Abstract: A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults.

Abstract: Embodiments may include systems and methods for authenticating a message between a transmitter and a receiver. An apparatus for communication may include a transmitter to transmit a message to a receiver via a physical channel coupling the transmitter and the receiver. The message may be transmitted via a plurality of transmission voltage levels varied from a plurality of nominal voltage levels on the physical channel. The transmitter may include a voltage generator to generate the plurality of transmission voltage levels varied in accordance with a sequence of voltage variations from the plurality of nominal voltage levels for the message. The sequence of voltage variations may serve to authenticate the message between the transmitter and the receiver. Other embodiments may be described and/or claimed.

Abstract: A data processing system that provides for active prevention of masquerading attacks comprises a microcontroller, a transceiver, and an active attack prevention module (AAPM) in communication with the microcontroller and the transceiver. The microcontroller enables the data processing system to operate as a node in a vehicle control system (VCS). The transceiver enables the node to communicate with a local area network (LAN) of the VCS. The AAPM enables the node to monitor the LAN for messages. In response to detecting a message on the LAN, the AAPM automatically determines whether the message falsely identifies the node as a source, based on a value in an identifier field in the message. In response to determining that the message falsely identifies the node as the source, the AAPM automatically takes at least one remedial action to neutralize the message. Other embodiments are described and claimed.

Abstract: The disclosed embodiments generally relate to methods, systems and apparatuses to authenticate instructions on a memory circuitry. In an exemplary embodiment, the disclosure relates to a computing device (e.g., a memory protection engine) to protect integrity of one or more memory circuitry.

Abstract: In one embodiment, an apparatus includes: a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include: a multiplier circuit comprising a parallel combinatorial multiplier; and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.

Abstract: A technique includes generating a direct anonymous attestation (DAA)-based signature to prove an electronic device is a member of a group. Generating the signature includes determining a reciprocal of a prime modulus, and determining the reciprocal of the prime modulus comprises left bit shifting a Barrett multiplier by a predetermined number of bits and multiplying a result of the left bit shifting of the Barrett multiplier with the prime modulus.

Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks.

Abstract: A method of detecting epithelial cancer is described that includes the steps of: (a) determining the level of beta defensin 3 (BD-3) and beta defensin 2 (BD-2) in a suspect sample obtained from a subject; (b) comparing the level of BD-3 to BD-2 determined in the suspect sample to obtain a suspect BD-3/BD-2 ratio, (c) comparing the suspect BD-3/BD-2 ratio to a healthy BD-3/BD-2 ratio to obtain a diagnostic BD-3/BD-2 ratio; and (d) characterizing the subject as having epithelial cancer if the diagnostic BD-3/BD-2 ratio is greater than 1. A microfluidic device for detecting epithelial cancer using the diagnostic BD-3/BD-2 ratio is also described.

Abstract: Embodiments of a system for, and method for using, an elliptic curve cryptography integrated circuit are generally described herein. An elliptic curve cryptography (ECC) operation request may be received. One of a plurality of circuit portions may be instructed to perform the ECC operation. The plurality of circuit portions that may be used include a finite field arithmetic circuit portion, an EC point addition and doubler circuit portion, a finite field exponentiation circuit portion, and a point multiplier circuit portion. The result of the ECC operation may then be output.

Abstract: Apparatuses and methods associated with configurable crypto hardware engine are disclosed herein. In embodiments, an apparatus for signing or verifying a message may comprise: a hardware hashing computation block to perform hashing computations; a hardware hash chain computation block to perform successive hash chain computations; a hardware private key generator to generate private keys; and a hardware public key generator to generate public keys, including signature generations and signature verifications. The hardware hashing computation block, the hardware hash chain computation block, the hardware private key generator, and the hardware public key generator may be coupled to each other and selectively cooperate with each other to perform private key generation, public key generation, signature generation or signature verification at different points in time. Other embodiments may be disclosed or claimed.

Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads a datapath selector signal that indicates a 256-bit data width or a 384-bit data width. The ECC engine reads one or more parameters having a data width indicated by the datapath selector signal from a data port. The ECC engine reads an opcode from an instruction port that identifies an ECC operation such as an elliptic curve operation or a prime field arithmetic operation. The ECC engine performs the operation with the data width identified by the datapath selector. The ECC engine writes results data having the data width identified by the datapath selector to one or more output ports. The ECC engine may perform the elliptic curve operation with a specified side-channel protection level. The computing device may include a cryptography driver to control the ECC engine. Other embodiments are described and claimed.

Abstract: An attestation protocol between a prover device (P), a verifier device (V), and a trusted third-party device (TTP). P and TTP have a first trust relationship represented by a first cryptographic representation based on a one-or-few-times, hash-based, signature key. V sends an attestation request to P, with the attestation request including a second cryptographic representation of a second trust relationship between V and TTP. In response to the attestation request, P sends a validation request to TTP, with the validation request being based on a cryptographic association of the first trust relationship and the second trust relationship. TTP provides a validation response including a cryptographic representation of verification of validity of the first trust relationship and the second trust relationship. P sends an attestation response to V based on the validation response.

Abstract: A cryptography accelerator system includes a direct memory access (DMA) controller circuit to read and write data directly to and from memory circuits and an on-the-fly hashing circuit to hash data read from a first memory circuit on-the-fly before writing the read data to a second memory circuit. The hashing circuit performs at least one of integrity protection and firmware/software (FW/SW) verification of the data prior to writing the data to the second memory circuit. The on-the-fly hashing circuit includes a bit repositioning circuit to designate an order of bits of a binary word in a register from a most significant bit (MSB) to a least significant bit (LSB) for performing computations without rotating bits in the register, and an on-the-fly round constant generator circuit to generate a round constant from a counter.

Abstract: Embodiments include a computing processor control flow enforcement system including a processor, a block cipher encryption circuit, and an exclusive-OR (XOR) circuit. The control flow enforcement system uses a block cipher encryption to authenticate a return address when returning from a call or interrupt. The block cipher encryption circuit executes a block cipher encryption on a first number including an identifier to produce a first encrypted result and executes a block cipher encryption on a second number including a return address and a stack location pointer to produce a second encrypted result. The XOR circuit performs an XOR operation on the first encrypted result and the second encrypted result to produce a message authentication code tag.

Abstract: Technologies for counter with CBC-MAC (CCM) mode encryption include a computing device that performs a CBC-MAC authentication operation on a message with an encryption key, using a 64-bit block cipher to generate a message authentication code. The computing device generates a first 64-bit authentication block including an 8-bit flag field and a length field of between 11 and 32 bits. The flag field indicates the length of the length field. Performing the CBC-MAC authentication operation includes formatting the message into one or more 64-bit authentication blocks. The computing device performs a counter mode encryption operation on the message with the encryption key using the 64-bit block cipher to generate a cipher text. Performing the counter mode encryption includes generating multiple 64-bit keystream blocks. The computing device generates an authentication tag based on the message authentication code and a first keystream block of keystream blocks. Other embodiments are described and claimed.

Abstract: Embodiments of a system for, and method for using, an elliptic curve cryptography integrated circuit are generally described herein. An elliptic curve cryptography (ECC) operation request may be received. One of a plurality of circuit portions may be instructed to perform the ECC operation. The plurality of circuit portions that may be used include a finite field arithmetic circuit portion, an EC point addition and doubler circuit portion, a finite field exponentiation circuit portion, and a point multiplier circuit portion. The result of the ECC operation may then be output.

Abstract: One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (LCE), the LCE is optimized and has an associated throughput greater than or equal to a target throughput.

Abstract: One embodiment provides a signer device. The signer device includes hash signature control logic and signer signature logic. The hash signature control logic is to retrieve a first nonce, to concatenate the first nonce and a message to be transmitted and to determine whether a first message representative satisfies a target threshold. The signer signature logic is to generate a first transmitted signature based, at least in part, on the first message representative, if the first message representative satisfies the target threshold. The hash signature control logic is to retrieve a second nonce, concatenate the second nonce and the message to be transmitted and to determine whether a second message representative satisfies the target threshold, if the first message representative does not satisfy the target threshold.

Abstract: One embodiment provides an apparatus. The apparatus includes an Internet of Things (IoT) device including a processor, a memory, a flash memory, a network interface and a boot Read Only Memory (ROM). A Root-of-Trust (RoT) application stored in the boot ROM causes the processor run the RoT after initialization of the IoT device. The RoT causes the device to determine a selected image by determining if an update mode is set. The RoT also causes the processor to load the selected image into memory and determine whether a verification of a signature of the selected image is successful.

Abstract: A self-adaptive security framework for a device is disclosed. A first security level for a device is set wherein the first security level comprises procedures that authenticate a user and allow the user to access the device. Input from sensors associated with the device may be received at a contextual sensing engine, wherein the input at least includes location data, and wherein at least a portion of the input is related to a physical setting where the device is located. A threat level for the device is determined in the physical setting via the contextual sensing engine based on analyzing the input. The first security level is altered to a second security level to provide an altered threat response for the device based on the threat level wherein the second security level has different procedures to authenticate the user compared to the first security level.