Systems and methods for dynamic data masking

摘要

Systems and methods for dynamic data masking are disclosed. The disclosed methods and systems can be used to dynamically mask data in cryptographic operations, such as advanced encryption standard (AES) operations, data encryption standard (DES) operations or triple DES operations. Specifically, data in cryptographic operations can be covered with unlimited and continuously changing masks. As an example, the Substitution table, key schedule, and state register in AES, or key schedule and selection functions in a DES or triple DES can be covered with unlimited and constantly changing masks. In an aspect, dynamic masking operations can be combined with orbital RAM algorithm and no-operation clocks to make power signature analysis in cryptographic attacks even more difficult.

主权项

1. A method comprising:
generating a first output by performing an operation on a first random number and a first data block, wherein the first output is stored in a first bank; retrieving a set of stored first outputs by performing an operation on a second data block, wherein the operation on the second data block comprises a substitution table look-up operation in the first bank; generating a second output by performing an operation on the first output and the second data block; generating a third output by performing an operation on a second random number and the first data block, wherein the third output is stored in a second bank; retrieving a set of stored third outputs by performing an operation on the second data block, wherein the operation on the second data block comprises a substitution table look-up operation in the second bank; generating a fourth output by performing an operation on the retrieved set of stored third outputs and the second data block; and generating a fifth output by performing a multiplexing operation on the second output and the fourth output, wherein the fifth output comprises a cryptographically sensitive value.