Abstract: A computer-implemented method of user authentication is provided. The method comprises combining, by a computer system, a user recurrent neural network with a system recurrent neural network to form a unique combined recurrent neural network. The user recurrent neural network is configured to generate a unique user key, and the system recurrent neural network is configured to generate a system key. The computer system inputs a predetermined input into the combined recurrent neural network, and the combined recurrent neural network generates a unique combined key from the input, wherein the combined key differs from both the user key and system key. The computer system then associates the combined key with a unique access authorization to authenticate a user.

Abstract: The various technologies presented herein relate to measuring a signal generated by a die-based test circuit incorporated into an IC and utilizing the measured signal to authenticate the IC. The signal can be based upon a sensor response generated by the test circuit fabricated into the die, wherein the sensor response is based upon a property of the die material. The signal can be compared with a reference value obtained from one or more test circuit(s) respectively located on one or more reference dies, wherein the reference dies are respectively cut from different wafers, and the location at which the reference dies were cut is known. If the measured signal matches the reference value, the die is deemed to be from the same cut location as the dies from which the reference value was obtained. If the measured signal does not match the reference value, the die is not authenticated.

Abstract: Described herein are various technologies pertaining to randomizing logic associated with dangling nodes in a digital circuit design. A dangling node is an input to or output from a logic gate in the digital circuit design that is identified as not impacting a desired output of the digital circuit design. Randomizing the logic associated with a dangling node can include deleting a logic gate, adding a logic gate, replacing a logic gate with another logic gate, etc. Randomizing the logic associated with the dangling node prevents hardware trojans that may have been inserted into the circuit design from being implemented in a circuit that is generated based upon the design.

Abstract: A method for authenticating an additively manufactured (AM) object is disclosed herein. A computing device obtains a measurement that is indicative of a stochastic distribution of dopant incorporated into the AM object. The computing device generates authentication data for the AM object based upon the measurement, and authenticates the AM object based upon the authentication data.

Abstract: Described herein are various technologies pertaining to extracting cryptographic keys from user behavioral biometrics, specifically keystroke dynamics. Such cryptographic keys can be used for, among other things, user authentication throughout computer sessions. Keystroke dynamics are timing data indicating when keys were pressed and when they were released.

Abstract: A computing module is described herein, wherein the computing module is configured to perform acts including generating a digital signature for a printed circuit board (PCB), wherein the digital signature is based upon a sensor signal generated by a sensor that is electrically coupled to at least one of a trace of the PCB or an electrical component of the PCB. The acts further include determining that the PCB is authentic and is free of tampering based upon the digital signature. The acts additionally include outputting an indication that the PCB is authentic and is free of tampering responsive to determining that the PCB is authentic and is free of tampering.

Abstract: The various technologies presented herein relate to measuring a signal generated by a die-based test circuit incorporated into an IC and utilizing the measured signal to authenticate the IC. The signal can be based upon a sensor response generated by the test circuit fabricated into the die, wherein the sensor response is based upon a property of the die material. The signal can be compared with a reference value obtained from one or more test circuit(s) respectively located on one or more reference dies, wherein the reference dies are respectively cut from different wafers, and the location at which the reference dies were cut is known. If the measured signal matches the reference value, the die is deemed to be from the same cut location as the dies from which the reference value was obtained. If the measured signal does not match the reference value, the die is not authenticated.

Abstract: The various technologies presented herein relate to measuring a signal generated by a die-based test circuit incorporated into an IC, and utilizing the measured signal to authenticate the IC. The signal can be based upon a sensor response generated by the test circuit fabricated into the die, wherein the sensor response is based upon a property of the die material. The signal can be compared with a reference value obtained from one or more test circuit(s) respectively located on one or more reference dies, wherein the reference dies are respectively cut from different wafers, and the location at which the reference dies were cut is known. If the measured signal matches the reference value, the die is deemed to be from the same cut location as the dies from which the reference value was obtained. If the measured signal does not match the reference value, the die is not authenticated.

Abstract: Described herein are various technologies for providing active mitigation of cyber-attacks against industrial and other control systems. A filtering device is connected to a backplane of a control system and receives communications from various modules of the control system. The filter device analyzes the received communications and determines whether they are genuine and permissible communications for the control system. Validated signals are output to a communications bus of the control system by the filter device, while impermissible communications are blocked. The filter device can be interposed between the modules of the control system and the backplane, or the filter device can be included as a component of a control system backplane.

Abstract: Described herein are various technologies pertaining to confirming an integrity of a FPGA. A verifier circuit is placed into an FPGA bitstream to enable external verification of the FPGA configuration in real time without requiring readout of the FPGA configuration itself. Number generators are utilized to generate a key which is shared between the FPGA and an external verification component (VC). The key is utilized to configure an initial state of sequence registers respectively located on both the FPGA and the VC. When the FPGA is operating with an approved configuration, output from the sequence registers at the FPGA and the VC are the same.

Abstract: Described herein are various technologies pertaining to authentication of integrated circuits by using external factors to affect or modify an output of a physically unclonable function (PUF) circuit. In an example, the output of the PUF circuit in response to a challenge signal can be sensitive to changes in environmental factors. In another example, the output of the PUF circuit can be sensitive to user-selectable configuration parameters of the PUF circuit. In yet another example, the output of the PUF circuit can be modified by additional circuitry external to the PUF circuit based upon one or more selectable or configurable inputs. A PUF-based device authentication system that uses external factors as authentication inputs to affect a challenge response of the device authentication system can enhance authentication capabilities by permitting multi-factor authentication.

Abstract: The various technologies presented herein relate to enabling a value generated based upon a physical unclonable function (PUF) response to be available as needed, while also preventing exposure of the PUF to a malicious entity. A masked PUF response can be generated based upon applying a function to a combination of the PUF response and a data file (e.g., a bitstream), and the masked PUF response is forwarded to a requesting entity, rather than the PUF response. Hence, the PUF is masked from any entity requiring access to the PUF. The PUF can be located in a FPGA, wherein the data file is a bitstream pertinent to one or more configurable logic blocks included in the FPGA. A first masked PUF response generated with a first data file can have a different value to a second masked PUF response generated with a second data file.

Abstract: The various technologies presented herein relate to pertaining to identifying and mitigating risks and attacks on a supply chain. A computer-implemented representation of a supply chain is generated comprising nodes (locations) and edges (objects, information). Risk to attack and different attack vectors can be defined for the various nodes and edges, and further, based upon the risks and attacks, (difficulty, consequence) pairs can be determined. One or more mitigations can be generated to increase a difficulty of attack and/or reduce consequence of an attack. The one or more mitigations can be constrained, e.g., by cost, time, etc., to facilitate determination of how feasible a respective mitigation is to implement with regard to finances available, duration to implement, etc. A context-free grammar can be utilized to identify one or more attacks in the supply chain. Further, the risks can undergo a ranking to enable mitigation priority to be determined.

Abstract: The various technologies presented herein relate to binding data (e.g., software) to hardware, wherein the hardware is to utilize the data. The generated binding can be utilized to detect whether at least one of the hardware or the data has been modified between an initial moment (enrollment) and a later moment (authentication). During enrollment, an enrollment value is generated that includes a signature of the data, a first response from a PUF located on the hardware, and a code word. During authentication, a second response from the PUF is utilized to authenticate any of the content in the enrollment value, and based upon the authentication, a determination can be made regarding whether the hardware and/or the data have been modified. If modification is detected then a mitigating operation can be performed, e.g., the hardware is prevented from utilizing the data. If no modification is detected, the data can be utilized.

Abstract: An apparatus for increasing security in inter-chip communication includes a sending control module, a communication bus, and a receiving control module. The communication bus is coupled between the sending control module and the receiving control module. The sending control module operates to send data on the communication bus, disable the communication bus when threats are detected, or both.

Abstract: Techniques and mechanisms to detect and compensate for drift by a physically uncloneable function (PUF) circuit. In an embodiment, first state information is registered as reference information to be made available for subsequent evaluation of whether drift by PUF circuitry has occurred. The first state information is associated with a first error correction strength. The first state information is generated based on a first PUF value output by the PUF circuitry. In another embodiment, second state information is determined based on a second PUF value that is output by the PUF circuitry. An evaluation of whether drift has occurred is performed based on the first state information and the second state information, the evaluation including determining whether a threshold error correction strength is exceeded concurrent with a magnitude of error being less than the first error correction strength.

Abstract: Generating a physically a physically unclonable function (“PUF”) circuit value includes comparing each of first identification components in a first bank to each of second identification components in a second bank. A given first identification component in the first bank is not compared to another first identification component in the first bank and a given second identification component in the second bank is not compared to another second identification component in the second bank. A digital bit value is generated for each comparison made while comparing each of the first identification components to each of the second identification components. A PUF circuit value is generated from the digital bit values from each comparison made.

Abstract: An apparatus for increasing security in inter-chip communication includes a sending control module, a communication bus, and a receiving control module. The communication bus is coupled between the sending control module and the receiving control module. The sending control module operates to send data on the communication bus, disable the communication bus when threats are detected, or both.

Abstract: An apparatus for increasing security in inter-chip communication includes a sending control module, a communication bus, and a receiving control module. The communication bus is coupled between the sending control module and the receiving control module. The sending control module operates to send data on the communication bus, disable the communication bus when threats are detected, or both.