In accordance with an embodiment, a method for transaction between an application executed by a processor and a peripheral via a hardware abstraction layer includes: configuring the peripheral comprising writing a transaction configuration emitted by the application into configuration registers of the peripheral via the hardware abstraction layer; verifying compliance of the transaction configuration written in the configuration registers; and executing the transaction only when the transaction configuration written in the configuration registers is compliant based on the verifying.

Various implementations described herein are directed to a device with a reset tree having leaf buffers that provide sensed output signals based on a reset-synchronizing input signal. The device may have a first sensor that receives the sensed output signals from the leaf buffers of the reset tree and provides an attack detection signal based on sensing a malicious attack. The device may have a second sensor that receives the reset-synchronizing input signal, receives the attack detection signal from the first sensor and provides a reset alarm signal based on duration of a timing glitch associated with comparing a difference between the reset-synchronizing input signal and the attack detection signal.

A method is proposed for copying a source array into a target array, wherein both the source array and the target array have at least two elements, wherein each element has a value, in which the elements of the source array are copied into the target array in the sequence of a random permutation, wherein, after a step of copying an element of the source array into the target array, the source array, the target array or the source array and the target array are rotated. A device is also indicated accordingly.

The following relates generally to defense mechanisms and security systems. Broadly, systems and methods are disclosed that detect an anomaly in an Embedded Mission Specific Device (EMSD). Disclosed approaches include a meta-material antenna configured to receive a radio frequency signal from the EMSD, and a central reader configured to receive a signal from the meta-material antenna. The central reader may be configured to: build a finite state machine model of the EMSD based on the signal received from the meta-material antenna; and detect if an anomaly exists in the EMSD based on the built finite state machine model.

Various examples are provided related to power side-channel vulnerability assessment. In one example, a method includes identifying target registers in an IC design; generating input patterns associated with a target function that can generate a power difference in the target registers when processing the target function; determining a side-channel vulnerability (SCV) metric using the power difference produced by the input patterns; and identifying a vulnerability in the IC design using the SCV metric. Identification of the vulnerability allows for modification of the IC design at an early stage, which can avoid power side-channel attacks (e.g., DPA and CPA) in the fabricated IC design. The method can be used for pre-silicon power side-channel leakage assessment of IC designs such as, e.g., cryptographic and non-cryptographic circuits.

A system on a chip (SoC) includes a security processor configured to form a Boolean mask, to form a shifted-row Boolean mask from the Boolean mask, and to add the shifted-row Boolean mask to cipher text to form Boolean-masked cipher text. The SoC includes a decryption engine configured to apply a shift rows operation to the Boolean-masked cipher text to form byte-aligned Boolean-masked cipher text, to apply a product of the Boolean mask and a multiplicative mask to the byte-aligned Boolean-masked cipher text to form multiplicatively masked cipher text, to perform an inverse byte substitution operation on the multiplicatively masked cipher text by applying a product of the Boolean mask and an inverse of the multiplicative mask to the multiplicatively masked cipher text to form Boolean-masked intermediate data, and to apply mix columns logic to the Boolean-masked intermediate data to form byte-shifted Boolean-masked output data.

Systems and methods for data center load management are disclosed. In at least one embodiment, a grid capacity is determined and one or more operating parameters for one or more data center components are adjusted based, at least in part, on the grid capacity.

A substitute box includes a target input terminal, an obfuscation input terminal, a first output terminal and a second output terminal. The target input terminal is configured to receive a target input data. The obfuscation input terminal is configured to receive an obfuscation input data unrelated to a plaintext. The first output terminal is configured to output a first output data. The second output terminal is configured to output a second output data associated with the first output data. The first output data and the second output data are generated according to both the target input data and the obfuscation input data.

An embodiment device comprises a first processing unit configured to process an initial data line and deliver a first processed data line, a first delay unit coupled to the output of the first processing unit and configured to deliver a delayed first processed data line delayed by a first delay, a second delay unit configured to deliver the delayed initial data line delayed by a second delay, a second processing unit coupled to the output of the second delay unit and configured to process the delayed initial data line and deliver a delayed second processed data line, and a comparison unit configured to compare the contents of the delayed first and second processed data lines and deliver a non-authentication signal if the contents are not identical, the first and second delays being equal to a variable value.

Embodiments include cryptographic circuits having isolated operation with respect to embedded sensor operations to mitigate side-channel attacks. A cryptographic circuit, a sensor, and an analog-to-digital converter (ADC) circuit are integrated into an integrated circuit along with a cryptographic circuit. A sensed signal is output with the sensor, and the sensed signal is converted to digital data using the ADC circuit. Further, cryptographic data is generated using one or more secret keys and the cryptographic circuit. The generation of the cryptographic data has isolated operation with respect to the operation of the sensor and the ADC circuit. The isolated operation mitigates side-channel attacks. The isolated operation can be achieved using power supply, clock, and/or reset circuits for the cryptographic circuit that are electrically isolated from similar circuits for the sensor and ADC circuit. The isolated operation can also be achieved using time-division multiplex operations. Other variations can also be implemented.