Abstract: The present disclosure is directed to systems and methods to protect against SCA and fault injection attacks through the use of a temporary or ephemeral key to cryptographically alter input data portions. Universal resistant block (URB) circuitry receives a seed data value and a at least one secret key data value and generates an ephemeral key output data value. Cryptographic circuitry uses the ephemeral key data value to transform an input data portion to produce an transformed output data portion. The use of an SCA or fault injection attack on the transformed output data portion will reveal only the ephemeral key data value and not the at least one secret key data value. Further, where a unique ephemeral key data value is used to transform each input data portion, an attacker cannot discover the ephemeral key in a piecemeal manner and must instead discover the complete ephemeral key data value—significantly increasing the difficulty of performing a successful SCA or fault injection attack.

Abstract: Various systems and methods for detecting and preventing side-channel attacks, including attacks aimed at discovering the location of KASLR-randomized privileged code sections in virtual memory address space, are described. In an example, a computing system includes electronic operations for detecting unauthorized attempts to access kernel virtual memory pages via trap entry detection, with operations including: generating a trap page with a physical memory address; assigning a phantom page at an open location in the privileged portion of the virtual memory address space; generating a plurality of phantom page table entries corresponding to an otherwise-unmapped privileged virtual memory region; placing the trap page in physical memory and placing the phantom page table entry in a page table map; and detecting an access to the trap page via the phantom page table entry, to trigger a response to a potential attack.

Abstract: The present disclosure is directed to systems and methods to protect against SCA and fault injection attacks through the use of a temporary or ephemeral key to cryptographically alter input data portions. Universal resistant block (URB) circuitry receives a seed data value and a at least one secret key data value and generates an ephemeral key output data value. Cryptographic circuitry uses the ephemeral key data value to transform an input data portion to produce an transformed output data portion. The use of an SCA or fault injection attack on the transformed output data portion will reveal only the ephemeral key data value and not the at least one secret key data value. Further, where a unique ephemeral key data value is used to transform each input data portion, an attacker cannot discover the ephemeral key in a piecemeal manner and must instead discover the complete ephemeral key data value—significantly increasing the difficulty of performing a successful SCA or fault injection attack.

Abstract: Various systems and methods for detecting and preventing side-channel attacks, including attacks aimed at discovering the location of KASLR-randomized privileged code sections in virtual memory address space, are described. In an example, a computing system includes electronic operations for detecting unauthorized attempts to access kernel virtual memory pages via trap entry detection, with operations including: generating a trap page with a physical memory address; assigning a phantom page at an open location in the privileged portion of the virtual memory address space; generating a plurality of phantom page table entries corresponding to an otherwise-unmapped privileged virtual memory region; placing the trap page in physical memory and placing the phantom page table entry in a page table map; and detecting an access to the trap page via the phantom page table entry, to trigger a response to a potential attack.

Abstract: A method for data transfer includes receiving a control signal triggering a transfer of a secret value into an element (24) of a circuit (20). In response to the control signal, a dummy value (42, 50) and the secret value are inserted in succession into the element of the circuit.

Abstract: An electronic device (22, 48, 50) includes an array (26) of memory cells, which are configured to store data values. One or more sense amplifiers (40) have respective inputs for receiving signals from the memory cells and are configured to output the data values corresponding to the received signals. Switching circuitry (36, 52) is coupled between the array of the memory cells and the sense amplifiers and is configured to receive an indication of a temporal pattern and to route the signals from the memory cells among the inputs of the sense amplifiers in accordance with the temporal pattern.

Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time.

Abstract: An integrated circuit device (20, 60) includes a plurality of memory cells (22), which are configured to store data. Multiple P-N junctions (24) are arranged so that a single, respective P-N junction is disposed in proximity to each memory cell and is configured to emit optical radiation during readout from the memory cell with a wavelength matching an emission wavelength of the memory cell.

Abstract: A method for data transfer includes receiving a control signal triggering a transfer of a secret value into an element (24) of a circuit (20). In response to the control signal, a dummy value (42, 50) and the secret value are inserted in succession into the element of the circuit.

Abstract: An integrated circuit device (20, 60) includes a plurality of memory cells (22), which are configured to store data. Multiple P-N junctions (24) are arranged so that a single, respective P-N junction is disposed in proximity to each memory cell and is configured to emit optical radiation during readout from the memory cell with a wavelength matching an emission wavelength of the memory cell.

Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time.

Abstract: An electronic device (22, 48, 50) includes an array (26) of memory cells, which are configured to store data values. One or more sense amplifiers (40) have respective inputs for receiving signals from the memory cells and are configured to output the data values corresponding to the received signals. Switching circuitry (36, 52) is coupled between the array of the memory cells and the sense amplifiers and is configured to receive an indication of a temporal pattern and to route the signals from the memory cells among the inputs of the sense amplifiers in accordance with the temporal pattern.

Abstract: An electronic device (22, 72) includes an array (24, 74) of memory cells, including at least one range of the cells in which at least one cell (38, 40, 76) is permanently fixed during manufacture of the device to have a given value, while others of the cells are permitted to be programmed subsequently. A readout circuit (26) is configured to concurrently read out all the cells in the range, including the at least one permanently-programmed cell and the subsequently-programmed cells.

Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time.

Abstract: An apparatus for detecting tampering with an integrated circuit (IC), the apparatus comprising a second circuit comprising at least one conductor for conducting electrical current, the electrical current comprising, during at least one period of time, current of known strength, the electrical current generating a magnetic field, at least one magnetic field sensing device operatively associated with the IC, the sensing device having at least one electrical characteristic responsive to changes in a sensed magnetic field, the magnetic field sensing device being positioned so as to sense the magnetic field generated by current in the at least one conductor, and an analyzer operatively associated with the at least one magnetic field sensing device and the IC, the analyzer determining that the IC is being tampered with based, at least in part, on changes in the at least one electrical characteristic of the at least one magnetic field sensing device in response to changes in the sensed magnetic field generated by th

Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time.

Abstract: An apparatus for detecting tampering with an integrated circuit (IC), the apparatus comprising a second circuit comprising at least one conductor for conducting electrical current, the electrical current comprising, during at least one period of time, current of known strength, the electrical current generating a magnetic field, at least one magnetic field sensing device operatively associated with the IC, the sensing device having at least one electrical characteristic responsive to changes in a sensed magnetic field, the magnetic field sensing device being positioned so as to sense the magnetic field generated by current in the at least one conductor, and an analyzer operatively associated with the at least one magnetic field sensing device and the IC, the analyzer determining that the IC is being tampered with based, at least in part, on changes in the at least one electrical characteristic of the at least one magnetic field sensing device in response to changes in the sensed magnetic field generated by th