A processing system configured to execute one or more processing operations, the execution of the one or more processing operations involving the evaluation of at least one Boolean function. The processing system includes an evaluation device configured to evaluate each Boolean function ƒ defined from 2n over 2, in a variable x of length n over 2n. The evaluation device includes: a differential calculation unit configured to calculate differentials Δƒ(y)=ƒ(y)⊕ƒ(y−1) for each integer intermediary variable y ranging from 1 to 2n−1; an accumulation unit configured to sum, using the XOR operator, the product of the differential Δƒ(y) and cn2n−y(x) for each value of y ranging from 1 to 2n−1, according to the following XOR accumulation term ⊕y=12n−1(Δƒ(y))cn2n−y(x), where cnz(x) is the function associating x to the outbound carry of arithmetic summation x+z; a XOR adder configured to add ƒ(0) to the result of the accumulation unit, wherein the output of the XOR adder provides the result of the evaluation of the Boolean function ƒ.
G06F 17/13 - Opérations mathématiques complexes pour la résolution d'équations d'équations différentielles
H03K 19/20 - Circuits logiques, c.-à-d. ayant au moins deux entrées agissant sur une sortieCircuits d'inversion caractérisés par la fonction logique, p. ex. circuits ET, OU, NI, NON
H03K 19/21 - Circuits OU EXCLUSIF, c.-à-d. donnant un signal de sortie si un signal n'existe qu'à une seule entréeCircuits à COÏNCIDENCES, c.-à-d. ne donnant un signal de sortie que si tous les signaux d'entrée sont identiques
2.
PROCESSING SYSTEM AND METHOD USING A TWEAKABLE CODE-BASED MASKING
A processing system executes a processing function in response to receipt of an input information word including information symbols, including a protection device to protect execution of the processing function using a tweakable code-based masking, and a processing unit to execute the processing function, by decomposing its execution into basis operations including elementary operations including at least a component-wise multiplication operation. The processing unit includes a multiplier. The protection device determines an encoding matrix A from an information code and a masking code, being linear codes and determined randomly, the processing device including an encoder to encode the input information word, and each operand of an elementary operation, prior to execution using encoding matrix A. The multiplication operation performed by multiplier is masked using the pseudo-inverse matrix A−1 of the encoding matrix A, and a pseudo-inverse transpose matrix A−T of the encoding matrix A, such that (AT)−1=(A−1)T.
An architecture configured for providing a compression function from within a hash function, including a message input, configured for receiving a message block from a set of message blocks; a hash output, configured for outputting a final state which represents the hash value of the set of message blocks; a compression block for processing blocks of data from the set of message blocks and gradually condensing them into a fixed-size hash value; wherein the architecture is further configured for temporary storing the compressed value between calls of the compression function.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
4.
ADAPTIVE CONTROL SYSTEM OF A CONFIGURABLE STRONG PUF SOURCE
An adaptive control system of a configurable strong PUF source configured to deliver a self-enrollment status, a key (K) and a key rebuilding status, including an adaptive PUF control unit configured to: receive information of entropy of at least one key, reliability of the at least one key and PUF index representative of one of the at least one key; challenge and configure the strong PUF source; and receive a quantized non-binary response in feedback of the strong PUF source; a PUF control logic finite state machine configured to drive the adaptive control unit, configured to: receive a PUF mode operation to execute, first self-enrollment, then key rebuilding; access to data representative of one-time programmable policy; write and read data of a data RAM; write and read a one-time programmable data.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Scientific apparatus and instruments; nautical apparatus and
instruments; surveying apparatus and instruments;
photographic apparatus and instruments; cinematographic
cameras; optical apparatus and instruments; weighing
apparatus and instruments; measuring apparatus and
instruments; signaling apparatus and instruments; checking
(monitoring) apparatus and instruments; teaching apparatus
and instruments; sound recording apparatus; apparatus for
sound transmission; apparatus for sound reproduction; image
recording equipment; image transmission apparatus; image
reproduction apparatus; compact discs (CDs); DVDs; digital
recording media; mechanisms for coin-operated apparatus;
cash registers; calculating machines; data processing
equipment; computers; tablet computers; smartphones;
electronic book readers; game software; software (recorded
programs); computer peripherals; detectors; electric wires;
electric relays; diving suits; divers' suits; diving gloves;
diving masks; clothing for protection against accidents,
irradiation and fire; protection devices for personal use
against accidents; fire extinguishers; spectacles (optics);
3D spectacles; eyewear; spectacle cases; integrated circuit
cards [smart cards]; bags adapted for laptops; smart
watches; electric batteries; diagnostic apparatus, not for
medical use. Technical evaluations concerning design (engineers'
services); scientific research; technical research; design
of computers for third parties; computer development;
software design; software development; research and
development of new products for third parties; technical
project study services; architecture; design of interior
decor; software development (design); software installation;
software maintenance; updating of software; software rental;
programming for computers; computer system analysis;
computer system design; consultancy in the design and
development of computers; digitization of documents;
Software as a Service (SaaS); cloud computing; advice
regarding information technology; server hosting; motor
vehicle roadworthiness testing; graphic arts design
services; styling (industrial design); authentication of
works of art; energy auditing; electronic data storage.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Scientific apparatus and instruments; nautical apparatus and instruments; surveying apparatus and instruments; photographic apparatus and instruments; cinematographic cameras; optical apparatus and instruments; weighing apparatus and instruments; measuring apparatus and instruments; signaling apparatus and instruments; checking (monitoring) apparatus and instruments; teaching apparatus and instruments; sound recording apparatus; apparatus for sound transmission; apparatus for sound reproduction; image recording equipment; image transmission apparatus; image reproduction apparatus; compact discs (CDs); DVDs; digital recording media; mechanisms for coin-operated apparatus; cash registers; calculating machines; data processing equipment; computers; tablet computers; smartphones; electronic book readers; game software; software (recorded programs); computer peripherals; detectors; electric wires; electric relays; diving suits; divers' suits; diving gloves; diving masks; clothing for protection against accidents, irradiation and fire; protection devices for personal use against accidents; fire extinguishers; spectacles (optics); 3D spectacles; eyewear; spectacle cases; integrated circuit cards [smart cards]; bags adapted for laptops; smart watches; electric batteries; diagnostic apparatus, not for medical use. Technical evaluations concerning design (engineers' services); scientific research; technical research; design of computers for third parties; computer development; software design; software development; research and development of new products for third parties; technical project study services; architecture; design of interior decor; software development (design); software installation; software maintenance; updating of software; software rental; programming for computers; computer system analysis; computer system design; consultancy in the design and development of computers; digitization of documents; Software as a Service (SaaS); cloud computing; advice regarding information technology; server hosting; motor vehicle roadworthiness testing; graphic arts design services; styling (industrial design); authentication of works of art; energy auditing; electronic data storage.
7.
METHOD AND SYSTEM FOR PROTECTING CRYPTOGRAPHIC OPERATIONS AGAINST SIDE-CHANNEL ATTACKS
A cryptographic system for executing operations of a cryptographic scheme applied to encrypt a data block is provided. The cryptographic system comprises a first sharing processing unit configured to execute an arithmetic sharing function applied to the data block and providing as an output a first and a second arithmetic share component. The cryptographic system further comprises a second sharing processing unit and a computation processing unit. The second sharing processing unit is configured to determine a random component and to execute a Boolean sharing function applied to the first arithmetic share component and to the random component and providing as an output an intermediate Boolean share component. The computation processing unit is configured to execute a recursive carry computation function configured to compute a first, a second and a third Boolean share component from the second arithmetic share component, the random component and the intermediate Boolean share component.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 11/28 - Détection d'erreursCorrection d'erreursContrôle de fonctionnement en vérifiant que l'ordre du traitement est correct
G06F 11/36 - Prévention d'erreurs par analyse, par débogage ou par test de logiciel
G06F 13/28 - Gestion de demandes d'interconnexion ou de transfert pour l'accès au bus d'entrée/sortie utilisant le transfert par rafale, p. ex. acces direct à la mémoire, vol de cycle
G06F 21/54 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Embodiments provide a memory device including a memory comprising at least one chip, each chip comprising one or more banks for storing a plurality of bits, each bank comprising a set of rows and columns, each row and column comprising a number of bits, the device further comprising a controller configured to generate access commands to the memory, an access command identifying an address corresponding to a given row of the memory and a command operation to be performed on the given row, wherein the device further comprises a protection device. The protection device is configured to transform an address, in response to the receipt of an access command identifying the address, into a transformed address. The protection device uses an address storage data structure, such as a histogram, to store the transformed address depending on a frequency of access associated with the address, the address storage data structure being reset in response to a memory protection operation (refresh for example) performed in the memory device. The protection device further comprises an access frequency manager configured to determine whether the access frequency associated with an address maintained in the address storage data structure is greater or equal to a threshold, and if so trigger a memory protection operation in the memory from within the memory.
Embodiments provide a device for testing a bit sequence generated by a Random Number Generator, wherein the device is configured to apply one or more statistical tests to the bit sequence, in response the detection of N bits generated by the Random number generator, each statistical test providing at least one sum value derived from the bits of the sequence, the testing device comprising: a comparator for comparing at least one test parameter related to each statistical test to one or more thresholds; a validation unit configured to determine if the bit sequence is valid depending on the comparison made by the comparator for each statistical test; wherein at least one of the test parameter and the at least one threshold is determined from N and from a target error probability.
A circuit for monitoring a circuit payload, includes a plurality of sensors distributed in the circuit, next to the predefined circuit payload; one or more memory units associated with the one or more sensors configured to store sensors' measures made by the one or more associated sensors, every p clock cycles; wherein the circuit is configured to read the sensors' measures stored in at least some of the memory units. Embodiments comprise the use of digital sensors, or analogical sensors coupled with digital converters; the use of FIFO type memory units, adjustments of the depths of the memory units; the use of Finite State Machines configured to cause the circuit to receive sensors' measures; the use of data obfuscation and/or reduction modules; the use of a signature circuit, the use of circuits configured to determine one or more attacks from the sensors' measures.
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/76 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits intégrés à application spécifique [ASIC] ou les dispositifs programmables, p. ex. les réseaux de portes programmables [FPGA] ou les circuits logiques programmables [PLD]
12.
Methods and devices for secured identity-based encryption systems with two trusted centers
A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the identity-based cryptosystem includes a transmitter trusted center connected to the transmitter device and a receiver trusted center connected to the receiver device. The transmitter device is configured to: receive, from the transmitter trusted center, two public authentication keys; check if a set of conditions related to a transmitter trusted center public key, to a receiver trusted center public key, and to a transmitter authentication key comprised in the two public authentication keys are satisfied; determine a ciphertext set comprising an encrypted message if the set of conditions are satisfied; send the ciphertext set to the receiver device.
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
13.
Devices and methods for the detection and localization of fault injection attacks
A device for detecting perturbation attacks performed on a digital circuit is provided. The device comprises: a first metallic layer and a second metallic layer arranged on the digital circuit, the first metal layer comprising a plurality of signal transmission lines routed horizontally, the second metal layer comprising a plurality of signal transmission lines routed vertically, the device comprising one or more transmitter buffers and one or more receiver buffers, a transmitter buffer and a receiver buffer being connected by each signal transmission line; a random number generator configured to generate random signal values; the device further comprising a transmitter manager connected to one or more transmitter buffers and a receiver manager connected to one or more receiver buffers, wherein: the transmitter manager is configured to transmit random signal values generated by the random number generator over the signal transmission lines of the first metallic layer and the second metallic layer, the receiver manager is configured to receive random signal values from the transmitter manager through the one or more receiver buffers connected to the receiver manager, measure a transmission time corresponding to a time of transmission of the received random signal values, and compare the transmission time to a predefined timing interval to detect perturbation attacks.
A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the transmitter device being associated with a transmitter identifier. The transmitter device is configured to receive a transmitter partial private key from a trusted center, the transmitter device being configured to: send a request for two public session keys to the receiver device; receive from the receiver device a first ciphertext set, the first ciphertext set being derived from an encryption and authentication of two public session keys; decrypt and authenticate the two public session keys from the first ciphertext set using a receiver identifier and the transmitter partial private key; determine a second ciphertext set from the transmitter partial private key, from the receiver identifier, and from the two public session keys, the second ciphertext comprising an encrypted message; send the second ciphertext set to the receiver device.
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
15.
Methods and devices for secure secret key generation
i), and a key generator configured to combine the at least one part of static data and the at least one part of dynamic data, and to determine the one or more cryptographic keys by applying a cryptographic function to the combined data.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
16.
Devices and methods for protecting cryptographic programs
There is provided a device for protecting a cryptographic program implemented in a cryptographic computing device, the cryptographic computing device includes one or more processors, the cryptographic program comprising instructions and being associated with an initial execution order of the instructions. The device comprises a compiler to compile the cryptographic program, which provides an intermediate representation of the cryptographic program comprising instructions and variables used to execute the instructions. The device is configured to: determine a graph of dependencies comprising nodes and edges, each node of the graph representing an instruction of the intermediary representation, and each edge of the graph representing a variable of the intermediary representation; mask the graph of dependencies by replacing each variable of the graph of dependencies with a masked variable, the processing unit determining the masked variable by applying a masking scheme to the variable, which provides a masked graph of dependencies; determine at least a set of independent instructions using the masked graph of dependencies; determine an execution order for each set of independent instructions from the initial execution order, the execution order representing the order of execution of the set of independent instructions by at least one of the one or more processors.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
Countermeasures against fault injection attacks of a cryptographic integrated circuit, and more specifically laser fault injection attacks are provided. The invention consists in generating sequences of bits belonging to a set of allowed sequences, and storing these sequences on a set of Flip-Flops. Then the sequences stored on the Flip-Flops are checked and, if they do not belong to the allowed sequence, this is the sign that a fault injection attack occurred and caused a bit flip in one of the flip-flops. An alarm signal is then generated.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
G06F 11/10 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p. ex. en utilisant des codes de contrôle en ajoutant des chiffres binaires ou des symboles particuliers aux données exprimées suivant un code, p. ex. contrôle de parité, exclusion des 9 ou des 11
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
G06F 21/77 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les cartes à puce intelligentes
A System on Chip includes at least two hardware masters, a security circuit, and a communication infrastructure for communication between the hardware masters and the security circuit, the communication infrastructure being based on a given interface communication protocol. Each hardware master is configured to send a request to the security circuit for execution of the request by the security circuit through the communication infrastructure, each request comprising at least one service identifier identifying a service. The security circuit may comprise a Secure Mailbox comprising a filter configured to filter the requests received from the hardware masters, the filter being configured to determine at least one indicator bit, in response to the receipt of a request from a hardware master, using at least a part of an identifier associated with the master, the indicator bit indicating whether the master is allowed access to the Security circuit, the identifier being an hardware identifier received with the request through the communication protocol, the filter filtering the requests based on the bit indicators determined for each request. The security circuit is further configured to execute the filtered requests.
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p. ex. les dispositifs connectés à un bus ou les dispositifs en ligne
A block cipher encryption device for encrypting a data unit plaintext into blocks of ciphertexts, the data unit plaintext being assigned a tweak value and being divided into one or more plaintext blocks. The block cipher encryption device comprises: a combinatorial function unit associated with each plaintext block, the combinatorial function unit being configured to determine a tweak block value by applying a combinatorial function between a value derived from the tweak value and a function of a block index assigned to the plaintext block, a first masking unit in association with each plaintext block, the first masking unit being configured to determine a masked value by applying a data masking algorithm to the tweak block value determined by the combinatorial function unit associated with the plaintext block.
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
20.
Connected synthetic physically unclonable function
There is disclosed a Connected Synthetic Physically Unclonable Function (acronym CSPUF) made of a circuit configured to receive signals of one or more sensors and/or actuators in/of a computer device; determine one or more statistical properties of the noise distribution of the selected one or more of the sensors and/or actuators; receive data IN from one or more external data sources; determine one or more digital signatures (responses) from the statistical properties and the selected external data. In one embodiment, along a response R when challenged by a challenge C, the circuit is configured to receive data IN and/or to communicate data OUT from one or more external data sources. Developments describe uses and advantages of data IN and data OUT channels, e.g. static or dynamic calibration, options to disable the circuit. Other embodiments consider variants of interconnections of two CSPUF circuits, providing “self-cycled”, “iterative”, “cascaded” and other “blockchain” arrangements.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H03K 19/003 - Modifications pour accroître la fiabilité
21.
Methods and devices for hardware characterization of computing devices
A machine characterization device for determining one or more machine characterization parameters of a computing device depending on a machine signature determined from sets of timing measurements associated with at least one machine characterization instruction executed by one or more processors comprised in the computing device using at least two machine configurations. A machine configuration comprises a sequence of two or more machine configuration instructions defining an order of execution of one or more instructions by the one or more processors.
A device of executing a cryptographic operation on bit vectors, the execution of the cryptographic operation includes the execution of at least one arithmetic addition operation between a first operand and a second operand. Each operand comprises a set of components, each component corresponding to a given bit position of the operand. The device comprises a set of elementary adders, each elementary adder being associated with a given bit position of the operands and being configured to perform a bitwise addition between a component of the first operand at the given bit position and the corresponding component of the second operand at the given bit position using the carry generated by the computation performed by the elementary adder corresponding to the previous bit position. Each elementary adder has a sum output corresponding to the bitwise addition and a carry output, the result of the arithmetic addition operation being derived from the sum outputs provided by each elementary adder. The device is configured to apply a mask to each operand component input of at least some of the elementary adders using a masking logical operation, the mask being a random number.
G06F 7/501 - Semi-additionneurs ou additionneurs complets, c.-à-d. cellules élémentaires d'addition pour une position
G06F 7/76 - Dispositions pour le réagencement, la permutation ou la sélection de données selon des règles prédéterminées, indépendamment du contenu des données
G06F 7/508 - AdditionSoustraction en mode parallèle binaire, c.-à-d. ayant un circuit de maniement de chiffre différent pour chaque position avec génération simultanée de retenue pour plusieurs étages ou propagation simultanée de retenue sur plusieurs étages utilisant des circuits à retenue anticipée
There is provided a device of protecting an Integrated Circuit from perturbation attacks. The device includes a sensing unit configured to detect a perturbation attack, the sensing unit comprising a set of digital sensors comprising at least two sensors, the sensors being arranged in parallel. Each digital sensor provides a digitized bit output having a binary value, in response to input data, the sensing unit being configured to deliver at least one binary vector comprising a multi-bit value, the multi-bit value comprising at least two bit outputs provided by the set of digital sensors. The sensing device further comprising an analysis unit, the analysis unit being configured to receive at least one binary vector provided by the sensing unit, the analysis unit being configured to detect a perturbation attack from the at least one binary vector.
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
b in each starting group, at least one of the additional auxiliary base and of the additional scalar being derived from the result of the first elementary operation.
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
A circuit includes a cipher accessing a plurality of read-write memory units configured to handle data tables obtained from a modified mask; wherein the modified mask is being determined from an initial mask and a random value, the random value selecting one or more modifications of the initial mask amongst a plurality of predefined modifications including permutation operations. Developments of the invention describe the use of mathematically optimal or equivalent masks; the use of random values; a range of permutation operations comprising offset shifting and/or rotation and/or XOR operations and/or coprime construction; the use of round masks; the use of a Physically Unclonable Function; the refresh or update of modified masks and/or round masks; and verifications of the optimality and/or integrity of masks. System features (e.g. CPU, co-processor, local and/or remotely accessed external memory storing masks, volatile memory) and computer program products are described.
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Embodiments of the invention provide a memory device (100) comprising a memory (1) comprising at least one chip (2), each chip (2) comprising one or more banks (10) for storing a plurality of bits, each bank (10) comprising a set of rows (13) and columns (14), each row and column comprising a number of bits, the device further comprising a controller (102) configured to generate access commands to the memory(1), an access command identifying an address corresponding to a given row of the memory (1) and a command operation to be performed on said given row, wherein the device further comprises a protection device. The protection device (3) is configured to transform an address, in response to the receipt of an access command identifying said address, into a transformed address. The protection device (3) uses an address storage data structure (30), such as a histogram, to store the transformed address depending on a frequency of access associated with the address, the address storage data structure being reset in response to a memory protection operation (refresh for example) performed in the memory device. The protection device (3) further comprises an access frequency manager (32) configured to determine whether the access frequency associated with an address maintained in the address storage data structure is greater or equal to a threshold, and if so trigger a memory protection operation in the memory (1) from within the memory.
G11C 7/24 - Circuits de protection ou de sécurité pour cellules de mémoire, p. ex. dispositions pour empêcher la lecture ou l'écriture par inadvertanceCellules d'étatCellules de test
G11C 8/20 - Circuits de sécurité ou de protection d'adresse, c.-à-d. dispositions pour empêcher un accès non autorisé ou accidentel
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 13/16 - Gestion de demandes d'interconnexion ou de transfert pour l'accès au bus de mémoire
G11C 11/406 - Organisation ou commande des cycles de rafraîchissement ou de régénération de la charge
Embodiments of the invention provide a device (100) for testing a bit sequence generated by a Random Number Generator (11), wherein the device is configured to apply one or more statistical tests (103) to the bit sequence, in response the detection of N bits generated by the Random number generator (11), each statistical test providing at least one sum value derived from the bits of the sequence, the testing device comprising: - a comparator for comparing at least one test parameter related to each statistical test to one or more thresholds; - a validation unit (105) configured to determine if the bit sequence is valid depending on the comparison made by the comparator for each statistical test; wherein at least one of the test parameter and the at least one threshold is determined from N and from a target error probability.
A device for detecting perturbation attacks performed on a digital circuit (1). The device comprises: - a first metallic layer (11) and a second metallic layer (13) arranged on the digital circuit (1), the first metal layer (11) comprising a plurality of signal transmission lines routed horizontally, the second metal layer (13) comprising a plurality of signal transmission lines routed vertically, the device comprising one or more transmitter buffers and one or more receiver buffers, a transmitter buffer and a receiver buffer being connected by each signal transmission line; - a random number generator (15) configured to generate random signal values; the device further comprising a transmitter manager (17) connected to one or more transmitter buffers and a receiver manager (19) connected to one or more receiver buffers, wherein: - the transmitter manager (17) is configured to transmit random signal values generated by the random number generator (15) over the signal transmission lines of the first metallic layer (11) and the second metallic layer (13), - the receiver manager (19) is configured to receive random signal values from the transmitter manager (17) through the one or more receiver buffers connected to the receiver manager (19), measure a transmission time corresponding to a time of transmission of the received random signal values, and compare the transmission time to a predefined timing interval to detect perturbation attacks.
A transmitter device (103) for sending an encrypted message to a receiver device (105) in an identity-based cryptosystem (100), the transmitter device (103) being associated with a transmitter identifier. The transmitter device (103) is configured to receive a transmitter partial private key from a trusted center (101), the transmitter device (103) being configured to: - send a request for two public session keys to the receiver device (105); - receive from the receiver device (105) a first ciphertext set, the first ciphertext set being derived from an encryption and authentication of two public session keys; - decrypt and authenticate the two public session keys from the first ciphertext set using a receiver identifier and the transmitter partial private key; - determine a second ciphertext set from the transmitter partial private key, from the receiver identifier, and from the two public session keys, the second ciphertext comprising an encrypted message; - send the second ciphertext set to the receiver device (105).
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
30.
METHODS AND DEVICES FOR SECURED IDENTITY-BASED ENCRYPTION SYSTEMS WITH TWO TRUSTED CENTERS
A transmitter device (103) for sending an encrypted message to a receiver device (105) in an identity-based cryptosystem (100), the identity-based cryptosystem (100) comprising a transmitter trusted center (101) connected to the transmitter device (103) and a receiver trusted center (102) connected to the receiver device (105). The transmitter device (103) is configured to: - receive, from the transmitter trusted center (101), two public authentication keys; - check if a set of conditions related to a transmitter trusted center public key, to a receiver trusted center public key, and to a transmitter authentication key comprised in the two public authentication keys are satisfied; - determine a ciphertext set comprising an encrypted message if the set of conditions are satisfied; - send the ciphertext set to the receiver device (105).
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
31.
CIRCUIT CONFIGURED TO MONITOR A SENSITIVE PAYLOAD FOR ATTACK DETECTION
Embodiments provides a circuit for monitoring a circuit payload, comprising: a plurality of sensors distributed in said circuit, next to the predefined circuit payload; one or more memory units associated with said one or more sensors configured to store sensors' measures made by said one or more associated sensors, every p clock cycles; wherein said circuit is configured to read the sensors' measures stored in at least some of the memory units. Embodiments comprise the use of digital sensors, or analogical sensors coupled with digital converters; the use of FIFO type memory units, adjustments of the depths of the memory units; the use of Finite State Machines configured to cause the circuit to receive sensors' measures; the use of data obfuscation and/or reduction modules; the use of a signature circuit, the use of circuits configured to determine one or more attacks from said sensors' measures.
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/76 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits intégrés à application spécifique [ASIC] ou les dispositifs programmables, p. ex. les réseaux de portes programmables [FPGA] ou les circuits logiques programmables [PLD]
32.
METHODS AND DEVICES FOR SECURE SECRET KEY GENERATION
There is provided a cryptographic key determination device (13) for determining one or more cryptographic keys in a cryptographic device (1), the cryptographic device (1) being configured to execute one or more test programs, the cryptographic device (1) comprising one or more components (11-i), each component (11-i) being configured to generate static and dynamic data, the dynamic data being generated in response to the execution of the one or more test programs, wherein the cryptographic key determination device (13) comprises: - a data extraction unit (131) configured to extract at least one part of the static data and at least one part of the dynamic data generated by the one or more components (11-i), and - a key generator (132) configured to combine the at least one part of static data and the at least one part of dynamic data, and to determine the one or more cryptographic keys by applying a cryptographic function to the combined data.
There is provided a device (13) for protecting a cryptographic program implemented in a cryptographic computing device (11), the cryptographic computing device (11) comprising one or more processors (111), the cryptographic program comprising instructions and being associated with an initial execution order of the instructions. The device (13) comprises a compiler (131) to compile the cryptographic program, which provides an intermediate representation of the cryptographic program comprising instructions and variables used to execute the instructions. The device (13) is configured to: - determine a graph of dependencies comprising nodes and edges, each node of the graph representing an instruction of the intermediary representation, and each edge of the graph representing a variable of the intermediary representation; - mask the graph of dependencies by replacing each variable of the graph of dependencies with a masked variable, the processing unit (133) determining the masked variable by applying a masking scheme to the variable, which provides a masked graph of dependencies; - determine at least a set of independent instructions using the masked graph of dependencies; - determine an execution order for each set of independent instructions from the initial execution order, the execution order representing the order of execution of the set of independent instructions by at least one of the one or more processors.
A circuit for a Synthetic Physically Unclonable Function, acronym SPUF, in a computer device, wherein the circuit is configured to receive data from a plurality of hardware sensors and/or actuators accessible in the computer device; to determine deviations in the data; to determine a multivariate distribution of the deviations and to determine an identifier from the multivariate distribution. In described developments, deviations comprise random errors, statistical moments in data originating from sensors and/or actuators amongst accessible ones in the computer device can be selected, and entropy can be maximized. Computer program product embodiments are described.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/44 - Authentification de programme ou de dispositif
There is disclosed a Connected Synthetic Physically Unclonable Function (acronym CSPUF) made of a circuit configured to receive signals of one or more sensors and/or actuators in/of a computer device; determine one or more statistical properties of the noise distribution of said selected one or more of said sensors and/or actuators; receive data IN from one or more external data sources; determine one or more digital signatures (responses) from said statistical properties and said selected external data. In one embodiment, along a response R when challenged by a challenge C, the circuit is configured to receive data IN and/or to communicate data OUT from one or more external data sources. Developments describe uses and advantages of data IN and data OUT channels, e.g. static or dynamic calibration, options to disable the circuit. Other embodiments consider variants of interconnections of two CSPUF circuits, providing "self-cycled", "iterative", "cascaded" and other "blockchain" arrangements.
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
36.
TWEAKABLE BLOCK CIPHERS FOR SECURE DATA ENCRYPTION
A block cipher encryption device for encrypting a data unit plaintext into blocks of ciphertexts, the data unit plaintext being assigned a tweak value and being divided into one or more plaintext blocks. The block cipher encryption device comprises: - a combinatorial function unit (82-j) associated with each plaintext block (Pj), the combinatorial function unit (82-j) being configured to determine a tweak block value (7)) by applying a combinatorial function between a value derived from the tweak value and a function of a block index assigned to the plaintext block, - a first masking unit (83-j) in association with each plaintext block (Py), the first masking unit (83-j) being configured to determine a masked value by applying a data masking algorithm to the tweak block value (7)) determined by the combinatorial function unit (82-y) associated with the plaintext block.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
37.
IMPROVED DETECTION OF LASER FAULT INJECTION ATTACKS ON CRYPTOGRAPHIC DEVICES
The invention relates to countermeasures against fault injection attacks of a cryptographic integrated circuit, and more specifically laser fault injection attacks. The invention consists in generating sequences of bits belonging to a set of allowed sequences, and storing these sequences on a set of Flip-Flops. Then the sequences stored on the Flip-Flops are checked and, if they do not belong to the allowed sequence, this is the sign that a fault injection attack occurred and caused a bit flip in one of the flip-flops. An alarm signal is then generated.
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
G06F 21/77 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les cartes à puce intelligentes
38.
METHODS AND DEVICES FOR HARDWARE CHARACTERIZATION OF COMPUTING DEVICES
A machine characterization device (13) for determining one or more machine characterization parameters of a computing device (11) depending on a machine signature determined from sets of timing measurements associated with at least one machine characterization instruction executed by one or more processors (111) comprised in the computing device (11) using at least two machine configurations. A machine configuration comprises a sequence of two or more machine configuration instructions defining an order of execution of one or more instructions by the one or more processors (111).
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/73 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par création ou détermination de l’identification de la machine, p. ex. numéros de série
There is provided a System on Chip comprising at least two hardware masters, a security circuit, and a communication infrastructure for communication between the hardware masters and the security circuit, the communication infrastructure being based on a given interface communication protocol. Each hardware master is configured to send a request to the security circuit for execution of the request by the security circuit through the communication infrastructure, each request comprising at least one service identifier identifying a service. The security circuit may comprise a Secure Mailbox comprising a filter configured to filter the requests received from the hardware masters, the filter being configured to determine at least one indicator bit, in response to the receipt of a request from a hardware master, using at least a part of an identifier associated with the master, the indicator bit indicating whether the master is allowed access to the Security circuit, the identifier being an hardware identifier received with the request through the communication protocol, the filter filtering the requests based on the bit indicators determined for each request. The security circuit is further configured to execute the filtered requests.
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p. ex. les dispositifs connectés à un bus ou les dispositifs en ligne
There is provided a device of protecting an Integrated Circuit from perturbation attacks. The device comprises a sensing unit (30) configured to detect a perturbation attack, the sensing unit comprising a set of digital sensors comprising at least two sensors, the sensors being arranged in parallel. Each digital sensor provides a digitized bit output having a binary value, in response to input data, the sensing unit being configured to deliver at least one binary vector comprising a multi-bit value, the multi-bit value comprising at least two bit outputs provided by the set of digital sensors. The sensing device (3) further comprising an analysis unit (31), the analysis unit being configured to receive at least one binary vector provided by the sensing unit (30), the analysis unit being configured to detect a perturbation attack from the at least one binary vector.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
H01L 23/00 - Détails de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide
G01R 31/28 - Test de circuits électroniques, p. ex. à l'aide d'un traceur de signaux
There is provided a device of executing a cryptographic operation on bit vectors, the execution of the cryptographic operation comprising the execution of at least one arithmetic addition operation between a first operand and a second operand. Each operand comprises a set of components, each component corresponding to a given bit position of the operand. The device comprises a set of elementary adders (10), each elementary adder being associated with a given bit position of the operands and being configured to perform a bitwise addition between a component of the first operand at the given bit position and the corresponding component of the second operand at the given bit position using the carry generated by the computation performed by the elementary adder corresponding to the previous bit position. Each elementary adder has a sum output corresponding to the bitwise addition and a carry output, the result of the arithmetic addition operation being derived from the sum outputs provided by each elementary adder. The device is configured to apply a mask to each operand component input of at least some of the elementary adders using a masking logical operation, the mask being a random number.
aaa) being determined from the auxiliary element (x) and from the main scalar (d). The device further performs a second elementary operation in each starting group (E), the second elementary operation consisting in executing said modular operation between an additional auxiliary base and an additional auxiliary scalar (d'b) in each starting group, at least one of the additional auxiliary base and of the additional scalar being derived from the result of the first elementary operation (612).
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
There is disclosed a circuit comprising a cipher accessing a plurality of read-write memory units configured to handle data tables obtained from a modified mask; wherein the modified mask is being determined from an initial mask and a random value, the random value selecting one or more modifications of the initial mask amongst a plurality of predefined modifications including permutation operations. Developments of the invention describe the use of mathematically optimal or equivalent masks; the use of random values; a range of permutation operations comprising offset shifting and/or rotation and/or XOR operations and/or coprime construction; the use of round masks; the use of a Physically Unclonable Function; the refresh or update of modified masks and/or round masks; and verifications of the optimality and/or integrity of masks. System features (e.g. CPU, co-processor, local and/or remotely accessed external memory storing masks, volatile memory) and computer program products are described.
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
th statistical moment values of the two temporal distributions associated to the components obtained when challenging said subset under uniform conditions. Described developments comprise the use of imaging sensors, key or identifier generation, authentication mechanisms, determination of thresholds, use of helper data files, adjustments of light sources and/or beam shaping, handling of lossy compression and of videos.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04N 17/00 - Diagnostic, test ou mesure, ou leurs détails, pour les systèmes de télévision
45.
Synthetic physically unclonable function derived from an imaging sensor
th order statistical moment of one sensor component being estimated on the temporal distribution associated to this sensor component. Developments describe in particular the use of imaging sensors, key generation, authentication, helper data files and the handling of videos.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04N 5/335 - Transformation d'informations lumineuses ou analogues en informations électriques utilisant des capteurs d'images à l'état solide [capteurs SSIS]
H04N 5/361 - Traitement du bruit, p.ex. détection, correction, réduction ou élimination du bruit appliqué au courant d'obscurité
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
Embodiments of the invention provide a computing device comprising one or more processors, each processor comprising one or more processing unit, said one or more processing units being configured to execute at least one program, each program comprising data and/or instructions, the computing device further comprising, for at least some of the processors, a processor cache associated with each processor,
the processor cache being configured to access data and/or instructions comprised in the programs executed by the processor, the computing device comprising:
a security verification unit configured to retrieve, from the auxiliary cache, at least a part of the metadata associated with data and/or instructions corresponding to a memory access request sent by a processor (11) to the processor cache (117).
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
G06F 12/084 - Systèmes de mémoire cache multi-utilisateurs, multiprocesseurs ou multitraitement avec mémoire cache partagée
G06F 21/79 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données dans les supports de stockage à semi-conducteurs, p. ex. les mémoires adressables directement
47.
Device and method for detecting points of failures
determine if the derivative of the Boolean function associated with each sensitive functional block is equal to zero.
The detection device (100) is configured to detect that said n-tuple represents a Point Of Failure of order n in the integrated circuit (IC) device if the derivative of the Boolean function associated with said sensitive functional block is equal to zero.
G06F 30/3323 - Vérification de la conception, p. ex. simulation fonctionnelle ou vérification du modèle utilisant des méthodes formelles, p. ex. vérification de l’équivalence ou vérification des propriétés
G01R 31/3185 - Reconfiguration pour les essais, p. ex. LSSD, découpage
G01R 31/3183 - Génération de signaux d'entrée de test, p. ex. vecteurs, formes ou séquences de test
G06F 30/39 - Conception de circuits au niveau physique
G06F 30/327 - Synthèse logiqueSynthèse de comportement, p. ex. logique de correspondance, langage de description de matériel [HDL] à liste d’interconnections [Netlist], langage de haut niveau à langage de transfert entre registres [RTL] ou liste d’interconnections [Netlist]
G06F 111/20 - CAO de configuration, p. ex. conception par assemblage ou positionnement de modules sélectionnés à partir de bibliothèques de modules préconçus
There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/54 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
G06F 11/36 - Prévention d'erreurs par analyse, par débogage ou par test de logiciel
G06F 11/28 - Détection d'erreursCorrection d'erreursContrôle de fonctionnement en vérifiant que l'ordre du traitement est correct
G06F 13/28 - Gestion de demandes d'interconnexion ou de transfert pour l'accès au bus d'entrée/sortie utilisant le transfert par rafale, p. ex. acces direct à la mémoire, vol de cycle
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
50.
System and method for generating secret information using a high reliability physically unclonable function
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
a secret information generator (3) configured to generate a secret key comprising at least one bit during a usage phase, each bit of the key being generated by applying a challenge among the set of challenges, the secret information generator (3) being configured to determine each bit of the key from the helper data bit corresponding to the applied challenge, and from the physical variable difference provided by the PUF in response to the applied challenge.
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
There is disclosed a circuit for a Synthetic Physically Unclonable Function, acronym SPUF, in a computer device, wherein the circuit is configured to receive data from a plurality of hardware sensors and/or actuators accessible in said computer device; to determine deviations in said data; to determine a multivariate distribution of said deviations and to determine an identifier from said multivariate distribution. In described developments, deviations comprise random errors, statistical moments in data originating from sensors and/or actuators amongst accessible ones in the computer device can be selected, and entropy can be maximized. Computer program product embodiments are described.
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
G01P 15/13 - Mesure de l'accélérationMesure de la décélérationMesure des chocs, c.-à-d. d'une variation brusque de l'accélération en ayant recours aux forces d'inertie avec conversion en valeurs électriques ou magnétiques en mesurant la force nécessaire pour remettre à sa position de repos une masse d'épreuve soumise aux forces d'inertie
53.
Embedded test circuit for physically unclonable function
There is disclosed a silicon integrated circuit comprising a Physically Unclonable Function and an online or embedded test circuit, said online test circuit comprising one or more circuit parts being physically adjacent to said PUF and said one or more circuits embodying one or more tests which can be performed to determine one or more quality properties of said PUF or otherwise characterize it. Different tests with specific associated method steps are described.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
There is disclosed a system for monitoring the security of a target system (110) with a circuit (120), the target system (110) comprising at least one processor (111) and wherein: the circuit (120) comprises a finite-state machine (122) configured to receive data from one or more sensors (130) distributed in the target system (110), at least one sensor (1303) being located on the processor (111) of the target system (110); the finite-state machine (122) is configured to determine a state output in response to data received from sensors (130); the system monitoring the security based on said state output. Developments describe the use of a self-alarm mechanism comprising an encoder to encode states with redundancy, the application of an error correction code, comparisons with predefined valid encoded states, the triggering of an alarm to the processor, the determination of actions and/or retroactions on sensors and/or diagnostics and countermeasures.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/76 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits intégrés à application spécifique [ASIC] ou les dispositifs programmables, p. ex. les réseaux de portes programmables [FPGA] ou les circuits logiques programmables [PLD]
G06F 11/10 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p. ex. en utilisant des codes de contrôle en ajoutant des chiffres binaires ou des symboles particuliers aux données exprimées suivant un code, p. ex. contrôle de parité, exclusion des 9 ou des 11
G06N 5/04 - Modèles d’inférence ou de raisonnement
55.
Protection method and device against a side-channel analysis
A method for executing an operation by a circuit, may include executing a first operation to process an input data, the circuit generating during the execution of the first operation a first signal, and executing in the circuit a second operation receiving the input data and configured to add to the first signal, between first and second instants during the execution of the first operation, a continuous second signal. A combination of the first and second signal forming a resultant signal in which the second signal may be indistinctly measurable with the first signal from outside of the circuit. The second signal and the resultant signal varying as a function of the input data.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
A method for executing, by a circuit, an operation combining first and second input data and providing an output data of the same size, may include generating from the first input data a first input set including all possible data in relation to a size of the first data, generating from the second input data a second input set including all possible data in relation to a size of the second data, and applying the operation to each pair of data including a data of the first input set and a data of the second input set, an output set of the operation including data resulting from the application of the operation to each of the pairs of data.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
57.
Method for protecting substitution operation against side-channel analysis
A method for executing an operation by a circuit, may include using a first mask set of mask parameters including a same number of occurrences of all possible values of a word of an input data in relation to a size thereof, using an input set including for each mask parameter in the first mask set a data obtained by applying XOR operations to the input data and to the mask parameter and providing an output set including all data resulting from the application of the operation to a data in the input set. The output data may be obtained by applying XOR operations to any of the data in the output set and to a respective second mask parameter in a second mask set including a same number of occurrences of all possible values of the second mask parameters in relation to a size of thereof.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
A method for executing by a circuit a substitution operation such that an output data may be selected in a substitution table using an input data as an index. The substitution operation may be performed using a new masked substitution table. The input data may be combined by XOR operations with a new value of a first mask parameter, and the output data may be combined by XOR operations with a new value of a second mask parameter. The new masked substitution table may be generated by computing the new value of the first mask parameter by applying XOR operations to a previous value of the first mask parameter and to a first input mask, computing the new value of the second mask parameter by applying XOR operations to a previous value of the second mask parameter and to a second input mask, and generating the new masked substitution table using a previous masked substitution table and the first and second input masks.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
A method for executing an operation whereby a first input data, may be combined with a second input data, may include: defining data pairs whereby each data of a first input set is associated with a respective data of a second input set, the data in the first and second input sets may be obtained by applying Exclusive OR (XOR) operations to the first and second input data and to all first and second mask parameters of first and second mask sets; and computing output data by applying the operation to each of the data pairs, to obtain an output set, the first and second mask sets being such that a combination by XOR operations of each pairs of corresponding first and second mask parameters may produce a third mask set, where each mask sets may include a word column having a same number of occurrences of all possible values of the words.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
60.
Methods and devices against a side-channel analysis
A method for executing by a circuit a bit permutation operation by which bits of an input data are mixed to obtain an output data including at least two words, may include: generating a mask set including mask parameters, the mask set having one word column per word of the input data; generating an input set by combining the input data with each mask parameter of the mask set by Exclusive OR (XOR) operations; and computing an output set including output data resulting from the application of the bit permutation operation to each data in the input set, where the mask set may be generated such that the output set includes columns of output words, and each word column of the mask set an the output set including a same number of occurrences of all possible values of one input data word and respectively one output word.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
61.
Device and method for testing a physically unclonable function
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
G06F 11/263 - Génération de signaux d'entrée de test, p. ex. vecteurs, formes ou séquences de test
62.
Method of protecting a circuit against a side-channel analysis
In a general aspect, a method for executing a target operation combining a first input data with a second input data, and providing an output data can include generating at least two pairs of input words each comprising a first input word and a second input word and applying to each pair of input words a same derived operation providing an output word including a part of the output data resulting from the application of the target operation to first and second input data parts present in the pair of input words, and a binary one's complement of the output data part.
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
any operation of reading the variable x in the circuit is substituted with an operation of reading the value of the protected variable z and an operation of decoding said read value of the protected variable z using a decoding matrix J of size (n×k) determined from the binary code C and the supplementary code D of the binary code C.
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
G06F 11/22 - Détection ou localisation du matériel d'ordinateur défectueux en effectuant des tests pendant les opérations d'attente ou pendant les temps morts, p. ex. essais de mise en route
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
G06F 11/263 - Génération de signaux d'entrée de test, p. ex. vecteurs, formes ou séquences de test
64.
Method and system for protecting a cryptographic operation
There is provided a device or a method for executing an operation of a cryptographic scheme, the operation being applied to a given state of a data block of original data, the operation being defined in a basis ring corresponding to the quotient of a starting ring by a basis ideal generated by at least one element of the starting ring. The operation is executed from a state derived from the current state of the data block, in at least one reference ring, which provides a reference value for each reference ring, each reference ring being the quotient of the starting ring by a reference ideal. The operation is executed from the state derived from the current state of the data block in at least one extended ring corresponding to one or more reference rings, which provides at least one extension value for each extended ring, each extended ring corresponding to one or more reference ring being the quotient of the starting ring by the product of the basis ideal and of the reference ideals of the one or more corresponding reference rings.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
65.
System and method for protecting an integrated circuit (IC) device
Embodiments of the invention provide a system for protecting an integrated circuit (IC) device from attacks, the IC device (100) comprising a substrate (102) having a front surface (20) and a back surface (21), the IC device further comprising a front side part (101) arranged on the front surface of the substrate (102) and stacked layers, at least one of said layers comprising a data layer comprising wire carrying data, the front side part having a front surface (13). The system comprises an internal shield (12) arranged in a layer located below said data layer and a verification circuit configured to check the integrity of at least one portion of the internal shield.
H01L 21/00 - Procédés ou appareils spécialement adaptés à la fabrication ou au traitement de dispositifs à semi-conducteurs ou de dispositifs à l'état solide, ou bien de leurs parties constitutives
H01L 23/48 - Dispositions pour conduire le courant électrique vers le ou hors du corps à l'état solide pendant son fonctionnement, p. ex. fils de connexion ou bornes
H01L 23/00 - Détails de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide
H01L 23/522 - Dispositions pour conduire le courant électrique à l'intérieur du dispositif pendant son fonctionnement, d'un composant à un autre comprenant des interconnexions externes formées d'une structure multicouche de couches conductrices et isolantes inséparables du corps semi-conducteur sur lequel elles ont été déposées
H01L 27/32 - Dispositifs consistant en une pluralité de composants semi-conducteurs ou d'autres composants à l'état solide formés dans ou sur un substrat commun comprenant des composants qui utilisent des matériaux organiques comme partie active, ou qui utilisent comme partie active une combinaison de matériaux organiques et d'autres matériaux avec des composants spécialement adaptés pour l'émission de lumière, p.ex. panneaux d'affichage plats utilisant des diodes émettrices de lumière organiques
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
a modular reduction unit configured to reduce a quantity derived from the multiplier output by the product of an extended modulus and an integer coefficient, the extended modulus being the product of the given modulus with an extension parameter, which provides a reduction output, the reduction output being a positive integer strictly smaller than the extended modulus, wherein the modular multiplication device further comprises a selection unit configured to select the extension parameter such that the time taken for the device to perform the multiplication is independent from the multiplicands.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c.-à-d. une représentation de nombres sans baseDispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
67.
Countermeasure method for an electronic component implementing an elliptic curve cryptography algorithm
different from one; a step (501) of initializing the coordinates of the at least one critical point to a predefined value; a step (502) implementing the scalar multiplication operation, the coordinates associated with at least one critical point being modified at each iteration by multiplying at least one of the coordinates of this point by the at least one power of the element c obtained in the providing step (500).
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
68.
Device and method for calibrating a digital sensor
There is provided a calibration device for calibrating a digital sensor (3), said digital sensor being configured to protest a target digital circuit (30) fed by a clock signal having a clock period by triggering an alarm depending on a condition between said clock signal and an optimal alarm threshold, said optimal alarm threshold being determined by minimizing a quantity depending on the probability of occurrence of false positives and on the probability of occurrence of false negatives.
According to the invention, there is provided a computer implemented method for controlling dynamically the execution of a code by a processing system, said execution being described by a control flow graph comprising a plurality of basic blocks composed of at least an input node and an output node, a transition in the control flow graph corresponding to a link between an output node of origin belonging to a first basic block and an input node of a second basic block, a plurality of initialization vectors being associated to the output nodes at the time of generating the code, an a priori control word being associated to each input node which is linked to the same output node of origin according the control flow graph, said a priori control word being precomputed at the time of generating the code by applying a predefined deterministic function F to the initialization vector associated to its output node of origin, the following steps being applied once the execution of the output node belonging to a first basic block is terminated and at the time of executing the input node of a second basic block: providing (300) the a priori control word associated to the input node of the second basic block; providing (301) the initialization vector associated to the output node of the first basic block; determining (302) an a posteriori control word by applying to the provided initialization vector the same function F which has been used for generating the a priori control word; determining (303, 304) if the a priori control word matches with the a posteriori control word, a forbidden transition in respect to the control flow graph being otherwise detected (305).
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/54 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
There is disclosed a silicon integrated circuit comprising a Physically Unclonable Function and an online or embedded test circuit, said online test circuit comprising one or more circuit parts being physically adjacent to said PUF and said one or more circuits embodying one or more tests which can be performed to determine one or more quality properties of said PUF or otherwise characterize it. Different tests with specific associated method steps are described.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
The invention proposes a method of protection of a Boolean circuit associated with a structural description of the circuit comprising elementary Boolean variables, each represented by one bit, the method comprising the steps consisting in: - selecting a set of k elementary Boolean variables of the circuit as a function of predefined selection criteria, - constructing a variable x represented by k bits by concatenation of the k selected variables in accordance with a chosen order, - determining a binary code C comprising a set of code words and belonging to a given vector space and the supplementary code D of said binary code C as a function of a condition bearing on the dual distance of said supplementary code D, said binary code C having a length n and a size 2k, where k designates the number of bits representing said variable x; - substituting the variable x in the structural description of the Boolean circuit with a protected variable z represented by n bits so that: - any operation of writing on the variable x in the circuit is substituted with an operation of writing on the variable z, the variable z being generated by adding the variable x encoded by said code C to a random bit vector y encoded by the supplementary code D, and - any operation of reading the variable x in the circuit is substituted with an operation of reading the value of the protected variable z and an operation of decoding said read value of the protected variable z using a decoding matrix J of size (n x k) determined from the binary code C and the supplementary code D of the binary code C.
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p. ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un système préétabli
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
72.
DEVICE AND METHOD FOR CALIBRATING A DIGITAL SENSOR
There is provided a calibration device for calibrating a digital sensor (3), said digital sensor being configured to protect a target digital circuit (30) fed by a clock signal having a clock period by triggering an alarm depending on a condition between said clock signal and an optimal alarm threshold, said optimal alarm threshold being determined by minimizing a quantity depending on the probability of occurrence of false positives and on the probability of occurrence of false negatives.
G01R 31/3193 - Matériel de test, c.-à-d. circuits de traitement de signaux de sortie avec une comparaison entre la réponse effective et la réponse connue en l'absence d'erreur
G01R 31/30 - Tests marginaux, p. ex. en faisant varier la tension d'alimentation
73.
A COMPUTER IMPLEMENTED METHOD AND A SYSTEM FOR CONTROLLING DYNAMICALLY THE EXECUTION OF A CODE
According to the invention, there is provided a computer implemented method for controlling dynamically the execution of a code by a processing system, said execution being described by a control flow graph comprising a plurality of basic blocks composed of at least an input node and an output node, a transition in the control flow graph corresponding to a link between an output node of origin belonging to a first basic block and an input node of a second basic block, a plurality of initialization vectors being associated to the output nodes at the time of generating the code, an a priori control word being associated to each input node which is linked to the same output node of origin according the control flow graph, said a priori control word being precomputed at the time of generating the code by applying a predefined deterministic function F to the initialization vector associated to its output node of origin, the following steps being applied once the execution of the output node belonging to a first basic block is terminated and at the time of executing the input node of a second basic block: providing (300) the a priori control word associated to the input node of the second basic block; providing (301) the initialization vector associated to the output node of the first basic block; determining (302) an a posteriori control word by applying to the provided initialization vector the same function F which has been used for generating the a priori control word; determining (303, 304) if the a priori control word matches with the a posteriori control word, a forbidden transition in respect to the control flow graph being otherwise detected (305).
G06F 21/54 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
74.
COUNTERMEASURE METHOD FOR AN ELECTRONIC COMPONENT IMPLEMENTING AN ELLIPTIC CURVE CRYPTOGRAPHY ALGORITHM
The subject of the invention is a countermeasure method for an electronic component implementing a public-key elliptic curve cryptography algorithm the elliptic curve E of which is defined over a body K, said method comprising an iterative scalar multiplication operation allowing a point [k]P to be obtained from a point P on the curve E and an integer k that must be kept secret, the electrical power consumption of the electronic component depending on the value taken by at least one point, which is said to be critical, used in said operation for iteratively determining the point [k]P. The method comprises: a step (500) of providing at least one power of an element c of K, which element is preset, constant, nonzero and different from one; a step of initialising (501) coordinates of at least one critical point to a preset value; and a step of implementing the operation of scalar multiplication (502), the coordinates associated with at least one critical point being modified in each iteration by multiplying at least one of the coordinates of this point by the at least one power of the element c obtained in the providing step (500).
A silicon integrated circuit includes a physically non-copyable function LPUF that generates a signature specific to the circuit. The function includes a ring oscillator composed of a loop traversed by a signal. The loop is formed of N topologically identical chains of lags connected in series and an inversion gate, a chain of lags being composed of M delay elements connected in series. The function also includes a control module generating N control words being used to configure the value of the delays introduced by the chains of lags on the signal traversing them. A measurement module measures the frequency of the signal at the output of the last chain of lags after updating the control words, and the control module can deduce from the frequency measurements the bits making up the signature of the circuit. A method and a system for testing such circuits are also provided.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/73 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par création ou détermination de l’identification de la machine, p. ex. numéros de série
t before being stored in the mask register M. The transformation consists of a bijection or a composition law making it possible to reduce or indeed to cancel any high-order attack in accordance with a model of activity of the registers R and M. Cryptography circuits are protected against high-order observation attacks on installations based on masking.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
77.
Method for testing cryptographic circuits, secured cryptographic circuit capable of being tested, and method for wiring such circuit
The present invention relates to a method for testing cryptography circuits. It also relates to a secure cryptography circuit capable of being tested. The cryptography circuit includes registers and logic gates, and a test thereof performs a differential power analysis on the registers of the circuit. A cryptography circuit being secure and including a first half-circuit associated with a second half-circuit operating in complementary logic, the electric power supply of the first half-circuit is separated from the electric power supply of the second half-circuit, the differential power analysis being carried out in parallel on each half-circuit, the two power supplies being combined into one and the same electric power supply after the test.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
