Abstract: A method comprises fetching, by fetch circuitry, an encoded XOR3P instruction comprising at least one opcode, a first source identifier to identify a first register, a second source identifier to identify a second register, a third source identifier to identifier a third register, and a fourth source identifier to identify a fourth operand, wherein the first register is to store a first value, the second register is to store a second value, and the third register is to store a third value, decoding, by decode circuitry, the encoded XOR3PP instruction to generate a decoded XOR3PP instruction; and executing, by execution circuitry, the decoded XOR3PP instruction to determine a first rotational value and a second rotational value, perform a rotate operation on at least a portion of the first value based on the first rotational value to generate a rotated third value, perform an XOR operation on at least a portion of the first value, at least a portion of the second value, and the rotated third value to generate

Abstract: Techniques for clock manager monitoring for time sensitive networks are described. An apparatus, comprises a clock circuitry to manage a clock for a device, a processing circuitry coupled to the clock circuitry, the processing circuitry to execute instructions to perform operations for a clock manager, the clock manager to receive messages with time information for a network and generate clock manager control information to adjust the clock to a network time for the network, and a detector coupled to the processing circuitry and the clock circuitry, the detector to receive the clock manager control information, generate model control information based on a clock model, compare the clock manager control information with the model control information to generate difference information, and determine whether to generate an alert based on the difference information. Other embodiments are described and claimed.

Abstract: A digital signature verification unit or other apparatus of an aspect includes cryptographic hash circuitry to generate cryptographic hashes and multi-scheme hash-based digital signature verification circuitry coupled with the cryptographic hash circuitry. The multi-scheme hash-based digital signature verification circuitry is to use the cryptographic hash circuitry to verify digital signatures according to only one of a plurality of hash-based digital signature verification schemes at a time, the plurality of hash-based digital signature verification schemes including a first hash-based digital signature verification scheme and a second hash-based digital signature verification scheme. Other apparatus, methods, and systems are disclosed.

Abstract: Techniques to perform time recovery from attacks on delayed authentication in a time synchronized network are described. One embodiment comprises a method for decoding time information and a message authentication code (MAC) from a time message, the time information to synchronize a local clock for a device to a network time of a time synchronized network (TSN), and the MAC to authenticate the time message, determining whether the time message is authentic using the MAC, discarding the time information when the time message is not authentic, performing a bounded search to identify authentic time information using the MAC, and passing the authentic time information to a clock manager to synchronize the local clock to the network time of the TSN when the authentic time information is identified. Other embodiments are described and claimed.

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

Abstract: Techniques for an attack-aware digital twin in a time sensitive network are described. A method includes receiving time information for a network by an attack-aware digital twin (AADT), the AADT to simulate operations of a clock manager for a node in the network based on models of the clock manager, generating model clock control information to adjust a clock to a network time for the network, the model clock control information to contain a malicious time sample introduced by a time desynchronization attack in the network, and removing the malicious time sample from the model clock control information to adjust the clock to the network time for the network. Other embodiments are described and claimed.

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

Abstract: Systems, apparatuses, and methods to attest to and verify the integrity of cargo during transport by an autonomous vehicle are provided. An autonomous vehicle can discretize parameters associated with transportation of cargo and can generate a keyed hash digest from the discretized parameters. The keyed hash digest can be sent to a stakeholder in the transportation of the cargo to attest to the integrity of the cargo during transport.

Abstract: A method comprises fetching, by fetch circuitry, an encoded XOR3PP instruction comprising at least one opcode, a first source identifier to identify a first register, a second source identifier to identify a second register, a third source identifier to identifier a third register, and a fourth source identifier to identify a fourth operand, wherein the first register is to store a first value, the second register is to store a second value, and the third register is to store a third value, decoding, by decode circuitry, the encoded XOR3PP instruction to generate a decoded XOR3PP instruction; and executing, by execution circuitry, the decoded XOR3PP instruction to determine a first rotational value and a second rotational value, perform a rotate operation on at least a portion of the first value based on the first rotational value to generate a rotated third value, perform an XOR operation on at least a portion of the first value, at least a portion of the second value, and the rotated third value to generate

Abstract: Techniques for improved Keccak execution resilient to physical side-channel attacks are described. In some examples, a Keccak round datapath includes a first path including a theta step, a rho step, a pi step, and an iota step to process a masked version of the 1600-bit input state, a second path including a theta step, a rho step, and a pi step to process a mask 1600-bit input state, and a masked chi step shared by the first path and second path.

Abstract: Circuitry and methods for implementing one or more Keccak permutation instructions are described. In certain examples, a hardware processor (e.g.

Abstract: Techniques for attenuation and obfuscation to mitigate power and/or electromagnetic (EM) field attacks on encryption circuitry are described. In certain examples, a system includes a processor core; and an accelerator coupled to the processor core, the accelerator comprising: encryption circuitry, coupled to a power source, to encrypt data into encrypted data, time-domain obfuscation control circuitry to connect and disconnect one or more capacitors to the encryption circuitry during the encrypt to provide obfuscation across a time-domain to maintain a software observable power consumption of the accelerator to about a value, and signature attenuation control circuitry to selectively connect the encryption circuitry during the encrypt to a shunt to drain power to maintain the software observable power consumption of the accelerator at about the value.

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

Abstract: Techniques for implementing a hardware engine for stateless hash-based signatures according to a SPHINCS+standard with encryption according to a SHA256 encryption standard are described. In certain examples, a system includes a processor core; and an accelerator coupled to the processor core, the accelerator comprising: one or more hash engine circuits, a coupling to allow for communication between the one or more hash engine circuits and a memory, and hash control circuitry to, for a request to perform a stateless hash-based signature operation on an input, cause performance of a one-time signature scheme function and a forest of random subsets function by the one or more hash engine circuits to generate a resultant.

Abstract: Systems, apparatuses, and methods to identify bus-off and masquerade attacks against electronic control units (ECUs) transmitting on a communication bus from behind a gateway coupled to the communication bus are described. The disclosure further describes systems, apparatuses, and methods to mitigate against bus-off attacks made against an ECU coupled to a communication bus through a gateway. Other embodiments are described and claimed.

Abstract: Systems, apparatuses, and methods to establish ground truth for an intrusion detection system in the presence of an attacker electronic control unit transmitting masqueraded messages on a communication bus, such as an in-vehicle network bus, are provided.

Abstract: Methods and apparatus relating to a physics-based approach for attack detection and/or localization in closed-loop controls for autonomous vehicles are described. In an embodiment, multiple state estimators are used to compute a set of residuals to detect, classify, and/or localize attacks. This allows for determination of an attacker's location and the kind of attack being perpetrated. Other embodiments are also disclosed and claimed.

Abstract: In one example an apparatus comprises a computer readable memory, an XMSS verification manager logic to manage XMSS verification functions, a one-time signature and public key generator logic, a chain function logic to implement chain function algorithms, a low latency SHA3 hardware engine, and a register bank communicatively coupled to the XMSS verification manager logic. Other examples may be described.

Abstract: Systems and methods to detect attacks on the clocks of devices in time sensitive networks are described. Particularly, the disclosed systems and methods provide detection and mitigation of timing synchronization attacks based on pseudo-random numbers generated and used to select and authenticate timing of transmission of messages in protected transmission windows.