Method and apparatus for hiding crytographic keys utilizing autocorrelation timing encoding and computation
First Claim
Patent Images
1. A method comprising:
- generating a plurality of timing statistics based on an amount of time required to evaluate a particular function given a known input for a series of computations used in deriving the cryptographic key;
deriving the cryptographic key in a bitwise fashion based, at least in part, on a comparison of the generated timing statistics and timing statistics stored in the electronic device to determine whether bits of a derived cryptographic key correspond to bits in the cryptographic key; and
using a subset of the derived cryptographic key for authentication prior to complete derivation of the cryptographic key.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for hiding cryptographic keys based on autocorrelation timing attacks is provided. The method and apparatus of the present invention utilize a autocorrelation timing attack to allow independent software entities to authenticate themselves without storing a private cryptographic key. This is accomplished by storing timing statistics related to the evaluation of an equation in the software entity rather than the cryptographic key itself. When the software entity authenticates itself, the cryptographic key is derived based on information provided by the timing statistics contained in the software entity.
-
Citations
56 Claims
-
1. A method comprising:
-
generating a plurality of timing statistics based on an amount of time required to evaluate a particular function given a known input for a series of computations used in deriving the cryptographic key; deriving the cryptographic key in a bitwise fashion based, at least in part, on a comparison of the generated timing statistics and timing statistics stored in the electronic device to determine whether bits of a derived cryptographic key correspond to bits in the cryptographic key; and using a subset of the derived cryptographic key for authentication prior to complete derivation of the cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
storing a plurality of timing statistics based on an amount of time required for a series of computations used in deriving the cryptographic key; deriving the cryptogaphic key in a bitwise fashion in the electronic device by (a) generating a predetermined number of seed values; (b) evaluating a function for each of the predetermined number of seed values combined with a set bit, wherein the seed values combined with a set bit correspond to a first child node of a current node; (c) evaluating the function for each of the predetermined number of seed values combined with a clear bit, wherein the seed values combined with a clear bit correspond to a second child node of the current node; (d) computing a statistical measure for a time required for each evaluation corresponding to the first child node and the second child node; (e) selecting between the first and second child nodes a parent node of the current node based on the statistical measure; (f) repeating (b) through (f) until a third predetermined number of nodes have been selected; and (g) repeating (f) a predetermined number of times; using the timing statistics stored in the electronic device to determine whether the derived bits correspond to bits in the cryptographic key. - View Dependent Claims (8)
-
-
9. A method for encoding a cryptographic key in an electronic device comprising:
-
(a) generating a plurality of seed values; (b) combining one or more bits from a predetermined string of bits with a respective seed value; (c) repeating (a) and (b) a predetermined number of times, wherein each iteration of (a) and (b) is designated as a sample; (d) performing a function for each seed value; (e) determining a period of time required to perform the functions for each seed value in a sample; (f) repeating (d) through (f) for each sample; (g) computing statistical measures based on the periods of time; (h) storing the statistical measures in the electronic device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for hiding a cryptographic key in an electronic device comprising:
-
(a) generating a first plurality of seed values; (b) combining one bit from a predetermined string of bits with a respective seed value; (c) mixing an order of the seed values and bits; (d) repeating (a) through (c) a predetermined number of times, wherein each iteration of (a) through (c) is designated as a sample; (e) sending the samples and a function to the electronic device for evaluation; (f) receiving, from the electronic device, results from the functions performed, a period of time required to perform the function for each result obtained, and a variance for each sample; (g) placing the seed values and bits in an original order; (h) selecting, from the first plurality of seed values for each sample, a subset of seed values corresponding to the cryptographic key; (i) generating an expected period of time to perform the functions for the subset of seed values for the predetermined number of samples; (j) generating a variance for the expected period of time to perform the functions for the predetermined number of samples; and (k) sending the results from (i) and (j) in the electronic device. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for deriving a cryptographic key in an electronic device having stored therein a plurality of statistics corresponding to a time required for a function to be evaluated for a first predetermined number of samples and a variance for the time for evaluation for each sample, wherein each sample comprises a second predetermined number of seed values, the method comprising:
-
(a) generating a second predetermined number of seed values; (b) evaluating the function for each of the second predetermined number of seed values combined with a set bit, wherein the seed values combined with a set bit correspond to a first child node of a current node; (c) evaluating the function for each of the second predetermined number of seed values combined with a clear bit, wherein the seed values combined with a clear bit correspond to a second child node of the current node; (d) computing a statistical measure for a time required for each evaluation corresponding to the first child node and the second child node; (e) selecting between the first and second child nodes a parent node of the current node based on the statistical measure; (f) repeating (b) through (f) until a third predetermined number of nodes have been selected; and (g) repeating (f) a predetermined number of times. - View Dependent Claims (29)
-
-
30. A device for controlling request and viewing of audio/video programming comprising a control unit configured to communicate with an audio/visual server and configured to generate an output, the device having associated with it a particular cryptographic key, wherein a plurality of original timing statistics previously generated to derivation of the cryptographic key based on evaluation of a given function having as an input a plurality of original seed values are stored in the device and the cryptographic key is not stored in the device, the device comprising:
-
a processor; and a memory coupled to the processor, wherein the device authenticates itself to the audio/visual server by evaluating the given function with a set of seed values and comparing the plurality of original timing statistics to a plurality of timing statistics generated in response to the set of seed values to determine whether bits of a derived cryptographic key correspond to bits in the cryptographic key.
-
-
31. A machine readable medium having stored thereon sequences of instructions that when executed by one or more processors cause one or more electronic devices to:
-
generate a plurality of timing statistics based on an amount of time required to evaluate a particular function given a known input for a series of computations used in deriving the cryptographic key; derive the cryptographic key in a bitwise fashion based, at least in part, on a comparison of the generated timing statistics and timing statistics stored in the electronic device to determine whether bits of a derived cryptographic key correspond to bits in the cryptographic key; and use a subset of the derived cryptographic key for authentication prior to complete derivation of the cryptographic key. - View Dependent Claims (32, 33)
-
-
34. A machine readable medium having stored thereon sequences of instruction that, when executed by one or more processors, cause one or more electronic devices to:
-
generate the plurality of timing statistics based on an amount of time required for a series of computations used in deriving the cryptographic key; derive the cryptographic key in a bitwise fashion in the electronic device by (a) generating a predetermined number of seed values; (b) evaluating a function for each of the predetermined number of seed values combined with a set bit, wherein the seed values combined with a set bit correspond to a first child node of a current node; (c) evaluating the function for each of the predetermined number of seed values combined with a clear bit, wherein the seed values combined with a clear bit correspond to a second child node of the current node; (d) computing a statistical measure for a time required for each evaluation corresponding to the first child node and the second child node; (e) selecting between the first and second child nodes a parent node of the current node based on the statistical measure; (f) repeating (b) through (f) until a third predetermined number of nodes have been selected; and (g) repeating (f) a predetermined number of times; use the timing statistics stored in the electronic device to determine whether the derived bits correspond to bits in the cryptographic key. - View Dependent Claims (35)
-
-
36. A machine readable medium having stored thereon sequences of instruction that, when executed by one or more processors, cause one or more electronic devices to:
-
(a) generate a plurality of seed values; (b) combine one or more bits from a predetermined string of bits with a respective seed value; (c) repeat (a) and (b) a predetermined number of times, wherein each iteration of (a) and (b) is designated as a sample; (d) perform a function for each seed value; (e) determine a period of time required to perform the functions for each seed value in a sample; (f) repeat (d) through (f) for each sample; (g) compute statistical measures based on the periods of time; (h) store the results from (g) in the electronic device. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A machine readable medium having stored thereon sequences of instruction that, when executed by one or more processors, cause one or more electronic devices to:
-
(a) generate a first plurality of seed values; (b) combine one bit from a predetermined string of bits with a respective seed value; (c) mix an order of the seed values and bits; (d) repeat (a) through (c) a predetermined number of times, wherein each iteration of (a) through (c) is designated as a sample; (e) send the samples and a function to the electronic device for evaluation; (f) receive, from the electronic device, results from the functions performed, a period of time required to perform the function for each result obtained, and a variance for each sample; (g) place the seed values and bits in an original order; (h) select, from the first plurality of seed values for each sample, a subset of seed values corresponding to the cryptographic key; (i) generate an expected period of time to perform the functions for the subset of seed values for the predetermined number of samples; (j) generate a variance for the expected period of time to perform the functions for the predetermined number of samples; and (k) send the results from (i) and
0) in the electronic device. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54)
-
-
55. A machine readable medium having sequences of instructions, that when executed, cause one or more electronic devices to derive a cryptographic key based, at least in part, on statistics corresponding to a time required for a function to be evaluated for a first predetermined number of samples and a variance for the time for evaluation for each sample, wherein each sample comprises a second predetermined number of seed values, the sequences of instructions causing the one or more electronic devices to:
-
(a) generate a second predetermined number of seed values; (b) evaluate the function for each of the second predetermined number of seed values combined with a set bit, wherein the seed values combined with a set bit correspond to a first child node of a current node; (c) evaluate the function for each of the second predetermined number of seed values combined with a clear bit, wherein the seed values combined with a clear bit correspond to a second child node of the current node; (d) compute a statistical measure for a time required for each evaluation corresponding to the first child node and the second child node; (e) select between the first and second child nodes a parent node of the current node based on the statistical measure; (f) repeat (b) through (f) until a third predetermined number of nodes have been selected; and (g) repeat (f) a predetermined number of times. - View Dependent Claims (56)
-
Specification