Disclosed herein are a white-box encryption method for preventing a fault injection attack and an apparatus for the same. The white-box encryption method is configured to acquire a first intermediate value by inputting plaintext to a first part, among all of rounds of a white-box-based encryption algorithm, before table redundancy operations are performed, to input the first intermediate value to a second part for performing the table redundancy operations through at least two lookup tables to which different encodings based on a secret key are applied, among all of the rounds, to acquire a second intermediate value by inputting the output values of the at least two lookup tables to at least one XOR lookup table, and to output ciphertext for the plaintext based on a third part for decoding the second intermediate value.

A system for encryption includes a message management module (MMM); a restricted secret server (RSS) including a restricted secret server network interface (RSS-NI) connected to the MMM and including at least one very large key (VLK) module. The system uses Terakey™ an encryption system whose intrinsic security can be demonstrated from first principles, without making assumptions about the computational difficulty of mathematical problems, such as factoring large integers or computing logarithms in finite groups. It employs a key that is much larger than the anticipated volume of message traffic. The large size of the key also reduces the risk of side channel attacks and facilitates realistic security measures to maintain a secure chain of custody for the key.

An electronic chip includes a first well having a first PN junction located therein, a second buried well located under and separated from the first well, and a first region forming a second PN junction with the second well. A detection circuit is coupled to the first well and configured to output a digital signal that has a first logic value when a potential difference within the first region is above a threshold and a second logic value when the potential difference within the first region is below the threshold.

Systems, methods, and apparatuses can protecting a secret on a device with limited memory, while still providing tamper resistance. To achieve the lower memory usage, embodiments can apply a memory-hard function MHF to the secret S to obtain a result Y, which can be used in an encoding process to obtain a code C. After applying the MHF, a prove function can generate a proof value that is used in a decoding (e.g., a verification of computation process) of the code C. The code C can include the proof value, the secret S, and the result Y, and can be sent to a decoding device that verifies the code C as part of a decoding process.

A method for obfuscation of operations using minimal additional hardware is presented herein. The method can begin by executing a first iteration of a set of computations, the execution of the set of computations resulting in a first iteration output. The method can continue by executing a second iteration of the set of computations, wherein the second execution is distinct from the first iteration but should satisfy a matching condition. The distinction can be a rearrangement of sub-operations, insertion of dummy sub-operations, or a combination of the two. After the iterations are complete, the iteration outputs can be compared. If the comparison of the first iteration output and the second iteration output satisfy the matching condition, the process result can be output. If the matching condition is not satisfied, an error detected signal can be output.

An apparatus comprises an input register comprising a state register and a parity field, a first round secure hash algorithm (SHA) datapath communicatively coupled to the state register, comprising a first section to perform a step of a SHA calculation, a second section to perform a step and a step of the SHA calculation, a third section to perform a step of the SHA calculation and a fourth section to perform a step of the SHA calculation.

This detection device detects an attack in an on-vehicle network that includes a bus in which a frame including identification information that allows recognition of at least one of a transmission source and a destination is transmitted. In the bus, a plurality of the frames including pieces of the identification information different from each other are transmitted. The detection device includes: a monitoring unit configured to monitor a communication error in the bus; an aggregation unit configured to aggregate a communication error occurrence state regarding each piece of the identification information on the basis of a monitoring result by the monitoring unit; and a detection unit configured to detect the attack on the basis of an aggregation result by the aggregation unit.

Some embodiments are directed to a communication system comprising a one or more clients, a server and a middlebox. The middlebox may access to the multiple short-term server private keys of the server. The middlebox may recover a shared key that is negotiated between server and client by decapsulating encapsulation data using a stored client public key and a server private key from the key storage.

A system and method of performing an AES encryption, while also determining whether a potentially successful DFA attack is underway is disclosed. When interim results are not visible, the DFA attack that is most likely to be succeed is initiated by introducing the fault between the MixColumns operation in the second to last round and the MixColumns operation in the next to last round. To detect this, the present system and method performs the next to last round and then repeats this next to last round. The results of the original round and repeated round are compared to identify a possible DFA attack. Importantly, the same hardware is used for the original round and the repeated round. In this way, the amount of additional hardware needed to detect a possibly successful DFA attack is minimized. Further, the impact on execution time may be 10% or less.

A secure digital communications method is provided in which a Certificate Authority generates an improved RSA key pair having a modulus, a public key exponent, a public key, and a private key. The public key exponent can contain descriptive attributes and a digital signature. The digital signature can be responsive to the descriptive attributes and the modulus. A secure session can be established between a first system and a second system, within a secure digital communication protocol. The second system can verify the digital signature to authenticate the public key.