公开(公告)号：US20140348323A1

公开(公告)日：2014-11-27

申请号：US13902723

申请日：2013-05-24

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/28

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/16

Abstract: Various embodiments of a computer-implemented method of information security using block cipher column rotations are described. The cipher state column rotations provide resistance to white box side channel memory correlation attacks designed to reverse-engineer a symmetric cipher key associated with the information security system. The column rotation operations can be performed on the cipher state of a block cipher, and then removed from the result, to provide obfuscation of the data when in memory, while not impacting the resulting output of the cipher or decipher operation. The method additionally includes performing a first rotation of an iteration specific cipher subkey according to the first rotation index, performing an iteration of the block cipher operations on the cipher state matrix, and rotating the columns of the cipher state matrix according to an inverse of the first rotation index.

Abstract translation: 描述使用块密码器列旋转的计算机实现的信息安全方法的各种实施例。 密码状态列旋转提供对白箱侧通道存储器相关性攻击的抵抗，其设计用于逆向设计与信息安全系统相关联的对称密码密钥。 可以对块密码的密码状态执行列旋转操作，然后从结果中移除，以在存储器中提供数据的混淆，同时不影响所得到的密码或解密操作的输出。 该方法另外包括根据第一旋转指标执行迭代特定密码子密钥的第一次旋转，对密码状态矩阵执行块密码操作的迭代，并且根据密码状态矩阵的倒数旋转密码状态矩阵的列 第一次旋转指数。

公开(公告)号：US20140301546A1

公开(公告)日：2014-10-09

申请号：US14015523

申请日：2013-08-30

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/30

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。

公开(公告)号：US20130138973A1

公开(公告)日：2013-05-30

申请号：US13748184

申请日：2013-01-23

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Mathieu Ciet ,  Jon McLachlan

IPC: G06F21/14

CPC classification number: G06F21/14 ,  G06F8/51 ,  H04L9/002 ,  H04L9/3013 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/16

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic.

Abstract translation: 本文公开的是基于离散对数来混淆数据的系统，计算机实现的方法和计算机可读存储介质。 实施该方法的系统识别源代码中的明确值，基于清除值和离散对数，用源代码替换变换值，并更新引用清除值的源代码部分，使得 与变换值的交互提供与清除值的交互相同的结果。 这种离散对数方法可以在三个变体中实现。 第一个变体模糊了循环中的一些或全部清除值。 第二个变体在一个过程中模糊数据。 第三个变体模糊数据指针，包括表和数组。 第三个变体也保留了使用指针算术的能力。

公开(公告)号：US10599873B2

公开(公告)日：2020-03-24

申请号：US15707847

申请日：2017-09-18

Applicant: Apple Inc.

Inventor： Lucas O. Winstrom ,  Eric D. Friedman ,  Ritwik K. Kumar ,  Jeremy M. Stober ,  Amol V. Pattekar ,  Benoit Chevallier-Mames ,  Julien Lerouge ,  Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: H04L29/06 ,  G06F21/64 ,  G06Q10/10 ,  H04L12/58 ,  H04L9/32 ,  G06F21/55

Abstract: Systems and methods are described for rate-limiting a message-sending client interacting with a message service based on dynamically calculated risk assessments of the probability that the client is, or is not, a sender of a spam messages. The message service sends a proof of work problem to a sending client device with a difficulty level that is related to a risk assessment that the client is a sender of spam messages. The message system limits the rate at which a known or suspected spammer can send messages by giving the known or suspected spammer client harder proof of work problems to solve, while minimizing the burden on normal users of the message system by given them easier proof of work problems to solve that can typically be solved by the client within the time that it takes to type a message.

公开(公告)号：US20160359618A1

公开(公告)日：2016-12-08

申请号：US14866997

申请日：2015-09-27

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Benoit Chevallier-Mames ,  Mathieu Ciet ,  Augustin J. Farrugia ,  Thomas Icart

IPC: H04L9/06 ,  H04L29/06 ,  H04L9/14

CPC classification number: H04L9/0618 ,  H04L9/0631 ,  H04L9/14 ,  H04L63/1466 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/34

Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.

Abstract translation: 一些实施例提供了一种用于执行迭代块密码的方法。 线旋转和列旋转被组合以具有多种AES状态的表示。 这些保护可以在静止模式下执行，其中旋转被直接包括在代码和表中，或者在动态模式中，其中根据一些熵上下文变量在执行时随机选择旋转。 两种模式也可以有利地组合在一起。

公开(公告)号：US20160261405A1

公开(公告)日：2016-09-08

申请号：US14639026

申请日：2015-03-04

Applicant: APPLE INC.

Inventor： Benoit Chevallier-Mames ,  Bruno Kindarji ,  Thomas Icart ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: H04L9/06 ,  H04L9/14

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/046 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/60

Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.

Abstract translation: 一些实施例提供了用于执行密码处理的方法。 该方法接收第一和第二密码密钥。 该方法生成与第一和第二密码密钥中的每一个对应的一组子密钥。 用于第一密码密钥的子密钥集合取决于第一密码密钥和第二密码密钥。 该方法通过使用生成的子项集执行加密处理。

公开(公告)号：US09774443B2

公开(公告)日：2017-09-26

申请号：US14639026

申请日：2015-03-04

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Bruno Kindarji ,  Thomas Icart ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: H04L9/06 ,  H04L9/00

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/046 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/60

Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.

公开(公告)号：US09639673B2

公开(公告)日：2017-05-02

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

公开(公告)号：US20160211972A1

公开(公告)日：2016-07-21

申请号：US15000223

申请日：2016-01-19

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/06

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。

公开(公告)号：US09264222B2

公开(公告)日：2016-02-16

申请号：US14015523

申请日：2013-08-30

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/30 ,  H04L9/06

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。