Techniques and apparatuses for detecting and preventing memory attacks are described. In one embodiment, for example, an apparatus may include at least one memory comprising a shared memory and a system memory, logic, at least a portion of the logic comprised in hardware coupled to the at least one shared memory, the logic to implement a memory monitor to determine a memory attack by an attacker application against a victim application using the shared memory, and prevent the memory attack, the memory monitor to determine that victim data is being reloaded into the shared memory from the system memory, store the victim data in a monitor memory, flush shared memory data stored in the shared memory, and write the victim data to the shared memory. Other embodiments are described and claimed.

A floating core network for secure isolation of a circuit from an external supply interface is described. Isolation of a core is accomplished through a dynamic current limiting network providing an isolated core voltage to the core; and an isolated supply for the corresponding core that is continuously recharged by the dynamic current limiting network. The dynamic current limiting network can include two control loops, one control loop providing a fixed gate voltage to a p-type transistor supplying current to the isolated supply and another control loop providing a fixed gate voltage to an n-type transistor sinking current from the isolated supply.

The present disclosure is directed to systems and methods for mitigating or eliminating the effectiveness of a side channel attack, such as a Meltdown or Spectre type attack by selectively introducing a variable, but controlled, quantity of uncertainty into the externally accessible system parameters visible and useful to the attacker. The systems and methods described herein provide perturbation circuitry that includes perturbation selector circuitry and perturbation block circuitry. The perturbation selector circuitry detects a potential attack by monitoring the performance/timing data generated by the processor. Upon detecting an attack, the perturbation selector circuitry determines a variable quantity of uncertainty to introduce to the externally accessible system data. The perturbation block circuitry adds the determined uncertainty into the externally accessible system data. The added uncertainty may be based on the frequency or interval of the event occurrences indicative of an attack.

A method of protecting a Rijndael-type algorithm executed by an electronic circuit against side channel attacks, wherein: each block of data to be encrypted or decrypted is masked with a first mask before applying a non-linear block substitution operation from a first substitution box, and is then unmasked by a second mask after the substitution; the substitution box is recalculated, block by block, before applying the non-linear operation, the processing order of the blocks of the substitution box being submitted to a random permutation; and the recalculation of the substitution box uses the second mask as well as third and fourth masks, the sum of the third and fourth masks being equal to the first mask.

A system detects a covert timing channel on a combinational structure or a memory structure. The system identifies the events behind conflicts, and constructs an event train based on those events. For combinational structures, the system detects recurrent burst patterns in the event train. The system determines that a covert timing channel exists on the combinational structure if a recurrent burst pattern is detected. For memory structures, the system detects oscillatory patterns in the event train. The system determines that a covert timing channel exists on the memory structure if an oscillatory pattern is detected.

Various embodiments are generally directed to techniques to power encryption circuitry, such as with a power converter, for instance. Some embodiments are particularly directed to a power converter that utilizes one or more capacitors to power encryption circuitry while masking the power signature of the encryption circuitry. In one or more embodiments, for example, a power converter may charge a capacitor with a power source of a computing platform, and then power encryption circuitry with the capacitor to perform a first portion of an encryption operation. In one or more such embodiments, the power converter may recharge the capacitor with the power source after completion of the first portion of the encryption operation, and perform a second portion of the encryption operation.

A method includes performing a cryptographic operation using a processing device. The performing the cryptographic operation includes protecting the performing of the cryptographic operation against side channel attacks by selecting a value amongst two values based on a selection bit. Selecting the value includes concatenating the two values in a register, generating a concatenated word including the two values in two distinct portions of the concatenated word in the register. The concatenated word is rotated according to the value of the selection bit to position the selected value in a determined portion of the concatenated word in the register amongst said two portions. The unselected value in the concatenated word is suppressed. One or more processing operations is performed based on a result of the cryptographic operation.

The embodiments of the present disclosure relate generally to systems and methods for obfuscating the operation of a device, in particular, timing and power consumption information.

Apparatus and method for enacting data security in a cryptographic processing system, such as a data storage device. In some embodiments, a timer circuit is initiated to denote an elapsed time interval of predetermined duration responsive to a function call by an initiator circuit to perform a selected cryptographic function upon input data. The selected cryptographic function is executed to generate output data which are temporarily stored in a memory location during a waiting period prior to a conclusion of the elapsed time interval. Additional functions may be performed during the waiting period. A notification from the timer circuit is received at the conclusion of the elapsed time interval, and the output data are transferred from the memory to the initiator circuit. In this way, a timing attack may be defended against by configuring the selected cryptographic function to have the same overall execution time for different input data sets.

Techniques and apparatuses for detecting and preventing memory attacks are described. In one embodiment, for example, an apparatus may include at least one memory comprising a shared memory and a system memory, logic, at least a portion of the logic comprised in hardware coupled to the at least one shared memory, the logic to implement a memory monitor to determine a memory attack by an attacker application against a victim application using the shared memory, and prevent the memory attack, the memory monitor to determine that victim data is being reloaded into the shared memory from the system memory, store the victim data in a monitor memory, flush shared memory data stored in the shared memory, and write the victim data to the shared memory. Other embodiments are described and claimed.