Secure Nonce

Ensuring No Repeats With Monotonic Incrementing Nonce

Mi'kail Eli'yah
4 min readJun 16, 2024

The secure nonce is used for anti-replay services. Anti-replay services guarded over events that mark anti-replay boundaries. They are used in memory protection engine, secure storage, and secure service engines as DPA protection factors and random seed bits for encryption, authentication, access control and replay prevention.

At boot time, OS may use secret nonce or just from a TRNG to generate an ephemeral wrapping key to synch the authentication between the trusted components.

When the processor is trying to obtain data from the flash (NAND) storage subsystem via an isolated bus, the granted access may only be through the DMA crypto engine. To ensure that the same data is non-distinguishable during the ciphering, secure nonces are to be used. Every time a file on the data volume is created, Data Protection Engine creates a new 256-bit key (the per-file key) and gives it to the hardware AES Engine, which uses the key to encrypt (AES-256 in XTS mode) the file as it’s being written to flash storage. The 256-bit per-file-key goes through a Key Derivation Function (NIST Special Publication 800–108) to derive a 256-bit tweak and a 256-bit cipher key. If it is AES-128 in XTS mode, the 256-bit per file key is split to provide a 128-bit tweak and a 128-bit cipher key.

During a secure boot, before the Sealed Root Key releases the key encryption key (KEK) which releases the keys to decipher the measurements of the software on the system, it needs to authenticate its internal sources of references. To further complicate the matter, it may implicate policy files (local + remote, + secure nonces).

If the critical security policy changes (for example, disabling services), it must come with secure nonces for each session to deter replays or attacker breaking the session to alter the intent of the content and context.

Anti-replays helps prevent older policy files or session contexts — which could have been configured for lower security — from being reapplied to the system after security has been upgraded. This deters against…