Abstract: A method and data processing system are provided for detecting a malicious component in a data processing system. The malicious component may be of any type, such as a hardware trojan, malware, or ransomware. In the method, a plurality of counters is used to count events in the data processing system during operation, where each event has a counter associated therewith. A machine learning model is trained a normal pattern of behavior of the data processing system using the event counts. After training, an operation of the data processing system is monitored using the machine learning model. Current occurrences of events in the data processing system are compared to the normal pattern of behavior. If a different pattern of behavior is detected, an indication, such as a flag, of the different pattern of behavior is provided.

Abstract: A fault detection circuit includes a plurality of conductors, a plurality of logic gates coupled to the conductors, a storage circuit, and a checker circuit. The conductors are arranged in parallel. Each logic gate is coupled to a first end of each conductor. The storage circuit is coupled to a second end of each conductor. The checker circuit is coupled to the storage circuit. A known initial bit pattern is provided to an input of the logic gates, and an output of the logic gates is provided to the storage circuit via the conductors. The checker circuit determines if the output of the logic gates stored in the storage circuit is an expected result. If the output is not the expected result, then the checker circuit provides an indication that a fault injection attack is occurring. In another embodiment, a method for detecting a fault injection attack is provided.

Abstract: A method is provided for protecting an electronic device from a side-channel attack (SCA). The method includes providing a plurality of countermeasures that are for protecting the electronic device from the SCA. A set of countermeasures of the plurality of countermeasures is randomly enabled from the plurality of countermeasures to provide the protection during operation of the electronic device, such as for example, during an encryption operation. The method makes it more difficult for an attacker to construct a template of the electronic device that could be used in the SCA. In another embodiment, an electronic device is provided that incorporates the method.

Abstract: A combination of machine learning models is provided, according to certain aspects, by a data-aggregation circuit, and a computer server. The data-aggregation circuit is used to assimilate respective sets of output data from at least one of a plurality of circuits to create a new data set, the respective sets of output data being related in that each set of output data is in response to a common data set processed by the machine learning circuitry in the at least one of the plurality of circuits. The computer server uses the new data set to train machine learning operations in at least one of the plurality of circuits.

Abstract: A method is provided for defending against a fuzzing analysis in a device. The method including: receiving, by the first device, a message from a second device; determining the message type of the message; determining that the message type is different from known message types of a protocol used by the first device; determining that the fuzzing analysis of the protocol is underway; and using the message type of the message to randomly determine an action against the fuzzing analysis. The action is intended to cause an attacker who tries to use fuzzing against a device to spend much more effort to discover a bug that can be exploited, and thus discourage the attacker from continuing the attack.

Abstract: A method is provided for authenticating an electronic device. The method includes obtaining a message to be sent. A plurality of error locations is determined for errors to be intentionally introduced into the message. The plurality of error locations is communicated to a verifier device. A bit at each of the error locations of the plurality of error locations is inverted in the message in the electronic device to generate a message with intentionally introduced errors. The plurality of error locations is sent to a verifier device. The message with the intentionally introduced errors is transmitted to the verifier device. The verifier device is enabled to use the plurality of error locations to authenticate the electronic device by comparing errors detected in the transmitted message to the plurality of error locations. The method provides a way to detect a clone of the electronic device.

Abstract: A method is provided for identifying or authenticating an object. The method includes vibrating the object at a plurality of frequencies. The vibrations from the object are sensed at each of the plurality of frequencies using an accelerometer. A vibration profile of the object is generated using the sensed vibrations. The generated vibration profile is then compared to a stored vibration profile. It is determined if the generated vibration profile matches the stored vibration profile. A match indicates that the object has been identified or authenticated. In another embodiment, an object capable of implementing the method is provided. In another embodiment, the object may include a replaceable accessary. In this case, the initial and generated vibration profiles may be created with the replacement accessary attached to the object. A match of the generated and initial vibration profiles indicates that the replaceable accessary is authentic.

Abstract: A method is provided for detecting a fuzzing analysis in a device. In the method, a new message of a message type is received from a second device. The message type of the new message is predicted from previously received messages. In one embodiment, the prediction is performed using a machine learning model. Also, the message type of the new message is determined. The message type may be determined by decoding and parsing the new message using instruction execution circuitry of a processor. A likelihood that the predicted message type compares favorably to the determined message type of the new message is computed. In another embodiment, a lookup table of likely subsequent messages to previously received messages is stored in the first electronic device. If it is determined that the predicted message type does not compare favorably to a threshold likelihood value, an indication of a fuzzing attack is indicated.

Abstract: A method is provided for detecting a profiling attack in an electronic device. The method includes causing provisioning of the device with a key and causing key operations using the key. A total key provisions counter value of a total key provisions counter is updated in response to the key provisioning. Also, a counter value of a total operations counter corresponding to a total number of operations is updated using the detected provisioned keys. A predetermined relationship between the total key provisions counter value and the total operations counter value is detected. An indication of the profiling attack is provided in response to the relationship meeting a predetermined criterion. In another embodiment, an electronic device having a total key provisions counter value and a total key operations counter value is provided. A predetermined relationship between the counter values indicates a profiling attack of the electronic device.

Abstract: A method for detecting a fault injection is described. The method includes providing a secondary code, the secondary code including a predetermined function with a known expected result when the secondary code is executed with a known tested input. A primary code is executed in the data processing system. The primary code may be a portion of code that requires protection from a fault injection attack, such as for example, security sensitive code. The secondary code is executed in parallel with the primary code execution in the data processing system to produce an output. The output is compared with the known expected result to detect the fault injection attack of the data processing system. In one embodiment, the secondary code is not related to the primary code.

Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.

Abstract: A method for protecting a machine learning model is provided. In the method, a first machine learning model is trained, and a plurality of machine learning models derived from the first machine learning model is trained. Each of the plurality of machine learning models may be different from the first machine learning model. During inference operation, a first input sample is provided to the first machine learning model and to each of the plurality of machine learning models. The first machine learning model generates a first output and the plurality of machine learning models generates a plurality of second outputs. The plurality of second outputs are aggregated to determine a final output. The final output and the first output are classified to determine if the first input sample is an adversarial input. If it is adversarial input, a randomly generated output is provided instead of the first output.

Abstract: A method is provided for challenge-response authentication between a verifier and a prover. In the method, a challenge is received from the verifier, the challenge for verifying an identity of the prover. The challenge is computed using a first verifier key. The prover computes a response to the challenge using a first prover key. The prover also computes a delay time for delaying transmission of the response to the verifier using a second prover key and a delay computation function. The response is transmitted by the prover to the verifier at the computed delay time. The response is verifiable by the verifier using the first verifier key. An arrival time of the response is verifiable by the verifier using a second verifier key. In another embodiment, a device for providing a delayed response is provided.

Abstract: A data processing system and a method are provided for acquiring data for training a machine learning (ML) model for use in self-monitoring the data processing system. The data processing system operates in a data acquisition mode to acquire training data for training the ML model. The training data is acquired from an anomaly detector of the data processing system while operating in the data acquisition mode. At least a portion of the training data is determined to be biased, and a portion of the training data is unbiased. The unbiased portion of the training data is transferred to a training environment external to the data processing system. The unbiased portion of the training data is acquired for training the ML model to function with the anomaly detector during a normal operating mode to determine when an anomaly is present in the data processing system.

Abstract: A method is provided for detecting copying of a machine learning model. In the method, the first machine learning model is divided into a plurality of portions. Intermediate outputs from a hidden layer of a selected one of the plurality of portions is compared to corresponding outputs from a second machine learning model to detect the copying. Alternately, a first seal may be generated using the plurality of inputs and the intermediate outputs from nodes of the selected portion. A second seal from a suspected copy that has been generated the same way is compared to the first seal to detect the copying. If the first and second seals are the same, then there is a high likelihood that the suspected copy is an actual copy. By using the method, only the intermediate outputs of the machine learning model outputs have to be disclosed to others, thus protecting the confidentiality of the model.

Abstract: A method is provided for identifying or authenticating an object. The method includes vibrating the object at a plurality of frequencies. The vibrations from the object are sensed at each of the plurality of frequencies using an accelerometer. A vibration profile of the object is generated using the sensed vibrations. The generated vibration profile is then compared to a stored vibration profile. It is determined if the generated vibration profile matches the stored vibration profile. A match indicates that the object has been identified or authenticated. In another embodiment, an object capable of implementing the method is provided. In another embodiment, the object may include a replaceable accessary. In this case, the initial and generated vibration profiles may be created with the replacement accessary attached to the object. A match of the generated and initial vibration profiles indicates that the replaceable accessary is authentic.

Abstract: Embodiments address the problem of detecting anomalies in data sets with respect to well-defined normal behavior. Deviations of data collected in real-time are detected using a previously observed distribution of data known to be benign. Embodiments provide techniques to detect varying types of anomalies by creating multiple aggregation layers having varying granularities on top of the lowest level of data collection. This allows detection of fine anomalies that strongly impact single data points, as well as coarse anomalies that detect multiple data points less strongly. Machine learning models are trained and used to compare real-time data sets against behavior of a benign data set in order to detect differences and to flag anomalous behavior.

Abstract: A method is provided for partitioning a plurality of devices in a communications system. The method includes providing the communications system with a central server that communicates with each of the plurality of devices. The communications system communicates in a plurality of time periods. The plurality of devices is partitioned into two or more groups of devices. Time periods of the plurality of time periods are assigned for communications of the two or more groups of devices. Time intervals between the time periods for the two or more groups are determined to be co-prime time intervals greater than one, and each of the two or more groups is assigned a different time interval of the co-prime time intervals. The two or more groups are active for communications only during the assigned time periods determined by the co-prime time intervals. A device is also provided for operating in the communications system.

Abstract: Various embodiments relate to a method of producing a machine learning model with a fingerprint that maps an input value to an output label, including: selecting a set of extra input values, wherein the set of extra input values does not intersect with a set of training labeled input values for the machine learning model; selecting a first set of artificially encoded output label values corresponding to each of the extra input values in the set of extra input values, wherein the first set of artificially encoded output label values are selected to indicate the fingerprint of a first machine learning model; and training the machine learning model using a combination of the extra input values with associated first set of artificially encoded output values and the set of training labeled input values to produce the first learning model with the fingerprint.

Abstract: A method and data processing system are provided for determining if a machine learning model has been copied. The machine learning model has a plurality of nodes, the plurality of nodes is organized as a plurality of interconnected layers, and the plurality of interconnected layers includes an input layer and an output layer. The output layer has a predetermined number of output nodes for classifying input samples into a predetermined number of categories, where each output node corresponds to a category. An additional watermarking node is added to the output layer. The model is trained to classify the input data into the predetermined number of categories and into an additional category for the additional node. The additional node may be added to another model to determine if the another model is a copy or clone of the ML model.