Abstract: An apparatus for clock manager redundancy comprises a clock circuitry to manage a clock for a device; a first processing circuitry coupled to the clock circuitry to execute instructions to perform operations for a clock manager, the clock manager to receive messages with time information for a network and generate clock manager control information to adjust the clock to a network time for the network; a hardened execution environment coupled to the clock circuitry and the first processing circuitry, the hardened execution environment to comprise: a detector to monitor the clock manager and generate an alert when the detector identifies abnormal behavior of the clock manager; and a second processing circuitry to execute instructions to perform operations for a redundant clock manager, the redundant clock manager to take over operations for the clock manager in response to the alert from the detector. Other embodiments are described and claimed.

Abstract: Systems, apparatuses, and methods to mitigate effects of glitch attacks on a broadcast communication bus are provided. The voltage levels of the communication bus are repeatedly sampled to identify glitch attacks. The voltage level on the communication bus can be overdriven or overwritten to either corrupt received messages or correct received messages.

Abstract: In one example an apparatus comprises processing circuitry to measure a statistical distance between a marginal distribution of a coordinate of a potential signature (z) over a first interval and a uniform distribution over the first interval and use the statistical distance to determine one or more thresholds of a rejection sampling operation in a lattice-based digital signature algorithm. Other examples may be described.

Abstract: Various embodiments are generally directed to providing authentication and confidentiality mechanisms for message communication over an in-vehicle network. For example, authentication data associated with a communicating node may be transmitted over the network by encoding different predefined voltage levels on top of the message bits of the message being communicated. Different voltage levels may represent different encodings, such as a bit-pair or any bit combination of the authentication data. In a further example, messaging confidentiality between at least two communicating nodes may be achieved by pseudo-randomly flipping, or scrambling, the dominant and recessive voltages of the entire message frame at the analog level based on a pseudo-random control bit sequence.

Abstract: Systems, apparatus, methods, and techniques for reporting an attack or intrusion into an in-vehicle network are provided. The attack can be broadcast to connected vehicles over a vehicle-to-vehicle network. The broadcast can include an indication of a sub-system involved in the attack and can include a request for assistance in recovering from the attack. Connected vehicles can broadcast responses over the vehicle-to-vehicle network. The responses can include indications of data related to the compromised sub-system. The vehicle can receive the responses and can use the responses to recover from the attack, such as, estimate data.

Abstract: In one example an apparatus comprises a computer readable memory, an XMSS operations logic to manage XMSS functions, a chain function controller to manage chain function algorithms, a secure hash algorithm-2 (SHA2) accelerator, a secure hash algorithm-3 (SHA3) accelerator, and a register bank shared between the SHA2 accelerator and the SHA3 accelerator. Other examples may be described.

Abstract: Systems, apparatus, methods, and techniques for an ego vehicle to respond to detecting misbehaving information from remote vehicles are provided. An ego vehicle, in addition to reporting misbehaving vehicles to a misbehavior authority via a vehicle-to-anything communication network, can, take additional actions based in part on how confident the ego vehicle is about the evidence of misbehavior. Where the confidence is high the ego vehicle can simply discard the misbehaving data and provide an alternative estimate for such data from alternative sources. Where the confidence is not high the ego vehicle can request assistance from neighboring vehicles and roadside units to provide independent estimates of the data to increase confidence in the evidence of misbehavior.

Abstract: Systems, apparatus, methods, and techniques for functional safe execution of encryption operations are provided. A fault tolerant counter and a complementary pair of encryption flows are provided. The fault tolerant counter may be based on a gray code counter and a hamming distance checker. The complementary pair of encryption flows have different implementations. The output from the complementary pair of encryption flows can be compared, and where different, errors generated.

Abstract: Systems, apparatuses, and methods to establish a mapping between message identifications for messages transmitted on a communication bus and electronic control units transmitting the messages is provided. In particular, retransmission of a low priority message onto the bus is forced such that the retransmitted low priority message overlaps with a higher priority message to determine whether the messages originated from the same ECU.

Abstract: Various embodiments are generally directed to techniques for providing improved privacy protection against vehicle tracking for connected vehicles of a vehicular network. For example, at least one road side unit may: identify a set of vehicles that require pseudonym changes and send an invitation for a pseudonym change event to each of the vehicles, determine at least a total number of the acceptances, determine whether the total number meets or exceeds a predetermined threshold number, send acknowledgement messages to the accepting vehicles if the threshold number is met, and form a vehicle group to coordinate the pseudonym change event during a privacy period. During the privacy period, the RSU and the vehicles may communicate with each other in a confidential and private manner via key-session-based unicast transmission, and coordinate transmission power and vehicle trajectory adjustments to maximize the benefits for safety and obfuscation for privacy.

Abstract: In one example an apparatus comprises receive, in a processing platform, an input request from a remote device comprising a digital signature signing or verify function and determine a selected digital signature scheme for the request based at least in part on a determination of whether the processing platform is to apply a signing function or a verify function to the input request. Other examples may be described.

Abstract: In one example an apparatus comprises a first input node to receive a first input, a second input node to receive a control signal, a polynomial multiplication circuitry to perform a polynomial multiplication function using the first input as an element of a digital signature protocol, the polynomial multiplication function comprising a plurality of polynomial multiplication operations, the polynomial multiplication function performed in a security mode determined by the control signal, the security mode comprising one of a first mode in which no side-channel protection is provided to the polynomial multiplication operation or a second mode in which a shuffling-based side-channel protection is provided to the polynomial multiplication operation. Other examples may be described.

Abstract: In one example an apparatus comprises a first input node to receive a first input, a second input node to receive a control signal, a polynomial multiplication circuitry to perform a polynomial multiplication operation using the first input in a security mode determined by the control signal, the security mode comprising one of a first mode in which no side-channel protection is provided to the polynomial multiplication operation, a second mode in which a shuffling-based side-channel protection is provided to the polynomial multiplication operation, a third mode in which a masking or splitting side-channel protection is provided to the polynomial multiplication operation, or a fourth mode in which a masking and shuffling based side-channel protection is provided to the polynomial multiplication operation. Other examples may be described.

Abstract: Various examples relate to an apparatus, device, method, and computer program for determining an integrity of a generated cryptographic signature. The apparatus is to generate, before generating the cryptographic signature, redundancy information of at least one cryptographic secret being used for generating the cryptographic signature, generate the cryptographic signature using the at least one cryptographic secret, compare, after generating the cryptographic signature, the redundancy information and the at least one cryptographic secret to determine whether the redundancy information matches the at least one cryptographic secret, and use the cryptographic signature if the redundancy information matches the at least one cryptographic secret.

Abstract: Systems, apparatuses, and methods to establish ground truth for an intrusion detection system using machine learning models to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. Voltage signatures for overlapping message identification (MID) numbers are collapsed and trained on a single ECU label.

Abstract: A platform comprising numerous reconfigurable circuit components arranged to operate as primary and redundant circuits is provided. The platform further comprises security circuitry arranged to monitor the primary circuit for anomalies and reconfigurable circuit arranged to disconnect the primary circuit from a bus responsive to detection of an anomaly. Furthermore, the present disclosure provides for the quarantine, refurbishment and designation as redundant, the anomalous circuit.

Abstract: Systems, methods, computer program products, and apparatuses for low latency, fully reconfigurable hardware logic for ensemble classification methods, such as random forests. An apparatus may comprise circuitry for an interconnect and circuitry for a random forest implemented in hardware. The random forest comprising a plurality of decision trees connected via the interconnect, each decision tree comprising a plurality of nodes connected via the interconnect. A first decision tree of the plurality of decision trees comprising a first node of the plurality of nodes to: receive a plurality of elements of feature data via the interconnect, select a first element of feature data, of the plurality of elements of feature data, based on a configuration of the first node, and generate an output based on the first element of feature data, an operation, and a reference value, the operation and reference value specified in the configuration of the first node.

Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage signals associated with the transmission at a point on the in-vehicle network bus. A distribution can be generated from densities of the voltage signals. ECUs can be identified and/or fingerprinted based on the distributions.

Abstract: Systems, methods, computer-readable storage media, and apparatuses to provide active attack detection in autonomous vehicle networks. An apparatus may comprise a network interface and processing circuitry arranged to receive a first data frame from a first electronic control unit (ECU) via the network interface, determine a voltage fingerprint of the first data frame, compare the voltage fingerprint to a voltage feature of the first ECU, determine that the first data frame is an authentic message when the voltage fingerprint does match the voltage feature of the first ECU, and determine that the first data frame is a malicious message when the voltage fingerprint does not match the voltage feature of the first ECU. Other embodiments are described and claimed.

Abstract: A method comprises fetching, by fetch circuitry, an encoded butterfly instruction comprising an opcode, a first source identifier, a second source identifier, a third source identifier, and two destination identifiers, decoding, by decode circuitry, the decoded butterfly instruction to generate a decoded butterfly instruction, and executing, by execution circuitry, the decoded butterfly instruction to retrieve operands representing a first input polynomial-coefficient from the first source, a second input polynomial-coefficient from the second source, and a primitive nth root of unity from the third source, perform, in an atomic fashion, a butterfly operation to generate a first output polynomial-coefficient and a second output polynomial-coefficient, and store the first output coefficient and the second output coefficient in a register file accessible to the execution circuitry.