An integrated circuit is disclosed. The integrated circuit comprises: a processing region configured to run one instruction from a plurality of instructions; a first temperature measuring region configured to measure a first temperature within the integrated circuit in response to the processing region running the one instruction; the processing region being configured to compare the measured first temperature with a predefined temperature at the first temperature measuring region when the processing region runs the one instruction and to trigger an event when the measured first temperature exceeds the predefined temperature by a threshold value.

Abstract: Mitigation of attack vectors that persist elevated permissions within a computing environment. Mitigated attack vectors may be configured to respond to a trigger by generating computing resources with a built-in vulnerability. Mitigated attack vectors may elevate permissions of the computing resources to some heightened level which the malicious actor had previously gained. For example, if the malicious actor had breached a user account having administrator privileges, the attack vector may respond to the trigger by creating the virtual machine and then linking the virtual machine to a service principal having the administrator-level permissions. Left unmitigated the attack vector would enable the malicious actor to regain “administrator-level” privileges even after access to the user account is halted.

Abstract: A dynamically generated search query is generated based on rarity scores associated with raw-level computer events. Event data is pre-processed using historical information about the frequency, or rarity, of instances of individual events. Each event is assigned one or more labels that identify the event based on the historical information. The rarity scores represent probabilities of events occurring with the same labels. The rarity scores are associated with n-grams of the labels (e.g., a combination of two labels, three labels, etc.). A label n-gram score is calculated based on newly observed events and the rarity scores corresponding to the label n-grams. The search query is generated based on the label n-gram score. The search query is executed against a database to retrieve information, such as diagnostics, used to alert an administrator to events that are potentially anomalous.

Abstract: Techniques are described herein for security hardened processing devices. For example, a method can include performing a secure boot of a processing device of a computer system. The processing device is configured as a root of trust for a secure boot process. The computer system can include the processing device and a non-volatile memory storing a basic input/output system (BIOS) for the secure boot process. The method can include identifying a set of programmable fuses of the processing device, deriving an encryption key using a value encoded by the set of programmable fuses in the processing device, and authenticating the BIOS to perform the secure boot process using a key derivation algorithm based on the encryption key.

Abstract: Various examples are provided related to software and hardware architectures that enable lightweight and real-time Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attack detection. In one example, among others, a method for detection and localization of denial-of-service (DoS) attacks includes detecting, by a router of an intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a compromised packet stream based at least in part upon a packet arrival curve (PAC) associated with the router; identifying, by the IP core, a candidate IP core in the NoC as a potential attacker based at least in part upon a destination packet latency curve (DLC) associated with the IP core; and transmitting, by the router, a notification message indicating that the candidate IP core is the potential attacker to a router of the candidate IP core.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, and processes that securely distribute and manage cryptographic keys within a computing environment using permissioned distributed ledgers. By way of example, an apparatus may receive a registration request and a first digital signature applied to the registration request from a device. Based on a validation of the first digital signature, the apparatus may approve the registration request and apply a second digital signature to the registration request and the first digital signature. In some examples, the second digital signature may be indicative of the approval of the registration request by the apparatus. The apparatus may also transmit the registration request and the first and second digital signatures to a computing system, which may validate the first and second digital signatures and perform operations that record a public cryptographic key of an application program executed at the device onto a distributed ledger.

Abstract: Systems and methods for obtaining required information prior to initiation of a transaction are described herein. In an embodiment, a system stores entity data defining a plurality of entities and data record requirement data identifying one or more required data record fields for one or more transactions. The system receives a request to initiate a transaction from a first client computing device corresponding to an account of a first entity. The system subsequently receives a request to view or participate in the particular transaction from a second client computing device corresponding to an account of a second entity. The system determines that the second entity has not provided data for the one or more required data record fields and, in response, restricts the second client computing device from viewing or participating in the transaction until the second entity has provided the data for the one or more required data record fields.

Abstract: A method for managing operation of a circuit includes activating a trigger engine, receiving signals from a target circuit, and detecting a hardware trojan based on the signals. The trigger engine may generate a stimulus to activate the hardware trojan, and the target circuit may generate the received signals when the stimulus is generated. The trigger engine may be a scan chain which performs a circular scan by shifting bit values through a series of flip-flops including a feedback path. The target circuit may be various types of circuits, including but not limited to a high-speed input/output interface. The hardware trojan may be detected based on bit-error rate information corresponding to the signals output from the target circuit.

Abstract: Aspects include circuitry that includes a first global generation counter (GGC) that is increased upon decoding of a branch instruction and a second GGC that is increased upon a completion of the branch instruction. Upon a triggered rollback, the first GGC is reset. The circuitry also includes a generation tag memory associated with a register that receives loads during a side-channel attacks which is set to the first GGC upon a first load, and a determination unit to determine, for a second load from an address depending on the register of the first load, a generation tag value associated with the register of the second load as a function of the first GGC, the second GGC, and the generation tag value associated with the register of the first load. A wait queue is configured to block the second load, if the generation tag is larger than the second GGC.

Abstract: User behavior data of multiple users is acquired, and multiple user eigenvalues of user behavior data of each user under preset multiple user behavior dimensions are extracted. A user eigenvector of each user is determined based on the multiple eigenvalues of this user. Multiple user classes are obtained by clustering the user eigenvectors of multiple users are clustered through a preset clustering algorithm. A central vector of each user class is determined based on the user eigenvectors included in this user class. A difference eigenvector of each user class is determined, wherein a distance between the difference eigenvector and a central vector of an aggregation class to which the difference eigenvector belongs is not within a preset distance range. A user characterized by the difference eigenvector is determined as an abnormal user.