Patents by Inventor Yonatan Shlomovich
Yonatan Shlomovich has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11194933Abstract: The present disclosure is directed to systems and methods to protect against SCA and fault injection attacks through the use of a temporary or ephemeral key to cryptographically alter input data portions. Universal resistant block (URB) circuitry receives a seed data value and a at least one secret key data value and generates an ephemeral key output data value. Cryptographic circuitry uses the ephemeral key data value to transform an input data portion to produce an transformed output data portion. The use of an SCA or fault injection attack on the transformed output data portion will reveal only the ephemeral key data value and not the at least one secret key data value. Further, where a unique ephemeral key data value is used to transform each input data portion, an attacker cannot discover the ephemeral key in a piecemeal manner and must instead discover the complete ephemeral key data value—significantly increasing the difficulty of performing a successful SCA or fault injection attack.Type: GrantFiled: June 4, 2019Date of Patent: December 7, 2021Assignee: Intel CorporationInventors: Yaacov Belenky, Gyora Benedek, Reuven Elbaum, David Novick, Elad Peer, Chaim Shen-Orr, Yonatan Shlomovich
-
Patent number: 10489308Abstract: Various systems and methods for detecting and preventing side-channel attacks, including attacks aimed at discovering the location of KASLR-randomized privileged code sections in virtual memory address space, are described. In an example, a computing system includes electronic operations for detecting unauthorized attempts to access kernel virtual memory pages via trap entry detection, with operations including: generating a trap page with a physical memory address; assigning a phantom page at an open location in the privileged portion of the virtual memory address space; generating a plurality of phantom page table entries corresponding to an otherwise-unmapped privileged virtual memory region; placing the trap page in physical memory and placing the phantom page table entry in a page table map; and detecting an access to the trap page via the phantom page table entry, to trigger a response to a potential attack.Type: GrantFiled: June 29, 2017Date of Patent: November 26, 2019Assignee: Intel CorporationInventors: Uri Bear, Gyora Benedek, Baruch Chaikin, Jacob Jack Doweck, Reuven Elbaum, Dimitry Kloper, Elad Peer, Chaim Shen-orr, Yonatan Shlomovich
-
Publication number: 20190286853Abstract: The present disclosure is directed to systems and methods to protect against SCA and fault injection attacks through the use of a temporary or ephemeral key to cryptographically alter input data portions. Universal resistant block (URB) circuitry receives a seed data value and a at least one secret key data value and generates an ephemeral key output data value. Cryptographic circuitry uses the ephemeral key data value to transform an input data portion to produce an transformed output data portion. The use of an SCA or fault injection attack on the transformed output data portion will reveal only the ephemeral key data value and not the at least one secret key data value. Further, where a unique ephemeral key data value is used to transform each input data portion, an attacker cannot discover the ephemeral key in a piecemeal manner and must instead discover the complete ephemeral key data value—significantly increasing the difficulty of performing a successful SCA or fault injection attack.Type: ApplicationFiled: June 4, 2019Publication date: September 19, 2019Inventors: Yaacov Belenky, Gyora Benedek, Reuven Elbaum, David Novick, Elad Peer, Chaim Shen-Orr, Yonatan Shlomovich
-
Publication number: 20190004972Abstract: Various systems and methods for detecting and preventing side-channel attacks, including attacks aimed at discovering the location of KASLR-randomized privileged code sections in virtual memory address space, are described. In an example, a computing system includes electronic operations for detecting unauthorized attempts to access kernel virtual memory pages via trap entry detection, with operations including: generating a trap page with a physical memory address; assigning a phantom page at an open location in the privileged portion of the virtual memory address space; generating a plurality of phantom page table entries corresponding to an otherwise-unmapped privileged virtual memory region; placing the trap page in physical memory and placing the phantom page table entry in a page table map; and detecting an access to the trap page via the phantom page table entry, to trigger a response to a potential attack.Type: ApplicationFiled: June 29, 2017Publication date: January 3, 2019Inventors: Uri Bear, Gyora Benedek, Baruch Chaikin, Jacob Jack Doweck, Reuven Elbaum, Dimitry Kloper, Elad Peer, Chaim Shen-orr, Yonatan Shlomovich
-
Patent number: 9135453Abstract: A method for data transfer includes receiving a control signal triggering a transfer of a secret value into an element (24) of a circuit (20). In response to the control signal, a dummy value (42, 50) and the secret value are inserted in succession into the element of the circuit.Type: GrantFiled: August 27, 2012Date of Patent: September 15, 2015Assignee: CISCO TECHNOLOGY INC.Inventors: Chaim Shen-Orr, Yonatan Shlomovich, Reuven Elbaum, Zvi Shkedy, Lior Amarilio, Yigal Shapiro, Uri Bear
-
Patent number: 9081990Abstract: An electronic device (22, 48, 50) includes an array (26) of memory cells, which are configured to store data values. One or more sense amplifiers (40) have respective inputs for receiving signals from the memory cells and are configured to output the data values corresponding to the received signals. Switching circuitry (36, 52) is coupled between the array of the memory cells and the sense amplifiers and is configured to receive an indication of a temporal pattern and to route the signals from the memory cells among the inputs of the sense amplifiers in accordance with the temporal pattern.Type: GrantFiled: November 16, 2011Date of Patent: July 14, 2015Assignee: CISCO TECHNOLOGY, INCInventors: Reuven Elbaum, Zvi Shkedy, Lior Amarilio, Uri Bear, Yonatan Shlomovich, Chaim D. Shen-Orr, Yigal Shapiro
-
Patent number: 8913745Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time.Type: GrantFiled: August 5, 2013Date of Patent: December 16, 2014Assignee: Cisco Technology Inc.Inventors: Chaim Shen-Orr, Zvi Shkedy, Reuven Elbaum, Yonatan Shlomovich, Yigal Shapiro, Yaacov Belenky, Yaakov (Jordan) Levy, Reuben Sumner, Itsik Mantin
-
Patent number: 8760954Abstract: An integrated circuit device (20, 60) includes a plurality of memory cells (22), which are configured to store data. Multiple P-N junctions (24) are arranged so that a single, respective P-N junction is disposed in proximity to each memory cell and is configured to emit optical radiation during readout from the memory cell with a wavelength matching an emission wavelength of the memory cell.Type: GrantFiled: February 19, 2012Date of Patent: June 24, 2014Assignee: Cisco Technology Inc.Inventors: Lior Amarilio, Uri Bear, Reuven Elbaum, Yigal Shapiro, Chaim D. Shen-Orr, Yonatan Shlomovich, Zvi Shkedy
-
Publication number: 20140143883Abstract: A method for data transfer includes receiving a control signal triggering a transfer of a secret value into an element (24) of a circuit (20). In response to the control signal, a dummy value (42, 50) and the secret value are inserted in succession into the element of the circuit.Type: ApplicationFiled: August 27, 2012Publication date: May 22, 2014Applicant: Cisco Technology Inc.Inventors: Chaim Shen-Orr, Yonatan Shlomovich, Reuven Elbaum, Zvi Shkedy, Lior Amarilio, Yigal Shapiro, Uri Bear
-
Publication number: 20140009995Abstract: An integrated circuit device (20, 60) includes a plurality of memory cells (22), which are configured to store data. Multiple P-N junctions (24) are arranged so that a single, respective P-N junction is disposed in proximity to each memory cell and is configured to emit optical radiation during readout from the memory cell with a wavelength matching an emission wavelength of the memory cell.Type: ApplicationFiled: February 19, 2012Publication date: January 9, 2014Applicant: Cisco Technology Inc.Inventors: Lior Amarilio, Uri Bear, Reuven Elbaum, Yigal Shapiro, Chain D. Shen-Orr, Yonatan Shlomovich, Zvi Shkedy
-
Publication number: 20130326632Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time.Type: ApplicationFiled: August 5, 2013Publication date: December 5, 2013Inventors: Chaim Shen-Orr, Zvi Shkedy, Reuven Elbaum, Yonatan Shlomovich, Yigal Shapiro, Yaacov Belenky, Yaakov (Jordan) Levy, Reuben Sumner, Itsik Mantin
-
Publication number: 20130305372Abstract: An electronic device (22, 48, 50) includes an array (26) of memory cells, which are configured to store data values. One or more sense amplifiers (40) have respective inputs for receiving signals from the memory cells and are configured to output the data values corresponding to the received signals. Switching circuitry (36, 52) is coupled between the array of the memory cells and the sense amplifiers and is configured to receive an indication of a temporal pattern and to route the signals from the memory cells among the inputs of the sense amplifiers in accordance with the temporal pattern.Type: ApplicationFiled: November 16, 2011Publication date: November 14, 2013Applicant: NDS LimitedInventors: Reuven Elbaum, Zvi Shkedy, Lior Amarilio, Uri Bear, Yonatan Shlomovich, Chaim D. Shen-Orr, Yigal Shapiro
-
Publication number: 20130291130Abstract: An electronic device (22, 72) includes an array (24, 74) of memory cells, including at least one range of the cells in which at least one cell (38, 40, 76) is permanently fixed during manufacture of the device to have a given value, while others of the cells are permitted to be programmed subsequently. A readout circuit (26) is configured to concurrently read out all the cells in the range, including the at least one permanently-programmed cell and the subsequently-programmed cells.Type: ApplicationFiled: December 6, 2011Publication date: October 31, 2013Applicant: Cisco Technology Inc.Inventors: Lior Amarilio, Uri Bear, Reuven Elbaum, Yigal Shapiro, Chaim D. Shen-Orr, Zvi Shkedy, Yonatan Shlomovich
-
Patent number: 8539596Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time.Type: GrantFiled: May 21, 2009Date of Patent: September 17, 2013Assignee: Cisco Technology Inc.Inventors: Chaim Shen-Orr, Zvi Shkedy, Reuven Elbaum, Yonatan Shlomovich, Yigal Shapiro, Yaacov Belenky, Yaakov (Jordan) Levy, Reuben Sumner, Itsik Mantin
-
Patent number: 8242775Abstract: An apparatus for detecting tampering with an integrated circuit (IC), the apparatus comprising a second circuit comprising at least one conductor for conducting electrical current, the electrical current comprising, during at least one period of time, current of known strength, the electrical current generating a magnetic field, at least one magnetic field sensing device operatively associated with the IC, the sensing device having at least one electrical characteristic responsive to changes in a sensed magnetic field, the magnetic field sensing device being positioned so as to sense the magnetic field generated by current in the at least one conductor, and an analyzer operatively associated with the at least one magnetic field sensing device and the IC, the analyzer determining that the IC is being tampered with based, at least in part, on changes in the at least one electrical characteristic of the at least one magnetic field sensing device in response to changes in the sensed magnetic field generated by thType: GrantFiled: October 9, 2007Date of Patent: August 14, 2012Assignee: NDS LimitedInventors: Rami Sudai, Yonatan Shlomovich, Samuel Katz
-
Publication number: 20110083194Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time.Type: ApplicationFiled: May 21, 2009Publication date: April 7, 2011Applicant: NDS LimitedInventors: Chaim Shen-Orr, Zvi Shkedy, Reuven Elbaum, Yonatan Shlomovich, Yigal Shapiro, Yaacov Belenky, Yaakov (Jordan) Levy, Reuben Sumner, Itsik Mantin
-
Publication number: 20100181999Abstract: An apparatus for detecting tampering with an integrated circuit (IC), the apparatus comprising a second circuit comprising at least one conductor for conducting electrical current, the electrical current comprising, during at least one period of time, current of known strength, the electrical current generating a magnetic field, at least one magnetic field sensing device operatively associated with the IC, the sensing device having at least one electrical characteristic responsive to changes in a sensed magnetic field, the magnetic field sensing device being positioned so as to sense the magnetic field generated by current in the at least one conductor, and an analyzer operatively associated with the at least one magnetic field sensing device and the IC, the analyzer determining that the IC is being tampered with based, at least in part, on changes in the at least one electrical characteristic of the at least one magnetic field sensing device in response to changes in the sensed magnetic field generated by thType: ApplicationFiled: October 9, 2007Publication date: July 22, 2010Applicant: NDS LimitedInventors: Rami Sudai, Yonatan Shlomovich, Samuel Katz