Secure processor with resistance to external monitoring attacks

US 10,262,141 B2
Filed: 12/30/2016
Issued: 04/16/2019
Est. Priority Date: 12/04/2009
Status: Active Grant

First Claim

Patent Images

1. A secure processor comprising:

a secure non-volatile storage to store a secret value;

a cache; and

a cryptographic hardware component operatively coupled to the secure non-volatile storage and the cache, wherein the cryptographic hardware component protects against leakage of sensitive data and against differential power analysis by performing the following for the sensitive data received from an unsecure memory, wherein the sensitive data comprises an encrypted data segment and a validator;

derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, wherein the initial key is derived using a path through a key tree that is based at least in part on the identifier and on the secret value;

verifies, using the validator, whether the encrypted data segment has been modified without re-using the secret value;

derives a first decryption key from the initial key;

responsive to verifying that the encrypted data segment has not been modified, decrypts the encrypted data segment using the first decryption key to produce a decrypted data segment;

applies an entropy distribution operation to the first decryption key to derive a second decryption key; and

decrypts an additional encrypted data segment of the sensitive data with the second decryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.

Citations

11 Claims

1. A secure processor comprising:
- a secure non-volatile storage to store a secret value;
  
  a cache; and
  
  a cryptographic hardware component operatively coupled to the secure non-volatile storage and the cache, wherein the cryptographic hardware component protects against leakage of sensitive data and against differential power analysis by performing the following for the sensitive data received from an unsecure memory, wherein the sensitive data comprises an encrypted data segment and a validator;
  
  derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, wherein the initial key is derived using a path through a key tree that is based at least in part on the identifier and on the secret value;
  
  verifies, using the validator, whether the encrypted data segment has been modified without re-using the secret value;
  
  derives a first decryption key from the initial key;
  
  responsive to verifying that the encrypted data segment has not been modified, decrypts the encrypted data segment using the first decryption key to produce a decrypted data segment;
  
  applies an entropy distribution operation to the first decryption key to derive a second decryption key; and
  
  decrypts an additional encrypted data segment of the sensitive data with the second decryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The secure processor of claim 1, further comprising:
    - a central processing unit (CPU) operatively coupled to the secure non-volatile storage and the cache, wherein the CPU is to process the decrypted data segment.
  - 3. The secure processor of claim 1, wherein the path through the key tree identifies a plurality of entropy distribution operations used to derive the initial key.
  - 4. The secure processor of claim 3, wherein the cryptographic hardware component is further to:
    - divide the identifier into a plurality of parts, where each of the plurality of parts determines a leg of the path, and where each leg of the path is associated with a particular entropy distribution operation of the plurality of entropy distribution operations.
  - 5. The secure processor of claim 1, wherein the encrypted data segment comprises at least one of software or firmware, and wherein the cryptographic hardware component is further to:
    - determine a minimum acceptable version number for the software or firmware; and
      
      verify that the software or firmware has a version number that is equal to or greater than the minimum acceptable version number.
  - 6. The secure processor of claim 1, wherein the sensitive data comprises a plurality of encrypted data segments.
  - 7. The secure processor of claim 1, wherein the sensitive data comprises a plurality of encrypted data segments, and wherein the cryptographic hardware component is further to:
    - receive and decrypt the plurality of encrypted data segments using hash chaining operations comprising;
      
      decrypting a first encrypted data segment of the plurality of encrypted data segments to produce a first plaintext segment comprising a first decrypted data segment and a first hash value;
      
      validating a second encrypted data segment of the plurality of encrypted data segments using the first hash value; and
      
      responsive to validating the second encrypted data segment, decrypting the second encrypted data segment to produce a second plaintext segment comprising a second decrypted data segment and a second hash value.
  - 8. The secure processor of claim 1, wherein to verify that the encrypted data segment has not been modified the cryptographic hardware component is to:
    - compute a hash of the encrypted data segment;
      
      generate an expected validator based on performing a plurality of entropy distribution operations on the initial key using a key tree, wherein the hash indicates a path through the key tree, the path identifying the plurality of entropy distribution operations; and
      
      compare the expected validator to the validator.
  - 9. The secure processor of claim 1, wherein the sensitive data comprises a plurality of encrypted data segments, and wherein hash chaining operations are performed to decrypt the plurality of encrypted data segments, the hash chaining operations comprising:
    - cryptographically transforming a first encrypted data segment of the plurality of encrypted data segments to produce a first derived value;
      
      comparing the first derived value with a first expected value;
      
      responsive to determining that the first derived value matches the first expected value, decrypting the first derived value using the first decryption key to produce a first decrypted data segment and a second derived value;
      
      comparing the second derived value with a second expected value; and
      
      responsive to determining that the second derived value matches the second expected value, decrypting the second derived value using a second decryption key derived from the initial key to produce a second decrypted data segment.
  - 10. The secure processor of claim 1, wherein the unsecure memory comprises a flash memory or a random access memory.

11. A system on a chip (SoC), comprising:
- a secure non-volatile memory that stores a secret value;
  
  a volatile memory;
  
  a processor operatively coupled to the secure non-volatile memory and the volatile memory; and
  
  a cryptographic hardware component operatively coupled to the secure non-volatile memory and the volatile memory, wherein the cryptographic hardware component protects against leakage of sensitive data and against differential power analysis by performing the following for the sensitive data received from an unsecure memory, wherein the sensitive data comprises an encrypted data segment of a sensitive message and a validator;
  
  derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, wherein the initial key is derived using a path through a key tree that is based at least in part on the identifier and on the secret value;
  
  verifies, using the validator, whether the encrypted data segment has been modified without re-using the secret value;
  
  derives a first decryption key from the initial key;
  
  responsive to verifying that the encrypted data segment has not been modified, decrypts the encrypted data segment using the first decryption key to produce a decrypted data segment;
  
  applies an entropy distribution operation to the first decryption key to derive a second decryption key; and
  
  decrypts an additional encrypted data segment of the sensitive data with the second decryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptography Research, Inc. (Rambus Inc.)
Original Assignee
Cryptography Research, Inc. (Rambus Inc.)
Inventors
Kocher, Paul C., Rohatgi, Pankaj, Jaffe, Joshua M.
Primary Examiner(s)
Lynch, Sharon S

Application Number

US15/395,809
Publication Number

US 20170177874A1
Time in Patent Office

837 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/556   involving covert channels, ...

G06F 21/575   Secure boot

G06F 21/602   Providing cryptographic fac...

G06F 21/755   with measures against power...

G06F 21/76   in application-specific int...

G06F 2212/402   Encrypted data

G06F 2221/034   Test or assess a computer o...

G06F 2221/2107   File encryption

G06F 2221/2125   Just-in-time application of...

G06F 2221/2145   Inheriting rights or proper...

G06F 8/71   Version control security ar...

G06F 9/44505   Configuring for program ini...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/56   Financial cryptography, e.g...

H04L 2463/061   applying further key deriva...

H04L 63/0428   wherein the data content is...

H04L 63/0869   for achieving mutual authen...

H04L 9/003   for power analysis, e.g. di...

H04L 9/0631   Substitution permutation ne...

H04L 9/085 : Secret sharing or secret sp...

H04L 9/0861 : Generation of secret inform...

H04L 9/088 : Usage controlling of secret...

H04L 9/0894 : Escrow, recovery or storing...

H04L 9/16 : the keys or algorithms bein...

H04L 9/3236 : using cryptographic hash fu...

H04L 9/3247 : involving digital signatures

H04L 9/3271 : using challenge-response

H04L 9/50 : using hash chains, e.g. blo...

View All

Secure processor with resistance to external monitoring attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Secure processor with resistance to external monitoring attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links