-
1.发明申请公开(公告)号:US20080155679A1
公开(公告)日:2008-06-26
申请号:US11950658
申请日:2007-12-05
申请人: Julien Sebot , Shay Gueron
发明人: Julien Sebot , Shay Gueron
IPC分类号: G06F21/22
CPC分类号: G06F21/556 , G06F21/60 , G06F21/71 , G06F21/74
摘要: To provide hardware protection against timing based side channel attacks, a processor's microarchitecture enables an OS to determine which applications have the privilege to read timestamp and performance counters. Using a white list of applications, and an authentication mechanism to authenticate applications, a legitimate Protection Required Application (PRA) may temporarily prevent other applications from reading timestamp and performance counters while it executes (or excutes sensitive operations).
摘要翻译: 为了提供基于定时的侧信道攻击的硬件保护,处理器的微架构使OS能够确定哪些应用程序具有读取时间戳和性能计数器的权限。 使用白名单的应用程序和身份验证机制来验证应用程序,合法的保护要求应用程序(PRA)可能会暂时阻止其他应用程序在执行(或清除敏感操作)时读取时间戳和性能计数器。
-
2.发明授权公开(公告)号:US08869294B2
公开(公告)日:2014-10-21
申请号:US11950658
申请日:2007-12-05
申请人: Julien Sebot , Shay Gueron
发明人: Julien Sebot , Shay Gueron
IPC分类号: G06F7/04 , G06F12/00 , G06F12/14 , G06F13/00 , G06F17/30 , G06F11/00 , G06F12/16 , G11C7/00 , G08B23/00 , H04N7/16 , G06F21/71 , G06F21/55 , G06F21/60 , G06F21/74
CPC分类号: G06F21/556 , G06F21/60 , G06F21/71 , G06F21/74
摘要: To provide hardware protection against timing based side channel attacks, a processor's microarchitecture enables an OS to determine which applications have the privilege to read timestamp and performance counters. Using a white list of applications, and an authentication mechanism to authenticate applications, a legitimate Protection Required Application (PRA) may temporarily prevent other applications from reading timestamp and performance counters while it executes (or excutes sensitive operations).
摘要翻译: 为了提供基于定时的侧信道攻击的硬件保护,处理器的微架构使OS能够确定哪些应用程序具有读取时间戳和性能计数器的权限。 使用白名单的应用程序和身份验证机制来验证应用程序,合法的保护要求应用程序(PRA)可能会暂时阻止其他应用程序在执行(或清除敏感操作)时读取时间戳和性能计数器。
-
公开(公告)号:US20200348361A1
公开(公告)日:2020-11-05
申请号:US16403296
申请日:2019-05-03
申请人: Tsvika Kurts , Boris Dolgunov , Vladislav Mladentsev , Ittai Anati , Elias Khoury , Maor Kima , Eran Shlomo , Shay Gueron , William Penner
发明人: Tsvika Kurts , Boris Dolgunov , Vladislav Mladentsev , Ittai Anati , Elias Khoury , Maor Kima , Eran Shlomo , Shay Gueron , William Penner
IPC分类号: G01R31/317 , G06F11/263 , H04L9/08 , H04L9/32 , H04L9/06 , G06F16/22 , G01R31/3177
摘要: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.
-
4.发明授权Method, apparatus, and instructions for safely storing secrets in system memory 有权用于在系统存储器中安全存储秘密的方法,装置和说明公开(公告)号:US09559848B2
公开(公告)日:2017-01-31
申请号:US14467425
申请日:2014-08-25
申请人: Shay Gueron
发明人: Shay Gueron
CPC分类号: G06F12/1408 , G06F21/72 , G06F21/73 , G06F21/74 , G06F2212/1052 , G06F2221/2107 , H04L9/0637 , H04L9/0894 , H04L9/3226 , H04L63/083
摘要: Embodiments of an invention for method, apparatus, and instructions for safely storing secrets in system memory are disclosed. In one embodiment, a processor includes a hardware key, an instruction unit, and an encryption unit. The instruction unit is to receive an encryption instruction and a compare instruction. The encryption instruction is to have a first plaintext input value. The compare instruction is to have a second plaintext input value. The encryption unit is to, in response to the encryption instruction, encrypt the first plaintext input value using the hardware key to generate a ciphertext value, and, in response to the compare instruction, decrypt the ciphertext value using the hardware key to generate a plaintext output value and compare the plaintext output value to the second plaintext input value.
摘要翻译: 公开了用于在系统存储器中安全地存储秘密的方法,装置和指令的发明的实施例。 在一个实施例中,处理器包括硬件密钥,指令单元和加密单元。 指令单元接收加密指令和比较指令。 加密指令是具有第一个明文输入值。 比较指令是具有第二个明文输入值。 加密单元响应于加密指令,使用硬件密钥对第一明文输入值进行加密,以生成密文值,并且响应于比较指令,使用硬件密钥解密密文值以生成明文 输出值,并将明文输出值与第二个明文输入值进行比较。
-
5.发明申请公开(公告)号:US20160179470A1
公开(公告)日:2016-06-23
申请号:US14581973
申请日:2014-12-23
申请人: Shay Gueron , Vlad Krasnov
发明人: Shay Gueron , Vlad Krasnov
CPC分类号: G06F7/523
摘要: An apparatus and method are described for performing big integer arithmetic operations. For example, one embodiment of a processor comprises: a first source register to store a first 256-bit integer operand; a second source register to store a second 256-bit integer operand; and multiplication logic comprising a set of multipliers and adders to perform a multiplication of the first and second 256-bit integer operands to generate a 512-bit result responsive to a 256-bit multiplication instruction, the multiplication logic to convert a radix representation of the first and second 256-bit integer operands from a first radix representation to a second radix representation selected based on a size of the multipliers and adders used to perform the multiplication and generate a result, and then to convert the result back to the first radix representation.
摘要翻译: 描述了用于执行大整数运算的装置和方法。 例如,处理器的一个实施例包括:第一源寄存器,用于存储第一256位整数操作数; 第二个源寄存器,用于存储第二个256位整数操作数; 以及乘法逻辑,其包括一组乘法器和加法器,以执行第一和第二256位整数操作数的乘法,以响应于256位乘法指令产生512位结果,乘法逻辑转换 基于用于执行乘法并生成结果的乘法器和加法器的大小而选择的从第一基数表示到第二基数表示的第一和第二256位整数操作数,然后将结果转换回第一基数表示 。
-
6.发明申请INSTRUCTIONS AND LOGIC TO INTERRUPT AND RESUME PAGING IN A SECURE ENCLAVE PAGE CACHE 有权指令和逻辑中断和恢复寻呼在安全的页面缓存公开(公告)号:US20150378941A1
公开(公告)日:2015-12-31
申请号:US14318508
申请日:2014-06-27
申请人: Carlos V. Rozas , Ilya Alexandrovich , Gilbert Neiger , Francis X. McKeen , Ittai Anati , Vedvyas Shanbhogue , Shay Gueron
发明人: Carlos V. Rozas , Ilya Alexandrovich , Gilbert Neiger , Francis X. McKeen , Ittai Anati , Vedvyas Shanbhogue , Shay Gueron
CPC分类号: G06F13/24 , G06F12/08 , G06F12/0806 , G06F12/0875 , G06F21/00 , G06F21/71 , G06F21/85 , G06F2212/1024 , G06F2212/1052 , G06F2212/62
摘要: Instructions and logic interrupt and resume paging in secure enclaves. Embodiments include instructions, specify page addresses allocated to a secure enclave, the instructions are decoded for execution by a processor. The processor includes an enclave page cache to store secure data in a first cache line and in a last cache line for a page corresponding to the page address. A page state is read from the first or last cache line for the page when an entry in an enclave page cache mapping for the page indicates only a partial page is stored in the enclave page cache. The entry for a partial page may be set, and a new page state may be recorded in the first cache line when writing-back, or in the last cache line when loading the page when the instruction's execution is being interrupted. Thus the writing-back, or loading can be resumed.
摘要翻译: 指令和逻辑在安全飞地中中断和恢复寻呼。 实施例包括指令,指定分配给安全空间的页面地址,指令被解码以供处理器执行。 处理器包括用于将安全数据存储在与页面地址对应的页面的第一高速缓存行中的最后高速缓存行中的一个包围页面缓存。 当页面的飞地页面缓存映射中的条目仅指示部分页面存储在飞地页面缓存中时,从页面的第一个或最后一个高速缓存行读取页面状态。 可以设置部分页面的条目,并且当写回时可以在第一高速缓存行中记录新的页面状态,或者当指令的执行中断时在最后的高速缓存行中加载页面时。 因此,可以恢复回写或加载。
-
公开(公告)号:US20150033034A1
公开(公告)日:2015-01-29
申请号:US13949110
申请日:2013-07-23
申请人: Gideon Gerzon , Shay Gueron , Simon P. Johnson , Francis X. Mckeen , Carlos V. Rozas , Uday R. Savagaonkar , Vincent R. Scarlata , Ittai Anati
发明人: Gideon Gerzon , Shay Gueron , Simon P. Johnson , Francis X. Mckeen , Carlos V. Rozas , Uday R. Savagaonkar , Vincent R. Scarlata , Ittai Anati
CPC分类号: H04L9/3239 , G06F9/3004 , G06F12/1441 , G06F21/71 , G06F2221/2111
摘要: Embodiments of an invention for measuring a secure enclave are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first, a second, and a third instruction. The execution unit is to execute the first, the second, and the third instruction. Execution of the first instruction includes initializing a measurement field in a control structure of a secure enclave with an initial value. Execution of the second instruction includes adding a region to the secure enclave. Execution of the third instruction includes measuring a subregion of the region.
摘要翻译: 公开了用于测量安全飞地的发明的实施例。 在一个实施例中,处理器包括指令单元和执行单元。 指令单元将接收第一,第二和第三指令。 执行单元执行第一,第二和第三指令。 执行第一指令包括初始化具有初始值的安全飞地的控制结构中的测量场。 执行第二条指令包括将一个区域添加到安全飞地。 执行第三条指令包括测量该区域的一个子区域。
-
8.发明授权公开(公告)号:US08923510B2
公开(公告)日:2014-12-30
申请号:US11966658
申请日:2007-12-28
CPC分类号: H04L9/0631 , G06F7/00 , G06F9/30007 , G06F9/30112 , G06F9/30145 , G06F9/30149 , G06F9/30196 , G06F9/3887 , G06F21/602 , H04L2209/34
摘要: Implementations of Advanced Encryption Standard (AES) encryption and decryption processes are disclosed. In one embodiment of S-box processing, a block of 16 byte values is converted, each byte value being converted from a polynomial representation in GF(256) to a polynomial representation in GF((22)4). Multiplicative inverse polynomial representations in GF((22)4) are computed for each of the corresponding polynomial representations in GF((22)4). Finally corresponding multiplicative inverse polynomial representations in GF((22)4) are converted and an affine transformation is applied to generate corresponding polynomial representations in GF(256). In an alternative embodiment of S-box processing, powers of the polynomial representations are computed and multiplied together in GF(256) to generate multiplicative inverse polynomial representations in GF(256). In an embodiment of inverse-columns-mixing, the 16 byte values are converted from a polynomial representation in GF(256) to a polynomial representation in GF((24)2). A four-by-four matrix is applied to the transformed polynomial representation in GF((24)2) to implement the inverse-columns-mixing.
摘要翻译: 公开了高级加密标准(AES)加密和解密过程的实现。 在S盒处理的一个实施例中,转换16字节值的块,每个字节值从GF(256)中的多项式表示转换为GF((22)4)中的多项式表示。 对于GF((22)4)中的每个对应多项式表示,计算GF((22)4)中的乘法逆多项式表示。 最后,对GF((22)4)中的相应的乘法逆多项式表示进行转换,并应用仿射变换以在GF(256)中生成对应的多项式表示。 在S盒处理的替代实施例中,计算多项式表示的幂并在GF(256)中相乘,以在GF(256)中生成乘法逆多项式表示。 在反列混合的实施例中,将16字节值从GF(256)中的多项式表示转换为GF((24)2)中的多项式表示。 将四乘四矩阵应用于GF((24)2)中的变换多项式表示,以实现反列混合。
-
9.发明授权Speed up secure hash algorithm (SHA) using single instruction multiple data (SIMD) architectures 有权使用单指令多数据(SIMD)架构加快安全散列算法(SHA)公开(公告)号:US08856547B2
公开(公告)日:2014-10-07
申请号:US13491207
申请日:2012-06-07
申请人: Shay Gueron , Vlad Krasnov
发明人: Shay Gueron , Vlad Krasnov
IPC分类号: G06F21/00
CPC分类号: G09C1/00 , G06F9/30007 , G06F9/30036 , G06F9/3895 , H04L9/0643 , H04L2209/125
摘要: A processing apparatus comprises logic to, according to a selected secure hash algorithm (SHA) algorithm, generate hash values by preparing message schedules for a plurality of message blocks in parallel using single instruction multiple date (SIMD) instructions and performing compression in serial, and logic to generate a message digest conforming to the secure hash algorithm (SHA) algorithm.
摘要翻译: 一种处理装置包括根据所选择的安全散列算法(SHA)算法,通过使用单指令多重日期(SIMD)指令并行执行串行的并行执行多个消息块的消息调度来生成散列值的逻辑,以及 生成符合安全散列算法(SHA)算法的消息摘要的逻辑。
-
10.发明授权Method and apparatus for generating an advanced encryption standard (AES) key schedule 有权用于生成高级加密标准(AES)密钥调度的方法和装置公开(公告)号:US08787565B2
公开(公告)日:2014-07-22
申请号:US11841556
申请日:2007-08-20
CPC分类号: H04L9/28 , G06F9/30007 , H04L9/0631 , H04L2209/125 , H04L2209/24
摘要: An Advanced Encryption Standard (AES) key generation assist instruction is provided. The AES key generation assist instruction assists in generating round keys used to perform AES encryption and decryption operations. The AES key generation instruction operates independent of the size of the cipher key and performs key generation operations in parallel on four 32-bit words thereby increasing the speed at which the round keys are generated. This instruction is easy to use in software. Hardware implementation of this instruction removes potential threats of software (cache access based) side channel attacks on this part of the AES algorithm.
摘要翻译: 提供了高级加密标准(AES)密钥生成辅助指令。 AES密钥生成辅助指令有助于生成用于执行AES加密和解密操作的循环密钥。 AES密钥生成指令独立于密码密钥的大小,并行执行四个32位字的密钥生成操作,从而增加生成循环密钥的速度。 该指令在软件中易于使用。 该指令的硬件实现可以消除这部分AES算法对软件(基于缓存访问的)侧面信道攻击的潜在威胁。
-
-
-
-
-
-
-
-
-
搜索结果
113 条记录 (耗时 0.024 秒)
