Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

Abstract: A system is disclosed for quarantining and recovery of a network after an outage or in advance of a potential outage. Unaffected network slices are isolated and recovery is initiated by quarantine physical and virtual network functions. An AI model is trained based on recent events detected by sensors disposed throughout the network to determine whether to quarantine network slices, move services to unaffected network slices, or initiate recovery. Once the network is stabilized, resources that are specifically allocated for recovery and services are released and the traffic moved back to the recovered network slices.

Abstract: A computing node includes network interface circuitry and processing circuitry. The processing circuitry assigns available computing resources to a plurality of network slice instances (NSIs). Each of the NSIs is associated with a slice sub-context indicative of a network location of the available computing resources assigned to the NSI. A first portion of the resources is assigned to the NSI as dedicated resources and a second, remaining portion is assigned to the NSI as shared resources. A service instance is assigned to each of the NSIs. NSI records are generated based on the assigned service instance, the dedicated resources, and the shared resources. An NSI configuration is restored to a pre-FAFO event state based on the plurality of NSI records, the restored configuration using one or both of the dedicated resources and the shared resources.

Abstract: Systems and techniques for misbehavior processing in connected vehicle networks such as a vehicle-to-everything (V2X) communication environment are described herein. A misbehavior report may be received by a local misbehavior agent from a node operating on a vehicle communication network. The local misbehavior agent may be responsible for a geographic area in which the node is located. The misbehavior report may be corroborated using the misbehavior report and evidence of misbehavior of a subject node of the misbehavior report. A revocation recommendation may be generated for the subject node based on the corroboration. The revocation recommendation may be transmitted to a misbehavior authority operating on the vehicle communication network.

Abstract: A microcoded processor instruction may invoke a number of microinstructions to perform a round of a SHA3 operation using a circuit that includes a first stage circuit to perform a set of first bitwise XOR operations on a set of five input blocks to yield first intermediate output blocks; perform a set of second bitwise XOR operations on a first intermediate block and a rotation of another first intermediate block to yield second intermediate blocks; and perform a set of third bitwise XOR operations on a second intermediate block and an input block to yield third intermediate blocks. The circuit further includes a second stage circuit to rotate bits within each of the third intermediate blocks to yield a set of fourth intermediate blocks, and a third stage circuit to perform an affine mapping on bits within each of the fourth intermediate blocks to yield a set of output blocks.

Abstract: Various systems and methods for bus-off attack detection are described herein. An electronic device for bus-off attack detection and prevention includes bus-off prevention circuitry coupled to a protected node on a bus, the bus-off prevention circuitry to: detect a transmitted message from the protected node to the bus; detect a bit mismatch of the transmitted message on the bus; suspend further transmissions from the protected node while the bus is analyzed; determine whether the bit mismatch represents a bus fault or an active attack against the protected node; and signal the protected node indicating whether a fault has occurred.

Abstract: A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform; a network interface to communicatively couple to a bus lacking native support for authentication; and an anomaly detection engine to operate on the hardware platform and configured to: receive a first data stream across a first time; symbolize and approximate the first data stream, including computing a first window sum; receive a second data stream across a second time substantially equal in length to the first time, the second data stream including data across the plurality of dimensions from the first data stream; symbolize and approximate the second data stream, including computing a second window sum; compute a difference between the first window sum and the second window sum; determine that difference exceeds a threshold and that the correlation across the plurality of dimensions is broken; and flag a potential anomaly.

Abstract: In one embodiment, an apparatus includes a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include a multiplier circuit comprising a parallel combinatorial multiplier, and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.

Abstract: Systems and techniques for malicious request detection in automated resource dispatch are described herein. A request for a resource may be received from a user device. A location may be obtained for delivery of the resource. Sensor data may be retrieved for the location. The sensor data and user profile data may be evaluated to determine if the request is malicious. A disincentivizing message may be generated based on the determination that the request is malicious. In response to receipt of a response to the disincentivizing message, a resource may be dispatched to the location.

Abstract: In one embodiment, an apparatus includes: a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include: a multiplier circuit comprising a parallel combinatorial multiplier; and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.

Abstract: Systems and methods in which devices synchronize their clocks for purposes of data transmission are described. Particularly, the disclosed systems and methods provide detection and mitigation of interference by malicious (or non-malicious) wireless devices with communication of time synchronized data over wireless networks. Systems and methods are provided where times statistics related to multiple instances of wireless time synchronization are collected and collated. Devices in the system can discipline their internal clocks based on the collated time statistics.

Abstract: One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (LCE), the LCE is optimized and has an associated throughput greater than or equal to a target throughput.

Abstract: Logic may implement protocols and procedures for vehicle-to-vehicle communications for platooning. Logic may implement a communications topology to distinguish time-critical communications from non-time-critical communications. Logic may sign time-critical communications with a message authentication code (MAC) algorithm with a hash function such as Keccak MAC or a Cipher-based MAC. Logic may generate a MAC based on pairwise, symmetric keys to sign the time-critical communications. Logic may sign non-time-critical communications with a digital signature. Logic may encrypt non-time-critical communications. Logic may append a certificate to non-time-critical communications. Logic may append a header to messages to create data packets and may include a packet type to identify time-critical communications. Logic may decode and verify the time-critical messages with a pairwise symmetric key. And logic may prioritize time-critical communications to meet a specified latency.

Abstract: A data processing system that provides for active prevention of masquerading attacks comprises a microcontroller, a transceiver, and an active attack prevention module (AAPM) in communication with the microcontroller and the transceiver. The microcontroller enables the data processing system to operate as a node in a vehicle control system (VCS). The transceiver enables the node to communicate with a local area network (LAN) of the VCS. The AAPM enables the node to monitor the LAN for messages. In response to detecting a message on the LAN, the AAPM automatically determines whether the message falsely identifies the node as a source, based on a value in an identifier field in the message. In response to determining that the message falsely identifies the node as the source, the AAPM automatically takes at least one remedial action to neutralize the message. Other embodiments are described and claimed.

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

Abstract: One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (LCE), the LCE is optimized and has an associated throughput greater than or equal to a target throughput.

Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks.

Abstract: Logic may implement protocols and procedures for vehicle-to-vehicle communications for platooning. Logic may implement a communications topology to distinguish time-critical communications from non-time-critical communications. Logic may sign time-critical communications with a message authentication code (MAC) algorithm with a hash function such as Keccak MAC or a Cipher-based MAC. Logic may generate a MAC based on pairwise, symmetric keys to sign the time-critical communications. Logic may sign non-time-critical communications with a digital signature. Logic may encrypt non-time-critical communications. Logic may append a certificate to non-time-critical communications. Logic may append a header to messages to create data packets and may include a packet type to identify time-critical communications. Logic may decode and verify the time-critical messages with a pairwise symmetric key. And logic may prioritize time-critical communications to meet a specified latency.

Abstract: Embodiments of the present disclosure describe methods, apparatuses, storage media, and systems for a device disposed at an edge of a vehicular communication network or vehicles within a coverage area of the device. The device is to generate a list of vehicle security data to be distributed to vehicles currently within a coverage area of the device, based at least in part on a context related to the vehicles. The device is further to announce, on a control channel communicatively coupling the device and the vehicles, that the list of vehicle security data are available and a service channel to receive the list of vehicle security data. The list of vehicle security data are to be provided to the vehicles via the service channel. Other embodiments may be described and claimed.