Abstract: An indication of a key generation function may be received from a server. A random value may be received based on a volatile memory of a device. A cryptographic key may be generated based on the key generation function from the server and the random value that is based on the volatile memory of the device. The cryptographic key may be stored at a non-volatile memory of the device.

Abstract: Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.

Abstract: A block of dynamic memory in a DRAM device is organized to share a common set of bitlines may be erased/destroyed/randomized by concurrently activating multiple (or all) of the wordlines of the block. The data held in the sense amplifiers and cells of an active wordline may be erased by precharging the sense amplifiers and then writing precharge voltages into the cells of the open row. Rows are selectively configured to either be refreshed or not refreshed. The rows that are not refreshed will, after a time, lose their contents thereby reducing the time interval for attack. An external signal can cause the isolation of a memory device or module and initiation of automatic erasure of the memory contents of the device or module using one of the methods disclosed herein. The trigger for the external signal may be one or more of temperature changes/conditions, loss of power, and/or external commands from a controller.

Abstract: Technologies for detecting an error using a message authentication code (MAC) associated with cache line data and differentiating the error as having been caused by an attack on memory or a MAC verification failure caused by an ECC escape. One memory buffer device includes an in-line memory encryption (IME) circuit to generate the MACs and verify the MACs. Upon a MAC verification failure, the memory buffer device can analyze at least one of the historical MAC verification failures or historical ECC-corrected errors over time to determine if the error is caused by an attack on memory.

Abstract: A block of dynamic memory in a DRAM device is organized to share a common set of bitlines may be erased/destroyed/randomized by concurrently activating multiple (or all) of the wordlines of the block. The data held in the sense amplifiers and cells of an active wordline may be erased by precharging the sense amplifiers and then writing precharge voltages into the cells of the open row. Rows are selectively configured to either be refreshed or not refreshed. The rows that are not refreshed will, after a time, lose their contents thereby reducing the time interval for attack. An external signal can cause the isolation of a memory device or module and initiation of automatic erasure of the memory contents of the device or module using one of the methods disclosed herein. The trigger for the external signal may be one or more of temperature changes/conditions, loss of power, and/or external commands from a controller.

Abstract: Aspects of the present disclosure involve a method and a system to perform a cryptographic operation that involves a number theoretic transformation of a first vector to a second vector by obtaining components of the first vector, performing a plurality of iterations that each include determining a plurality of output values, wherein each of the plurality of output values is a linear combination of two or more input values, the input values into a first iteration being the components of the first vector and the output values of the last iteration being representative of components of the second vector, and wherein one or more of the output values of at least one iteration are randomized by multiplying at least one input value by a random number, and determining, based on the output values of the last of the plurality of iterations, the components of the second vector.

Abstract: Aspects of the present disclosure involve a method and a system to perform the method to obtain a cryptographic output of a plurality of rounds of a cipher, by performing a plurality of modified rounds of the cipher, each of the modified rounds computing an unmasking transform, an operation of a respective round of the cipher, and a masking transform, the unmasking transform being an inverse of the masking transform of a previous round of the cipher.

Abstract: A block of dynamic memory in a DRAM device is organized to share a common set of bitlines may be erased/destroyed/randomized by concurrently activating multiple (or all) of the wordlines of the block. The data held in the sense amplifiers and cells of an active wordline may be erased by precharging the sense amplifiers and then writing precharge voltages into the cells of the open row. Rows are selectively configured to either be refreshed or not refreshed. The rows that are not refreshed will, after a time, lose their contents thereby reducing the time interval for attack. An external signal can cause the isolation of a memory device or module and initiation of automatic erasure of the memory contents of the device or module using one of the methods disclosed herein. The trigger for the external signal may be one or more of temperature changes/conditions, loss of power, and/or external commands from a controller.

Abstract: Hardware masking may be used as a countermeasure to make power analysis attacks more difficult. Masking attempts to decouple the secret and/or processed values of a cryptographic algorithm from its intermediate values. One method of masking probabilistically splits each bit of a computation into multiple shares. Mask-share domains (i.e., the wires and gates that perform a computation on a share) are physically spaced to reduce coupling between mask-share domains. The mask-share domains may be connected to the same power supply network. The physical distance between mask-share domains along the power-supply network may be selected to reduce coupling between mask-share domains that may occur via the power supply network. The mask-share domains may each be connected to different on-chip power supply networks.

Abstract: An encrypted sequence that includes an authentication key may be received. A base key stored at a device may be identified and the encrypted sequence may be decrypted with the base key to obtain the authentication key. A challenge value may be received and the authentication key may be combined with the challenge value to generate a device ephemeral key. An authentication result may be generated for the device based on a combination of the device ephemeral key and the challenge value. Furthermore, the authentication result may be transmitted to a mobile network to authenticate the device.

Abstract: Described are implementations directed to protecting secret data against adversarial attacks by obfuscating the secret data during storage and communication. Obfuscation techniques include, among other things, splitting secret data into a plurality of portions, performing rotation of secret data, splitting secret data into a plurality of shares, modifying shares of secret data in view of the values of the shares, and various other protection mechanisms.

Abstract: A base key that is stored at a mobile device may be received. A first dynamic key that is based on the base key may be generated. First transaction data corresponding to a first transaction associated with the mobile device may be received. Furthermore, the first dynamic key may be updated to generate a second dynamic key based on a combination of the first dynamic key and the first transaction data corresponding to the first transaction. Authentication of a second transaction associated with the mobile device may be requested based on the second dynamic key.

Abstract: Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.

Abstract: Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.

Abstract: An indication of a key generation function may be received from a server. A random value may be received based on a volatile memory of a device. A cryptographic key may be generated based on the key generation function from the server and the random value that is based on the volatile memory of the device. The cryptographic key may be stored at a non-volatile memory of the device.

Abstract: A block of dynamic memory in a DRAM device is organized to share a common set of bitlines may be erased/destroyed/randomized by concurrently activating multiple (or all) of the wordlines of the block. The data held in the sense amplifiers and cells of an active wordline may be erased by precharging the sense amplifiers and then writing precharge voltages into the cells of the open row. Rows are selectively configured to either be refreshed or not refreshed. The rows that are not refreshed will, after a time, lose their contents thereby reducing the time interval for attack. An external signal can cause the isolation of a memory device or module and initiation of automatic erasure of the memory contents of the device or module using one of the methods disclosed herein. The trigger for the external signal may be one or more of temperature changes/conditions, loss of power, and/or external commands from a controller.

Abstract: A value corresponding to a physical variation of a device may be received. Furthermore, helper data associated with the physical variation of the device may be received. A result data may be generated based on a combination of the value corresponding to the physical variation of the device and the helper data. An error correction operation may be performed on the result data to identify one or more code words associated with the error correction operation. Subsequently, a target data may be generated based on the one or more code words.

Abstract: An indication of a key generation function may be received from a server. A random value may be received based on a volatile memory of a device. A cryptographic key may be generated based on the key generation function from the server and the random value that is based on the volatile memory of the device. The cryptographic key may be stored at a non-volatile memory of the device.

Abstract: Described herein are technologies for application authentication and/or data encryption without stored pre-shared keys. In one resource controller, a processing device receives an application identifier (ID) from the application. The processing device provides a current nonce responsive to the application ID and provides the application access to the system resource responsive to determining that a hash of a current key received from the application equals a current tag. The current key is generated by the application based on code of the application and the current nonce. The current tag was previously provided from the application to the resource controller. The current tag can also be hashed by the application using the current key.

Abstract: A media storage device includes a media security controller circuit and a memory to store data that relates to a media item to be rendered by a rendering device. The media security controller circuit sends a message to the rendering device that causes the rendering device to obtain a portion of data from memory of the media storage device and provide it to the media security controller circuit. The portion is received and transformed by the media security controller circuit. The media security controller circuit sends the transformed portion to the rendering device.