Abstract: A method and data processing system are provided for detecting a malicious component in a data processing system. The malicious component may be of any type, such as a hardware trojan, malware, or ransomware. In the method, a plurality of counters is used to count events in the data processing system during operation, where each event has a counter associated therewith. A machine learning model is trained a normal pattern of behavior of the data processing system using the event counts. After training, an operation of the data processing system is monitored using the machine learning model. Current occurrences of events in the data processing system are compared to the normal pattern of behavior. If a different pattern of behavior is detected, an indication, such as a flag, of the different pattern of behavior is provided.

Abstract: One example securely updates an integrated circuit to mitigate undesirable modifications and this involves an application circuit accessing an external network while a (e.g., nonvolatile) program memory is write protected; and a reset-boot circuit resetting and booting the application circuit while access to the external network is disabled, and causing an update for the application circuit. In response to an indication that an update is downloaded for installation, the downloaded update is installed in the memory while access to the external network is disabled, and execution of the reset mode is permitted after the update is installed. Also, a retrieval module may download, in response to an indication that an update is not downloaded, an update provided via the external network while the memory is write-protected and thereby permitting execution of the reset mode after the update is downloaded.

Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.

Abstract: A chip for securing storage of information includes a manager to access a pointer and a cipher engine to decrypt stored data. The pointer includes a first area and a second area. The first area includes an address indicating a storage location of the data and the second area includes a safety tag. The cipher engine decrypts the data output from the storage location based on a key and the safety tag in the second area of the pointer. These and other operations may be performed based on metadata that indicate probabilities that a correct safety tag was used to decrypt the data. In another embodiment, the manager may be replaced with an L1 cache.

Abstract: A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.

Abstract: A method and data processing system are provided for detecting a malicious component in a data processing system. The malicious component may be of any type, such as a hardware trojan, malware, or ransomware. In the method, a plurality of counters is used to count events in the data processing system during operation, where each event has a counter associated therewith. A machine learning model is trained a normal pattern of behavior of the data processing system using the event counts. After training, an operation of the data processing system is monitored using the machine learning model. Current occurrences of events in the data processing system are compared to the normal pattern of behavior. If a different pattern of behavior is detected, an indication, such as a flag, of the different pattern of behavior is provided.

Abstract: A chip for securing storage of information includes a manager to access a pointer and a cipher engine to decrypt stored data. The pointer includes a first area and a second area. The first area includes an address indicating a storage location of the data and the second area includes a safety tag. The cipher engine decrypts the data output from the storage location based on a key and the safety tag in the second area of the pointer. These and other operations may be performed based on metadata that indicate probabilities that a correct safety tag was used to decrypt the data. in another embodiment, the manager may be replaced with an L1 cache.

Abstract: A data processing system and method for protecting a memory from unauthorized accesses are provided. The data processing system includes a system bus, a memory coupled to the system bus through a memory controller, and a processing core including a cache system. The memory controller is coupled to the system bus for controlling accesses to the memory that are requested by the processing core. A memory protection circuit uses one or more memory safety violation (MSV) indicators stored in out-of-bounds areas of the memory for detecting when the processing core attempts to access an out-of-bounds area of the memory. The processing core generates an error signal, such as an interrupt, when an attempt to access the out-of-bounds area is detected. The out-of-bounds area may be an unallocated area of the memory. The MSV indicator may be written to the memory by executing a flush instruction of the cache system, and may include the same number of bits as a cache line of the cache system.

Abstract: A data processing system and method for protecting a memory from unauthorized accesses are provided. The data processing system includes a system bus, a memory coupled to the system bus through a memory controller, and a processing core including a cache system. The memory controller is coupled to the system bus for controlling accesses to the memory that are requested by the processing core. A memory protection circuit is coupled to the system bus and to the processing core. The memory protection circuit uses one or more memory safety violation (MSV) indicators stored in out-of-bounds areas of the memory for detecting when the processing core attempts to access an out-of-bounds area of the memory. The processing core generates an error signal, such as an interrupt, when an attempt to access the out-of-bounds area is detected. The out-of-bounds area may be an unallocated area of the memory.

Abstract: A computing system using low-fat pointers, including: a memory configured to be accessed by the low-fat pointers; a processing core configured to access the memory; an interrupt controller configured to receive interrupts and to communicate interrupts to processes running on the processing core; and a memory safety peripheral configured to receive a pointer request, wherein the pointer is a low-fat pointer and to verify that the pointer request is within required memory bounds.

Abstract: A secure computing device, including: a processor configured to carry out a secure operation; a memory in communication with the processer configured to store secure data; and a memory controller configured control storage of data in the memory and reading data from the memory, wherein the secure data is split into shares before being stored in the memory and wherein the memory controller is configured to: apply a masking storage transform (MST) to one of the shares to produce a masked share before storing the shares in the memory, wherein the MST is a permutation without a fixed point; apply an inverse MST to the masked share when reading the shares from the memory; and combine the read shares to reconstruct the secure data.

Abstract: A computing system using low-fat pointers, including: a memory configured to be accessed by the low-fat pointers; a processing core configured to access the memory; an interrupt controller configured to receive interrupts and to communicate interrupts to processes running on the processing core; and a memory safety peripheral configured to receive a pointer request, wherein the pointer is a low-fat pointer and to verify that the pointer request is within required memory bounds

Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.

Abstract: Methods of securing a cryptographic device against implementation attacks are described. A disclosed method comprises the steps of: generating secret values (324) using a pseudorandom generator (510); providing a key (330), an input (324) having a number of chunks and the secret values to an encryption module (340); indexing the chunks and the secret values (324); processing the input chunk wise by encrypting the secret values (324) indexed by the chunks using the key (330) and the encryption module (340); generating for each chunk a pseudorandom output (330?) of the encryption module (340), providing the pseudorandom output as the key (330?) when processing the next chunk; and performing a final transformation on the last pseudorandom output (330?) from the previous step by using it as a key to encrypt a fixed plaintext.

Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.

Abstract: A secure computing device, including: a processor configured to carry out a secure operation; a memory in communication with the processer configured to store secure data; and a memory controller configured control storage of data in the memory and reading data from the memory, wherein the secure data is split into shares before being stored in the memory and wherein the memory controller is configured to: apply a masking storage transform (MST) to one of the shares to produce a masked share before storing the shares in the memory, wherein the MST is a permutation without a fixed point; apply an inverse MST to the masked share when reading the shares from the memory; and combine the read shares to reconstruct the secure data.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values to one intermediate value.

Abstract: A method of obfuscating a code is provided, wherein the method comprises performing a first level obfuscating technique on a code to generate a first obfuscated code, and performing a second level obfuscating technique on the first obfuscated code. In particular, the code may be a software code or a software module. Furthermore, the first level obfuscating technique and the second obfuscating may be different. In particular, the second level obfuscating technique may perform a deobfuscation.

Abstract: Methods of securing a cryptographic device against implementation attacks, are described. A disclosed method comprises the steps of obtaining a key (230) from memory of the cryptographic device; providing the key and a constant input (210) to an encryption module (240); deriving an output (250) of encrypted data bits using the encryption module (240); providing the output (250), the key (230) and an input vector (270) to a key update module (260); and using said key update module (260) to modify the key based on at least a part (270a) of the input vector (270) to derive an updated key (230a). This prevents the value of the key from being derived using the updated key or by using side-channel attacks because the input is constant for all keys. Additionally, by altering the input vector, the updated key is also altered.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.