A new computational machine is invented, called a clock machine, that is a novel alternative to computing machines (digital computers) based on logic gates. In an embodiment, computation is performed with one or more clock machines that use time. In an embodiment, a cryptographic cipher is implemented with random clock machines, constructed from a non-deterministic process, wherein the compiled set of instructions (i.e., the implementation of the cryptographic procedure) is distinct on each device or chip that executes the cryptographic cipher. In an embodiment, by using a different set of clock machines to execute two different instances of the same cryptographic procedure, each execution of a procedure looks different to malware that may try to infect and subvert the cryptographic procedure. This cryptographic process also makes timing attacks more challenging. In an embodiment, a detailed implementation of the Midori cipher with random clock machines is described.

Embodiments protect against memory-based side-channel attacks by efficiently shuffling data. In an example implementation, in response to a data access request by an encryption methodology regarding a first data element from amongst a plurality of data elements stored in memory, a storage address of a second data element of the plurality is determined. This storage address is determined using (i) an address of the first data element in the memory, (ii) a permutation function, and (iii) a random number. In turn, the first data element is stored at the determined storage address of the second data element and the second data element is stored at the address of the first data element. In this way, embodiments protect encryption methodologies from memory-based side-channel attacks.

A floating core network for secure isolation of a circuit from an external supply interface is described. Isolation of a core is accomplished through a dynamic current limiting network providing an isolated core voltage to the core; and an isolated supply for the corresponding core that is continuously recharged by the dynamic current limiting network. The dynamic current limiting network can include two control loops, one control loop providing a fixed gate voltage to a p-type transistor supplying current to the isolated supply and another control loop providing a fixed gate voltage to an n-type transistor sinking current from the isolated supply.

A cryptographic calculation includes obtaining a point P(X,Y) from a parameter t on an elliptical curve Y.sup.2=f(X); and from polynomials X1(t), X2(t), X3(t) and U(t) satisfying: f(X1(t)).Math.f(X2(t)).Math.f(X3(t))=U(t).sup.2 in Fq, with q=3 mod 4. Firstly a value of the parameter t is obtained. Next, the point P is determined by: (i) calculating X1=X1(t), X2=X2(t), X3=X3(t) and U=U(t); (ii) if the term f(X1).Math.f(X2) is a square, then testing whether the term f(X3) is a square in Fq and if so calculating the square root of f(X3) in order to obtain the point P(X3); (iii) otherwise, testing whether the term f(X1) is a square and, if so, calculating the square root of f(X1) in order to obtain the point P(X1); (iv) otherwise, calculating the square root of f(X2) in order to obtain the point P(X2). This point P is useful in a cryptographic application.

A cryptographic calculation includes obtaining a point P(X,Y) from a parameter t on an elliptical curve Y.sup.2=f(X) and from polynomials satisfying: f(X.sub.1(t)).Math.f(X.sub.2(t))=U(t).sup.2 in the finite body Fq, irrespective of the parameter t, q=3 mod 4. A value of the parameter t is obtained and the point P is determined by: (i) calculating X.sub.1=X.sub.1(t), X.sub.2=X.sub.2(t) and U=U(t); (ii) testing whether the term f(X1) is a squared term in the finite body Fq and, if so, calculating the square root of the term f(X1), the point P having X.sub.1 as abscissa and Y.sub.1, the square root of the term f(X.sub.1), as ordinate; (iii) otherwise, calculating the square root of the term f(X.sub.2), the point P having X.sub.2, as abscissa and Y.sub.2, the square root of the term f(X.sub.2), as ordinate. The point P is useful in encryption, scrambling, signature, authentication or identification cryptographic applications.

A cryptographic calculation includes obtaining a point P(X,Y) from a parameter t on an elliptical curve Y.sup.2=f(X); and from polynomials X1(t), X2(t), X3(t) and U(t) satisfying: f(X1(t)).Math.f(X2(t)).Math.f(X3(t))=U(t).sup.2 in Fq, with q=3 mod 4. Firstly a value of the parameter t is obtained. Next, the point P is determined by: (i) calculating X1=X1(t), X2=X2(t), X3=X3(t) and U=U(t); (ii) if the term f(X1).Math.f(X2) is a square, then testing whether the term f(X3) is a square in Fq and if so calculating the square root of f(X3) in order to obtain the point P(X3); (iii) otherwise, testing whether the term f(X1) is a square and, if so, calculating the square root of f(X1) in order to obtain the point P(X1); (iv) otherwise, calculating the square root of f(X2) in order to obtain the point P(X2). This point P is useful in a cryptographic application.

A system detects a covert timing channel on a combinational structure or a memory structure. The system identifies the events behind conflicts, and constructs an event train based on those events. For combinational structures, the system detects recurrent burst patterns in the event train. The system determines that a covert timing channel exists on the combinational structure if a recurrent burst pattern is detected. For memory structures, the system detects oscillatory patterns in the event train. The system determines that a covert timing channel exists on the memory structure if an oscillatory pattern is detected.

Methods and apparatus are provided for improving resilience to forward clock attacks. A token generates a passcode from a user authentication token for presentation to an authentication server by detecting a forward clock attack; and communicating an indication of the forward clock attack to the authentication server. The generation of the user authentication passcodes is optionally suspended upon detecting the forward clock attack. The detection may be based on a comparison of a current device time of the token and a last used device time during a generation of a user authentication passcode.

A method, an apparatus, and a computer program product for wireless communication are provided. The apparatus may be used for detecting an incorrect clock frequency. In one example, the apparatus includes a first circuit configured to compare a clock signal period to a delay period. Additionally, in one example, the apparatus includes a second circuit configured to output a first signal. The period of the first signal may be double the clock signal period when the clock signal period is greater than the delay period. The apparatus may, in one example, also include a third circuit configured to output a second signal. The period of the second signal may be greater than double the clock signal period when the clock signal period is greater than the delay period.

A method, an apparatus, and a computer program product for wireless communication are provided. The apparatus may be used for detecting an incorrect clock frequency. In one example, the apparatus includes a first circuit configured to compare a clock signal period to a delay period. Additionally, in one example, the apparatus includes a second circuit configured to output a first signal. The period of the first signal may be double the clock signal period when the clock signal period is greater than the delay period. The apparatus may, in one example, also include a third circuit configured to output a second signal. The period of the second signal may be greater than double the clock signal period when the clock signal period is greater than the delay period.