Embodiments relate to systems, devices, and computer-implemented methods for preventing determination of previous access of sensitive content by receiving, from a user, a request for content at a device in an information centric network, where a cached version of the content is locally stored at the device; initiating a time delay based on a determination that the user has not previously requested the content; and transmitting the cached version of the content to the user after the time delay.

A multivariate signature method for resisting key recovery attack, which establishes a new signature verification condition by adding additional value of signature. The verification condition implies verification of internal information x and y, thereby effectively resisting key recovery attack generated by the existence of equivalence key. Specifically, the method includes the three stages of data preprocessing, signature generation and signature verification. The invention is a signature authentication method based on polynomial equations of a plurality of variables in a finite field, which can effectively resist the key recovery attack, provide the basic technical support for the information security and the establishment of the trust system in the quantum computer era, and provide a secure digital signature option in the quantum era. The present invention is especially suitable for use under application condition which has limited storage and processing time, such as smart cards, wireless sensor networks and dynamic RFID tags.

A method for providing timing security in a time sensitive network (TSN), includes monitoring TSN times in timing synchronization packets exchanged between TSN network nodes. The method further includes monitoring TSN timing values calculated by TSN network nodes. The method further includes determining, using TSN times and TSN timing values, whether a timing attack is indicated. The method further includes, in response to determining that a timing attack is indicated, performing a timing attack effects mitigation action.

A communication device is provided, comprising: an ultra-wideband device configured to establish a communication session with an external communication device; a secure element configured to generate a session key for use in said communication session and an authentication key derived from said session key; a processing unit configured to execute an application; wherein the secure element is further configured to transfer the session key and the authentication key to the UWB device; wherein the UWB device is configured to add, upon or after receiving data for use by said application, a cryptographic tag to said data; wherein the processing unit is configured to receive said data and the cryptographic tag, and to forward said data and cryptographic tag to the secure element; wherein the secure element is configured to verify said cryptographic tag and to return, upon or after a positive verification of the cryptographic tag, a signed confirmation.

AMD's Secure Encrypted Virtualization (SEV) is a hardware extension available in AMD's EPYC™ server processors to support confidential cloud computing. Although known attacks against SEV, which exploit its lack of encryption in the virtual machine (VM) control block or the lack of integrity protection of the encrypted memory and nested page tables, have been addressed in subsequent releases of SEV-Encrypted State (SEV-ES) and SEV-Secure Nested Paging (SEV-SNP), a new CipherLeaks attack presents a previously unexplored vulnerability for SEV-ES and SEV-SNP. The attack allows a privileged adversary to infer a guest VM's execution states or recover certain plaintext, e.g., to steal private keys from the constant-time implementation of the Rivest-Shamir-Adleman (RSA) algorithm and the Elliptic Curve Digital Signature Algorithm (ECDSA) in the latest OpenSSL library.

Embodiments protect against memory-based side-channel attacks by efficiently shuffling data. In an example implementation, in response to a data access request by an encryption methodology regarding a first data element from amongst a plurality of data elements stored in memory, a storage address of a second data element of the plurality is determined. This storage address is determined using (i) an address of the first data element in the memory, (ii) a permutation function, and (iii) a random number. In turn, the first data element is stored at the determined storage address of the second data element and the second data element is stored at the address of the first data element. In this way, embodiments protect encryption methodologies from memory-based side-channel attacks.

Resistance to vulnerabilities from timing-based side-channel attacks on 5G network slices that share underlying physical infrastructure and resources may be enhanced by selectively imposing time-based constraints on service provisioning and data handling to obscure data-driven time variations that occur during workload execution in a slice that can leak secret information. By preventing timing leakage from the 5G network slices, an attacker cannot observe execution latencies to thereby infer the constituency of workload characteristics. In addition, the attacker cannot create contention for shared resources on its own slice to observe an extent to which the shared resources are utilized by a targeted slice.

There is provided a method of communication between functional blocks in a system-on-chip. The method includes: exchanging a respective public key between a first functional block and a second functional block in the system-on-chip (SoC) for a communication therebetween, the first functional block being a transmitter of the communication and the second function block being a receiver of the communication; generating, at the first functional block, a first code based on the public key of the second functional block; generating, at the second functional block, a second code based on the public key of the first functional block; obfuscating, at the first functional block, an address associated with the communication based on the first code to produce an obfuscated address; transmitting, at the first functional block, the obfuscated address to the second functional block via an interconnect communication infrastructure in the system-on-chip; receiving, at the second functional block, the obfuscated address from the first functional block via the interconnect communication infrastructure; and deobfuscating, at the second functional block, the obfuscated address received based on the second code to produce a deobfuscated address associated with the communication. There is also provided a corresponding system-on-chip.

Systems, methods, and devices are disclosed for preventing relay attacks. A user device may receive (e.g., when proximate to the first access device), from an intervening device, device identification data for a first access device. A message may be received from a second access device via the intervening device. The message may include a digital signature generated based at least in part on second access device identification data. The user device may validate the message utilizing the digital signature and a public key. If the message is invalid, the user device may discard the message. If the message is valid, (e.g., unaltered), the user device may determine that the user has not confirmed an intent to interact with the second access device and may terminate an further interaction with the second access device accordingly.

Technology is generally described for improving resistance to cache timing attacks made on block cipher encryption implementations. In some examples, the technology can include identifying one or more tunable parameters of the block cipher encryption algorithm; creating multiple encryption algorithm implementations by varying one or more of the parameter values; causing a computing system to encrypt data using the implementations; measuring average execution times at the computing system for the implementations subjecting the implementations to a cache timing attack; measuring average execution times at the computing system for the implementations subjected to a cache timing attack; computing a time difference between the average execution times for the implementations when not subjected and when subjected to a cache timing attack; selecting an implementation having a lower time difference; and using the selected implementation for a subsequent encryption operation.