A networked system for managing a physical intrusion detection/alarm includes a network of end nodes, e.g., sensor nodes including one or more constrained sensor nodes for sensing physical conditions, and a gateway to provide network connections for the constrained sensor nodes. The system also includes a range extender for connecting the one or more constrained sensor nodes to the gateway, with the range extender including first and second radios and corresponding processors to wirelessly communicate with the gateway and constrained nodes.

Various features pertain to defending a smartphone processor or other device from a transient fault attack. In one example, the processor is equipped to detect transient faults using a fault detection system and to adaptively adjust a control parameter in response to the transient faults, where the control parameter controls a physical operation of the processor (such as by gating its clock signal) or a functional operation of the fault detection system (such as a particular Software Fault Sensor (SFS) employed to detect transient faults). In some examples, in response to each newly detected fault, the detection system is controlled to consume more processor time to become more aggressive in detecting additional faults. This serves to quickly escalate fault detection in response to an on-going attack to promptly detect the attack so that the device can be disabled to prevent loss of sensitive information, such as security keys or passcodes.

A method in an elliptic curve cryptographic system, the method being executed by an electronic device and including a multiplication operation of multiplying a point of an elliptic curve by a scalar number, the point having affine coordinates belonging to a Galois field, the multiplication operation including steps of detecting the appearance of a point at infinity during intermediate calculations of the multiplication operation, and of activating an error signal if the point at infinity is detected and if the number of bits of the scalar number processed by the multiplication operation is lower than the rank of the most significant bit of an order of a base point of the cryptographic system.

Methods, systems, and apparatuses for defending against cryptographic attacks using clock period randomization. The methods, systems, and apparatuses are designed to make side channel attacks and fault injection attacks more difficult by using a clock with a variable period during a cryptographic operation. In an example embodiment, a clock period randomizer includes a fixed delay generator and a variable delay generator, wherein a variable delay generated by the variable delay generator is based on a random or pseudorandom value that is changed occasionally or periodically. The methods, systems, and apparatuses are useful in hardware security applications where fault injection and/or side channel attacks are of concern.

An electronic chip and a method of making thereof is provided, where the electronic chip includes at least: an electronic circuit arranged at a front face of a substrate; a first protective layer arranged on a rear face of the substrate; a resistive element arranged on the first protective layer and facing at least one part of the electronic circuit, mechanically supported by the first protective layer and connected electrically and/or in an inductive manner to the electronic circuit; a second protective layer covering at least the resistive element; and in which the first protective layer comprises at least one dielectric material having a resistance to chemical etching by at least one chemical etching agent less than or equal to that of a dielectric material of the second protective layer.

The disclosure relates to secure data storage and retrieval, in particular to methods and circuits for securely storing data to reduce the possibility of leakage via side channel attacks. Embodiments disclosed include a method of storing a value comprising a series of words, the method comprising: i) combining in a series of XOR operations a word of a first portion of the value, a word of a second portion of the value and an output word of a first random number generator to provide a first combined word; ii) storing the first combined word in a shift register; and iii) repeating steps i) and ii) for each successive word of the first and second portions of the value.

A system for encryption includes a message management module (MMM); a restricted secret server (RSS) including a restricted secret server network interface (RSS-NI) connected to the MMM and including at least one very large key (VLK) module. The system uses Terakey™ an encryption system whose intrinsic security can be demonstrated from first principles, without making assumptions about the computational difficulty of mathematical problems, such as factoring large integers or computing logarithms in finite groups. It employs a key that is much larger than the anticipated volume of message traffic. The large size of the key also reduces the risk of side channel attacks and facilitates realistic security measures to maintain a secure chain of custody for the key.

An optical electromagnetic radiation (EM) emitter and receiver are located upon a printed circuit board (PCB) glass security layer. A predetermined reference flux or interference pattern, respectively, is an expected flux or reflection pattern of EM emitted from the EM emitter, transmitted by the glass security layer, and received by the EM receiver. When the PCB is subject to an unauthorized access thereof the optical EM transmitted by glass security layer is altered. An optical monitoring device that monitors the flux or interference pattern of the optical EM received by the EM receiver detects a change in flux or interference pattern, in relation to the reference flux or reference interference pattern, respectively, and passes a tamper signal to one or more computer system devices to respond to the unauthorized access. For example, one or more cryptographic adapter card or computer system functions or secured crypto components may be disabled.

A system, method and computer-readable storage medium with instructions for protecting an electronic device against fault attack. The technology includes operating the electronic device to determine two half-size exponents, dp and dq, from the exponent d; to split the base m into two sub-bases mp and mq determined from the base m; and to iteratively compute a decryption result S by repeatedly multiplying an accumulator A by m, mp, mq or 1 depending on the values of the i-th bit of dp and dq for each iteration I′. Other systems and methods are disclosed.

Provided is a method for securing against fault attacks during verification a digital signature of a message on a client device. It performs (S1) at least one check on intermediate parameters that are generated for one that is different from 0 modulo n. It checks that values computed by several executions of the verification algorithm are the same, and checks that at least one mathematical relationship is verified. It performs a signature comparison final step to test equality between one of the intermediate parameters and a part of the digital signature. It triggers (S2) a fault attack countermeasure when at least one of the performed checks has failed.