Patents by Inventor Reuven Elbaum
Reuven Elbaum has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11984512Abstract: In one embodiment, memory cell includes a control gate, a floating gate, a substrate comprising a source region and a drain region, a first isolator between the control gate and floating gate, and a second isolator between the floating gate and the substrate. The memory cell is configured to have a retention time that is within a statistical window around a selected lifespan. The selected lifespan may be less than ten years, such as, for example, less than one year, less than one month, or less than one week.Type: GrantFiled: September 25, 2020Date of Patent: May 14, 2024Assignee: INTEL CORPORATIONInventors: Uri Bear, Elad Peer, Elena Sidorov, Rami Sudai, Reuven Elbaum, Steve J. Brown
-
Publication number: 20240110975Abstract: Methods and apparatus relating to techniques to provide secure remote debugging are described. In an embodiment, a debugging entity generates and transmits a host token to a device via an interface. The interface provides encrypted communication between the debugging entity and the device. The debugging entity generates a session key based at least in part on the host token and a device token. The debugging entity transmits an acknowledgement signal to the device after generation of the session key to initiate a debug session. The debugging entity transmits a debug unlock key to the device to cause the device to be unlocked for the debug session. Other embodiments are also disclosed and claimed.Type: ApplicationFiled: September 30, 2022Publication date: April 4, 2024Applicant: Intel CorporationInventors: Tsvika Kurts, Vladislav Mladentsev, Elias Khoury, Rakesh Kandula, Reuven Elbaum, Boris Dolgunov
-
Publication number: 20240061942Abstract: An apparatus is described including cryptography circuitry to generate authentication tags to provide integrity protection for plaintext and ciphertext.Type: ApplicationFiled: October 27, 2023Publication date: February 22, 2024Applicant: Intel CorporationInventors: Reuven Elbaum, Gyora Benedek, Avinash L. Varna, David Novick
-
Patent number: 11816229Abstract: An apparatus is described including cryptography circuitry to generate authentication tags to provide integrity protection for plaintext and ciphertext.Type: GrantFiled: August 13, 2021Date of Patent: November 14, 2023Assignee: Intel CorporationInventors: Reuven Elbaum, Gyora Benedek, Avinash L. Varna, David Novick
-
Publication number: 20230185905Abstract: Protection of authentication tag computation against power and electromagnetic side-channel attacks is described. An example of one or more storage mediums includes instructions for performing a process for calculation of an authentication tag for a data encryption operation, including generating one or more random values; receiving multiple data blocks for calculation, and performing calculation utilizing the received data blocks and the one or more random values to generate intermediate values; performing a data accumulation operation to accumulate random values in calculation of the data blocks; and calculating the authentication tag based at least in part on the generated intermediate values and the accumulated random values.Type: ApplicationFiled: December 15, 2022Publication date: June 15, 2023Applicant: Intel CorporationInventors: Santosh Ghosh, Avinash L. Varna, Reuven Elbaum, Manoj Sastry
-
Patent number: 11645185Abstract: Micro-architectural fault detectors are described. An example of storage mediums includes instructions for receiving one or more micro instructions for scheduling in a processor, the processor including one or more processing resources; and performing fault detection in performance of the one or more micro instructions utilizing one or more of a first idle canary detection mode, wherein the first mode includes assigning at least one component as an idle canary detector to perform a canary process with an expected outcome, and a second micro-architectural redundancy execution mode, wherein the second mode includes replicating a first micro instruction to generate micro instructions for performance by a set of processing resources.Type: GrantFiled: September 25, 2020Date of Patent: May 9, 2023Assignee: INTEL CORPORATIONInventors: Reuven Elbaum, Chaim Shen-Orr, Assaf Admoni
-
Patent number: 11392698Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack detecting a translation lookaside buffer (TLB) miss on a virtual address lookup caused by the speculative execution of an instruction and determining that the physical memory address associated with the virtual address lookup contains a privileged object or a secret object. Range register circuitry determines whether the physical memory address is located in an address range containing privileged objects or secret objects. Performance monitoring counter (PMC) circuitry generates an interrupt in response to receipt of information indicative of the TLB miss and information indicative that the physical memory address contains a privileged object or a secret object. The PMC circuitry causes the storage of information associated with the speculatively executed instruction causing the virtual address lookup.Type: GrantFiled: March 15, 2019Date of Patent: July 19, 2022Assignee: Intel CorporationInventors: Chaim Shen-Orr, Baruch Chaikin, Ahmad Yasin, Reuven Elbaum
-
Publication number: 20220100629Abstract: Micro-architectural fault detectors are described. An example of storage mediums includes instructions for receiving one or more micro instructions for scheduling in a processor, the processor including one or more processing resources; and performing fault detection in performance of the one or more micro instructions utilizing one or more of a first idle canary detection mode, wherein the first mode includes assigning at least one component as an idle canary detector to perform a canary process with an expected outcome, and a second micro-architectural redundancy execution mode, wherein the second mode includes replicating a first micro instruction to generate micro instructions for performance by a set of processing resources.Type: ApplicationFiled: September 25, 2020Publication date: March 31, 2022Applicant: Intel CorporationInventors: Reuven Elbaum, Chaim Shen-Orr, Assaf Admoni
-
Publication number: 20220083651Abstract: Protection of authentication tag computation against power and electromagnetic side-channel attacks is described. An example of one or more storage mediums includes instructions for performing a process for calculation of an authentication tag for a data encryption operation, including generating one or more random values; receiving multiple data blocks for calculation, and performing calculation utilizing the received data blocks and the one or more random values to generate intermediate values; performing a data accumulation operation to accumulate random values in calculation of the data blocks; and calculating the authentication tag based at least in part on the generated intermediate values and the accumulated random values.Type: ApplicationFiled: September 17, 2020Publication date: March 17, 2022Applicant: Intel CorporationInventors: Santosh Ghosh, Avinash L. Varna, Reuven Elbaum, Manoj Sastry
-
Publication number: 20220029838Abstract: The disclosure generally provides methods, systems and apparatus to construct a Physically Unclonable Function (PUF) value for an electronic package based on the package's internal components and their interconnects. In one embodiment, the package is a System-On-Chip (SOC) having a plurality of dielets and a plurality of interconnect connecting the dielets. Each of the dielets and each of the interconnects (at one or more locations) may define an entropy source. each entropy source may have an entropy value. Each entropy source communicates an initial entropy value to a PUF aggregator. The PUF aggregator receives and/or aggregates the various entropies from the various entropy sources to construct the native SOC PUF value. The native SOC PUF value defines the authentic PUF value of the SOC at SOC release. Any deviation from the native SOC PUF value may be deemed a security breach of the SOC.Type: ApplicationFiled: September 22, 2021Publication date: January 27, 2022Applicant: Intel CorporationInventors: Uri Bear, Reuven Elbaum, Elad Peer
-
Patent number: 11194933Abstract: The present disclosure is directed to systems and methods to protect against SCA and fault injection attacks through the use of a temporary or ephemeral key to cryptographically alter input data portions. Universal resistant block (URB) circuitry receives a seed data value and a at least one secret key data value and generates an ephemeral key output data value. Cryptographic circuitry uses the ephemeral key data value to transform an input data portion to produce an transformed output data portion. The use of an SCA or fault injection attack on the transformed output data portion will reveal only the ephemeral key data value and not the at least one secret key data value. Further, where a unique ephemeral key data value is used to transform each input data portion, an attacker cannot discover the ephemeral key in a piecemeal manner and must instead discover the complete ephemeral key data value—significantly increasing the difficulty of performing a successful SCA or fault injection attack.Type: GrantFiled: June 4, 2019Date of Patent: December 7, 2021Assignee: Intel CorporationInventors: Yaacov Belenky, Gyora Benedek, Reuven Elbaum, David Novick, Elad Peer, Chaim Shen-Orr, Yonatan Shlomovich
-
Publication number: 20210374256Abstract: An apparatus is described including cryptography circuitry to generate authentication tags to provide integrity protection for plaintext and ciphertext.Type: ApplicationFiled: August 13, 2021Publication date: December 2, 2021Applicant: Intel CorporationInventors: Reuven Elbaum, Gyora Benedek, Avinash L. Varna, David Novick
-
Publication number: 20210020775Abstract: In one embodiment, memory cell includes a control gate, a floating gate, a substrate comprising a source region and a drain region, a first isolator between the control gate and floating gate, and a second isolator between the floating gate and the substrate. The memory cell is configured to have a retention time that is within a statistical window around a selected lifespan. The selected lifespan may be less than ten years, such as, for example, less than one year, less than one month, or less than one week.Type: ApplicationFiled: September 25, 2020Publication date: January 21, 2021Applicant: Intel CorporationInventors: Uri Bear, Elad Peer, Elena Sidorov, Rami Sudai, Reuven Elbaum, Steve J. Brown
-
Patent number: 10489308Abstract: Various systems and methods for detecting and preventing side-channel attacks, including attacks aimed at discovering the location of KASLR-randomized privileged code sections in virtual memory address space, are described. In an example, a computing system includes electronic operations for detecting unauthorized attempts to access kernel virtual memory pages via trap entry detection, with operations including: generating a trap page with a physical memory address; assigning a phantom page at an open location in the privileged portion of the virtual memory address space; generating a plurality of phantom page table entries corresponding to an otherwise-unmapped privileged virtual memory region; placing the trap page in physical memory and placing the phantom page table entry in a page table map; and detecting an access to the trap page via the phantom page table entry, to trigger a response to a potential attack.Type: GrantFiled: June 29, 2017Date of Patent: November 26, 2019Assignee: Intel CorporationInventors: Uri Bear, Gyora Benedek, Baruch Chaikin, Jacob Jack Doweck, Reuven Elbaum, Dimitry Kloper, Elad Peer, Chaim Shen-orr, Yonatan Shlomovich
-
Publication number: 20190286853Abstract: The present disclosure is directed to systems and methods to protect against SCA and fault injection attacks through the use of a temporary or ephemeral key to cryptographically alter input data portions. Universal resistant block (URB) circuitry receives a seed data value and a at least one secret key data value and generates an ephemeral key output data value. Cryptographic circuitry uses the ephemeral key data value to transform an input data portion to produce an transformed output data portion. The use of an SCA or fault injection attack on the transformed output data portion will reveal only the ephemeral key data value and not the at least one secret key data value. Further, where a unique ephemeral key data value is used to transform each input data portion, an attacker cannot discover the ephemeral key in a piecemeal manner and must instead discover the complete ephemeral key data value—significantly increasing the difficulty of performing a successful SCA or fault injection attack.Type: ApplicationFiled: June 4, 2019Publication date: September 19, 2019Inventors: Yaacov Belenky, Gyora Benedek, Reuven Elbaum, David Novick, Elad Peer, Chaim Shen-Orr, Yonatan Shlomovich
-
Publication number: 20190213330Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack detecting a translation lookaside buffer (TLB) miss on a virtual address lookup caused by the speculative execution of an instruction and determining that the physical memory address associated with the virtual address lookup contains a privileged object or a secret object. Range register circuitry determines whether the physical memory address is located in an address range containing privileged objects or secret objects. Performance monitoring counter circuitry receives information indicative of the TLB miss and information indicative that the physical memory address contains a privileged object or a secret object. The PMC circuitry generates an interrupt in response to receipt of information indicative of the TLB miss and information indicative that the physical memory address contains a privileged object or a secret object.Type: ApplicationFiled: March 15, 2019Publication date: July 11, 2019Applicant: Intel CorporationInventors: CHAIM SHEN-ORR, BARUCH CHAIKIN, AHMAD YASIN, REUVEN ELBAUM
-
Publication number: 20190004972Abstract: Various systems and methods for detecting and preventing side-channel attacks, including attacks aimed at discovering the location of KASLR-randomized privileged code sections in virtual memory address space, are described. In an example, a computing system includes electronic operations for detecting unauthorized attempts to access kernel virtual memory pages via trap entry detection, with operations including: generating a trap page with a physical memory address; assigning a phantom page at an open location in the privileged portion of the virtual memory address space; generating a plurality of phantom page table entries corresponding to an otherwise-unmapped privileged virtual memory region; placing the trap page in physical memory and placing the phantom page table entry in a page table map; and detecting an access to the trap page via the phantom page table entry, to trigger a response to a potential attack.Type: ApplicationFiled: June 29, 2017Publication date: January 3, 2019Inventors: Uri Bear, Gyora Benedek, Baruch Chaikin, Jacob Jack Doweck, Reuven Elbaum, Dimitry Kloper, Elad Peer, Chaim Shen-orr, Yonatan Shlomovich
-
Patent number: 10090025Abstract: In one embodiment, an integrated circuit comprises a volatile memory including a plurality of memory cells, a detector to detect one or more in-specification conditions, and a discharger, external to the volatile memory, to discharge electric charge stored in the integrated circuit, including electric charge stored in the volatile memory, unless the detector detects the one or more conditions.Type: GrantFiled: October 13, 2016Date of Patent: October 2, 2018Assignee: Cisco Technology, Inc.Inventor: Reuven Elbaum
-
Publication number: 20180108386Abstract: In one embodiment, an integrated circuit comprises a volatile memory including a plurality of memory cells, a detector to detect one or more in-specification conditions, and a discharger, external to the volatile memory, to discharge electric charge stored in the integrated circuit, including electric charge stored in the volatile memory, unless the detector detects the one or more conditions.Type: ApplicationFiled: October 13, 2016Publication date: April 19, 2018Inventor: Reuven ELBAUM
-
Patent number: 9135453Abstract: A method for data transfer includes receiving a control signal triggering a transfer of a secret value into an element (24) of a circuit (20). In response to the control signal, a dummy value (42, 50) and the secret value are inserted in succession into the element of the circuit.Type: GrantFiled: August 27, 2012Date of Patent: September 15, 2015Assignee: CISCO TECHNOLOGY INC.Inventors: Chaim Shen-Orr, Yonatan Shlomovich, Reuven Elbaum, Zvi Shkedy, Lior Amarilio, Yigal Shapiro, Uri Bear