Systems, methods, network devices, and machine-readable media disclosed herein include encoding data for storage or transmission by encoding the data according to a tamper-resistant data encoding scheme that renders the data secure against unbounded polynomial size attacks. The present disclosure further includes subsequently determining whether the data has been tampered with, and notifying a processor when the data has been modified or compromised.

A method of defense against cryptosystem timing attack such as Rivest-Shamir-Adleman (RSA) cryptosystem timing attack, an associated cryptosystem processing circuit and an associated electronic device are provided. The method may include: utilizing a point double calculation circuit to perform a plurality of point double calculation operations related to a predetermined cryptosystem; utilizing a point add calculation circuit to perform a plurality of point add calculation operations related to the predetermined cryptosystem; and in response to there being no need to perform any point add calculation operation related to the predetermined cryptosystem, utilizing a dummy point add calculation circuit to perform a dummy point add calculation operation to emulate a calculation time of performing the any point add calculation operation, without changing a calculation result before performing the dummy point add calculation operation.

Systems, methods, and devices are disclosed for preventing relay attacks. A user device may receive (e.g., when proximate to the first access device), from an intervening device, device identification data for a first access device. A message may be received from a second access device via the intervening device. The message may include a digital signature generated based at least in part on second access device identification data. The user device may validate the message utilizing the digital signature and a public key. If the message is invalid, the user device may discard the message. If the message is valid, (e.g., unaltered), the user device may determine that the user has not confirmed an intent to interact with the second access device and may terminate an further interaction with the second access device accordingly.

Techniques and apparatuses for detecting and preventing memory attacks are described. In one embodiment, for example, an apparatus may include at least one memory comprising a shared memory and a system memory, logic, at least a portion of the logic comprised in hardware coupled to the at least one shared memory, the logic to implement a memory monitor to determine a memory attack by an attacker application against a victim application using the shared memory, and prevent the memory attack, the memory monitor to determine that victim data is being reloaded into the shared memory from the system memory, store the victim data in a monitor memory, flush shared memory data stored in the shared memory, and write the victim data to the shared memory. Other embodiments are described and claimed.

Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using known methods that exploit system vulnerabilities, including elliptic operation differentiation, dummy operation detection, lattice attacks, and first real operation detection. Various embodiments of the invention provide resistance against side-channel attacks, such as simple power analysis, caused by the detectability of scalar values from information leaked during regular operation flow that would otherwise compromise system security. In certain embodiments, system immunity is maintained by performing elliptic scalar operations that use secret-independent operation flow in a secure Elliptic Curve Cryptosystem.

Disclosed herein is a method of accessing a cache, the method comprising: mapping respective physical line addresses (PLAs) of a plurality of PLAs to respective cache locations of a plurality of cache locations in a cache, each PLA of the plurality of PLAs having an associated memory line; encrypting, with a block cipher using a first key, a first PLA of the plurality of PLAs to provide a first encrypted line address (ELA), the first ELA having an associated first encrypted cache location; upon receiving a request to access a first memory line associated with the first PLA, encrypting, using the first key, the first PLA into the first ELA to determine the associated first encrypted cache location; and accessing the first encrypted cache location. Also disclosed herein are systems for implementing the same.

The present disclosure relates to a computing platform for preventing side channel attacks comprising a memory module configured for storing data of a computer program and program instructions; a pipeline having a plurality of stages, said plurality of stages being configurated for transferring electrical signal via a on-chip interconnect bus; a CPU configured for executing said computer program; said program instructions being decoded by one stage of said plurality of stages; each stage of said pipeline having at least one combinatorial module, said at least one combinatorial module having a plurality of data input and a plurality control input and at least a data output; each program instruction traveling from left to right through said pipeline, and within each stage can activate one or more or none of said at least one combinatorial module. The computing platform comprises a plurality digital logic means interconnected to each other’s and configured for generating random values or program data values, said plurality of digital logic means being in communication signal with said plurality of data input of said combinatorial module, so as when said program instruction enters one stage of said plurality of stages, all the combinatorial modules of said that stage that are not activated by the program instruction will have their input data fed with said random values and all the combinatorial modules of said that stage that are activated by said program instruction will have their unused data input fed with said random values and their used data inputs fed with said program data values.

Techniques and apparatuses for detecting and preventing memory attacks are described. In one embodiment, for example, an apparatus may include at least one memory comprising a shared memory and a system memory, logic, at least a portion of the logic comprised in hardware coupled to the at least one shared memory, the logic to implement a memory monitor to determine a memory attack by an attacker application against a victim application using the shared memory, and prevent the memory attack, the memory monitor to determine that victim data is being reloaded into the shared memory from the system memory, store the victim data in a monitor memory, flush shared memory data stored in the shared memory, and write the victim data to the shared memory. Other embodiments are described and claimed.

Cryptographic circuitry, in operation, conditionally swaps a first operand and a second operand of a cryptographic operation based on a control value. The conditional swapping includes setting a first mask of a number of bits and a second mask of the number of bits based on the control value, the first mask and the second mask being complementary and having a same Hamming weight. A result of a bitwise XOR operation on the first operand and the second operand is stored as a temporary value. A combination of bitwise logical operations are performed to conditionally swap the first operand and the second operand.

AMD's Secure Encrypted Virtualization (SEV) is a hardware extension available in AMD's EPYC™ server processors to support confidential cloud computing. Although known attacks against SEV, which exploit its lack of encryption in the virtual machine (VM) control block or the lack of integrity protection of the encrypted memory and nested page tables, have been addressed in subsequent releases of SEV-Encrypted State (SEV-ES) and SEV-Secure Nested Paging (SEV-SNP), embodiments of a new Cipher Leaks attack present previously unexplored vulnerabilities for SEV-ES and SEV-SNP. The attack embodiments allow a privileged adversary to infer a guest VM's execution state or recover certain plaintext, e.g., to steal private keys from the constant-time implementation of the Rivest-Shamir-Adleman (RSA) algorithm and the Elliptic Curve Digital Signature Algorithm (ECDSA) in the latest OpenSSL library.